Viktor's Tech Musings & Security Paranoia

Container Security Runtime: Rethinking Isolation with Alex Zenla

Tue, 05 May 2026 00:00:00 +0000

Containers were never designed to be a security boundary, yet we have spent the last decade treating them like one. I’m joined by Alex Zenla, Founder and CTO of Edera, to explore how that assumption shaped modern systems and why it is starting to break under real-world pressure. From insecure IoT deployments to container-heavy production stacks, Alex brings a perspective grounded in building and breaking systems at scale, and what it actually takes to rethink isolation from first principles.

Ubuntu Cloud Images on Proxmox

Thu, 23 Apr 2026 10:00:23 +0000

I’ve been clicking through the Ubuntu installer on Proxmox since 2019 – I even wrote a note to myself back then about the dance. Partition the disk, pick a locale, wait for packages, reboot, SSH in, install the things I always install. Ten minutes per VM, every time.

What finally pushed me to fix it was wanting ephemeral Ubuntu VMs for development – in particular, disposable sandboxes for running AI coding agents. My first instinct was to run Multipass inside a Proxmox VM. That afternoon I fought snap confinement (the daemon couldn’t see /tmp), tildes not expanding inside quoted arguments, and native mounts that happily clobbered the authorized_keys Multipass had just injected. I climbed back out of that rabbit hole and realized the answer was one layer up the stack, not two layers down: Proxmox supports cloud-init natively. Template once, clone in seconds, bootstrap at first boot.

Leaving the Cloud (Again)

Sat, 04 Apr 2026 12:00:00 +0000

Digital sovereignty is becoming an increasingly hot topic, and people are starting to wake up to just how large the premium is for “cloud” versus simply running a few dedicated servers.

For me, this is full circle – not in the technology, but in the operational model. I’ve been managing my own servers since I was running FreeBSD jails in the early 2000s, scaling one of my early companies to hundreds of jails across dedicated hardware at Rackspace. FreeBSD jails were among the earliest container-like technologies, and the lineage from jails to Docker to LXC containers on Proxmox is a direct one. The abstraction has gotten better, but the core idea – isolated workloads on hardware you control – hasn’t changed.

SBOMs & CRA Compliance with Olle Johansson and Anthony Harrison

Tue, 24 Mar 2026 00:00:00 +0000

What happens when cybersecurity stops being an afterthought and becomes a legal obligation? In this episode of Nerding Out with Viktor, I’m joined by Olle Johansson, CycloneDX member and lead of the Transparency Exchange API, and Anthony Harrison, a UK-based software supply chain security consultant and open source SBOM tooling author, to explore how SBOMs, the Cyber Resilience Act, and the Product Liability Directive are reshaping how secure products are designed, maintained, and brought to market.

Making Apple Health Data Queryable with AI

Sun, 22 Feb 2026 12:00:00 +0000

Long before ChatGPT, I was obsessively collecting health data. Blood work going back to 2018—some in PDFs, some in spreadsheets. On the device side, I’ve cycled through Whoop, Withings, and others, all feeding into Apple Health. Over the years it’s become the central hub for everything: heart rate, steps, workouts, sleep, body composition, blood pressure, you name it.

The problem? Apple Health is great at collecting data but terrible at letting you analyze it. You can see today’s stats, maybe a weekly trend, but asking “how has my resting heart rate changed over the past two years?” or “show me the correlation between my sleep and workout performance”—forget it.

Biohacking Resilience: Engineering the Human System with Marcelo Garcia

Wed, 11 Feb 2026 00:00:00 +0100

What happens when you deliberately stress test your own operating system? In this Season 3 opener, I’m joined by Marcelo Garcia, a telecom infrastructure veteran turned extreme biohacker, to explore what it looks like when engineering discipline meets human physiology. Marcelo recently completed a 50-day water-only fast while hiking nearly 1,000 kilometers across Spain, capturing detailed biometric data across DEXA scans, VO2 max testing, HRV tracking, metabolic panels, and continuous glucose monitoring.

AI is Killing (Basic) SaaS, Part 2: From Link Shorteners to Linktrees

Wed, 14 Jan 2026 12:00:00 +0000

In Part 1, I replaced ipgeolocation.io with a self-hosted Rust service in under two hours. That was just one piece of a larger pattern we’ve been following at Screenly.

This is the story of DSLF—a project that started as a link shortener and evolved into a Linktree killer.

The Link Shortener

A few months ago, I got fed up paying for Rebrandly at Screenly. It’s a bit.ly-style service, and while it worked fine, the monthly invoice felt silly for what amounts to a 301 redirect.

AI is Eating SaaS: Building an IP Geolocation API in Two Hours

Fri, 09 Jan 2026 12:00:00 +0000

We’ve all heard the saying that AI is eating SaaS. For some simple products, it’s certainly becoming true.

At Screenly, we’ve been using ipgeolocation.io for a while. It’s a solid service, but at its core, it’s just a frontend for a GeoIP database. This morning, I saw yet another monthly invoice from them and decided to run an experiment: how far can Cursor with Claude Opus 4.5 go in terms of recreating their API with feature parity?

CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers with Sarah Fluchs

Wed, 17 Dec 2025 00:00:00 +0100

What happens when long-lifecycle hardware meets modern cybersecurity expectations? In this episode of Nerding Out with Viktor, I sit down with Sarah Fluchs, CTO and OT cybersecurity expert, to break down how the Cyber Resilience Act (CRA) is shifting the way secure products are built, maintained, and supported across the EU market.

Sarah began her career as a mechanical and process engineer before moving into OT security, eventually earning a PhD in security-by-design. Her research intersected directly with the early drafts of the CRA, which led to her appointment on the EU Commission’s CRA expert group. That first-hand involvement gives her a rare blend of technical and policy perspective on a piece of legislation that touches every device manufacturer.

How I Streamlined My Jekyll Diagram Workflow with D2 and Bun

Sun, 30 Nov 2025 12:00:00 +0000

Over the last few days, I gave the sbomify website a much-needed overhaul. The previous iteration didn’t really reflect what we’re doing, especially as the product has matured. The new version leans heavily on diagrams to communicate concepts more clearly.

For the past year, I’ve more or less standardized on d2 for diagrams. I’ve gone through the usual journey: Lucidchart, Mermaid, UML, and a few others. They all work and have their own strengths and weaknesses, but each brought its own annoyances that made me eventually drop them. d2, on the other hand, instantly clicked. It’s readable, intuitive, and produces diagrams that actually look good without wrestling with the tool. It’s not perfect, but it’s the closest I’ve found to something that fits the way I think.

UK Online Safety Act: Digital ID and the Risks of a Database State with James Baker

Wed, 19 Nov 2025 00:00:00 +0100

What happens when a government’s push for “safety” starts reshaping the architecture of the internet? In this episode of Nerding Out with Viktor, I’m joined by James Baker, Policy and Campaigns Manager at Open Rights Group, to unpack the deeper implications of the UK Online Safety Act and the country’s evolving approach to Digital ID. With two decades of work in privacy advocacy, James offers a grounded but no less urgent perspective on how these policies affect builders, platforms, and users alike. What begins as a conversation about compliance quickly leads into bigger questions about identity, control, and the future of privacy in digital systems.

PostgreSQL Replication Troubleshooting: War Stories from the Field

Wed, 12 Nov 2025 00:00:00 +0000

I recently wrapped up a consulting gig helping a client troubleshoot some gnarly PostgreSQL replication issues. What started as a “quick performance tune” turned into a deep dive through WAL checkpoints, replication slots, and the delicate dance of logical replication workers.

Here are the war stories from the trenches, complete with the errors we hit and how we solved them. If you’re dealing with PostgreSQL logical replication at scale, you might find these useful.

Rethinking Software Security Compliance in the Age of AI with Nick Selby

Wed, 05 Nov 2025 00:00:00 +0100

Why do so many teams treat software security compliance as a box-ticking exercise, and what does that mindset cost them? In this episode of Nerding Out with Viktor, I sit down with Nick Selby, a veteran security leader known for his clear-eyed approach to building practical, human-centered security programs.

Nick traces his path from the early days of hands-on security work, where risk was measured by intuition and experience, to the era of standardized frameworks and regulatory oversight. He reflects on how compliance frameworks like SOC 2 and ISO 27001 emerged to bring order to chaos but often became ends in themselves. Instead of driving real-world resilience, they sometimes created a false sense of assurance. For Nick, this isn’t just a process problem; it’s a cultural one. He argues that companies should see compliance as the outcome of good security practices, not the starting point.

The Quiet Power of Digital Minimalism with Patrick Walker

Wed, 22 Oct 2025 00:00:00 +0100

Is tech making us smarter—or just more distracted? In this episode of Nerding Out with Viktor, I sit down with Patrick Walker, former YouTube and Facebook executive turned conscious tech founder, to explore how we got here and what it takes to break free from the default.

Patrick’s journey spans the early days of digital media, from working as a TV producer in Japan to navigating YouTube’s copyright wars and platform expansion across global markets. At Facebook, he witnessed firsthand the ethical friction behind live video, algorithm design, and the psychological toll of attention-based products, especially on younger users.

Coreboot and Linux Hardware: Inside Star Labs with Sean Rhodes

Wed, 17 Sep 2025 00:00:00 +0100

How do you design and ship coreboot and Linux hardware that actually works in the real world? In this episode of Nerding Out with Viktor, I sit down with Sean Rhodes, Firmware Engineer at Star Labs, to explore what it takes to build Linux-first laptops and mini PCs backed by open firmware.

Sean reflects on the early days of Star Labs, when a handful of engineers set out to create laptops that ran Linux reliably. What began as a side project grew into a full-fledged company with a reputation for supporting open source systems. Along the way, the team faced high tooling costs, unpredictable supply chains, and the challenge of meeting the needs of a niche but demanding user base.

Lessons in Building Niche Hardware and Networks with Planet Computers' Marcus Taylor

Wed, 03 Sep 2025 00:00:00 +0100

Marcus Taylor’s journey into technology spans over three decades, but his latest work at Planet Computers represents a fascinating convergence of everything he’s learned about hardware, networks, and resilient systems. As co-founder of Planet Computers, Marcus brings a rare operational lens to building niche devices that serve specific communities.

Marcus’ story begins with IBM labs and Logica, where he explored natural language processing and early mobile wallet prototypes in the mid-90s. Those experiments laid the groundwork for later projects at Ericsson, Digital Mobility, and the GSM Association, where he navigated the politics of telco standards and helped bring Bluetooth and Wi-Fi into the mainstream.

Nerding Out on Software Supply Chain Security with ITSPmagazine's Sean Martin

Mon, 18 Aug 2025 00:00:00 +0100

Sean Martin’s journey into software security spans over three decades, but his latest focus, software supply chain security, feels more relevant than ever. As co-founder of ITSPmagazine and a veteran of countless product launches at Symantec, Sean brings a rare operational lens to security.

In this crossover episode of Nerding out with Viktor, recorded live at Hacker Summer Camp, Sean joins me to unpack what’s changing in the security landscape, from SBOM adoption to the increasing pressure from regulations like the CRA. We explore how supply chain security is becoming table stakes, how transparency is replacing vague claims (“saying you’re secure means absolutely nothing”), and why SBOMs are evolving into real-time operational assets rather than static compliance artifacts.

Navigating SBOMs at Scale: Inside DependencyTrack with Niklas Düster

Wed, 16 Jul 2025 00:00:00 +0100

Niklas Düster got involved with Dependency Track the way many great open source stories begin: by trying to solve a problem at work. As a security engineer, he was drowning in vulnerability scan reports that didn’t scale. When he discovered Dependency Track and CycloneDX, he not only adopted them but began contributing, eventually becoming the project’s co-lead alongside Steve Springett.

In this conversation, Niklas walks us through how Dependency Track helps teams stay on top of their software bill of materials (SBOMs), enabling continuous visibility across thousands of components. We dig into real-world workflows, from uploading SBOMs in CI/CD pipelines to responding quickly during incidents like Log4Shell and how version 5 of the platform is evolving to support horizontal scaling, smarter suppression logic, and role-based access control.

DSLF – a rust hacking, cheaper hosting, and two HTTP codes I didn’t know about

Fri, 11 Jul 2025 00:00:00 +0000

I hacked together DSLF today because paying a monthly fee for a plain 301 felt silly. It’s a tiny Rust service that reads a CSV and spits out redirects—nothing more.

In the process I learned that HTTP has two “new” redirect codes that slipped past me years ago.

Four ways to say “go over there”

Old code	New code	Keeps the HTTP method?
301	308	Yes
302	307	Yes

301 and 302 can turn a POST into a GET. 307 and 308 guarantee the original method sticks. Neat.

Codex manages my podcast

Wed, 02 Jul 2025 01:00:00 +0100

When I started my podcast a year and a half ago, I looked at the tools available. For those not familiar, for many platforms (like Amazon Music and Apple Podcasts) you need to provide an RSS feed with your podcast. Now, there is no shortage of platforms that will gladly sell you this. But essentially, what you’re paying for is a thin layer on top of S3 with FFmpeg and some duct tape.

Rethinking Startups: Inside the Venture Studio Model with Thorbjørn Rønje

Wed, 02 Jul 2025 00:00:00 +0100

Thorbjørn started with a simple insight: traditional entrepreneurship is inefficient. Too much learning happens on the fly, wasting time and capital. In this conversation, he explains how the venture studio approach de-risks the early phases by codifying what works, from building teams to finding product-market fit.

We dig into Bifrost’s “Purple Ocean” framework for selecting ideas, their rapid product validation process, and why the studio hands off each project once it’s ready to scale. It’s a model designed for speed, clarity, and capital efficiency.

All Roads Lead to DSLRs

Wed, 18 Jun 2025 01:00:00 +0000

I’ve been running my video podcast Nerding out with Viktor for about a year and a half now, with just under 50 episodes published.

When I started out, I tried to keep things simple and cheap. I used my Logitech Brio 4K webcam - a webcam that I picked up during COVID. Not long after, I upgraded the audio by adding a dedicated microphone, the Audio-Technica ATR2100x-USB. It did the job early on, but the sound still wasn’t quite crisp. Eventually, I gave in and bought the Shure MV7 (USB), which is the go-to mic for many podcasters. That one stuck and I’ve had no audio issues since.

Inside System76: Building Open Hardware and a Linux-First Future

Wed, 18 Jun 2025 00:00:00 +0100

In this episode, I’m joined by Carl Richell, founder and CEO of System76, for an in-depth look at what it takes to build an open source hardware company from the ground up. Carl’s journey, from launching Ubuntu laptops before Linux was mainstream to building open firmware, a desktop environment, and even their own factory, is one of the most hands-on stories in open source computing.

We begin with the early days of System76, where Carl shares what it was like to ship Linux hardware when driver support was shaky and installing an OS meant burning CDs. His focus on delivering a seamless out-of-box experience and supporting users directly helped System76 stand out in a time when Linux on laptops was far from a given.

From Gateway to Dongle: Lessons from My Home Assistant Overhaul

Sat, 07 Jun 2025 01:00:00 +0000

I’ve previously written about my experiences with Home Assistant here and here. This article follows up on those posts and describes my current setup.

Today, my stack includes Home Assistant (HA), Zigbee2MQTT (Z2M) and the Mosquitto MQTT server, all running in Docker with Docker Compose on a VM.

Here are some things I’ve learned, which would might save others time and effort.

The best UI is no UI

I wrote this in my first HA article years ago, but it still holds true: ideally, you never touch a button or, worse, the HA app. I only reach for a light switch or HA when something unusual happens. Everything else is driven by motion sensors or time-based automations.

The Systems Behind Managing High-Performing Remote Teams with Jon Seager

Wed, 04 Jun 2025 00:00:00 +0100

In this episode, I’m joined by Jon Seager, VP of Engineering at Canonical, for a deep dive into the systems and practices that make remote teams thrive. Jon’s experience scaling Canonical’s distributed engineering organization offers unique insights into what really works in remote leadership.

We start by exploring how Canonical structures its fully distributed engineering organization. What particularly caught my attention was Jon’s approach to measuring output rather than activity, and how this fundamental shift in perspective drives better results. His explanation of calendar ownership as a performance predictor reveals the subtle but crucial aspects of remote work culture.

Why Web3, Crypto, and Blockchain Still Struggle in the Real World

Thu, 22 May 2025 00:00:00 +0000

In this episode, I talk with Vlad Trifa, founder of Zimt and co-founder of EVRYTHNG (bought by Digimarc), about the challenges of applying Web3, crypto, and blockchain in real-world systems.

With a background in IoT, supply chain tracking, and digital product identity, Vlad shares practical lessons from working on blockchain projects outside of the lab. We discuss what often goes wrong when these technologies are used in enterprise environments, and where they might still be useful if done right.

Sonar Is Back: A Fresh Take on BLE Device Counting

Wed, 07 May 2025 12:00:00 +0000

I’m excited to share that I’ve just given Sonar—a FastAPI-based BLE device counter I built years ago—a full overhaul and relaunched it as an open-source project on GitHub: https://github.com/viktopia/sonar

Why Sonar?

When I first created Sonar, the goal was simple: track Bluetooth Low Energy devices nearby to estimate foot traffic in a space without specialized hardware. Over time, the codebase drifted, dependencies aged, and the project paused. Now, with modern Python tooling and container best practices, Sonar is leaner, easier to deploy, and more powerful than ever.

Inside the Yocto Project's Evolving Tooling: SBOMs, SPDX 3.0, and Secure Embedded Systems

Wed, 07 May 2025 00:00:00 +0000

In this deep-dive conversation, I sit down with Joshua Watt (Garmin) and Ross Burton (ARM) to explore how the Yocto Project is redefining how we build, secure, and maintain embedded Linux systems at scale.

Drawing on their years of experience contributing to Yocto’s technical steering and core infrastructure, Joshua and Ross walk through why build-time Software Bill of Materials (SBOMs) offer unmatched reliability, how SPDX 3.0 enables deeper license and supply chain visibility, and what it really takes to keep embedded products secure across decade-long lifecycles.

Startup Founder Lessons on Scaling Teams, Systems, and Culture with Kevin Henrikson

Wed, 23 Apr 2025 00:00:00 +0000

In this deep-dive conversation, I sit down with Kevin Henrikson to explore what it really takes to scale technical teams, ship faster, and survive the transition from startup chaos to operating at enterprise scale.

Drawing on his experience across Zimbra, Microsoft, and Instacart, Kevin shares lessons that most startup founders only learn the hard way. From being turned down for a coding role and later managing the team that rejected him, to leading engineering through acquisitions and hypergrowth, he breaks down how systems, structure, and culture evolve when a company goes from 10 people to 1500.

Saving My Wrists - A 20-Year Quest for the Perfect Keyboard Setup

Fri, 18 Apr 2025 00:52:44 +0000

I’ve been using split keyboards for about 20 years now, a journey sparked by the all-too-common wrist pain that plagues many a nerd hunched over a standard keyboard. This quest for ergonomic nirvana led me down a rabbit hole of different keyboards, culminating in my current mechanical setup, and even prompted me to switch my mouse to my left hand (more on that curious habit later). My first split keyboard was the Microsoft Natural Keyboard back in the late 90s.

Reimagining CI/CD and Engineering Culture at Scale with Vlad A. Ionescu

Fri, 11 Apr 2025 00:00:00 +0000

Update: Since this episode went live, Earthly announced that they ending their investment in the Earthly open source project. Efforts are being invested into having the community taking over the open source project.

In this deep-dive conversation, I sit down with Vlad Ionescu, founder and CEO of Earthly, to unpack the evolution of CI/CD, why developer experience is broken, and what it will take to bring sanity back to software delivery at scale.

A Decade and a Half of Remote Work

Mon, 07 Apr 2025 01:00:00 +0000

When I wrote A Decade of Remote Work back in 2019, I had no idea a global pandemic would soon thrust remote work into the spotlight, turning it from niche to necessity overnight. Now, as I mark 15 years of building and running remote teams, I find myself revisiting and refining many of the lessons from the past and adding new insights gathered from recent experiences. This article is for tech startup founders and remote leaders, sharing practical advice for navigating the challenges and opportunities of long-term remote work.

Migrating Git repositories from Phabricator or Phorge to GitHub

Wed, 02 Apr 2025 01:00:00 +0000

I recently helped a team migrate their Git repositories from Phabricator to GitHub. While Phabricator was a great tool that combined code reviews, task management, and repository hosting, its official deprecation in 2021 has left many teams looking for alternatives.

While moving directly from Phabricator to Phorge is often the simplest path (here’s a migration guide), some teams prefer to keep their project management in Phabricator/Phorge while leveraging GitHub’s CI/CD capabilities. Here’s how we handled the Git migration:

Europe's Battle for Tech Sovereignty: Why OpenStack Matters

Fri, 28 Mar 2025 00:00:00 +0000

In this timely conversation with Johan Christenson, founder of Cleura and board member of OpenInfra (overseeing Kata Containers and OpenStack), we dive into Europe’s growing urgency around digital sovereignty and what it will actually take to build a competitive, homegrown cloud ecosystem. Johan, a long-time advocate for open source infrastructure, pulls back the curtain on why progress has been so slow and where things can shift.

We kick off by looking at Europe’s deep dependence on U.S. cloud providers, and the real-world risks that come with it. From pricing power and data availability to political influence and tech autonomy, Johan explains how this imbalance affects everything from government policy to startup growth.

Physical Pen Testing Secrets: Covert Building Infiltration Explained

Fri, 14 Mar 2025 00:00:00 +0000

In this captivating conversation with Warren Houghton, we explore the secretive world of physical penetration testing. Warren, an experienced security professional, shares his expertise in testing and bypassing physical security measures that protect sensitive facilities and assets.

We begin by discussing the fundamentals of physical penetration testing and how it differs from digital security assessments. Warren explains his methodical approach to evaluating building security, from initial reconnaissance to execution, and how he documents vulnerabilities for clients to address.

Troubleshooting UniFi Camera Adoption on Old G3 Pro Cameras

Sat, 01 Mar 2025 20:24:00 +0000

I recently got a few affordable G3 Pro cameras to replace some less-than-stellar G4 Dome units I had in my setup. Once I hooked these cameras up to the network, they appeared in my UniFi Console (Dream Machine Pro) without issue. However, after clicking the “Adopt” button, they became stuck in “Restoring” mode for quite some time.

Eventually, I decided to look for solutions online and found a blog post detailing a similar problem. My own fix turned out to be simpler, and here is how I resolved the issue:

Balena, IoT Security, and the Future of Connected Devices

Fri, 28 Feb 2025 00:00:00 +0000

In this insightful conversation with Marc Pous from Balena, we explore the evolving landscape of IoT and connected devices. Marc, who has been deeply involved in the IoT space since 2007, brings a wealth of experience from his journey through academic research, entrepreneurship, and his current role at Balena, where he’s approaching his fifth anniversary.

We begin by discussing Balena’s core mission: enabling developers to manage fleets of IoT devices at scale. Marc explains how Balena helps companies handle everything from remote management to over-the-air updates for hundreds of thousands of devices. The platform’s unique approach focuses on Linux devices running Balena OS, which exclusively runs Docker containers, bringing modern DevOps practices to the embedded world.

Yocto, RockPi and SBOMs: Building Modern Embedded Linux Images

Fri, 21 Feb 2025 15:34:00 +0100

TLDR: I wanted to generate an up-to-date disk image for a Rock Pi 4 using Yocto that included CUPS and Docker to both get a better understanding of Yocto and test the new SBOM generation feature.

As with many single-board computers (SBCs) from China, the issue often isn’t the board itself but rather the software. RockPi from Radxa is no exception. If you go and download the latest disk images for this board, you will notice that they are all end-of-life (EoL). However, these boards are still great and work very well for many applications. This should be top of mind if you are building a product that uses any of these devices.

Dustin Kirkland on Chainguard, Zero-CVE Containers, and Supply Chain Security

Fri, 14 Feb 2025 00:00:00 +0000

In this engaging conversation with Dustin Kirkland, we explored the fascinating world of container security and supply chain integrity through the lens of Chainguard’s innovative approach. Dustin, with his extensive background spanning IBM, Canonical, Google, and now Chainguard, brings a wealth of experience in open source, security, and enterprise software development.

We began by discussing Chainguard’s unique position in the container security landscape. Unlike traditional Linux distributions, Chainguard takes a different approach by focusing on building and maintaining “zero-CVE” containers - container images that are continuously updated to eliminate known vulnerabilities. This involves an impressive automated pipeline that can detect and patch vulnerabilities within hours of upstream fixes becoming available.

Pentesting 101: Hacking Legally with Warren Houghton

Fri, 31 Jan 2025 00:00:00 +0000

In my conversation with Warren Houghton, I gained a thorough understanding of penetration testing from both a strategic and technical standpoint. We started with the scoping process, which sets the stage for any successful test. I learned that having a clear agreement about what systems, applications, and IP addresses can be targeted is not just a legal safeguard; it also helps avoid accidentally bringing down critical services. Warren highlighted how testers confirm authorization by collecting signed documents, which eliminates any risk of unauthorized hacking activities.

How I Use Home Assistant in 2025

Wed, 22 Jan 2025 01:00:00 +0100

I’ve been using Home Assistant for about seven years now, starting back when I was living in a small apartment. At the time, my setup was modest: I used the IKEA Smart Hub (when it first launched) to tie together all my apartment’s lights. As I got more comfortable with automations, I also began building custom hardware like temperature and humidity sensors.

However, once I started adding more complexity (more devices, more automations), I realized that running Home Assistant on a Raspberry Pi just wasn’t viable anymore. This was before Home Assistant offered their own hardware (which I haven’t tried, so I can’t say much about it). But for me, the main issue was the database. By default, Home Assistant uses SQLite, and when you have a ton of sensor data flowing in, SQLite can start choking.

A deep dive into the SBOM format SPDX

Fri, 17 Jan 2025 00:00:00 +0100

In this episode, I speak with Kate Stewart from the Linux Foundation and Gary O’Neall, a long-time SPDX contributor, about the evolution of SPDX and its role in software transparency. We discuss how SPDX started as a tool for tracking open-source license compliance and continues to address broader needs in security and vulnerability management.

Kate and Gary walked through the technical challenges teams face when generating accurate SBOMs, including handling circular dependencies and dealing with uncertainty in software components. They shared practical examples from their work with various organizations and explained how these challenges influenced the development of SPDX tools and specifications.

Using Google Forms for Waitlists and Launches

Tue, 14 Jan 2025 12:00:00 +0100

Over the last decade, I’ve spun up quite a few landing pages to gauge interest for upcoming products and features. Back in the day, there were platforms like Launchrock that made it simple to collect email addresses and maintain a waitlist. While Launchrock (and later Typeform, etc.) provided decent user experiences at the time, the end goal was always the same: collect user data into a spreadsheet (or CRM).

Nowadays, I still want the same functionality (i.e., capturing emails and other user info), but I want it to look native on my site. Embedding a big Google Form or Typeform often looks clunky because it’s just an iframe that’s visually out of sync with the rest of the site.

All things ZFS and FreeBSD with Allan Jude

Mon, 02 Dec 2024 00:00:00 +0100

In this episode, I’m joined by Allan Jude, a distinguished FreeBSD developer and ZFS expert, to explore the fascinating world of advanced storage systems and operating system architecture. Allan’s extensive contributions to both FreeBSD and ZFS offer unique insights into how these technologies shape modern infrastructure.

We start with ZFS’s architectural foundations. What particularly caught my attention was Allan’s explanation of how copy-on-write mechanisms transform data integrity and storage management. His breakdown of ZFS’s self-healing capabilities and data verification approaches reveals why it remains crucial for enterprise storage solutions.

From Passwords to Passkeys: Exploring the Future of Authentication with Massi Gori

Mon, 04 Nov 2024 00:00:00 +0100

Today I’m joined by Massi Gori for a deep dive into modern authentication systems. Having worked extensively with these technologies, I was particularly excited to get Massi’s insights on where we’re heading with authentication and access control.

We start by exploring the evolution from traditional passwords to passkeys. Massi breaks down the technical aspects of FIDO2, but what I found most valuable was his practical experience implementing these systems in enterprise environments. We discuss the real challenges organizations face when transitioning to modern authentication methods, and how to overcome them.

Hacking airplanes, ships and IoT devices with Ken Munro

Mon, 04 Nov 2024 00:00:00 +0100

In this episode, I’m joined by Ken Munro for an eye-opening discussion about security vulnerabilities in transportation and IoT systems. Ken’s work in penetration testing has revealed some seriously concerning issues in systems we rely on daily, and I was eager to dig into the details.

We start by exploring GPS systems - not just the US Global Positioning System that most people know, but the whole family of satellite-based navigation systems. Ken walks me through some shocking vulnerabilities he’s discovered, particularly in maritime systems. What really caught my attention was his demonstration of how relatively easy it is to compromise these critical systems.

SBOMs, CycloneDX, and Software Security with Steve Springett

Mon, 21 Oct 2024 00:00:00 +0100

Today I’m diving into the world of Software Bill of Materials (SBOMs) with Steve Springett, one of the core working group stewards behind CycloneDX. Steve’s work on standardizing how we communicate about software components is reshaping security practices across the industry.

We start by exploring what makes CycloneDX different from other SBOM standards. Steve explains their pragmatic approach to design, focusing on automation and real-world usability. What really caught my attention was how they’re tackling the challenge of dependency tracking and software supply chain security - issues I’ve wrestled with myself in various projects.

RFID Hacking with Iceman: Exploring RFID Security

Sun, 22 Sep 2024 00:00:00 +0100

In this episode, I’m joined by Iceman, a renowned expert in RFID and NFC hacking, to explore the fascinating world of RF security. Iceman’s extensive contributions to the Proxmark platform, particularly through his “Iceman Fork,” offer unique insights into the capabilities and vulnerabilities of RFID systems.

We start with Iceman’s journey in RF hacking and his early work with Proxmark. What particularly caught my attention was his explanation of how the platform has evolved, extending its capabilities to support a wider range of RFID tags and protocols. His commitment to open-source development and knowledge sharing reveals the collaborative nature of the RF hacking community.

Uncovering Firmware Security: A Deep Dive with Binarly's Philipp Deppenwiese

Sun, 22 Sep 2024 00:00:00 +0100

Today I’m joined by Philipp Deppenwiese from Binarly for a deep technical dive into firmware security. If you’ve been following the security space, you might know Binarly for their impressive work uncovering BIOS vulnerabilities like PixieFail and LogoFail.

We start by exploring attestation - a crucial yet often overlooked aspect of secure computing. Philipp breaks down how it differs from traditional secure boot mechanisms, particularly when it comes to verifying what code is actually running on a system. What I found particularly interesting was his explanation of how TPMs can facilitate attestation, creating an unbreakable chain of trust from boot to runtime.

Unpacking Docker's Journey: Justin Cormack, on DevOps, Containerization, and the Future of Wasm

Mon, 09 Sep 2024 00:00:00 +0100

I’m excited to share my conversation with Justin Cormack, Docker’s CTO. Justin has been at the heart of Docker’s evolution, and today we dig into both the technical and strategic decisions that have shaped containerization as we know it.

We kick off by exploring Justin’s early days with Docker, which sets up a fascinating discussion about how Docker has transformed application deployment. The whole “containers vs VMs” debate comes up, and Justin explains why this comparison misses the point - it’s really about making application packaging and deployment more accessible to developers.

Exploring the Future of AI: Luke Marsden Unveils Helix and the Open Source Revolution

Mon, 26 Aug 2024 00:00:00 +0100

In this episode, I’m joined by Luke Marsden to explore the practical side of AI deployment and his work on Helix. Luke brings deep expertise in making AI accessible and secure for businesses, and I was particularly interested in his approach to open-source AI solutions.

We start with a clear breakdown of large language models (LLMs), with Luke explaining their core concepts in practical terms. What really caught my attention was his perspective on the evolution from research curiosity to practical business tool, especially following ChatGPT’s impact on the industry.

Daniel Stenberg on Curl's Journey: From C64 Demos to Internet Transfers

Mon, 29 Jul 2024 00:00:00 +0100

In this episode, I’m joined by Daniel Stenberg, the creator of Curl, for a fascinating journey through open-source development. Daniel’s path from the Commodore 64 demo scene to building one of the most widely-used tools in software development offers unique insights into both technical evolution and community building.

We begin with Daniel’s early days programming on the C64 and Amiga, where he cut his teeth in the demo scene. What really caught my attention was how these experiences shaped his approach to programming and eventually led to Curl’s development at IBM. His journey from hobby coder to maintaining critical internet infrastructure is both inspiring and instructive.

Unveiling SBOMs: Insights from Allan Friedman of CISA

Mon, 29 Jul 2024 00:00:00 +0100

In this episode, I’m joined by Allan Friedman from CISA for an in-depth exploration of Software Bill of Materials (SBOMs). Allan brings unique insights from his work at CISA, where he’s been instrumental in shaping how we approach software supply chain security.

We begin by discussing CISA’s role in cybersecurity, with Allan explaining their mission of “defending today and securing tomorrow.” What particularly interests me is how they balance immediate threat response with building more secure infrastructure for the future. Allan’s explanation of CISA’s international partnerships and their collaboration with other US government agencies provides valuable context for understanding the broader security landscape.

Past, Present, and Future of Computing with Bryan Cantrill, CTO of Oxide Computer Company

Mon, 15 Jul 2024 00:00:00 +0100

In this episode, I’m joined by Bryan Cantrill, CTO and co-founder of Oxide Computer Company, for a deep dive into the evolution of computing technology. Bryan’s journey from developing DTrace to reimagining cloud infrastructure offers fascinating insights into where our industry has been and where it’s heading.

We start with Bryan’s groundbreaking work on DTrace at Sun Microsystems. What really caught my attention was his frustration with system observability limitations and how it drove him to develop a solution that could instrument running systems without modifying them. This approach to problem-solving - focusing on observation rather than modification - has influenced system design ever since.

Unlocking Firmware Secrets with Christian Walter: BIOS Vulnerabilities & Security Insights

Mon, 01 Jul 2024 00:00:00 +0100

In this episode, I’m joined by Christian Walter from 9Elements for a deep dive into firmware security. As the leader of their firmware development department and a key figure in the Open Source Firmware Foundation, Christian brings unique insights into the challenges and innovations in firmware security.

We begin by exploring recent high-profile vulnerabilities like LogoFail and PixiFail. What particularly caught my attention was Christian’s technical breakdown of these issues and their broader implications for system security. His explanation of how these vulnerabilities work reveals the complex challenges we face in securing firmware.

Nerding Out with Viktor is now available as audio-only, a.k.a Turning my video podcast into an audio podcast

Thu, 27 Jun 2024 01:00:00 +0100

In my previous article, Launching a Video Podcast in 2024: My Journey and Lessons Learned, I shared my experience of starting a podcast. Since then, I came across some intriguing research revealing that 43% of podcast listeners prefer audio-only formats. This got me thinking—by offering my podcast solely as a video feed, I might have been missing out on a significant audience. Given that I had already developed my own podcast RSS generator, this presented a perfect chance to nerd out a bit.

Launching a Video Podcast in 2024: My Journey and Lessons Learned

Thu, 20 Jun 2024 01:00:00 +0100

Update: Check out my blog post All Roads Lead to DSLRs

This blog post is inspired by the new wave of “Build in the Open” movement, where I want to share my experience and data.

In 2023, I embarked on a new adventure: launching a podcast. The idea was simple yet exciting — bring friends and experts to discuss topics they’re passionate about, building my personal brand and promoting Screenly and Viktopia Studio along the way.

Exploring the Depths of Linux and Open Source Innovation with Mark Shuttleworth

Mon, 17 Jun 2024 00:00:00 +0100

In this episode, I’m joined by Mark Shuttleworth for a wide-ranging discussion about Linux, open source, and the future of computing. Mark’s journey from founding a certificate authority in South Africa to becoming the second private space tourist before creating Ubuntu offers a unique perspective on technology and innovation.

We begin with Mark’s early days in technology, exploring how his combined interest in science and business led to starting a CA company that caught Netscape’s attention. What particularly fascinated me was his transition from the business world to space exploration, including his intensive training in Russia. These diverse experiences clearly influenced his approach to technology and open source.

Transforming Tech with Eben Upton: Exploring Raspberry Pi's Global Impact

Mon, 03 Jun 2024 00:00:00 +0100

In this episode, I’m joined by Eben Upton, the founder of Raspberry Pi Foundation, for a fascinating discussion about affordable computing and its impact on education and industry. Eben’s journey from observing declining computer science applications at Cambridge to creating a global computing phenomenon offers unique insights into how simple ideas can transform technology education.

We start with Eben’s early computing experiences in the 1980s, which shaped his vision for Raspberry Pi. What particularly struck me was the story of the Pi’s launch in 2012, selling an incredible 100,000 units on day one. This success story takes an interesting turn as we explore how Pi expanded beyond education into industrial applications, including my own experience with Screenly using Pi for digital signage.

Secure your Tailscale infra further with Mutual TLS (mTLS)

Wed, 29 May 2024 01:00:00 +0100

A while back, I wrote about how I’m using Tailscale to secure my local service, thanks to Tailscale’s built-in certificates. This greatly improved the security of my local environment. Combined with the rather sophisticated ACL policies, you can lock things down pretty well.

That gets you pretty far, but I wanted to secure some services that didn’t offer any real authentication (like Gollum), which I use for notes.

This got me thinking about Mutual TLS (mTLS), which we use pretty heavily at Screenly. Would it be possible to use the certificates from Tailscale for mTLS? As it turns out, yes!

Demystifying eBPF with Liz Rice: A Deep Dive into Kernel Programming and Security

Mon, 20 May 2024 00:00:00 +0100

In this episode, I’m joined by Liz Rice, a security expert and open-source advocate, for a deep dive into the fascinating world of eBPF. Liz’s expertise in kernel programming and security offers unique insights into how this technology is reshaping modern infrastructure.

We start by breaking down what eBPF actually is - dynamic programming of the Linux kernel to alter its behavior. What particularly caught my attention was how this technology has evolved far beyond its original purpose of packet filtering. Liz shares her introduction to eBPF through Thomas Graf’s presentation on Cilium at DockerCon 2017, while I highlight Brendan Gregg’s groundbreaking work at Netflix using eBPF for network diagnostics.

Discover Email Providers Effortlessly with Email Service Checker

Thu, 16 May 2024 01:00:00 +0100

A decade ago, I created “Are They Using Google Apps” to address a simple yet crucial need: determining whether a remote party was using Google Apps (now Google Workspace) to decide if I should send them a Hangout invite for a meeting (or something else). Fast forward to today, and I am thrilled to introduce a revitalized and enhanced version of this concept – Email Service Checker.

Email Service Checker takes the original idea a step further by providing a comprehensive tool that allows you to determine the email service provider a domain or email address is using. This tool is perfect for sales teams and professionals who need to understand the email stack of their prospects for more targeted and effective outreach.

Revolutionizing Firmware Updates in Linux: A Deep Dive with Experts

Mon, 06 May 2024 00:00:00 +0100

In this episode, I’m joined by Richard Hughes from Red Hat and Mario Limonciello from AMD to explore the fascinating world of firmware updates in Linux. Their work on the Firmware Update Project has fundamentally changed how we handle firmware updates in the Linux ecosystem.

We start with Richard sharing the origin story of fwupd, which began with his work on Colorhug, a free software color sensor. What particularly caught my attention was how this seemingly simple project revealed the broader need for standardized firmware updates in Linux. Mario then adds his perspective from Dell, where they were trying to match Windows Update’s capabilities for Linux users.

My Home Server Journey - From Raspberry Pi to Ryzen

Sat, 04 May 2024 01:00:00 +0100

Introduction

Back when I was living in a snug studio flat in London, I began my home server adventure with a Raspberry Pi 3. This move to a settled lifestyle came after years of living as a digital nomad, during which I had fully minimized my personal belongings to adapt to a constantly mobile life. The shift to a more permanent base in London marked a new chapter where I could explore more stationary tech projects like setting up a home server.

Mastering OpenSSF Scorecards & SBOMs with Chris Swan

Mon, 22 Apr 2024 00:00:00 +0100

In this episode, I’m joined by Chris Swan from Atsign to explore the evolving landscape of open-source security. Chris’s experience with end-to-end encrypted connections and his work with the Open Source Security Foundation (OpenSSF) offers unique insights into how we can better secure our software supply chains.

We start with a deep dive into Scorecards, an OpenSSF project that helps organizations demonstrate their security practices. What particularly caught my attention was how Atsign has used Scorecards to address customer security concerns, especially for their open-source repositories. Chris’s explanation of how Scorecards evaluate everything from dependency management to CI/CD practices reveals the practical impact of these tools on everyday development.

The Future of Personal AI and Privacy: A Deep Dive with Kin Co-Founder Simon Westh Henriksen

Mon, 08 Apr 2024 00:00:00 +0100

In this episode, I’m joined by Simon Westh Henriksen, co-founder of Kin (formerly Hyphen), to explore the fascinating intersection of AI and privacy. Simon’s journey from software engineer to Web3 innovator offers unique insights into how we can build AI systems that respect user privacy while remaining highly functional.

We start with Simon’s path to founding Kin, which took an interesting turn during the COVID-19 pandemic when he dove deep into Web3. What particularly caught my attention was his vision for a privacy-first personal AI assistant. Simon’s explanation of how they handle data locally on devices while maintaining AI functionality reveals the practical challenges of balancing convenience with security.

Introducing sbomify - The Future of SBOM Management

Fri, 05 Apr 2024 01:00:00 +0100

I’m excited to share with you something that has been in the works for some time - sbomify, my latest venture aimed at transforming how Software Bill of Materials (SBOMs) are managed, shared, and worked on. As we navigate through the complexities of modern software development, the need for maintaining stringent security and compliance has never been more apparent. It’s this challenge that spurred me to create sbomify, a platform that simplifies SBOM management in a way that’s not just efficient, but also fosters greater transparency and collaboration among everyone involved.

On UniFi Captive Portals

Wed, 27 Mar 2024 01:00:00 +0100

What are captive portals?

Lately, I’ve been doing some digging into captive portals - you know, these things that pop up when you try to connect to the WiFi at a coffee shop or hotel. In essence, they are very simple:

You load a web page that usually requires you to tick a box or enter your email.
If the system is satisfied with the input above, you are sent to a page that returns HTTP status 200 (and usually a success message in the body), which tells the system that you’re online.

Now, I’m a massive UniFi fan. Over the years, I’ve migrated most of my networks over to UniFi equipment with Dream Machine Pros as the firewall. It’s a great turn-key solution that largely just works. Prior to this, I usually relied on either a pfSense (and later OPNsense), but frankly, the UDM is just a great device that integrates seamlessly with all other UniFi hardware. That means provisioning a whole network is done in a few clicks.

coreboot Uncovered: BIOS Security and Vulnerabilities with Matt DeVillier and David Hendricks

Mon, 25 Mar 2024 00:00:00 +0100

In this episode, I’m joined by Matt DeVillier (Mr. Chromebox) and David Hendricks to explore the fascinating world of coreboot. Their combined experience from companies like AMD, Facebook, Google, and Amazon offers unique insights into how this open-source BIOS technology is transforming firmware development.

We start with Matt’s journey from hardware enthusiast to coreboot expert, and David’s early work with project founder Ron Minnich. What particularly caught my attention was the contrast between coreboot and U-Boot, especially in how they’re used in Chromebooks and servers. Their explanations of Secure Boot, verified boot, and UEFI Secure Boot reveal the critical role BIOS plays in system security.

Boostrapping Chronicles - Chapter 2

Sun, 24 Mar 2024 01:00:00 +0100

In 2011, when Apple launched the Mac App Store, it opened doors for developers. Around the same time, our project, YippieMove, had plateaued because Google released its own email migration tools, taking away a lot of our customers.

Seeing the Mac App Store as a big opportunity, we decided to jump in and create something unique for its launch.

That’s how we came up with Blotter. It was a simple yet smart idea: a calendar that sits right on your desktop wallpaper, always visible but never in the way. It combined functionality with sleek design, but pulled all data from the native macOS applications (Calendar and Reminders), to avoid having to re-invent the wheel.

Boostrapping Chronicles - Chapter 1

Fri, 22 Mar 2024 01:00:00 +0100

Preface: Why Bootstrap?

I’ve written a few short articles about my experience bootstrapping businesses. I’ve both bootstrapped and raised money (both sides of the pond). These are my learnings (with context) and hopefully, they are helpful for others.

The first question one might ask is when should you bootstrap. In my experience, it makes sense for low-to-mid complexity products (or if you have deep pockets). There are no doubt products and services that you cannot bootstrap, such as deep tech with a slow time to market, training AI models that will run you millions of dollars in compute resources, or where you aggressively need to pay for market share to corner a market.

The Future of 5G and 4G: A Deep Dive with Guillaume Bélanger

Mon, 11 Mar 2024 00:00:00 +0100

In this episode, I’m joined by Guillaume Bélanger from Canonical to explore the fascinating world of telecom innovation. Guillaume’s extensive experience in the sector offers unique insights into how open source is revolutionizing the industry.

We start by diving into groundbreaking projects like Magma and SD-Core that are reshaping private network management. What particularly caught my attention was Guillaume’s explanation of how these initiatives are transforming traditional network infrastructure. His breakdown of e-SIM technology and its potential to revolutionize device connectivity reveals just how much the landscape is changing.

A Global Mission to Connect: Unveiling Giga's Journey with Chris Fabian

Mon, 26 Feb 2024 00:00:00 +0100

In this episode, I’m joined by Chris Fabian, co-founder of Giga, to explore the ambitious goal of connecting every school in the world to the internet. Chris’s journey from setting up ISPs in East Africa to driving innovation at UNICEF offers unique insights into the challenges of global connectivity.

We start with Giga’s innovative approach to mapping schools using open-source machine learning and satellite imagery. What particularly caught my attention was how this method has revealed significant gaps in government data, with Giga having mapped an impressive 2.1 million schools so far. Chris’s explanation of their data collection methods, combining government data with software probes in schools, shows the complexity of tracking real connectivity.

Exploring the C2PA Standard with Dom Guinard from Digimarc

Tue, 13 Feb 2024 00:00:00 +0100

In this episode, I’m joined by Dom Guinard from Digimarc to explore the fascinating world of digital content standards. Dom’s extensive experience in IoT and digital standards offers unique insights into how we can protect and authenticate content in an increasingly AI-driven world.

We start with a deep dive into the C2PA (Coalition for Content Provenance and Authenticity) standard. What particularly caught my attention was how this technology combines metadata, watermarking, and hardware integration to establish content trustworthiness. Dom’s explanation of how these elements work together reveals the complexity of ensuring digital authenticity.

Nerding out about Nix and NixOS with Jon Seager

Mon, 29 Jan 2024 14:00:00 +0100

In this episode, I’m joined by Jon Seager, VP of Enterprise Engineering at Canonical, to explore the fascinating world of Nix. Jon’s experience with automation tools like JuJu and charms offers unique insights into how Nix is transforming software development and system management.

We start with the dual nature of Nix as both a functional programming language and a package manager. What particularly caught my attention was Nix’s ability to create truly reproducible systems - a feature that sets it apart in the software development landscape. Jon’s explanation of how NixOS combines the Nix package manager with its module system reveals the elegant simplicity of immutable system configuration.

Nerding out about Prometheus and Observability with Julius Volz

Mon, 15 Jan 2024 00:00:00 +0000

In this episode, I’m joined by Julius Volz, co-founder of Prometheus and founder of PromLabs, to explore the fascinating world of systems monitoring and observability. Julius’s journey from working on Borgmon at Google to co-creating Prometheus offers unique insights into how modern monitoring systems evolved.

We start with the technical foundations of Prometheus. What particularly caught my attention was Julius’s explanation of their dimensional data model and how it revolutionized metrics-based monitoring. His breakdown of common pitfalls, especially around metric design and “cardinality bombs,” provides invaluable guidance for anyone implementing Prometheus.

Launching 'Nerding Out with Viktor' - A New Tech Podcast (and the Innovative Podcast RSS Generator)

Tue, 02 Jan 2024 01:00:00 +0100

Hello folks, Viktor here! I’m thrilled to bring two exciting updates to you all today.

First, let’s talk about my new project, “Nerding Out with Viktor,” a video podcast where I dive into riveting tech discussions with experts from various fields. The first episode features a deep dive into Cloud Native security with Andrew Martin from ControlPlane. We cover a range of topics, including ethical hacking and cybersecurity strategies. It’s a real treat for anyone keen on tech and security. You can catch the podcast on platforms like Apple Podcasts, Spotify, and YouTube. Make sure to subscribe and join in on the conversation!

Nerding out about Security with Andrew Martin

Mon, 01 Jan 2024 00:00:00 +0000

In this inaugural episode, I’m joined by Andy Martin from ControlPlane to explore the fascinating world of Cloud Native security. Andy’s extensive experience in regulated industries like finance and government offers unique insights into modern security challenges.

We start by revisiting our “Internet of Shit” conference talk, which sets the stage for a deeper discussion about current security concerns. What particularly caught my attention was Andy’s perspective on penetration testing and its role in both digital and physical security assessments. His breakdown of social engineering attacks reveals just how sophisticated modern security threats have become.

Enough is Enough - Killing the Annoying macOS Word Definition Pop-Up Once and For All

Wed, 06 Dec 2023 13:00:00 +0100

Ever been deep in your workflow on your Mac, meticulously selecting text in Apple Mail or iTerm, only to be ambushed by some random word definition pop-up? Yeah, me too. And frankly, it’s been driving me up the wall. It’s like playing Whac-A-Mole with dictionary entries you never asked for – the same annoyance as right-clicking a word and accidentally hitting “Look Up”.

I scoured forums and guides for ages, trying to find a way to kill this feature. It felt like a quest without a map, because, let’s face it, who knows where to look for such obscure settings?

Securing and exposing local services with Tailscale and Nginx

Fri, 23 Dec 2022 13:00:00 +0100

Securing and encrypting communication on local network devices is a hard problem. Plenty of people tried, including myself in our now sunsetted company WoTT. The root of the problem is a combination of DNS and routing to local IPs, which means you can’t use automated certificate issuers, like Let’s Encrypt. The solution, it seems, comes from an unexpected source: the VPN/Wireguard service provider Tailscale.

I’ve been a fan of ZeroTier for some time and use it both personally and professionally to access nodes behind firewalls. Recently, I kept hearing from more and more people how much they love Tailscale. After hearing @jnsgruk’s glowing reviews of Tailscale at Ubuntu Developer Summit, I decided to give it a try.

Wordpress, 'The response is not a valid JSON response' and Cloudflare

Thu, 29 Sep 2022 13:00:00 +0100

In the last 24 hours, I’ve spent an embarrassing amount of time trying to debug a simple WordPress installation. When saving any changes, I received The response is not a valid JSON response. In addition, I also received weird symptoms I received was:

Getting 404s on requests to /wp-json
- Presumably the root cause for The response is not a valid JSON response
Strange redirect loops with the header x-redirect-by: WordPress
- Clearly a redirect originating from with in WordPress rather than Apache or Cloudflare

After spending a long time researching this, I discovered about a hundred useless answers to why people received this. In retrospect, one of the common replies was that it was related to SSL. However, in my case SSL worked just fine, so that didn’t make a lot of sense. Except that it was right on the money, in a convoluted way.

How to grant SSH access to a 'regular' user on OPNsense

Wed, 17 Nov 2021 13:00:00 +0100

I was working on trying to grant a ‘regular’ user SSH access in OPNsense last night. After banging my head against the wall for some time (partially because the official documentation is outdated), I was able to figure it out.

(Do however note that this is different than how you grant a user SSH access in pfSense, where the steps do align with the outdated documentation.)

Here’s how you do it:

Go to System -> Access -> Groups
- Create a new group called ‘remote_access’
Go to System -> Access -> Users
- Create a new user with a valid shell (i.e. not nologin), and make sure to add a valid SSH key and to add the user to the group ‘remote_access’
Go to System -> Administration and navigate to the ‘Secure Shell’ Section.
- Under ‘Login Group’, select ‘wheel,remote_access’

This of course assumes that you have SSH already enabled and remotely accessible. However, assuming this is true, you should now be able to login using the newly created user.

Solving 'dpkg-divert error unable to change ownership of target file' on Raspberry Pi

Fri, 07 May 2021 13:00:00 +0100

I’ve run into the following error myself a number of time in recent time, and just wanted to document the solution for this in case other people run into it too:

Here’s the problem:

You are trying to upgrade your Raspberry Pi to the latest version
When you upgrade the kernel, it chokes with an error like this:

> $ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
5 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up raspberrypi-kernel (1.20210430-1) ...
Removing 'diversion of /boot/kernel.img to /usr/share/rpikernelhack/kernel.img by rpikernelhack'
dpkg-divert: error: unable to change ownership of target file '/boot/kernel.img.dpkg-divert.tmp': Operation not permitted
dpkg: error processing package raspberrypi-kernel (--configure):
 installed raspberrypi-kernel package post-installation script subprocess returned error exit status 2
Setting up raspberrypi-bootloader (1.20210430-1) ...
Removing 'diversion of /boot/start.elf to /usr/share/rpikernelhack/start.elf by rpikernelhack'
dpkg-divert: error: unable to change ownership of target file '/boot/start.elf.dpkg-divert.tmp': Operation not permitted
dpkg: error processing package raspberrypi-bootloader (--configure):
 installed raspberrypi-bootloader package post-installation script subprocess returned error exit status 2
dpkg: dependency problems prevent configuration of libraspberrypi0:
 libraspberrypi0 depends on raspberrypi-bootloader (= 1.20210430-1); however:
 Package raspberrypi-bootloader is not configured yet.

dpkg: error processing package libraspberrypi0 (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of libraspberrypi-bin:
 libraspberrypi-bin depends on libraspberrypi0 (= 1.20210430-1); however:
 Package libraspberrypi0 is not configured yet.

dpkg: error processing package libraspberrypi-bin (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of libraspberrypi-dev:
 libraspberrypi-dev depends on libraspberrypi0 (= 1.20210430-1); however:
 Package libraspberrypi0 is not configured yet.

dpkg: error processing package libraspberrypi-dev (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 raspberrypi-kernel
 raspberrypi-bootloader
 libraspberrypi0
 libraspberrypi-bin
 libraspberrypi-dev
E: Sub-process /usr/bin/dpkg returned an error code (1)

After wasting far too much time trying to debug this, I found that there was an easy solution: simply remount /boot.

Solving NUC USB boot issue with PXE boot

Fri, 27 Nov 2020 13:00:00 +0100

I recently wanted to reinstall my trusty old Linux workstation with Debian 10. I imagined this would be a straight-forward thing to do. Just download the ISO and flash it out to a USB stick and be off to the races.

Well. It wasn’t.

As it turns out, some NUCs do not like modern USB sticks. After trying two or three different USB sticks I had laying around, none of them were picked up by the system (neither as booting devices or for flashing the BIOS). Since I bought a few “good” USB sticks last year, I gave away or threw away the “crap” ones…the ones that the NUC would have accepted.

Databat is back!

Thu, 04 Jun 2020 13:00:00 +0100

A few years ago, I created a people tracker called Sonar and open sourced it. The goal of the project was to monitor foot traffic in retail environments. After deploying it and more or less forgetting about it for almost two years, I was reminded about it last month and decided to resurrect it. The good news is that the device that I deployed in a retail environment as a test was still ticking along just fine.

Achieving success with Home Assistant, Flux and sensors

Mon, 25 May 2020 13:00:00 +0100

My philosophy for home automation from the start has been that the best UI is no UI, meaning that I just want things to work automagically. I don’t want to fiddle buttons or software on a day-to-day basis. Sensors and automations should do most of the work.

In addition to automation, I wanted f.lux/Flux/Night Shift for my lights, meaning that the lights should follow my circadian rhythm and change color over the course of the day to mimic the sun.

Restoring access to PosgreSQL after Helm upgrade

Fri, 22 May 2020 13:00:00 +0100

If you’ve used PostgreSQL in Kubernetes with Helm, chance are you’ve locked yourself out after performing an upgrade. The reason for this is that if you do not specify a password explicitly using postgresqlPassword, Helm will rotate this password for you when you run helm upgrade. Not ideal. This has happened to me a few times over the years.

To restore access, you need to to jump in to your PostgreSQL container (kubectl exec -ti your-postgres-container -n your-namespace bash) and temporarily alter the authentication. This of course is not ideal, so we want to move as swiftly as possible.

VMWare Fusion error - cannot open /dev/vmmon

Sun, 08 Dec 2019 13:00:00 +0100

This weekend I needed to use Fusion for the first time since I upgraded to macOS Mojave. Having run Fusion 8 for many years and being happy with it, I was somewhat annoyed with needing to upgrade to Fusion 11. At least that appeared to be the consensus on the interwebs. In retrospect, I’m not 100% sure. That said, I’ve received great value from Fusion, and I don’t mind paying money for good software.

Interview with John Agosta from Canonical/Ubuntu on working remotely

Tue, 26 Nov 2019 08:00:00 +0100

In this interview on remote work, I’m speaking to John Agosta from Canonical (the company behind Ubuntu). As a long-time Canonical team member, John and my paths have crossed multiple times over the years, starting when I was at a cloud company, and he was at the server division at Canonical, to more recently when he moved to the Ubuntu Core (formerly known as Snappy) side, as I was building out Screenly where John now is the Program Manager.

Building a Pwnagotchi for WiFi penetration testing (with a PaPiRus Zero display)

Thu, 21 Nov 2019 13:00:00 +0100

Security has been an interest for me for a long time. This is why Pwnagotchi piqued my interest. Using cheap hardware, you can create your own lightweight WiFi (and Bluetooth) sniffing device. Thanks to a known vulnerability in the WPA/WPA2 protocol, the Pwnagotchi can capture the handshake, which we can then use to crack the passphrase (more on that later).

My personal interest in this was largely to test my own OpSec to ensure my own WiFi wasn’t vulnerable to simple attacks like this. Fortunately, it wasn’t.

Home Assistant, ESPHome and JZK ESP-32S

Sat, 16 Nov 2019 13:00:00 +0100

Long story short, I’ve pimped out my apartment with a lot of Ikea Smart products, such that I can control (and automate) everything from Home Assistant. While I admittedly have a love-hate relationship with Home Assistant, it is generally speaking a pretty impressive software.

One thing I’ve been meaning to do for some time is to log the temperature in various rooms. Since I didn’t want to put a Raspberry Pi in every room, I opted for an ESP32 with a DH22 sensor. While I initially planned to write a simple web server or MQTT client to export the data, I was lucky to run across ESPHome, which does all of this out of the box. Moreover, it also integrates seamlessly with Home Assistant.

Install Ubuntu Core 18/22 on Proxmox

Thu, 03 Oct 2019 13:00:00 +0100

Today I was trying to get Ubuntu Core 18/22 working on Proxmox. Given that it is a KVM based tool, it’s fairly straight-forward, but took me a bit of time go get working (thus this write-up).

There are good installation instruction for how to install Ubuntu Core on KVM, but I needed to do a little bit of work got it running on Proxmox.

Before we begin, go ahead and create a VM in Proxmox’s interface. Make sure to do the following selections:

Interview with Rimas Mocevicius from JFrog on working remotely

Fri, 20 Sep 2019 08:00:00 +0100

First out in this interview series, we have Rimas Mocevicius. Rimas is someone that I got to know from the London Kubernetes scene some time ago. He worked on Deis (before it got acquired by Microsoft) and is the co-creator of the popular Kubernetes packaging tool Helm. These days, Rimas works at JFrog and on their various Kubernetes tooling.

In this series, I am intending to interview people who work remotely about their habits and what they have learned over the years both about themselves and about what works and what doesn’t work in remote teams. I aspire to both interview individual contributors, as well as team leaders.

What are the best productivity hacks?

Wed, 17 Jul 2019 08:00:00 +0100

People love talking about productivity hacks (a.k.a. productivity porn). The “hacks” usually range from the latest tools (todo-lists, email clients) to workflow improvements.

As someone who have paid attention to this for the last decade, and spent far too much time experimenting with these “hacks.” Today, I can say one thing with confidence: Unless you get the basics right, these hacks won’t matter. They might marginally improve your productivity, but they won’t get you the productivity boost you’re looking for.

So you want to build a remote company?

Sun, 14 Jul 2019 14:00:00 +0100

Little did I know when I wrote A Decade of Remote Work that it would completely blow up. After being featured on Hacker News, the article to this day keeps driving a significant amount of traffic from all kind of sources (including Twitter).

Since the article, I’ve started a series of articles on remote work. In this article, I will explore the topic of creating a remote company. I briefly touched on this topic in the initial article, but in this article, I will explore this in greater detail and include things like how to setup a company, to how to hire and what tools I personally I find necessary to get off the ground (including the reasons for these tools).

Remote Work is Deep Work

Mon, 24 Jun 2019 14:00:00 +0100

Over the last few years, two things that I’ve paid close attention to are Deep Work and Remote Work. In this article we will explore this and discover how closely these to concepts overlap.

Back in 2009, Paul Graham, wrote an essay titled Maker’s schedule, Manager’s schedule. In the essay, PG outlines the vast difference between how a manager’s schedule look like compared to how a developer (or maker) schedule looks like. PG writes that a single meeting can sometimes affect his productivity for the entire day. I too can relate to this, and have many times felt the same way. I find that if I have a meeting in the afternoon, I’m far less likely to sit down in the morning to do some focused work, compared to if I have a clear calendar.

Mental Health and Remote Work

Wed, 19 Jun 2019 14:00:00 +0100

In recent years, we’ve started to see more people speaking out about mental health in the tech industry. This is great, as it is a topic that has been somewhat taboo in the past.

In my last blog post, A decade of remote work, I did not explicitly speak about mental health, and I must admit that it is something that I’ve only recently started to pay proper attention to. I would however argue that mental health does overlap with habits (which I did cover). I don’t think it is possible to have good mental health without good habits.

A Decade of Remote Work

Sat, 18 May 2019 14:00:00 +0100

Intro

While still in college (go Broncos!), I teamed up with Alex (@slevenbits) to create a startup. We were young, inexperienced and naive. Our first project was called YippieMail and it was an email aggregator. Simply put, YippieMail could display all your webmail accounts (i.e. Hotmail, Yahoo and Gmail etc) in the same web interface (this was before most email providers supported IMAP, so you couldn’t use an email client). Looking back at it, YippieMail was a pretty stupid idea, but it did land us meetings with Sequoia Capital and few other VCs on Sand Hill Road. Keep in mind that this was around the time Meebo raised many millions from Sequia and DFJ to do the same thing but for Instant Messaging (IM), so at the time it probably did not seem as such of a bad idea.

Troubleshoot HTTPS with curl

Wed, 03 Oct 2018 13:00:00 +0100

Troubleshooting an HTTPS connection can be somewhat challenging at times (in particular if Cloudflare is involved).

Today, I had to troubleshoot a Kubernetes (Nginx) Ingress controller that was acting up for Screenly. Having done this on more than one occasion, I decided to create a public Note-to-Self in order to avoid having to Google for the exact syntax in the future.

For this task, my weapon of choice is curl.

The key we want to accomplish is to be able to explicitly specify the IP address to the load balancer in order to rule out any possible DNS issue.

Kubernetes and RBAC with examples

Fri, 15 Jun 2018 13:00:00 +0100

In Kubernetes 1.8, RBAC was introduced to improve the security. Prior RBAC, any pod is more or less able to interact with the rest of the cluster without constraints. This means you can create new pods, delete other deployments etc from any other pod. Needless to say, this is not ideal and RBAC sets out to address this.

While RBAC is a rather complicated topic, this brief article sets out to give a very simplistic crash course to get you started (while intentionally leaving big parts out).

Sonar - A Raspberry Pi based wireless people counter

Mon, 19 Mar 2018 13:00:00 +0100

Over the last year, I’ve been hacking on-and-off on a little project called Sonar.

The project goal is to get real-world analytics for public spaces (such as retail) using wireless means at low cost. This means using Bluetooth and WiFi (the latter is to be added) and a Raspberry Pi. This weekend I finally did a brief write-up on Hackster where I outlined the project.

Sonar is still in its early days, but you can already use it to collect BLE data from the surrounding, which can provide you with a rough estimate of the amount of people in the surrounding area. The idea is that with sufficient data collected (and with more sensors, such as WiFi), Sonar should be able to learn and provide better analytics. Moreover, with multiple Sonar devices deployed in the same venue, you could triangulate the visitors and provide things like heat maps.

Network Performance - Raspberry Pi 3 Model B vs Raspberry Pi 3 Model B+

Thu, 15 Mar 2018 13:00:00 +0100

Today I got my hands on the new Raspberry Pi 3 Model B+. One of the most notable new features is Gigabit Ethernet. Given that the Raspberry Pi still uses the USB 2 interface for the Ethernet controller, I was curious to see what kind of bandwidth it could handle (I know the MagPi already published this, but I wanted some independent numbers). To do that, I setup a simple experiment:

Running KVM with Open vSwitch on Ubuntu 16.04

Sun, 28 Jan 2018 13:00:00 +0100

If you’re reading the KVM/Networking documentation for Ubuntu, you’ll see that the recommended way to expose VMs to the world (public or private interface) is to use a Bridge. This was what I have been doing over the years. What you do realize however is that it becomes less than ideal when the network configuration is becoming complex. For instance, imagine that you’re using two bonded interfaces (LACP) that you then expose to a bridge, which you in turn want to configure a set of VLANs on top of. That gets very messy using this method (and not to even mention the performance is poor in general).

How to use jails on pfSense 2.4

Sat, 27 Jan 2018 14:00:00 +0100

Disclosure: I have no idea how this impact the security of pfSense. There is probably a good reason why the jail service is disabled by default. Hence, beware that this might cause unexpected security issues as it is not a supported package.

Many, many years ago, I used to be an avid user FreeBSD jails. They were a great way to isolate services and boost security in the pre-Docker world. While I can’t say I use FreeBSD much these days, I still run pfSense on more or less all my firewalls. It’s easy to use, secure, and perhaps most importantly, very stable.

Using Kerberos.io with Docker and multiple cameras – Viktor Petersson – Medium

Sun, 04 Jun 2017 19:52:19 +0300

Using Kerberos.io with Docker and multiple cameras – Viktor Petersson – Medium

Building a low powered NAS/backup target with a Raspberry Pi

Sat, 19 Nov 2016 19:57:24 +0200

Building a low powered NAS/backup target with a Raspberry Pi

How to fix kernel_task CPU usage on macOS Sierra

Sat, 01 Oct 2016 17:02:52 +0300

In my post How to fix kernel_task CPU usage on Yosemite, I first wrote about how a broken logic board can trigger high CPU usage from kernel_task as well as how to fix it. When El Capitan later were release, the issue remained.

Now, with macOS Sierra out, I upgraded my old MacBook Pro (8,2) as well. As expected, the issue remained the same.

Luckily, the same fix that I wrote about El Capitan still worked.

HP LaserJet 500 colorMFP M570dn, Windows Server 2012 r2 and Offline mode

Tue, 16 Aug 2016 10:50:36 +0300

(I try hard to stay away from Windows environments, but sometimes it’s unavoidable.)

Recently I ran across a strange issue with a HP LaserJet 500 colorMFP M570dn. The printer worked great for years, then all of the sudden, it started to act up. Applying the latest firmware didn’t solve the issue, so it started probing.

The issue was that the printer randomly went into Offline mode, blocked all users from printing.

Provisioner

Tue, 02 Aug 2016 11:10:45 +0300

Provisioner

I’ve been working on Provisioner for a while now and it’s starting to come together. Most recently I rolled out complete API documentation as well as a brand spanking new website (powered by Jekyll and Github Pages).

I’m still trying to think of more use cases, so that’s part of what I will be working on next, as well as better documentation at large. I’ve also started to work on a Python library for easier integration work.

Viktor Petersson, Screenly

Tue, 02 Aug 2016 10:00:56 +0300

Viktor Petersson, Screenly

I was recently interviewed by Dave Haynes of Sixteen:Nine about Screenly.

How to migrate from qcow2/raw to iSCSI with KVM/QEMU

Fri, 29 Jul 2016 12:52:18 +0300

I recently had to migrate a number of VMs currently running on an NFS share to an iSCSI target. During my research, I was surprised how little documentation there was around this, so I decided to whip up this quick little piece about how to do it.

Here are the steps:

Create a new iSCSI target (one per VM/image you’re migrating). This step varies depending on your setup.
Attach target on server (I found virt-manager suitable for the task).
Find the device from logs (/dev/sdc below). On Ubuntu, you will also need to install the package open-iscsi.
Run qemu-img convert /path/to/your/image.qcow2 -O raw /dev/sdc (for raw images, you could simply use dd but to keep things consistent, I opted for qemu-img).
Update the disk config in the VM definition to point to the iSCSI target.
Boot the VM and archive the old disk image.

Voila! You should now have a VM running on iSCSI and you will likely receive better I/O performance.

Provisioner @ Ansible London

Thu, 19 May 2016 22:29:44 +0300

Here’s my deck from tonight’s talk at Ansible London.

Digital signage solution, Screenly, chooses Canonical’s Ubuntu Core

Wed, 18 May 2016 13:23:06 +0300

Digital signage solution, Screenly, chooses Canonical’s Ubuntu Core

Super excited to announce that Screenly partners with Ubuntu/Canonical to bring Screenly to Ubuntu Core.

How Weave Net Enables a Global Docker Cluster with OnApp

Mon, 16 May 2016 17:56:18 +0300

How Weave Net Enables a Global Docker Cluster with OnApp

I guest blogged a bit on Weave’s blog today.

Deck from IoT London

Thu, 21 Apr 2016 10:21:39 +0300

Here’s my deck from my recent IoT London talk:

How to fix kernel_task CPU usage on El Capitan

Sun, 03 Jan 2016 16:17:59 +0200

Sometime ago, I wrote the blog post How to fix kernel_task CPU usage on Yosemite. This post still receives a great amount of traction, so I wanted to post an update that reflects the covers how to do this on El Capitan.

The process is largely the same, but requires a bit more work due to the changes to the additional security that El Capitan introduced to the file system with System Integration Protection (SIP).

Using Ansible with Google Cloud Platform (the easy way)

Fri, 04 Dec 2015 17:51:17 +0200

For some time, Ansible has been my configuration management of choice and we use it for both Screenly and YippieMove. Since both of these services are running on Google Compute Engine, we’re using Ansible’s dynamic inventory for GCE.

(Behind the scenes, this dynamic inventory is using Apache Libcloud, which is a great Python library for interacting with various providers.)

When I first followed Ansible’s Google Cloud Platform Guide I did run into a fair bit of trouble with authentication.

How to find a network device when using Internet Sharing on Mac OS X

Thu, 19 Nov 2015 17:14:41 +0200

The built-in Internet Sharing in OS X is very handy. When I’m on the road, I frequently use this to share my laptops WiFi connection with other devices over a wired connection (such as a Raspberry Pi, when I work on Screenly).

If you’re connecting some kind of headless device, you will likely want to connect to this device over SSH or similar. The only problem is that you don’t know the IP address of said device (it’s headless, remember).

Quickly navigate folders in your shell with `ccd`

Sat, 24 Oct 2015 15:06:11 +0300

I’m a huge fan of autojump. It allows me to quickly navigate my filesystem in ways without having to type out every folder.

There is however one task that I frequently that I wanted to make more efficient: create a new folder and then jump into said folder.

Normally, this would simply be:

$ mkdir foo
$ cd foo

This feels somewhat inefficient, so I wrote a little tool to help with this called ccd:

Introducing NatPass

Thu, 01 Oct 2015 23:13:18 +0300

After moving to London, I decided to go with NatWest as my bank. While it was a good experience at large, their online banking leavs a lot to be desired. Not only do they lack things like Two-Factor Authenciation (2FA), but they also have this really frustrating login system.

Well, today I had enough and whipped up a CLI tool that allows you to generate the data that they ask for by reading it in from 1Password (using 1pass).

A case study in failed UX/UI (aka DSC please get your shit together)

Tue, 15 Sep 2015 21:22:17 +0300

Dear Digital Security Controls (DSC),

I recently purchased your T-link extension (IP module) for two alarm systems that I wanted to be able to remotely manage. After a few hours of troubleshooting (read: having to install Windows XP), I am now able to connect to these alarm systems over a VPN connection, but that’s about it.

Please take a look at this screenshot:

If it isn’t obvious what is wrong with this, let me spell this out for you.

“War dialing” with Skype

Tue, 08 Sep 2015 20:01:04 +0300

(Fine, this isn’t war dialing in the 90s context, but it made for a good title.)

As furious I am with Lufhansa’s strike, it did give me time to write a fun script.

With the announcement of the strike, Lufthansa’s customer service lines were brought to their knees. After trying to manually call a few of them (in different countries), I finally gave up with the manual mode and instead decided to automate this.

How to set up syslog-ng with TLS on Logentries

Thu, 06 Aug 2015 13:50:29 +0300

After using Loggly for a few years, I stumbled across Logentries (disclosure: referral link). What I was looking for was basically something that is more affordable when the volume increases, and Logentries is a lot more affordable than Loggly as you grow.

If you are just starting out using a remote shipping target (be Loggly, Papertrail or Logentries), it is worth noting that if you simply follow the instructions you will be shipping logs in plain text. Since you’re a smart cookie, you know that’s a very bad idea.

An update on YippieMove

Fri, 17 Jul 2015 16:01:37 +0300

An update on YippieMove

Deck from Open Cloud Day (2015)

Wed, 17 Jun 2015 11:29:28 +0300

Yesterday I had the pleaseure to speak at Open Cloud Day in Bern, Switzerland.

The linup for the event was good and I’m happy to contribute to the thriving open source and tech community in Switzerland. It was also great to hang out with the fine folks over at ICCLAB and ZHAW.

Update: The recording of the talk is available here

Modern document management for your startup

Mon, 18 May 2015 21:19:44 +0000

Modern document management for your startup

We’re currently in the process of revamping how we deal with documents at WireLoad. Here are some thoughts on this and how we do things today.

Manage Docker resources with Cgroups

Tue, 12 May 2015 17:00:40 +0300

Manage Docker resources with Cgroups

My latest blog-post about Docker and Cgroups is live at CloudSigma’s blog.

Metrics on the big screen

Tue, 21 Apr 2015 17:23:23 +0300

hosted-graphite:

One of the best ways to ensure your whole team knows what your technology is doing is to ensure that everyone has quick and easy access to your dashboards. One of the best ways to do that is to get your dashboards displayed on a giant screen right in the middle of your work area.

Sometimes this can be a bit of a pain - you need to devote some machine to power the dashboard and pipe it to the TV as well as the hassle of setting it up. Enter Screenly!

An introduction to cgroups and cgroupspy

Sat, 18 Apr 2015 18:23:39 +0300

Here’s my presentation from ApacheCon in Austin, TX.

I’m happy that I was invited to speak at the conference as it was full of awesome and talented people.

Receive calls with Google Voice (over VoIP) for free

Tue, 07 Apr 2015 11:46:55 +0300

I’ve been using Google Voice for a long time. In fact, I started using it back when it was called Grand Central (which was an acquisition). It’s a great product, and I really love it. Unfortunately it has more or less been left untouched for the last few years.

If you’re in the U.S., Google Voice works great. You can just forward your Google Voice to your cell phone and you will automatically receive calls there.

Using cgroups with Docker on Ubuntu 14.04

Sun, 05 Apr 2015 13:12:25 +0300

As I was working on my upcoming presentation at ApacheCon, I was playing a little bit with cgroups inside Docker.

What I found was that there aren’t a whole lot of documentation on this, so I figured I put together a quick blog post about it.

Enable the LXC driver

Assuming you already have Docker installed on Ubuntu 14.04, you will still need to enable the LXC driver.

To do this, you will need to do the following

How to parse and dump a sitemap

Tue, 31 Mar 2015 23:50:30 +0300

When deling with website migrations, you sometimes need to map out the old content such that you can create your redirect to the new pages.

While doing this, I ran across this little helpful snippet.

Just modify the URL to the sitemap and the script will print out all the pages. You will need BeautifulSoup 4 and Requests.

On the Secure Messaging Community

Mon, 30 Mar 2015 08:41:00 +0300

On the Secure Messaging Community

nadimkobeissi:

This afternoon, WIRED published an article praising Telegram, a mobile messaging app, for its privacy features and “hardcore encryption”. Telegram is an open source messenger that provides some encryption features — but it has come under legitimate scrutiny due to the exotic and unstudied…

Growth Hacking for Lean Startups

Mon, 23 Mar 2015 22:19:41 +0200

Just ran across this great slide deck today over at GrowthHackers.

Growth Hacking for Lean Startups from StratAlignGroup

Are they using Google Apps?

Wed, 18 Mar 2015 10:00:36 +0200

Are they using Google Apps?

Google Hangouts is great tool for video conferences…if the other party is also on the Google stack (Gmail or Google Apps). If they’re not, it it’s a dead end.

Often time when scheduling conference calls, I ended up manually looking at the MX records to determine if I should use Google Hangout or Uber Conference. Since this process got old quickly, I hacked together a quick webapp that can do the lookup.

Pebble as a pedometer

Mon, 16 Mar 2015 16:25:33 +0200

For some time, I’ve worn both my Pebble and a Fitbit Flex. Since the Pebble comes with a built-in pedometer, this bothered me a lot. As a digital nomad, you’re always looking at ways to reduce the things you carry around and I’m now happy to report that I have retired my Fitbit.

There has long been various pedometer watchfaces available for the Pebble. However, none of them (to my knowledge) could actually do anything with the data. At least to me, it is then rather pointless.

» CoreOS is now available on CloudSigma!

Mon, 16 Mar 2015 10:00:44 +0200

» CoreOS is now available on CloudSigma!

I’m really excited to announce that CoreOS is now available on CloudSigma.

GetCanary.io - Intelligent notifications

Sat, 14 Mar 2015 23:16:32 +0000

GetCanary.io - Intelligent notifications

The other day I had a Eureka moment while archiving the daily batch of notifications from various server tasks. Instead of having to read over ‘success’ messages, why isn’t there a reliable way to instead get notified when things do not work as expected. This is what our latest project sets out to solve. The title of the project is GetCanary.io, and the waitlist is open now.

My deck from CloudExpo Europe

Fri, 13 Mar 2015 15:44:45 +0200

Here’s the presentation deck from CloudExpo Europe 2015. The title of the talk was “Server Evolution: From mainframes to containers and PaaS.” Enjoy!

Thoughts on (practical) privacy

Fri, 27 Feb 2015 12:50:30 +0200

Privacy is difficult in this day and age. On the one hand we want to limit what we provide these data hungry companies with and on the other hand, we don’t want to alienate ourselves from our friends.

Personally, Facebook is the company that I’m most reluctant to share data with. I simply don’t trust them. If you read Salim Virani’s post Get your loved ones off Facebook, you will understand why. The same argument could be made about Google and Apple of course, but both of them appears to take privacy at least a tad more serious than Facebook.

ZoneMinder as a people counter?

Sun, 01 Feb 2015 18:00:00 +0200

In recent years, it has become fairly common within the retail space to use (IP-based) surveillance cameras to track foot traffic (this can also be referred to as a “people counter”). This is a great idea, as it allows you to re-use existing hardware instead of having to install additional sensors.

There are numerous commercial solutions out there that are capable of doing this. I have however not been able to find any complete open source product that can track foot traffic (at least not bi-directional). I did find a few examples of OpenCV based projects, such as this one, but no source code.

Thought on the Purism laptop

Sat, 24 Jan 2015 11:09:00 +0200

Today I stumbled across the Purism’s Librem 15 laptop. It’s a crowd sourced laptop that is, as the name implies, pure. No proprietary or firmware or software. I really like this idea, as it improves security by a lot.

At first glance, it looks pretty good. However after diving into the details, it falls short on a few points.

The keyboard layout. A number pad? Is this a laptop designed for accountants? Those are probably the only people still using the number pad. Also, because of this the ‘center’ of the keyboard is moved to the left, which makes it look unbalanced.
A CD drive? How often do you really use a CD drive? I use a few time a year tops. For those few occasions, it’s easier to use an external drive. The extra weight does not justify this.
The form factor. 13" is the new 15". People carry their laptops with them everywhere these days. Weight and size matters a lot. Most people I know are either using 11" or 13" laptops.

Don’t get me wrong, I really want these guys to succeed. The task of creating a laptop from scratch is far from trivial, so I salute them. Unfortunately the points above are show-stoppers for me.

A "dead man's switch" for your computer?

Thu, 22 Jan 2015 22:03:00 +0200

In the last few weeks, a lot of details have been disclosed around Ross Ulbricht’s arrest. For those not familiar with the matter, Ulbricht was arrested at a library in San Francisco some time ago with his laptop open. The agents managed to steal the laptop out of Ulbricht’s hands and therefore prevent him from locking the computer (which presumably had full-disk encryption).

This got me thinking; why don’t we have Dead Man’s Switches for computers? It would be very simple to create one.

Interview with Viktor Petersson, VP of Business Development for IAAS provider CloudSigma

Tue, 20 Jan 2015 21:52:15 +0200

Interview with Viktor Petersson, VP of Business Development for IAAS provider CloudSigma

Interview with Viktor Petersson, VP of Business Development for IAAS provider CloudSigma on what it takes to be a Gartner-Cool Vendor

Virtualization on Ubuntu 14.04 with virsh and vmbuilder

Sun, 18 Jan 2015 17:22:00 +0200

While I’ve switched most of my workloads to Docker, there are still some situations where you need to manage and set up Virtual Machines (VM). These days, KVM+QEMU has more or less been established as the virtualization standard, so we’ll be using that.

Setting this up on Ubuntu 14.04 (Trusty Tahr) is very straight forward. All you need to do is to run:

$ sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils

Assuming everything went well, you should now be up and running and can list your VMs (there are of course none):

Sync Dev: Securely Deploying Sync

Fri, 19 Dec 2014 22:02:47 +0200

Sync Dev: Securely Deploying Sync

BitTorrent’s blog re-posted by Sync article today.

» How to securely use BitTorrent Sync for backups

Wed, 10 Dec 2014 15:26:23 +0200

» How to securely use BitTorrent Sync for backups

I just published an article on CloudSigma.com on how to securely deploy BitTorrent Sync in the cloud with step-by-step instructions.

How to deal with/archive an old WordPress site

Thu, 04 Dec 2014 18:33:00 +0200

We all have those old blogs that we started some time ago with some grandiose vision. Unfortunately, the blog never really took off. Now it just sits there and generate a small amount of traffic every day. It’s enough to not shut it down, but not enough to invest a whole lot more resources into.

Chances are that said blog is running on WordPress. You now have to log into the blog somewhat frequently to upgrade it. Moreover, chances are also that your blog has been compromised during this time and you don’t even know about it.

Screenly is featured in the latest issue of Linux User

Thu, 20 Nov 2014 15:56:41 +0200

I’m really excited to let you know that Screenly is featured in the latest issue of Linux User in the U.K. (issue 146). A snippet of the article is already up on their website.

We’ve also teamed up with Linux User to give a way a free 12 month subscription of Screenly, along with a HDMIPi.

The dangers of UFW + Docker

Mon, 03 Nov 2014 23:51:00 +0200

In recent years, I’ve transitioned over to using Ubuntu’s UFW. In most cases, it gets the job done and it is easy to manage via provisioning tools like Ansible.

As turns out however, using UFW together with Docker can be very dangerous as I will show below.

Let’s start with an Ubuntu 14.04 server. It has UFW and Docker installed already, so let’s start by configuring UFW to block everything but SSH.

How to get BitTorrent Sync to stop syncing Finder meta data

Fri, 31 Oct 2014 20:34:10 +0200

I really like BitTorrent Sync. It’s a great alternative to Dropbox et al, without having to hand over your unencrypted data to a third party.

Unfortunately, the default configuration in BitTorrent Sync for Mac OS X is somewhat odd. As it turns out, it syncs all of Finder’s meta data. As you can imagine, this means a lot of pointless syncing.

After posting on the forum, I did however found out that by default these files are added to a file called StreamsList that apparently overrides the more obvious IgnoreList.

» An introduction to server provisioning with CloudInit

Wed, 29 Oct 2014 18:16:00 +0200

» An introduction to server provisioning with CloudInit

I just published an article over at CloudSigma’s blog about server provisioning using CloudInit.

Running Puppet master in Docker

Sun, 26 Oct 2014 16:00:10 +0200

In the past, I’ve relied a lot on Puppet for automation. That means that I have a fair number of Puppet masters at my disposals.

Puppet is a Ruby based application. As many Ruby based applications, it depends on a fairly large number of other libraries. Having to install all these packages on a brand new server is a pity.

In addition, the recommended approach is to run the Puppet master with Apache and passenger, which complicates things further if are running another web server, such as Nginx, on the same server.

yay blotter is currently the 9th best selling

Wed, 22 Oct 2014 20:01:39 +0300

Yay, Blotter is currently the 9th best selling productivity app in the U.S. Mac App Store!

Keyboard hacks for OS X

Wed, 22 Oct 2014 16:51:23 +0300

Every time I install OS X, I get very frustrated with the default keyboard settings. Perhaps the most frustrating one is how slow the navigation is when you’re using the arrow keys to move around in text blocks.

Fortunately, it is easy to change the settings. To make the keyboard navigation faster, you need to toggle the following two settings:

The next thing I always do too is to re-map the Caps Lock key. I really cannot think of a single time I’ve used it in the last five years other than by mistake. Yet it sits on prime keyboard real estate.

Run your Tor Relay Node in Docker

Thu, 16 Oct 2014 21:40:00 +0000

Tor is a project that I really love to support. In this age of increased surveillance, Tor is needed more than ever.

Unfortunately, your own Tor Exit Node can put you in a lot of trouble due to the fact that Tor being used for all kinds of abuses. This is unfortunately a the reality of anonymity; some people will abuse it.

Yet, we shall not let this overshadow the fact that Tor is a critical tool for or a lot of people out there who are trying to circumvent government censorship. I want to help these people with the resources I have available at my disposal. As a result, I have run a number of Tor servers over the years.

How to fix kernel_task CPU usage on Yosemite

Thu, 16 Oct 2014 11:01:00 +0300

Yesterday I had to hand in my almost new MacBook Pro (Retina) for repair due to a broken logic board. This meant that I had to go back to my old laptop for a little bit.

In preparation for this, I dusted off my old MacBook Pro this weekend so that I would have something from in the meantime. Since it was due for an upgrade, I decided to install the Yosemite beta on it just to give it a try. After getting everything up and running, I did however notice that the laptop was rather unresponsive and sluggish.

CloudSigma joins Ubuntu Certified Public Cloud

Wed, 15 Oct 2014 16:18:59 +0300

CloudSigma joins Ubuntu Certified Public Cloud

Happy to announce a partnership deal that I’ve been working with for some time.

Sync Dev: Using Sync For Backups In The Cloud (With Docker)

Tue, 14 Oct 2014 13:58:27 +0300

Sync Dev: Using Sync For Backups In The Cloud (With Docker)

Here’s a guest blog post that I wrote on Bittorrent’s blog a while back that I forgot to cross-post here.

Sophisticated new playlist editor in Screenly

Fri, 10 Oct 2014 13:49:20 +0300

Sophisticated new playlist editor in Screenly

I’m very excited about this latest release we just did to Screenly.

How to install Yosemite and Ubuntu Linux side-by-side with full disk encryption

Sun, 05 Oct 2014 17:47:00 +0300

This weekend I spent a bit of time playing around with my old MacBook Pro. My goal was to set it up as a backup/test laptop. What I wanted to accomplish was the following:

Install Yosemite with Full Disk Encryption (FDE)
Install Ubuntu Linux 14.04 LTS with FDE (using LVM)

As it turns out, this was a lot more challenging than I thought. My initial approach was to simply split the disk into two partitions and just install each operating system separately. Once installed, I was planning to simply enabled FileVault inside OS X (Ubuntu allows you to enable encryption during the installation).

Autojump: blazing fast filesystem navigation

Fri, 03 Oct 2014 10:22:00 +0300

Autojump: blazing fast filesystem navigation

autojump - A cd command that learns - easily navigate directories from the command line

I just ran across a very convenient little tool called autojump that I wanted to share.

For a number of years, i’ve used aliases in Bash for quickly navigating the file system. autojump makes this unnecessary.

OS X crash course

This requires that you have brew installed and use Bash as your shell

Create a bootable USB drive for Yosemite the easy way

Thu, 18 Sep 2014 21:22:00 +0000

Today I decided to take Yosemite for a spin on my old laptop.

Since installing from USB is the only way to do a clean install, I started googling around for exact steps (which were somewhat messy).

To my surprise, it appears as Apple also realized that this was messy and decided to bake in a solution for this. It isn’t however completely obvious, but here is the command:

$ sudo /Applications/Install\ OS\ X\ Yosemite\ Developer\ Preview.app/Contents/Resources/createinstallmedia --volume /Volumes/your_flash_drive / --applicationpath /Applications/Install\ OS\ X\ Yosemite\ Developer\ Preview.app/

How to not screw up localization on websites

Thu, 04 Sep 2014 19:13:39 +0300

Poorly implemented translations ‘logic’ is something that really grinds my gear. Today I ran across the new Dyson 360 Eye and it is a case study in how to not do website translations.

Since I’m connected to a VPN in Switzerland, this is what I was presented with:

As you can see, the website is in German just because I connected through Switzerland. Now let’s analyze why this is bad.

Linux Performance Tools

Thu, 21 Aug 2014 09:50:24 +0300

Linux Performance Tools

A great collection of Linux tools for troubleshooting and improving performance.

Using chain certificates with Nginx

Wed, 20 Aug 2014 09:52:47 +0300

I’m a big fan of Namecheap. They offer cheap SSL certificates that does the trick just fine. For most my projects, I go for their cheapest option (usually ‘PossitiveSSL’).

Every time I deploy one of these certificates however, I screw up the order of the chain certificates. The tl;dr is that certificate should go first, and then the supporting chain certificates.

After extracting the zip-file you get from Namecheap, simply run this command to create your certificate:

DEFCON 22 Badge Challenge

Tue, 19 Aug 2014 11:15:53 +0300

This is very cool. The guys at Defcon sure knows how to geek out and create a challenge. Here’s the Badge Challenge Walkthrough.

TripIt insecurely broadcasts sensitive travel details in calendar feeds; could destroy your vacation

Mon, 18 Aug 2014 19:09:31 +0300

TripIt insecurely broadcasts sensitive travel details in calendar feeds; could destroy your vacation

httpshaming:

Although I love using TripIt to organize my travel, if you subscribe to a TripIt calendar feed using an application like OS X or iOS Calendar, details about your past and upcoming travel is sent plaintext, unencrypted out over the net:

Your name

Trip summaries (where you’re going and…

Introducing nomadsims.io

Fri, 08 Aug 2014 12:22:05 +0300

A while back, I stumbled across NomadList. It’s basically a crowd sourced list of cities around the world ranked by how good they are for remote working.

That got me thinking. One of the pain points I’ve had over the years when traveling is finding the best local mobile carrier for pre-paid cards. Wouldn’t it be great if there was a crowd sourced database for this?

So I spent some time yesterday hacking together a rough prototype for this that I call NomadSIMs.

What's in your bag, Viktor?

Sun, 03 Aug 2014 23:18:02 +0300

What’s in your bag, Viktor?

leannomads:

One of the most important possessions as a digital nomad is your laptop bag and its contents. Think of it as your office.

Since you will be carrying this bag with you almost everywhere you go, you really want to make sure that it is robust, and yet light (when filled). After years of testing out…

how funny i got a cloudflare timeouton

Wed, 30 Jul 2014 12:19:35 +0300

How funny. I got a CloudFlare timeout…on www.cloudflare.com

How to boot from USB with Grub2

Tue, 29 Jul 2014 09:06:00 +0300

Yesterday, I had to rescue a broken Ubuntu 14.04 installation by booting from USB. Unfortunately, I was unable to get into the BIOS to change the boot order (because of a BIOS password and a bad memory).

Fortunately, since I was able to get to Grub, it was still possible. Here’s how I did it:

Create a bootable USB drive (using something like Startup Disk Creator. Before taking the drive out, locate where the vmlinuz and initrd.* files are located. You’ll need them later.
Insert the USB drive and boot the system. When you get to Grub, press c to get to the ‘command-line’ option.

Here is where it gets a bit tricky. In my case, I knew the root partition on the USB disk was /dev/sda1, yours may vary.

hold on let me just upgrade and reboot my light

Sun, 27 Jul 2014 21:00:43 +0300

Hold on, let me just upgrade and reboot my light bulbs…

DevOps tools/trends that I really like right now...

Sat, 26 Jul 2014 21:14:03 +0300

Docker and Docker Hub - It’s awesome and it removes a lot of the complexity from traditional DevOps work. What’s funny is that while doing my migration to Tumblr, I found this three year blog post that pretty much describes Docker. Yes, it’s not too far from FreeBSD’s Jails, but it never had this momentum nor the toolset (which of course is a result of the momentum).
CoreOS, Etcd, Systemd and Fleet - Once you have started to fully embrace Docker, CoreOS and its components just makes a ton of sense. I really hope that this is where we’re heading. Once you’ve had a taste of fleetctl, you’re hooked.
Ansible - Sometimes you still need to manage servers and Ansible is a breeze of fresh air. Sorry, Puppet, but I’m done with you.
Python - Yes, in modern day DevOps, Bash simply won’t cut it. Python is a blessing when you need to interact with an API or similar.

How to migrate from WordPress to Tumblr

Thu, 24 Jul 2014 22:53:00 +0300

Today, I’ve spent a large chunk of my day migrating my blog from WordPress to Tumblr and About.me.

Before you ask why on earth I’d do this, let me just sum it up in a few bullet points:

I hate PHP and managing WordPress sites. Yes, it has gotten a lot better lately, but it’s still a big pain in the ass.
Most of the content I generate is either on other blogs, or fed via Twitter. As a result, I don’t blog too much.

Now, you’re likely reading this post because you’re interested in the subject at hand, so let’s dive into it.

My presentation from Zadara Summit

Thu, 24 Jul 2014 21:22:01 +0300

Last month I spoke at Zadara Summit. I did however, I did forget to post the speaker deck here, so here we go.

My presentation deck is available here.

Installing Windows 7 on a MacBook Air

Sun, 08 Dec 2013 12:59:06 +0200

It’s blasphemy, I know. Why would anyone in their right state of mind do such thing?

Unfortunately, people outside the tech-world, and ISV who provides them with software, are still stuck with Windows (due to ignorance or lack of choice).

If you want to equip someone in that world with a great and light laptop, a MacBook Air is a pretty good choice. It’s affordable, and since you will be installing a pure (i.e. non vendor/bloatware infected version) of Windows, it makes a pretty good Windows machine (an oxymoron, I know).

Are They Using Google Apps?

Fri, 02 Aug 2013 15:21:24 +0300

In the past few months, I’ve started moved most of my conference calls from Skype to Google Hangout. The video and audio quality is a lot better, and it’s more convenient to manage. There is however one problem: If the other party isn’t using Google Apps or Gmail, they cannot join the Hangout. This has delayed many conferences calls for me.

To resolve this issue, I wrote a simple web app called Are They Using Google Apps?. You can enter either the domain, or the email address, and the tool will tell you if the other party is using Google Apps (by simply checking the MX records).

My presentation from Pi and More 3

Sat, 15 Jun 2013 15:31:36 +0300

I just finished delivering presentation from Pi and More 3 in Trier, Germany. Here’s the slide deck.

Update: As it turns out, the presentation was also recorded. You can find the video here.

Join me on Pi and More on June 15

Sat, 01 Jun 2013 10:29:07 +0300

On June 15 I will be speaking at Pi and More in at Trier University in Germany.

The event is all about Raspberry Pi, and I’m really excited to be part of the event.

My presentation will be about Screenly and how we built the most popular digital signage solution for the Raspberry Pi thanks to the awesome Raspberry Pi community.

You can read more about the event here (German). The event is free to attend, and you can sign up here.

Major update to Screenly

Thu, 21 Feb 2013 15:34:41 +0200

I’m excited to announce that we’ve released a major update to Screenly. As you can see in the screenshot above, we’ve given the user interface a major overhaul. The workflow is significantly more streamlined, and a lot prettier.

You can take the new interface for a spin here. For upgrade instructions, please take a look here.

More information about Screenly is available here.

The world's shittiest monitor: Acer S235HLBII 23"

Tue, 19 Feb 2013 12:34:36 +0200

Ok, this a long rant, but I just need to warn anyone else looking to buy this monitor. It’s the worst piece of garbage I’ve ever owned. If you’re thinking about buy one, just don’t. Pretty much anything else you can get your hands on is better.

tl;dr

On paper, it’s a pretty decent monitor. It’s a regular 23″ monitor with 2x HDMI input and one VGA. It seemed pretty ideal, since I was primarily looking to use it for my Raspberry Pi labs. For me, monitors are pretty disposable, and I don’t pay much attention to them these days.

Introducing Puppet-hosting -- host websites with sanity

Sun, 03 Feb 2013 22:21:00 +0200

Since we started WireLoad, the number of websites we host have grown steadily. It’s a myriad of sites, ranging from product sites to websites belonging to friends and family. Many of them are WordPress-sites (just like this one), while others are more complicated. Some use databases, while others don’t. Since we’re often in a rush when we set up a site, documentation often suffers, and you have to spend time later on trying to decipher how things were set up.

Screenly now has its own website

Tue, 22 Jan 2013 16:52:48 +0200

I’m astonished by the amount of traction we’ve been seeing for Screenly. The Open Source-version is growing rapidly in traction, while the wait-list for the Pro-version is growing.

Given the amount of traction, we’ve now allocated more resources from WireLoad towards Screenly. The first priority right now is a cleanup of the code base and to improve the user interface for Screenly OSE.

Since I’ve been receiving a lot of emails from the contact form on my website about Screenly, we felt that it was important to push out a website for Screenly. We’ve now done this, and you can find it at ScreenlyApp.com. On the website, you’ll find more information about Screenly, along with a live-demo of Screenly OSE.

Cloud lifecycle: How to deal with decommissioned nodes

Mon, 14 Jan 2013 12:54:48 +0200

There’s no doubt that virtualization and the cloud is here to stay. So you migrated your entire architecture to the cloud and everyone is happy. Eventually, you’ll come to a point where you start decommission servers.

If this was an on-premise server, all you had to do was to powered it off and perhaps put it to use elsewhere (or if virtualized, simply delete it). In the cloud however, it’s tempting to do the same.

Axis M1114 + mplayer = Win

Wed, 09 Jan 2013 20:53:00 +0200

I’m a long-time fan of Axis’ IP cameras. I’ve played with a few other IP cameras too, but I’ve never come across a camera with the performance and stability of Axis’ products.

Recently I deployed two Axis M1114-cameras. It’s an impressive device with built in motion sensor (that can record to a SMB or FTP) with Power over Ethernet (PoE). The optics in the device is equally impressive, as it capable of recording data in down to 0.6 Lux.

HP ProLiant-hacking. Powerful rack server on the cheap.

Sat, 22 Dec 2012 22:14:58 +0200

Rack-servers make your life easier. They allow you to stack a bunch of servers into a small area while still keeping them well organized. Unfortunately, most server-vendors know this, and will charge you an arm and a leg for them. I recently had to build up a small virtualization-farm, and I really wanted to keep all server in a rack without having to spend a fortune on servers.

Enter HP ProLiant DL-120. It might not look too impressive, but for the price-point (I paid ~$800 each), it’s not bad 1U server. However, we haven’t started with beefing it up.

My presentation deck from gSocial

Wed, 14 Nov 2012 23:52:36 +0200

Yesterday I delivered a speech at the gSocial. If you haven’t heard of gSocial, it is the largest independent event for the Google Apps Channel Community. My talk was about email migration, and what we have learned since launching YippieMove back in 2008.

Screenly Pro is now in beta

Tue, 16 Oct 2012 17:14:51 +0300

A while ago I started hacking on Screenly, a digital signage solution for the Raspberry Pi. It has been a huge success with a lot of traction from the Raspberry Pi community.

The open source edition of Screenly (a.k.a. Screenly OSE) is an excellent tool if you want to setup a single sign. All you need is a Raspberry Pi ($35), some cables, and a monitor. You can literally be up and running in five minutes (not including the time it takes to flash Rasbian to the SD-card).

Join me at gSocial 2.0

Sun, 14 Oct 2012 17:07:34 +0300

gSocial is a conference for Google Apps resellers and ISVs. I attended the event last year, and I was really impressed. I’m back for the conference this year, but I will aslo be giving a talk.

My talk will be on the topic of email migration and what we’ve learned over the years working with YippieMove.

The event also happens to have great timing, since we are just about to release YippieMove’s API, and we’d love talk with the bright people at gSocial about it.

My presentation deck from NoSQL Roadshow (Basel, Switzerland).

Thu, 30 Aug 2012 15:00:41 +0300

Featured in SCU's Alumni Entrepreneur Spotlight

Thu, 23 Aug 2012 09:53:10 +0300

A few weeks ago, I was contacted by SCU‘s Center for Innovation and Entrepreneurship (CIE). Apparently I was mentioned in Santa Clara Magazine about being featured on TechCrunch.

CIE wanted me to write an article about my background and my experience as an entrepreneur. I was happy to share that with them, and the article went live today.

Complete refactoring of 'csconnect'

Sun, 19 Aug 2012 11:06:36 +0300

A few months back I wrote csconnect to make it easier for myself to logon to our Cloud Sigma-nodes. It’s a pretty simple application. All it does is to poll Cloud Sigma’s API and lookup the IPs for the node(s) specified.

Yet, since this was one of the first Python-programs I ever wrote (beyond Hello World), the state of the code was pretty terrible. Last night I took on myself to rewrite the program from the ground up.

Fixing the broken Munin Nginx-plugins in Ubuntu (optional: with Puppet)

Thu, 16 Aug 2012 21:58:13 +0300

I love Munin. It’s a great monitoring tool, quick to set up, and doesn’t come with too many bloated requirements. It’s also very flexible and easy to write plugins for.

On Ubuntu, Munin comes with most (non-custom) plugins I use. Unfortunately, the Nginx-plugins (nginx_status and nginx_request) are incorrectly documented. In the header of the plugins, one can read that the default URL is http://localhost/nginx_status, which certainly makes sense. The plugin even documents how one were to set this up. However, the plugin logic tells a different story. In nginx_requests, we can see that it relies on ‘hostname -f’ to look up the hostname that it connects to (which in 99.999% of all production servers isn’t ‘localhost’).

Time Machine on Mountain Lion

Wed, 15 Aug 2012 08:34:43 +0300

I’m not sure if I’m the only one having issues with Time Machine, but it has been completely broken for me since I upgraded to Mountain Lion. As you can see above, Time Machine basically freezes and reports outrageous ETA statistic.

What is strange is that I did a fresh install. I do have FileVault2 activated on both the Time Machine-drive (which is brand new) and my internal drive. That should work fine, as I used the same setup on Lion.

My latest project: Screenly

Wed, 01 Aug 2012 14:10:17 +0300

One of the most hyped pieces of hardware in recent time is the Raspberry Pi. It is hyped for a very good reason. For $35 you get a fully functioning Linux-computer which is about the size of a deck of cards. While there have been plenty of micro-computers around in the past, none at this extremely low price point. The Raspberry Pi is simply any DIY’ers wet dream.

After months of wait, I finally got mine a few weeks back. My first project was Screenly: A digital signage platform built for the Raspberry Pi.

A permanent fix for Apple's "play/pause"-hijacking (and use Spotify)

Sat, 14 Jul 2012 22:57:02 +0300

I hate iTunes with passion. It’s bloated and annoying. However, since it is a major revenue stream for Apple, they try hard to push it into your face as often as possible.

Since I started using Spotify a few years back, I don’t think I’ve used iTunes to play music once (only to upgrade iOS-devices before the over-the-air-updates came out).

As long as you don’t touch any other Apple products, Spotify will take over the media control-keys, but as soon as you start one of Apple products (like Keynote or Quicktime), Apple hijacks the media control-keys. It’s beyond frustrating. Instead of starting (or pausing) the music in Spotify, iTunes pops up and it makes me furious every time.

Join me at NoSQL Roadshow in Basel!

Tue, 10 Jul 2012 12:27:59 +0300

If you have nothing booked for August 30th, I suggest you mark it ‘busy’ in your calendar, as that’s the date for NoSQL Road Show in Basel, Switzerland.

At the event, I will be giving a presentation about MongoDB titled “MongoDB’s Replica Sets – Painless scaling and High Availability (HA).”

As the title implies, it is a talk about MongoDB’s Replica Sets. I will demonstrate how easy it is to setup, and also talk about lessons I’ve learned using MongoDB.

Access control in Bottle (by IP)

Tue, 26 Jun 2012 20:46:26 +0300

If you haven’t heard of Bottle, it’s a lightweight web framework for Python. It is perfect if you have a small project that requires a web interface, but you don’t want to go all in with a complex framework like Django.

Since Bottle is so lightweight, it doesn’t always have all the features you need built-in. One thing that I was missing was access control. For instance, what if you want to limit access to an admin-page to a certain IP? Sure, if you’re running you’re app behind a full-fledge webserver like Nginx or Apache, you can use it to limit access, but that doesn’t work if you’re deploying to something like Heroku.

Munin-plugin for Zendesk

Sat, 23 Jun 2012 17:53:24 +0300

In recent time, I’ve really started to appreciate Munin. I’ve deployed Munin in multiple architectures already, and I still get impressed every time by how easy it is to setup.

I also really like how easy it is to write plugins. For a crash-course in writing plugins for Munin, take a look at this page.

Since I first deployed Munin to monitor YippieMove‘s architecture, I’ve written a handful of custom plugins to visualize various datapoints. However, one thing I’ve been wanting for some time was to a tool to visualize the volume of support tickets. Since we use Zendesk for support and the fact that they already got an API, all data I needed was already accessible.

New project: csconnect.py

Tue, 15 May 2012 22:32:10 +0300

In the last few years, we‘ve spent a lot of time migrating away from all our physical servers and into the cloud. This has been a very interesting task, that presented its own set of challenges, but it has certainly been worth it.

One of the issues though with working in a public cloud environment is that you don’t necessarily have the same static IP configuration as you do with dedicated hardware. When you power off a node, and spin it back up (or clone a new server for that sake), it’s likely that it will switch IP. This is at least the case with CloudSigma, which is what we are using for a large part of our server needs.

Deploying FreeBSD's Ports to a large number of nodes

Mon, 07 May 2012 16:22:24 +0300

Some time ago, I posted a question on Serverfault about how people managed and deployed ports in a large environment. Despite a fair number of comment, nobody seemed to really have the anser to this (or at least that suited my needs). It simply appears to be the case that the built-in tools in FreeBSD (primarily portsnap and portupgrade) are not built for a shared ports-tree.

Having a local ports-tree on each node seemed both wasteful and inefficient to me, yet this what was I had to resort to.

Monitor Memcached with Munin (on Ubuntu)

Sat, 14 Apr 2012 21:41:29 +0300

Let me first admit that I am new to Munin. I’ve played around with most monitoring tool, but never Munin for some reason. I really don’t know why, since it appears to be a great tool. As a result, this might be obvious to seasoned Munin-users, but it wasn’t to me at least.

It appear as most stock-plugins are configured in /etc/munin/plugin-conf.d/munin-node. This isn’t the case for the Memcached plugin. Hence this post.

I'm interviewed by City Network

Sat, 24 Mar 2012 16:50:45 +0200

This week I was interviewed (Swedish) by the Swedish hosting provider City Network for their blog. In the article I talk about the background of WireLoad and a bit about our network architecture and philosophy.

How to quickly slice wallpapers for a dual-screen setup

Fri, 09 Mar 2012 11:18:18 +0200

In this day and age, many people use multi screens in their setup. I’m one of those people. One thing that really bugs me in OS X however, is that you cannot set one wallpaper to expand beyond one screen.

Let’s say you have two screens with 1920×1080 resolution and you have found a wallpaper of the appropriate dimension (ie. 3840×1080). Interfacelift got plenty of them.

Now, in order to properly use these, you need to slice the image into two images (one for each screen). Sure, you can do this in Photoshop, but that feels like an overkill.

The 'pg_ha' project has moved to Github

Mon, 27 Feb 2012 20:24:28 +0200

I recently posted a rather lengthy article titled “High availability with PostgreSQL, PGPool-II and FreeBSD.” The article was a bi-product of setting this up and the blog-post was simply my own notes with some polish.

Little did I know when I started this that I would end up having to write this much code to make the system behave the way I wanted. While crafting the article, I decided that the most logical thing would be to create a Github repository with the scripts for easy maintenance.

Comparing MongoDB write-performance on CentOS, FreeBSD and Ubuntu

Mon, 13 Feb 2012 21:20:07 +0200

Recently I wrote a post titled ‘Notes on MongoDB, GridFS, sharding and deploying in the cloud.’ I talked about various aspects of running MongoDB and how to scale it. One thing we really didn’t take into consideration was if MongoDB performed differently on different operating systems. I naively assumed that it would perform relatively similar. That was a very incorrect assumption. Here are my findings when I tested the write-performance.

FreeBSD failover in the cloud -- UCARP to the rescue

Sat, 11 Feb 2012 17:32:15 +0200

I’m a big fan of FreeBSD. However, as painful it is to admit, it isn’t always the best OS to run in the cloud. Compared to Linux, you will get worse network and disk performance even with Virtio installed. There are also other issues. For instance, it is likely that you won’t get CARP to fully work (while this works perfectly fine with OpenBSD’s CARP, and Linux’s VRRP). I have written about workarounds for this issue in the past, but they do not seem to work equally well in FreeBSD 9.0.

The story of Devify and Red iGone

Thu, 09 Feb 2012 11:38:19 +0200

About two years ago I started working on a project called Red iGone together with a friend and we started the company Devify. The objective of the first project was simple — we wanted to make it easy to remove red eyes from photos. We didn’t see any good solution in the market place that was both fast and easy to use. Red iGone was born as a web-app and it did pretty well for itself. We got coverage from some semi-big blogs and traffic picked up.

Interviewed by TechCrunch

Tue, 07 Feb 2012 21:14:09 +0200

I’ve already posted about the fact that we’ve released a massive update to YippieMove. Today the legendary Silicon Valley-blog TechCrunch covered this in form of an interview with me.

You can read the full interview here.

Introducing the brand new YippieMove

Tue, 31 Jan 2012 14:07:26 +0200

A large part of last year spent working on a major update to YippieMove. The new YippieMove is a complete redesign, from the bottom-up. That means new logo, new user interface and an improved back-end. It has never been easier to move email data across multiple email accounts and services. We’re really proud of this release, and we think we’ve made a major improvement to what was already great product.

Notes on MongoDB, GridFS, sharding and deploying in the cloud

Sun, 29 Jan 2012 14:24:18 +0200

We‘ve been using MongoDB in production for about six months with YippieMove. It’s been an interesting experience and we’ve learned a lot.

Contrary to many MongoDB deployments, we primarily use it for storing files in GridFS. We switched over to MongoDB after searching for a good distributed file system for years. Prior to MongoDB we used a regular NFS share, sitting on top of a HAST-device. That worked great, but it didn’t allow us to scale horizontally the way a distributed file system allows.

Countries and coffee consumption.

Sat, 28 Jan 2012 13:37:22 +0200

I’m a coffee junkie. Like many of my fellow geeks, I consume way more than the average person. On a normal day, I drink somewhere between 5-10 cups perhaps. How much is that in relation to the population at large?

To find the answer, let’s turn to Wikipedia’s List of countries by coffee consumption per capita. Let’s assume that all the data in there are true. Let’s also make the assumption that one serving of coffee is about 6 grams of coffee beans.

Benchmarking and tuning FreeBSD's VirtIO network driver.

Tue, 24 Jan 2012 20:34:54 +0200

In the previous post, I benchmarked three different virtual network drivers under FreeBSD. The clear winner was, perhaps not very surprisingly, the VirtIO network driver.

In this article I will do some further benchmarking and try to optimize the driver further. Similarly to in the last post, I will use two FreeBSD 9.0 boxes with 2GB RAM and 2GHz CPU. Both nodes are set up with a private network and running in a public cloud (at CloudSigma).

Benchmarking (virtual) network drivers under FreeBSD 9

Mon, 23 Jan 2012 23:02:32 +0200

With the launch of FreeBSD 9, I was curious to learn how the VirtIO driver performed. I’ve seen a significant boost in disk performance, but how about the network driver?

Luckily, that’s rather easy to find the answer to. I spun up two FreeBSD 9 nodes on CloudSigma and configured them with VirIO (just like in this guide) and a private network. Once they were up and running, I installed Iperf and started testing away.

How to upgrade FreeBSD 8.2 to FreeBSD 9.0 with Virtio

Mon, 16 Jan 2012 18:23:43 +0200

Some time ago, I wrote about how to use Virtio with FreeBSD 8.2. As I pointed out in the article, the performance was not nearly as good in FreeBSD 8.2 as it was in 9.0-RC1. Hence I wanted to get all my nodes over to 9.0 as soon as possible to take use of the massive boost in I/O performance.

In this article I will walk you through the process of updating an existing system from FreeBSD 8.2 (without Virtio) to 9.0 with Virtio.

Introducing KISS-surveillance -- The dead simple surveillance solution

Sun, 08 Jan 2012 22:45:12 +0200

You’ve probably already noticed that I’ve used ZoneMinder a bit. I published a few blog-posts on how to set up ZoneMinder, and even posted full virtual appliance for ZoneMinder.

The problem with ZoneMinder though, in my opinion, is that it is overkill for most users. Yes, it comes with some really cool features, but if all you want to do is to snap one image per second from an IP-camera for instance, it is way too complex. Don’t get me wrong, ZoneMinder is a great application if you have complicated surveillance needs. This just wasn’t my case.

MongoDB and logrotate

Thu, 22 Dec 2011 21:26:08 +0200

I’ve been using MongoDB now for some time in production. It’s great, and I really love how easy it is to set up and scale with replica sets etc.

There is one thing that bugs me with MongoDB though. Instead of following the praxis of using Logrotate, they’ve decided to re-invent the wheel by building in a log rotation-feature (that is less powerful than Logrotate). The documentation on MongoDB’s log rotation-feature can be found here, but the gist of it is that you send ‘kill -SIGUSR1 PID‘ to MongoDB and it will automatically rotate and rename the old logfile to something like ‘mongod.log.2011-12-22T17-05-50‘.

Puppet on Ubuntu 10.04

Sun, 18 Dec 2011 13:44:56 +0200

Yesterday I decided that it’s about time to learn Puppet. I’ve had my eye on both Puppet and Chef for some time now. Yesterday after reading this Quora-thread and this blog-post, I decided to go with Puppet.

After downloading their test-VM and going through the tutorial, I pretty quickly fell in love with the simplicity and structure. Puppet is straight forward and rather intuitive.

One of the architectures that I wanted to deploy Puppet on was running Ubuntu 10.04 LTS. Unfortunately, the version from Ubuntu’s repository is really old (0.25.4), and not really compatible with much of the cool things you can do with Puppet.

I'm quoted in the December-issue of Computerworld

Thu, 15 Dec 2011 13:26:43 +0200

It’s always fun when magazines ask you for your advise. In the December-issue of Computerworld, I was interviewed by Bob Scheier in the cover story and talked about how to create a successful and scalable cloud architecture.

This really bugs me...

Wed, 14 Dec 2011 13:39:38 +0200

If you’ve ever tried to install ImageMagick on FreeBSD, you’ve probably run into this issue too. You have a head-less box in some datacenter, you don’t want to bloat the machine with X11.

You try to install the no-X11-version of Image Magick:

cd /usr/ports/graphics/ImageMagick-nox11 && make install

The next thing you know, you the dependency ‘print/ghostscript9-nox11′ gets installed. Notice that this is the ‘no-x11′ version. Yet, look at the fifth option from the top:

How to use Virtio on FreeBSD 8.2+

Thu, 20 Oct 2011 19:08:09 +0300

In the past few years, virtualization has been the big topic everybody keeps talking about. There are good reasons for that, but one thing that really annoys me as a hardcore FreeBSD-fan is how poorly FreeBSD performs virtualized.

For some time, the Linux-community have been using the Virtio-drivers to boost both I/O and network performance. Simply put, Virtio is a driver written to cut out any unnecessary emulation on the host and as a result both reduce load from the host and improve performance.

How to get 50% discount on Swisscom's hotspot (and possibly also others)

Sun, 25 Sep 2011 23:53:19 +0300

Last weekend I was staying at a Holiday Inn in the UK. As most geeks, one of the first thing I did after checking in was to hop on the wireless connection to pull down my email. Like many hotels, Holiday Inn outsource the management of their wireless guest network. This particular hotel was using a provider named Swisscom (I’m not sure if this true for all Holiday Inn hotels).

The wireless plans were as follows:
Business 24 hour – £15

Facebook knows exactly how many visitors you got on your site

Sat, 03 Sep 2011 16:50:43 +0300

Is it possible that Facebook know more about how many visitors a given website has than Alexa or Hitwise? I’m not talking about people sharing a link on Facebook and then tracking outbound clicks. I’m talking about capturing all visitors. Both Alexa and Hitwise used to both rely on browser-addons to capture this data. Since only a small percentage of users will install this add-on, they will have really rough data (and skewed towards non-technical users).

Quick and dirty way of fixing NUT on pfSense 2.0RC

Sat, 27 Aug 2011 19:39:49 +0300

One of my favorite Open Source appliances is pfSense. It can turn any old machine into a very powerful firewall/router in 10 minutes or less. Also, it comes with a very handy GUI and the fact that it is based on FreeBSD makes it even greater.

While version 2.0 isn’t stable yet, the 2.0RC is more or less considered stable. It’s also a major update to the 1.2-branch. I’ve used 2.0 on two ‘production’ firewalls now, and I think it more reliable than 1.2.

Fixing "su: unknown login: %%PG_USER%%" on FreeBSD

Mon, 15 Aug 2011 18:04:54 +0300

Today as I was installing PostgreSQL 9.04 on a new server I encountered the following error:

\[root@host ~\]# /usr/local/etc/rc.d/postgresql initdb
su: unknown login: %%PG_USER%%

Something obviously went wrong when the port was being installed. Most likely it’s a bug in the build-instructions for the port. No stress though, as there is an easy fix. Just open up _/usr/local/etc/rc.d/postgresql_ and modify the line

postgresql\_user=${postgresql\_user:-"%%PG_USER%%"}

with

postgresql\_user=${postgresql\_user:-"pgsql"}

(or I suppose you could add “postgresql_user=pgsql” to rc.conf).

Did you know you can create encrypted partitions in OS X Lion?

Mon, 01 Aug 2011 12:00:46 +0300

The most exciting new feature in OS X Lion for all paranoid techies out there was the introduction of full-disk encryption (FileVault 2). The previous version of FileVault only enabled you to encrypt your home directory. That was a good start, but it forced you to log out once in a while to recover disk space. This was extra painful if you were using a small SSD-drive.

Another issue with FileVault 1 was that it prevented you to effectively use Time Machine. In order to backup your home directory, you had to log out. First then would Time Machine back up your files. This was inconvenient to say the least.

How to upgrade from Mac OS X Lion GM to Final release

Wed, 20 Jul 2011 16:54:05 +0300

If you ran one of the beta releases of Mac OS X Lion, you probably ran into a problem when trying to upgrade to the final release of OS X Lion.

When I tried to upgrade one of my dev-machines, I was prompted with an error saying “A newer version of this app is already installed on this computer”

Of course, you know that isn’t the case, as OS X Lion, just came out.

Rebuilding a Linux software RAID array

Sat, 18 Jun 2011 19:49:02 +0300

The process is pretty straight forward, and I’m writing this as a ‘Note-to-self’ for future references than anything else. If anyone else find it useful, that’s great.

Identify the broken drive

Start by identifying the device as the system know it (ie. /dev/sdX or /dev/hdX). The following commands should provide you with the information:

cat /proc/mdstat
mdadm --detail /dev/mdX
cat /var/log/messages | grep -e "/dev/hd" -e "/dev/sd"

Once you’ve identified the drive, you want to know something more about this drive, as /dev/sdX doesn’t really tell us how the drive looks like. In my case, I have three identical drives, so the following command didn’t help me much, but maybe it does for you.

Save time (and keystrokes) in the terminal

Thu, 09 Jun 2011 23:31:24 +0300

Do you have a few long commands that you keep typing in the terminal? Things like ‘cd /some/long/path/that/takes/forever/to/type’ or ‘mycommand -with -lots -of -variables’?

If so, here’s something you’ll enjoy.

Just open up ~/.profile in your favorite editor, and add the following lines:

alias foo="cd /some/long/path/that/takes/forever/to/type"
alias bar="mycommand -with -lots -of -variables"

Now you don’t need to type those long commands ever again. All you need to do is to typ ‘foo’ or ‘bar’. You can of course replace foo and bar with anything you want, as well as the command.

Sync your devices over the air for free

Wed, 25 May 2011 21:23:06 +0000

I hate wires. I particular hate having to use wires to syncing devices.

Luckily, there are ways to avoid them (in most cases). If you are having issues with this, the solution is not to buy MobileMe. Google App/Gmail is all you need. I just posted up an article over at the YippieMove Blog that will tell you how. After reading it, you should be able to sync your Mac, iOS device(s) and Android device(s) wirelessly — for free.

Updates to WireLoad

Mon, 16 May 2011 21:38:35 +0300

2011 has been a big year for WireLoad. We have launched two brand new products (Blotter and Quiet) in a completely new vertical, namely the desktop market for Mac OS X. It has been a very interesting experience, and we certainly did not foresee the success we’ve had. Just a few weeks ago, Blotter was named ‘App of the Week‘ in Leo Leporte’s show MacBreak Weekly. Blotter has also been on the Top-10 list for productivity apps in the Mac App Store, and we’ve been the #2 app in the entire Korean Mac App Store (and top 10 in the entire Japanese Mac App Store).

How to travel safely with your computer

Fri, 13 May 2011 22:18:27 +0300

Regardless if we travel in business or on a vacation, we tend to bring our computer with us (at least I do). Common sense tells us to not check in our computer, but there are other things that we really ought to do.

The first thing you want to do is to use disk encryption. The reason for this is simple: if you lose your laptop, nobody can access your files. This really isn’t as difficult as it may sound to set up. Mac OS X comes with two built-in types of disk encryption:

How to get FreeBSD's CARP working on CloudSigma

Wed, 23 Mar 2011 13:34:32 +0200

For a few months now, we’ve been working on migrating our physical architecture for YippieMove over to CloudSigma. We got everything up and running swiftly, with the exception of one thing: CARP.

As it turns out FreeBSD’s CARP implementation doesn’t really work very well in a virtual environment. (For those curious about the details, please see this mailing list post.)

In order to get up and running with CARP on CloudSigma, you need to do the following:

Quiet - A great productivity app

Mon, 14 Mar 2011 11:43:17 +0200

Last week we launched our second application for Mac OS X. The application is called Quiet and is the best productivity tool I have ever used. The idea behind Quiet is simple. If you were to remove all distractions and only focus on one task at the time, you get more work done. This is exactly what Quiet does. It simply allows you to focus.

Let’s say you’re writing an important email that requires 100% of your attention. You would then simply bring up Quiet, and pick ‘Focus on Mail’ (assuming you’re using Apple Mail). Quiet would then bring up your Mail window on a black background. But that’s not it. In addition, Quiet will also do the following:

A really ugly solution to get a static path to a 3G modem

Mon, 24 Jan 2011 21:34:56 +0200

This solution is so ugly that I felt that I had to post it =).

I had a problem. Whenever I plugged in or rebooted, the a 3G modem into a Linux machine, it appeared on a different path (/dev/ttyUSBX). That creates some issues, as I’m using to connect to the internet, and Wvdial is using a hardcoded path to the modem. To fix this, I had to manually edit the file every time it changed. That’s very annoying. Now add in the fact that this is sitting on a remote machine that I have little physical access to, this is a real problem.

Get better music recommendations in Spotify with Lastify

Sun, 23 Jan 2011 14:18:14 +0200

Spotify is probably one of the greatest apps I’ve used in recent years. It is the sole reason why I barely ever use iTunes anymore. Why would I bother downloading music when I can have access to a far larger music library at any given moment?

There is however one big problem with Spotify: How do you find new music? Spotify does come with a “What’s New”-section that I assume is somewhat tailored to my listening habits. Yet, it’s far from perfect. It doesn’t give you any recommendations for other artists that fits your taste.

Blotter is now available

Thu, 06 Jan 2011 18:50:09 +0200

As of a few hours, Blotter is available in the App Store for Mac. We are super excited and this launch, and the App Store is really impressive.

Check it out right away!

Blotter is soon available

Fri, 17 Dec 2010 14:46:37 +0200

One of the biggest announcement Apple made in recent time was the announcement of the App Store for Mac. If you didn’t see the initial pitch, it is similar to iTunes App Store for iOS (iPad, iPhone, iPod Touch etc), but for native Mac OS X desktop applications.

We (as in WireLoad) wanted to be apart of this from the start, and got busy thinking about applications that we would like to see ourselves. The result is Blotter — an application that sits on top of your desktop and displays your calendar.

Red iGone for iPad is now available

Wed, 15 Dec 2010 11:39:35 +0200

I’m really excited about this. Red iGone, the red-eye removal tool I’ve been working on for some time, is now available on the iPad.

This is the first iPad application I’ve been working on, and the end-result is pretty awesome. While the web-version works great, the iPad version is far more intuitive, given the intuitive touch experience.

Direct iTunes link.

Let me know what you think.

Implementing ASSP with Postfix on FreeBSD

Tue, 14 Dec 2010 23:15:54 +0200

In this article, I will walk you through the process of setting up ASSP. If you’ve never heard of ASSP, it is a great anti-virus and spam-fighting proxy that sits in front of your SMTP server. Under the hood, ASSP includes a lot of intelligent spam logic, but you won’t really have to worry about it. All you really need to know is that it great at fighting spam and that it is easy to set up.

How to create SSH 'bookmarks'

Sun, 05 Dec 2010 16:01:40 +0200

If you’re like me, you spend a lot of time in the terminal window. It’s not rare that I SSH into 10+ different servers in a day. Having easy-to-remember FQDN’s makes it easier, but sometimes that’s not possible. Sometimes you only have an IP to a server, perhaps the server has a really long FQDN, or perhaps SSH is running on some arbitrary port. That makes your life harder. Luckily there’s an easy fix for it.

Great interview with Jason Calacanis

Wed, 01 Dec 2010 21:09:01 +0200

If you’re into startups and technology, you should really watch the following interview with Jason Calacanis from the Fowa-conference in London. I really like how Jason describes the way he and his team work. I completely agree with him. There is no such thing as ‘balance’ in a startup. You’re either in to do it all the way, or you might as well go home.

Introduction to scaling a website

Sat, 27 Nov 2010 16:21:05 +0200

Scaling architecture and web sites is really something I find exciting. I’ve playing with scaling various software for many years, but it is just recent years I’ve come to use this in production (primarily through YippieMove).

If you’re curious about scaling your website, I can really recommend the following video lecture from Harvard. It goes though concept that you might have run across in various blog-posts before. It is not super-technical, so even if you’re new to programming etc., you should still be able to understand the entire lecture.

How to recover from random Photoshop (font) crashes

Fri, 26 Nov 2010 02:29:02 +0200

Photoshop and Illustrator are somewhat of required apps today. You realize how much you need these apps when they decide to not play ball. This have happened to me a few times, and it often relate to fonts. Photoshop simply crashes when I bring up the font tool. Given that this is probably one of the most frequently used tools, this is a pretty big deal.

The bug-report isn’t that helpful either. You’ll only get something like:

Must-have applications for Mac OS X

Sat, 13 Nov 2010 16:30:13 +0200

We all have our must-have apps. Whenever we re-install our system, these are the first apps we want to get in so that we can get back to business. From time to time we discover new apps that are really mind-blowing and we wonder how we survived without them. For me, 1Password and Visor are two apps like that.

Since we all have different must-have apps, I thought I’d share a list of the Apps that I consider must-have apps for Mac OS X.

Why Android-phones will never be at par with the iPhone (but still win)

Sat, 06 Nov 2010 14:10:08 +0200

Yesterday I read an article titled “Why Apple can’t beat Android” over at VentureBeat. It was an interesting read, and Mr. Grim argued in the article that Android is here to stay, and that Android will soon dominate the smartphone market. I do not disagree with Mr. Grim. It makes a whole lot of sense. In the opening of the article, Mr. Grim states that Windows is ‘Big, ugly, buggy, clunky, and everywhere.’ I think that’s spot on, and I also think this is where Android is heading.

How to turn in your Mac for repair without downtime.

Tue, 02 Nov 2010 18:09:56 +0200

Let’s face it — all computers fail at one time or another. In my experience Apple computers break far less than PCs, and when they fail, Apple provide fast and great repairs. If you live in a country with Apple Stores, it’s even easier. When a PC breaks, you’re usually out of luck. Long hours on hold with some Indian call center awaits you and if you are able to convince them that your broken computer should be covered by the warranty, you are likely to spend weeks, if not months, without your computer.

Is Carbon Copy Cloner better than Time Machine?

Wed, 27 Oct 2010 20:43:32 +0300

When Apple announced Time Machine, I was overwhelmed and thought it was the best invention since sliced bread. I’ve been using it since then in setups both with a dedicated external hard drive and a Network Attached Storage (NAS).

Lately though, I’ve started to get more and more annoyed with Time Machine. It consumes a significant amount of resources, as it keeps backing up changes continuously, and it will fill up the destination drive until it’s full.

How to merge PDF-files on Mac OS X

Wed, 27 Oct 2010 18:05:24 +0300

In my previous post, I talked about how to split PDF files on Mac OS X, Linux and Unix. In that article, I mentioned a simple app that allows you to merge several PDF files. The app is dead simple, and you can create it for yourself if you’d like (here’s the workflow in Automator). All it asks you for is the input files (the files you want to merge), and it will take care of the rest. When done, Preview will pop up with the merged file. You will then have to save the file.

How to manage VMware Server on Mac OS X with VNC

Sun, 24 Oct 2010 14:24:36 +0300

VMware Server is a great product. It’s free and works well with most guest operating systems. However, there is one major drawback – you cannot use the ‘console’ app on Mac OS X. For some strange reason, VMware decided to only make the required Firefox plug-in available for Linux and Windows. Given that Mac OS X is the OS of choice for most tech-savvy users I know, this decision makes no sense at all. While I rarely need the console for an existing virtual machine (other than if it fails to boot or something similar), it is obviously required to install the operating system onto the virtual machine.

How to split a PDF files on Mac, Linux or Unix

Fri, 22 Oct 2010 16:52:05 +0300

There are a ton of tools out there for modifying PDF-files. Most of them are crappy, overpriced sharewares from mediocre developers looking to make cash from non-technical users. What most Mac-users perhaps do not know is that Mac OS comes with a ton of handy tools for modifying PDF files. For instance, with a few clicks, you can create an app that merges different PDF files into one file with Automator (I will post that app in a separate post).

Moving Cyrus from a 32Bit to a 64Bit server

Sun, 03 Oct 2010 22:52:12 +0300

I’ve you’ve read the past few articles I’ve published, you’ve probably figured out two things:

I love FreeBSD.
I’m in the process of moving a bunch of servers.

This time I’ll walk you trough how to move Cyrus-IMAP between a 32bit server to a 64bit server. In my case, on FreeBSD. Unfortunately the process is not as straight-forward as I imagined it to be. With these instructions, you will hopefully save yourself the hours I spend troubleshooting the issue.

Copying users/groups between two FreeBSD servers

Thu, 30 Sep 2010 20:17:58 +0300

Sometimes you want to move all users and groups from one server to another without having to recreate all users. Let’s say you are retiring an old server and moving to a new server. If you’ve had the server for a while and have lots of users on it, the last thing you want to do is to recreate all users and assign new passwords.

If you’re on FreeBSD, the task is pretty trivial. I’m sure it’s pretty straight forward on Linux too, but these instructions only apply to FreeBSD. In my case I was moving the users from a FreeBSD 7.1 system to a brand new FreeBSD 8.1 server.

Annoying SEO scam

Mon, 27 Sep 2010 17:43:49 +0300

So I’m not 100% confident that this is a scam, but it sure looks like it. I’ve been contacted by this guy a few times by now. Here’s the email he sent out. Also, I’m pretty sure there is no such thing as the “reverse google pagerank algorithm”.

Hi,

John Stahl here. I just wanted to drop you a line and invite you
to be a link partner for our website xraider.com.

Setting up a redundant NAS with HAST and CARP

Mon, 27 Sep 2010 13:53:42 +0300

One of the coolest new features in FreeBSD is HAST (Highly Available Storage). In simple terms, it can be described as RAID1 (mirror) over TCP/IP (similar to DRBD on Linux, but native). You can simply have two physical nodes replicate data over the network. If you throw in CARP (Common Address Redundancy Protocol) to the mix, you can create a very robust storage system on commodity hardware with automatic failover.

After reading trough the official HAST wiki, I decided that the approach outlined there wasn’t the ideal approach for us. They use UCARP, which is a userland implementation of CARP. I prefer to use the real deal, as it is known to be extremely robust. The only downside with using CARP instead of UCARP is that it requires that you recompile the kernel.

How to build Apache and mod_wsgi with Python 2.7 on FreeBSD

Wed, 08 Sep 2010 23:27:01 +0000

We’re probably not the only company switching to Python 2.7. Right now, we’re in the final phase of rolling out an updated version that uses Python 2.7. As I was setting up our servers, I ran into a few issues with packages who were hardcoded to use Python 2.6 or earlier.

Both Chronicle and YippieMove are using Django, and use on Apache with mod_wsgi. When building these two packages, we found out that were both hardcoded to use Python 2.6 or earlier. Fortunately, there’s a simple solution for it.

How to get RabbitMQ 1.8 to work on FreeBSD

Tue, 31 Aug 2010 14:40:41 +0300

Update: Thanks to Phillip (the maintainer of the package), this issue has now been resolved for RabbitMQ 2.0. The instructions below still applies if you for some reason prefer to run RabbitMQ 1.8.

This post might be irrelevant as soon as the port maintainer resolves this issue, but as I’m writing this, this bug will prevent you from running RabbitMQ successfully.

Installing RabbitMQ is simple, but there are a few tricks that you might want to keep in mind. Before we build RabbitMQ, let’s build Erlang.

Shouldn't dependencies of core components be isolated?

Sat, 28 Aug 2010 15:41:19 +0300

Local management tools are critical for most Linux and Unix distributions. For instance, if you delete Python 2.6 from your Ubuntu installation, it becomes more or less unusable. This is because most local management tools are written in Python. I have no problem with this. On the contrary, I think it makes a whole lot of sense to write management tools in a high-level language, such as Python or Ruby.

Solution for "[Errno 13] Permission denied: '/nonexistent'" in mod_wsgi

Thu, 26 Aug 2010 21:49:36 +0000

While upgrading to Python 2.7 on one of our development servers (FreeBSD 7.2), I ran across a somewhat strange error with Django (or rather mod_wsgi). Since I didn’t find a whole lot useful results when I Googled for it, I decided to do a brief write-up about it.

The error I received was as follows:

\[Errno 13\]
Permission denied: ‘/nonexistent’

As it turns out ‘/nonexisten’ is the home-directory for ‘www’ on FreeBSD. This is good, as you want your webserver to have as little write-access as possible. The problem is that Python uses something called Egg-files for its modules. These can be either stored extracted or compressed. The compressed ones are basically just a zip-file with the .egg-extension. The above error originates from when mod_wsgi tries to extract one of these .egg-files in the home-directory. Since ‘/nonexistant’ is non-existing folder (shocking, right?), it fails.

Can VirtualBox take on VMware for SMBs?

Sun, 22 Aug 2010 19:42:45 +0300

My experience with VMware goes way back. I think the first version I ever used was VMware Workstation 4.0 back in ’03. That’s seven years ago. Back then it was really cool as a proof-of-concept, but not very useful as the hardware didn’t have enough power (primarily RAM) to run multiple OS’es simultaneously (or, at least my hardware).

A few years ago I started to use VMware more seriously. VMware Server was great. It ran on Linux and was pretty flexible. It lacked a few features (such as multiple snapshots), but it did the job. When we first launched YippieMove, we actually ran the entire architecture with a few VMware Servers. It worked, but due to budget hardware, it didn’t perform as well as we liked it to. (We eventually switched to FreeBSD Jails and the article we wrote about it made it to Slashdot.)

How monkeys mirror human irrationality

Wed, 18 Aug 2010 15:09:53 +0300

I watched a really interesting TED-talk last night that I wanted to share with all of you. It’s on the topic of human irrationality and how it is mirrored in monkeys. The verdict is that monkeys make the same irrational decisions as humans make, despite the fact that we know they’re irrational decisions.

Here’s the video:

How to avoid monthly service fees with Wells Fargo (Business and Personal)

Tue, 03 Aug 2010 15:42:59 +0300

I will rant a bit about how pathetic the U.S. banks are, so if you don’t want to read about that, jump down to ‘End Rant.’

Rant

Banks in the US are kind of like the movie industry. They realize that their golden days are over, and will therefor try to squeeze every penny out of you. The two industries are also in denial about the fact that the entire world have gone online and that if they don’t adopt, they will slowly die. Online banking in the U.S. is a joke. In the year 2010, I can still not transfer money between two different banks online. I can’t even do a wire transfer online. Well, maybe that’s a good thing, given the pathetic security. Your bank records are not more secure than the average web service.

Create a lightweight intranet search engine with Xapian on FreeBSD

Sun, 01 Aug 2010 23:42:50 +0300

Recently I had to set up an intranet search engine to crawl trough thousands of PDF files. There are a ton of commercial solutions (read: $$$$

) out there on the market, ranging from Google Search Appliance to IBM’s OmniFind. There are also a few good Open Source engines, such as Apache’s Lucene. The problem is that these are primarily intended for enterprises with server farms full of data. That’s really not what I was looking for. I was looking something simple that was easy to set up and maintain. That’s when I came across Xapian. It’s Open Source and lightweight. Combine Xapian with Omega and you got exactly what I was looking for — A lightweight intranet search engine.

Amazon S3/Jungle Disk as your home NAS?

Sun, 01 Aug 2010 13:58:11 +0300

This idea hit me this morning. Assuming you have a decent connection at home (not ADSL or Cable that is), Amazon S3 (or Jungle Disk) makes a pretty nice back-bone for a home NAS. It is fairly cheap and you will no longer worry about growing out of your array or failing disks. Yes, I reckon that if you store your data without encryption (even in a private bucket), it may leak out. However, as long as you’re not storing top-secret government files, I think you’ll be fine.

How to backup to S3 with GnuPG (PGP) without having to store the passphrase locally

Fri, 23 Jul 2010 13:25:23 +0300

To increase the reliability of our backups at WireLoad, we wanted to utilize S3. Obviously we couldn’t just send our backups to S3 without encrypting them, so GnuPG was part of the equation from the beginning. As I started my research, I found a ton guides on how to utilize a variety of backup tools to get your backups delivered to S3. Some of the tools looked really promising. After reading the specs, Duplicity stood out as the winner. It supported S3, encryption and the whole shebang. It even supported incremental backups. Bingo I thought. That’s perfect.

Chronicle.IM is almost ready...

Sat, 17 Jul 2010 14:34:22 +0300

Last night we rolled out a new version of Chronicle.IM to the production servers. The product is not quite ready yet, but you can sign up with your email address if you want to be invited to the beta-version. Over the next few weeks we will start letting a few beta-testers in. If everything goes well, we will invite more.

So what is Chronicle.IM? The slogan for the product is ‘Write the story of your life.’ That sums it up pretty well. It is an online journaling/diary app that allows you to keep track of your life in with ease and style. While I don’t want to reveal all the details now, let’s just say that we’ve focused on simplicity and usability. You won’t be disappointed.

Monitor Nginx and disk-usage with Monit

Mon, 12 Jul 2010 12:19:58 +0300

Yesterday I posted an article on how to monitor Apache and PostgreSQL with Monit. After setting that up I was amazed how simple and flexible Monit was, so I moved on with two more tasks: monitor Nginx and disk usage.

This article assumes that you’ve set up Monit in accordance with the previous article. It also assumes that you’re on Ubuntu 9.10 or 10.04. If you use a different Linux or Unix flavor, you will probably need to modify a few paths.

Setting up Monit to monitor Apache and PostgreSQL on Ubuntu

Fri, 09 Jul 2010 18:05:32 +0300

Monit is a great little utility that monitors your daemons. If a daemon fails, Monit will start the daemon it will automatically restart the process. It comes in very handy if for web-servers, such as Apache.

For Red iGone we use Apache as the web-server, and PostgreSQL as the database. I wanted to configure Monit to keep an eye on these processes. As it turns out, setting up Monit was really straight-forward.

Website review session from Google I/O

Fri, 04 Jun 2010 21:27:01 +0000

If you are new to SEO, or just want to learn more about SEO, Matt Cutts and a few colleagues did a really good presentation on Google I/O where they went through several websites and reviewd them from an SEO perspective. The whole presentation is about an hour long, but well worth watching.

How to install ZoneMinder 1.24.2 on Ubuntu 10.04 LTS Server

Sun, 23 May 2010 17:18:32 +0300

Last week I published a new version of my ZoneMinder Virtual Appliance. The virtual appliance is great if you want to easily deploy ZoneMinder without having to spend time setting it up. However, in some situations, you want to run ZoneMinder directly on the hardware. Perhaps you need better performance or simply need to capture video streams from V4L-devices.

Since I already spent the time getting it running, I thought I’d share the instructions for getting it running. It’s pretty straight forward, but there are a few minor things that took me some time to get around.

Trouble with ZoneMinder VA 0.2 and VMware Server 2

Mon, 17 May 2010 13:53:57 +0300

Last week I launched ZoneMinder VA 0.2. Unfortunately there is an issue with the image that prevents it from loading properly into VMware Server 2. The root of the problem is actually an incompatibility issue between VMware Fusion and VMware Server, but that doesn’t matter. Fortunately the workaround is pretty simple.

Delete any vmdk.lck directries
Delete any vmem.lck directories
Delete the quicklook-cache.png file
Edit the .vmx file and set to FALSE entries for USB, SOUND and SERIAL.

Red iGone screencast/demo

Sat, 15 May 2010 22:43:44 +0300

I just recorded a screencast of Red iGone in action. The video is a bit rough (in particular the audio), but I hope it gets the message across. Enjoy.

Hello Grub, you suck!

Fri, 14 May 2010 15:59:43 +0300

In the last few weeks I had to set up a few new Linux servers. Since Ubuntu is my preferred Linux dist in recent years, 10.04 LTS was a natural choice.

Ubuntu 10.04 LTS is a great Linux distribution, with one exception: Grub. I really mean it. Grub is probably the worst boot loader to date. Is so bad that it could equally well be replaced with the following shell script:

ZoneMinder Virtual Appliance 0.2 Released

Sun, 09 May 2010 22:54:34 +0300

ZoneMinder is a great piece software. It is a very powerful video surveillance tool that can be configured with both IP cameras and regular cameras (via V4L). Unfortunately it is a bit difficult to get up and running with. A while back I needed to deploy ZoneMinder myself for a client. One thing lead to another, and I ended up with a fully working Virtual Machine for ZoneMinder. I uploaded it here just for fun, but it didn’t take long before I had was linked to from the official ZoneMinder project and the visitors started to pour in.

We've taken over the management of Google Community.com

Fri, 30 Apr 2010 14:28:19 +0300

A while back, WireLoad took over the management for the forum Google Community.com. I’ve been a member of the forum for a few years, and seen how it has gone from a lively forum to a spam-infested forum with hardly any active members. As the spam increased, all the serious and senior members went away.

I knew that the forum had potential. It used to generate a massive amount of traffic and has more than 40,000 registered members. We actually used to receive a significant amount of traffic from Google Community to YippieMove, but as the traffic dropped, so did the traffic coming from Google Community over to YippieMove.

Year 2010: Nokia relaunches Danger's Sidekick 2

Tue, 27 Apr 2010 14:27:24 +0300

The hat is off to Nokia. They’ve managed to stay inside their cave in Finland while the rest of the world evolved. First they tried to sue Apple over some vague copyright infringement, while we all know that it was really just a desperate attempt to get some press. While Nokia once was an innovative cellphone manufacturer, I really don’t know what went wrong. Today Nokia did something remarkable though: They re-launched Danger’s Sidekick 2 under the name N8. Take a look at the similarities after the jump. Well done Nokia. The Sidekick 2 was released in 2002. Eight years later you release the same product. Astonishing.

Just launched Red iGone

Wed, 21 Apr 2010 21:29:40 +0300

Two days ago we launched Red iGone — the easiest way to remove red-eyes out of you photos. It’s a dead-simple tool. Just upload your photo, select the red eye, let Red iGone work its magic, and download the enhanced photo.

It’s fully web-based, and does not require anything else than your web browser. While it is still in beta, it works pretty well (with occasional hick-ups).

Only hours after launching, we had received 20 some tweets, a few hundred unique visitors and two blog-reviews, so I think it is looking pretty promising.

I'm going VoIP - Unboxing Snom M3.

Tue, 16 Mar 2010 17:44:23 +0200

For many years I’ve been excited about VoIP. I attended a seminar on Asterisk 7 years or so ago, and remember thinking: Wow, this is the future. Unfortunately there were many things holding VoIP back then (bandwidth being the most obvious one). However, today most companies can get a decent internet connection (10Mbit up and down will do). Moreover, you won’t even have to get dirty with setting up your own Asterisk server today, you can simply go for a hosted PBX-solution. This is both cheaper (assuming you can’t do it yourself) and probably more reliable.

Brilliant set of SEO bookmarks

Tue, 09 Feb 2010 13:56:05 +0200

SEO legend Rand Fishkin just published a brilliant post over at SEOMoz. It’s simple and beautiful. It’s a set of 30 bookmarks for automating bits and pieces of SEO and SERPS analysis. Kudos to Rand for putting it out there.

Want to learn about SEO?

Thu, 04 Feb 2010 22:42:37 +0200

If you’re new to Search Engine Optimization, or SEO, you might want to take a look at this brief e-book from Google.

It goes over the most basic aspects of SEO. That said, even if you consider yourself a savvy-webmaster, it could still be worth your time just in case you missed something

New email troubleshooting guide

Thu, 04 Feb 2010 12:11:26 +0200

I just published a guide on how to troubleshoot email over at Email Service Guide. It’s fairly straight forward, but does require a bit of technical skills.

The reason why I wrote the guide was actually because I quite frequently found myself Googling for a good IMAP cheat sheet (the RFC is not very good for this). Once I started writing, I realized that it wouldn’t take a whole lot more effort to include POP3 and SMTP as well (since the technique is the same). So I included them too.

Two new partners for YippieMove

Wed, 03 Feb 2010 16:05:04 +0200

Today we just introduced two new partners for YippieMove: LTech and Weird Kid Software. They’re both leaders in their particular niche and we’re excited to start working with them.

For more information, see the partner-page at YippieMove.com.