I work as a freelance contractor for about a year now, I quit a 10+ years regular CTO job to give into more technical subjects, troubleshoot, code, build infrastructures, A-Team style, I help companies with complex matters that might require experience and rigorousness.

One of my last missions was really, really fun to deal with. A rather big company handling scientific, secret-level data, had an issue with their storage system.
They use Infiniband as their communication layer on an HPC environment, it was not a problem while the underlying operating system was CentOS 7.1 with kernel 3.10.0-1160, but since new machines were installed with CentOS 7.7 and up, with kernels 3.10.0-1062 and up, whenever they wrote a file less than 701 bytes long, the file would be corrupted.
For the record and understanding of the following debugging session, the company uses NFS over RDMA, the latter being the technique used by Infiniband to achieve low latency and great throughput.

I’m in the process of automating pretty much all I can in my house, and one piece of well known IOT hardware is eWelink’s Sonoff mini, which has the good taste of being flashable when set in DYI mode. This has multiple benefits, one of them is not to rely on a Chinese cloud to handle my house’s lights.

There are plenty of tutorials on how to achieve this, it is not the aim of this short article. I found this blog which sums up how to flash a Sonoff mini on GNU/Linux.
Everything went well, except the device was supposed to expose an access point named tasmota_xxx when flashed. And it didn’t. After various trials, I found out that the device needed to be recovered via the Fast Power Cycle Device Recovery, in short, plug the Sonoff on a power switch, power it off for 30 seconds, then alternate power-on and power-off 6 times, waiting 2 to 3 seconds for each cycle. On the seventh cycle, you’ll see the led doesn’t immediately flash, the reset worked, simply let powered-on and check for the tasmota_xxx AP, it should appear.

The other day, my wife asked me if I could just redirect all mails going to her own domain to her GMail account. “Easy task”, foolish past-me thought, not knowing the standards you have to meet to actually forward a mail from somwhere to GMail…

I naively searched for a simple bouncing method and postfix’s virtual tables seemed perfectly fit for the task (from man virtual):

The main applications of virtual aliasing are:

       o      To redirect mail for one address to one or more addresses.

       o      To  implement  virtual  alias  domains  where  all addresses are
              aliased to addresses in other domains.

So here we go and:

Because I ran gpart bootcode on the wrong partition of every replacement disk I swapped and because my motherboard is incapable of finding an EFI partition, I basically bricked my FreeBSD NAS / gateway.

It took me a ridiculous amount of time in order to find how to boot into an existing ZFS FreeBSD installation from a FreeBSD LiveCD (I used mini-memstick).

Finally, in a 2014 thread from the FreeBSD questions mailing list, someone mentioned the magic invocation, and from there I deducted the remaining parts.

Since Binance Smart Chain and more specifically DeFi on BSC are a thing, I’ve been learning the amazing ways of Smart Contracts, and while many documentation exist on this topic, I didn’t find a clear one on how to “simply” execute a Smart Contract on geth, aka Go Ethereum, the most used Ethereum implementation and client.

Geth can interact with the Ethereum blockchain using, well… Javascript, and more specifically an (old) implementation of web3.js.

We will use Bunny Pancake as our DEX example, and more precisely the BUNNY pool smart contract, aka 0xCADc8CB26c8C7cB46500E61171b5F27e9bd7889D.

In order to keep my cryptocurrencies as secure as possible, I only interact with those within a virtual machine located on an encrypted USB stick. I own both a Ledger Nano S and a Ledger Nano X, which connect using USB. Also I don’t use libvirt for this as I want it to be as easily and quickly usable as possible. So here’s the secret formula in order to access those hardware wallets from a GNU/Linux KVM VM via USB pass through:

The other day, I realized that from time to time, alpine, my console mail client for about 20+ years now, would close the connection to the IMAP server because of an “error”.
Digging in the logs, I realized my server was being bruteforced for months, if not years. NetBSD being the fantastic OS it is, it actually had nearly no effect on my server’s behaviour, only those annoying connections closing from time to time.
Here’s a /var/log/maillog extract of such attacks:

Again from the stop-trying-to-use every-flag-available department. This makes me think about this Percona engineer who once told me and my team “people keep tuning MySQL with tons of configuration options when really 10 parameters define 90% of the performance”.

For some reason, I was somewhere where I needed to stream my webcam quickly to a remote machine on my home network through a VPN in order to record the current place. Again, I stumbled upon an infinite list of sites where people tried to use every possible ffmpeg flag. Seems like people love Fabrice Bellard so much they want to honor every bit of his creations.

I keep reading overcomplicated QEMU/KVM command lines, when really, to start a VirtIO disk and bridged VirtIO NIC virtual machine, only this command is needed:

$ sudo qemu-system-x86_64 -enable-kvm -m 1024 -cpu host -daemonize \
  -drive file=mydisk.img,if=virtio \
  -net nic,model=virtio -net tap,ifname=tap0

• drive type is virtio
• nic model is virtio and the interface is of tap type, this will summon /etc/qemu-ifup to attach the interface to your bridge.

Depending on your QEMU installation, either this will fire up a window showing your virtual machine booting, or start a VNC server on port 5900.

In November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.
If you want to learn more on Firecracker’s internals, here’s a very well put article.