background preloader

Unix System Adminstration

Facebook Twitter

Release-6. OpenSSH 6.9 has just been released. It will be available from the mirrors listed at shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: Future Deprecation Notice ========================= The 7.0 release of OpenSSH, due for release in late July, will deprecate several features, some of which may affect compatibility or existing configurations. Charles Miller sur Twitter : "@coil780 @freebsdgirl This is why you should always buy tech books in German.

Arm/Raspberry Pi - FreeBSD Wiki. FreeBSD/ARM on Raspberry Pi FreeBSD-CURRENT has supported Raspberry Pi since November, 2012 and Raspberry Pi 2 since March, 2015. If you have questions, ask on the freebsd-arm mailing list. What is Raspberry Pi? The Raspberry Pi launched in early 2012 as an inexpensive ($35) PC based on a Broadcom BCM2835 SoC. It was developed by the UK-based Raspberry Pi foundation as an inexpensive system for educational use. As of April 2013, it has sold over a million units. There are several versions of the Raspberry Pi: The "Model B" includes Ethernet, 2 USB ports and originally included 256MB RAM. What works How to Boot the Raspberry Pi As of January 2013, FreeBSD-CURRENT fully supports either a video console (you'll need a USB keyboard and display connected) or it can be configured to use a serial console (you'll need a USB to TTL Serial Cable such as the one sold by Adafruit.com).

After connecting video, keyboard, and inserting the SDHC card, you connect power to actually boot. How to Build an Image. Build ngx_pagespeed From Source   |   PageSpeed Module   |   Google Developers. Fastly sur Twitter : "Thinking about migrating to a new CDN? Here are some questions you should be asking:... Nginx Secure SSL Web Server. Home RSS Search April 07, 2014 with HTTP, HTTPS SSL and Reverse Proxy Examples Nginx is a secure, fast and efficient web server. It can be configured to serve out files or be a reverse proxy depending on your application.

What makes this web server different from Apache, Lighttpd or thttpd is the overall efficiency of the daemon, the number of configuration options and how easy it is to setup. Nginx ("engine x") is a high-performance HTTP server and reverse proxy server. Security methodology behind our configuration In the following example we are going to setup some web servers to serve out web pages to explain the basics.

The security mindset of the configuration is very paranoid. Our goal is to setup a fast serving and CPU/disk efficient web server, but most importantly a _very secure_ web server. Below you will find a few different example nginx.conf configuration files in scrollable windows. You are welcome to copy and paste the following working examples. Make clean; . Network Tuning and Performance Guide. Home RSS Search November 12, 2013 Many of today's desktop systems and servers come with on board gigabit network controllers. After some simple speeds tests you will soon find out that you are not be able to transfer data over the network much faster than you did with a 100MB link.

There are many factors which affect network performance including hardware, operating systems and network stack options. It is important to remember that you can not expect to reach gigabit speeds using slow hardware or an unoptimized firewall rule set. Hardware No matter what operating system you choose, the machine you run on will determine the theoretical speed limit you can expect to achieve. In terms of a firewall or bridge we are looking to move data through the system as fast as possible.

The quality of a network card is key to high though put. A gigabit network controller built on board using the CPU will slow the entire system down. Not to say that all on-board chip sets are bad. Yes. Optimizing NGINX TLS Time To First Byte (TTTFB) By Ilya Grigorik on December 16, 2013 Network latency is one of our primary performance bottlenecks on the web. In the worst case, new navigation requires a DNS lookup, TCP handshake, two roundtrips to negotiate the TLS tunnel, and finally a minimum of another roundtrip for the actual HTTP request and response — that's five network roundtrips to get the first few bytes of the HTML document!

Modern browsers try very hard to anticipate and predict user activity to hide some of this latency, but speculative optimization is not a panacea: sometimes the browser doesn't have enough information, at other times it might guess wrong. This is why optimizing Time To First Byte (TTFB), and TLS TTFB in particular due to the extra roundtrips, is critical for delivering a consistent and optimized web experience.

The why and the how of TTFB To minimize the impact of the extra roundtrips all modern browsers tokenize and parse received HTML incrementally and without waiting for the full file to arrive. How to monitor ZFS with SNMP in FreeBSD? Moving away from puppet: SaltStack or Ansible? | Ryan D Lane. Over the past month at Lyft we’ve been working on porting our infrastructure code away from Puppet. We had some difficulty coming to agreement on whether we wanted to use SaltStack (Salt) or Ansible. We were already using Salt for AWS orchestration, but we were divided on whether Salt or Ansible would be better for configuration management.

We decided to settle it the thorough way by implementing the port in both Salt and Ansible, comparing them over multiple criteria. First, let me start by explaining why we decided to port away from Puppet: We had a complex puppet code base that has around 10,000 lines of actual Puppet code. Before I delve into the comparison, we had some requirements of the new infrastructure: No masters. Here’s how we compared: Simplicity/Ease of UseMaturityPerformanceCommunity Simplicity/Ease of Use Ansible: As I started Ansible was indeed simple. Developing the playbook was straightforward. My initial playbook was a single file. Introspection for Ansible was lacking. BayLISA Monthly General Meeting - All Welcome - BayLISA (Sunnyvale, CA) DomainKeys Identified Mail. DomainKeys Identified Mail (DKIM) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators and that the email (including attachments) has not been modified during transport.

A digital signature included with the message can be validated by the recipient using the signer's public key published in the DNS. DKIM is the result of merging DomainKeys and Identified Internet Mail.[1] This merged specification has been the basis for a series of IETF standards-track specifications and support documents which eventually resulted in STD 76.[2] Prominent email service providers implementing DKIM include Yahoo, Gmail, AOL and FastMail. Any mail from these organizations should carry a DKIM signature.[3][4][5][6] Overview[edit] Both modules, signing and verifying, are usually part of a mail transfer agent (MTA). How it works[edit] Development[edit] Continuous Delivery vs Continuous Deployment. Translations: 한국말 Timothy Fitz’s blog entry on continuous deployment came out over a year before Dave and I published our book on continuous delivery.

So why did we choose a different name? Is there actually a difference or are we just being bloody-minded? We decided to call the book Continuous Delivery for a few reasons. While continuous deployment implies continuous delivery the converse is not true. This in turn relies on comprehensive automation of the build, test and deployment process, and excellent collaboration between everyone involved in delivery – developers, testers, DBAs, systems administrators, users, and the business. In the world of continuous delivery, developers aren’t done with a feature when they hand some code over to testers, or when the feature is “QA passed”. However it doesn’t always make sense to release every good build to users. So when can you say you’re doing continuous delivery?

You have run your entire test suite against the build containing the story. Wesley David sur Twitter : "Whenever I see install instructions that start with curling a file into bash. #sysadmin #devops... Internet Protocol Version 6 Address Space. IPv6 address. Decomposition of an IPv6 address into its binary form IPv6 is the successor to the first addressing infrastructure of the Internet, Internet Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, IPv6 has a vastly enlarged address space compared to IPv4. Addressing methods[edit] IPv6 addresses are classified by the primary addressing and routing methodologies common in networking: unicast addressing, anycast addressing, and multicast addressing.[1] A unicast address identifies a single network interface.

An anycast address is assigned to a group of interfaces, usually belonging to different nodes. Address formats[edit] Unicast and anycast address format[edit] Unicast and anycast addresses are typically composed of two logical parts: a 64-bit network prefix used for routing, and a 64-bit interface identifier used to identify a host's network interface. Multicast address format[edit] Representation[edit] Remote execution tutorial. Before continuing make sure you have a working Salt installation by following the installation and the configuration instructions.

Now that you have a master and at least one minion communicating with each other you can perform commands on the minion via the salt command. Salt calls are comprised of three main components: salt '<target>' <function> [arguments] target The target component allows you to filter which minions should run the following function.

Salt '*' test.ping salt '*.example.org' test.ping Targets can be based on minion system information using the Grains system: salt -G 'os:Ubuntu' test.ping Targets can be filtered by regular expression: salt -E 'virtmach[0-9]' test.ping Targets can be explicitly specified in a list: salt -L 'foo,bar,baz,quo' test.ping Or Multiple target types can be combined in one command: salt -C 'G@os:Ubuntu and webser* or E@database.*' test.ping function A function is some functionality provided by a module. Here are some examples: salt '*' cmd.run 'uname -a' Command reference.