Techstream

Buy me a coffeeBuy me a coffee
  • post-image
    Kong API Gateway

    This tutorial walks through installing, configuring, and testing various features of the Kong API Gateway. API gateways are pivotal to largely scaled application architectures that support microservices patterns to support features such as authentication/authorization, rate limiting, IP restrictions, etc.

  • post-image
    Demonstration of Log4Shell Exploit

    A Critical Vulnerability was discovered in the Apache Log4j package. Also known as Log4Shell, this vulnerability has wide-ranging impacts as Log4j is VERY widely used by many Java applications and dependent libraries, causing almost every technology company around the world to scramble and patch their systems. This post attempts to detail a way to test the vulnerability to help users better understand how the exploit functions so that they can be better equipped to solve for the issue and protect their infrastructure. This IS NOT intended to be used in a malicious manner - it is ONLY an educational post.

  • post-image
    Pi-hole and Browser Slowness on Mac OSX Big Sur

    Pi-hole is a fantastic ad-blocker software that can be run from a Raspberry Pi device. However, in a more recent version of Mac OSX (Big Sur to be specific), it was noticed that any/all browsers were exhibiting significant slowness. When digging in, this slowness was actually due to a way the OS was dealing with ad-blocking that changed from prior versions. This blog post details how to correct the issue (hint: small change to the Pi-hole ad-blocking response when intercepting DNS requests for ads).

  • post-image
    SDR Streaming using RTMP

    Software Defined Radio (SDR) devices are incredibly flexible devices allowing all kinds of interesting hobbies such as satellite tracking, radio listening, etc. This post details how to publish the captured signals from a SDR device to a RTMP endpoint that allows near real-time streaming (listening) to the device. The approach is flexible such that it allows multiple/many listeners to attach to the stream at one time.

  • post-image
    Raspberry Pi e-Paper Status Display

    e-Paper displays are a really neat way to display information and their price makes them affordable to experiment with. This post details how to create a display/status board that shows various pieces of information on an e-Paper display mounted in a frame, driven by a Raspberry Pi Zero W controller. The result is a nice little display that can pull information from various sources (weather, stocks, etc.) and display it front and center for you to keep track of.

  • post-image
    Email Alerts for keepalived Failover

    In a previous post setting up a Pi-hole failover pair of Raspberry Pi instances, it was mentioned that an improvement might be to add monitoring for when a failover occurs so you can be alerted and correct the situation. While Monit and other monitoring-related tools are possible to use, there is a much simpler approach by using the native email capability in keepalived that notifies email addresses when the instance state changes. This article details how to set up postfix capability and configure keepalived to email a set of pre-defined addresses using an existing Gmail email account.

  • post-image
    Pi-hole Ad-Blocking with Failover on Unifi

    There is a great project known as Pi-hole that enables ad-blocking features (among other things) that can help both speed up your browsing experience by blocking page call-outs to ad-based sites and protect browsing history by blocking user-tracking activities. This article explains how to set up a Pi-hole active/failover pair on Raspberry Pi 3 B+ devices, and configure the devices to function as your home network primary DNS for ad-blocking within a Unifi Dream Machine Pro. It will also explain the details behind using a service such as keepalived to establish a virtual IP that the Pi-hole pair will share and manage if and when your primary Pi-hole instance becomes unavailable, and configuration of gravity-sync to keep the secondary Pi-hole instance in sync with your primary Pi-hole configurations in case such a failover occurs so the secondary can simply pick up where the primary left off, protecting your browsing experience on your home network. Note that this article specifically takes various works of art from other fantastic community contributors (see Credits in article) and combines them into a specific/opinionated architectural solution - no ownership of previous work is claimed or assumed.

  • post-image
    iPerf3 on Unifi Dream Machine Pro

    Setting up and testing your own home network can be both a lot of fun and one of the more frustrating things an engineer will do. Signal strength, latency, channel selection, frequency selection, number of hops, and the list goes on and on. This post focuses specifically on a utility known as iPerf, which can be used to peform checks of your network so that you can measure the impact of the changes you’ve made and the overall performance of your network. Instead of attempting to explain all of the use cases of the iPerf utility, this post specifically focuses on how to automatically run an iPerf server on a Unifi Dream Machine Pro so that you can interact with it from various devices in your home network to measure and potentially rule out performance bottlenecks.

  • post-image
    Tuning Unifi Wireless

    This post details how to tune your Unifi networking gear wireless settings for enhanced throughput and speed. Simply plugging the equipment in and using it already provides a great experience, but often, tuning will significantly enhance things such as wireless connectivity improvements, reduced interference, increased throughput, increased speed, etc. This is an opinionated post based on the environmental conditions of one home and preferences around configuration settings that resulted in improvement from ~250Mbps rates with standard configurations up to ~470Mbps sustained on iPhone XR devices connected to home Wireless Access Points Unifi In-Wall 802.11ac Wave 2 Wi-Fi Access Points.

  • post-image
    Sonos on Unifi Network Gear

    Unifi networking gear is currently some of the best Prosumer and SMB network gear around. However, if you own any Sonos equipment in your home, you’ll potentially have trouble setting up your system in a way that both isolates the Sonos equipment the way you want it to and allows for continued control/communication with it through the Sonos app on a different network within your home. There are many posts detailing various configuration settings, some of which I’ve found work while others do not, and this post attempts to detail the architecture and corresponding configuration settings that work for the setup I currently have.

  • post-image
    Displaying Stock Price on OLED Display using RasPi

    Sometimes, it’s just helpful to have something front and center vs. having to navigate to a web page to find it. This tutorial uses a Raspberry Pi Zero and an OLED display to show a near real-time stock price and gain/loss information that can be used anywhere that the Raspberry Pi can connect to a network with internet connectivity.

  • post-image
    PlantUML Using vim

    PlantUML is a great modeling language/utility for software diagrams (and other types). Often, it’s useful to have a pattern of developing using vim and having the UML update automatically. This post details a quick way to offer this pattern.

  • post-image
    Vagrant Network - Connectivity & Routes

    It’s so satisfying to spin up a Vagrant VM using VirtualBox, knowing that you now have a self-contained development environment…until you figure out that you can’t SSH to the instance or reach it via normal network methods. This tutorial is a very quick check/explanation of the routing that is often needed to ensure your local OS can reach the VirtualBox VM as you expect.

  • post-image
    Disk Recovery - Photos

    Panic usually ensues when an external disk drive used for photo (or other file backups) fails or is leading towards failure and files are seemingly lost. The good news is, if you’re close enough to when the drive is about to fail, you can usually recover the files. However, if that drive seems toast and you had been editing/storing the files on your local hard drive for any amount of time, you can usually recover many of the previous photos assuming there hasn’t been much activity on the drive or that positions on the drive have not been overwritten with new data. This tutorial walks through how to go about recovering deleted files from a disk drive that have not yet been completely overwritten by new data on the disk.

  • post-image
    Remote Busy/Free with ESP8266

    Working from home, if new for an employee, can be difficult from a disruption perspective, especially if kids are involved. This post details how to create a simple busy/free indicator lamp that can be remotely controlled and shows red when busy, green when free, or off. Additionally, for added fun (if kids are involved), there is an RFID reader where you can scan the card from the outside of the box and the color (busy/free) will flash a few times indicating the current status. Because it’s remotely controlled, you can place this anywhere within WiFi reach and control it remotely from your phone, laptop, etc.

  • post-image
    Apache Solr for Web Search

    Apache Solr is an open source search platform that enables fast search and filtering on data sets. This tutorial is a very basic introduction to Apache Solr and demonstrates its capabilities by running a simple Python Flask web application that enables the user to perform a search against a Solr back-end and return the result to the web page. It is intended to serve as a first stepping-stone introduction to Apache Solr that can lay the groundwork for future work and improvements.

  • post-image
    Memcached for Performance Increases

    Memcached is an open source distributed memory caching technology used by many applications to speed up response time of common data retrievals and reduce overall impact on back-end systems for high volumes of requests. This tutorial walks through using Docker to set up a small ecosystem of a Python Flask application that communicates with a MySQL back-end for query results to be displayed to a user, and how adding a distributed memory cache can increase the performance/response time of requests for data that is requested frequently or requires a large amount of computational time.

  • post-image
    Open Policy Agent as k8s Admission Controller

    Open Policy Agent (OPA) enables multi-platform policy control of resources. There are many use cases and applications for OPA (Terraform, Envoy, Kubernetes, etc.) but this post will be focused on enabling OPA as an admission controller to define allowed/denied policies related to resource requests within Kubernetes. There is a more first-class integration between OPA and Kubernetes known as OPA Gatekeeper, which is out of scope for this particular tutorial, which will focus on native integration between OPA and k8s.

  • post-image
    Dex OIDC Auth with LDAP and Gangway for k8s

    Authentication and self-service for users to interact with k8s is generally fairly common, and enabling this in a very self-service, automated, and maintainable way can be challenging. This post attempts to provide a jumping off point for enabling self-service provisioning and management of user-based permissions in interacting with a k8s cluster using Dex as an OpenID Connect (OIDC) Identity and Gangway to enable auth flows using OIDC for a k8s cluster. The use case for this configuration would be for infrastructure and platform teams to enable development and other teams to self-provision tokens that enable them to interact with a k8s cluster based on roles and permissions defined by the managing team using k8s RBAC.

  • post-image
    Understanding k8s DNS

    Kubernetes by default in its most recent versions utilizes CoreDNS for handling DNS for the cluster. This post is a VERY brief exploration of CoreDNS and interacting with it in the context of a k8s cluster to test local resolution of names created as part of deploying a Pod and exposing the Pod via a Service. It is not inteded to be a complete guide to DNS, CoreDNS as a product, or all aspects of DNS as they relate to k8s clusters (it is very pointed at testing and setting up a workflow to debug CoreDNS on the k8s cluster for private/internal domains).

subscribe via RSS