Serverless content management
In this post, I will go over how to setup a completely serverless blog that runs with no servers and is for all intents and purposes free to run!
It leverages static content generation, will be served from a content delivery network, and has a browser based UI for managing content with a review/approval workflow.
It's also highly secure, as there is virtually no attack surface for the bad guys to get a hold of.
Hundreds of millions of events per month on the cheap
In this post, I'm going to go over the setup of infrastructure for creating an analytics platform capable of handling hundreds of millions of events per month. All without spinning up a single server.
Now that a first version was cut, it seemed like a good time to start looking at how Cinched performs.
And I must say, things are looking good so far...
Test setup 3 nodes in the Cinched cluster (each 4 vCPUs 4GB RAM)
1 node running the test harness (4 vCPUs, 4GB RAM).
My testing environment is extremely unreliable (VMs running in an overprovisioned cloud environment) so it's been hard to get an extremely clear picture.
Given the frequency of rather embarrassing data breaches recently, I've had the opportunity to spend some time thinking about how to help developers protect the data they are storing.
Getting encryption right is hard, and designing cryptographic applications is not something web developers typically have lots of experience with. To (hopefully) help bridge this knowledge gap, I've written a microservice which provides encryption and key management services.
It's a cinch to use, and will keep your data cinched.
Tired of creating your CA using openssl command line tools? Here's a whirlwind crash course on creating a functional web-based CA in a couple of minutes.
Preparation I'm assuming you're running CentOS 7, because that's what I'm using. Also, the code is redhat-ish in that it's in the Fedora/RHEL pipeline and not terribly friendly to other distros as far as packaging goes. Also, I happen to like CentOS.
We're going to be installing the Dogtag CA PKI solution.
Introduction A computer lets you make more mistakes faster than any invention in human history - with the possible exception of handguns and tequila. --Mitch Ratliff
The Internet has gone through a massive transformation since it's inception. From a tool used mostly by academics, it has come to be a pervasive tool used by just about everyone to communicate, shop, pay bills, invest, and entertain.
While the use cases never cease to increase, one aspect of Internet usage that is rather problematic is educating the public about the risks involved in living a connected life, and what are the ways people can defend against attacks.
Over the past couple of years my team has iterated several times on the proper way of managing systems using Puppet. For a while it was a gigantic time sink while we tested and prototyped several different appraoches to configuring things with many frustrating failures. This post will be an exploration of some of the lessons learned.
Lesson #1: Puppet is not deterministic Yup, that's right. The tool you're trying to use to get all your servers to a deterministic state isn't very deterministic in resolving that state.
Tinc is a neat little VPN daemon that I've recently come across. It is surprisingly simple to configure yet powerful. In this post, I'll show you how to setup a meshed VPN between four nodes with one of the servers acting as a DHCP server.
In this fictitious scenario, let's assume the following nodes:
dev is a CentOS cloud server with a fixed public IP address, we'll designate this one as our DHCP server
In this post, I'll go over how to use iptables and ipset to create a basic firewall with ssh brute force protection and geo-blocking. I'm assuming CentOS here, adjust paths/commands accordingly for other distributions.
Ipset is a tool to create and maintain IP sets in the Linux kernel. The advantage of using ipset over setting up a bunch of individual rules is one of CPU utilization. Ipset can handle thousands of entries without CPU degradation, wheras introducing thousands of rules in iptables will have a noticeable impact on packet processing speeds.