Using Waveshare e-ink screens without Raspberry Pi

Using Waveshare e-ink screens without Raspberry Pi

 Posted on August 2, 2023  |  9 minutes  |  Pierre-Olivier Mercier  • Other languages: fr

When it comes to e-ink displays, Waveshare is a rare manufacturer that allows you to buy displays of any size. Advertised as ESP32, Arduino and Raspberry Pi compatible, they are in fact compatible with any development board exposing the SPI protocol. Since Raspberry Pi boards have become hard to find in recent months, we’ll take a look in this article at how to use another Linux-based board to run a Waveshare display. [Read More]
linux  e-paper  kernel  spi 

Gamification of a Linux system administration course

Gamification of a Linux system administration course

 Posted on June 7, 2023  |  17 minutes  |  Pierre-Olivier Mercier  • Other languages: fr

System administration isn’t something that’s obvious to everyone, and it’s a subject that, when it’s more to do with the basics of networking and Linux, can seem a lot more daunting than learning about the latest trendy technologies (Docker, Terraform, Kubernetes, etc.). Also, with the bombardment of information and easy access to computer content and tutorials often more interesting than “classic” lectures, students are less and less attentive, present or participating. [Read More]
teaching  kernel  network  certificates 

Self-hosting: for a decentralized and responsible Internet

Self-hosting: for a decentralized and responsible Internet

 Posted on May 22, 2023  |  6 minutes  |  Pierre-Olivier Mercier  • Other languages: fr

In an idealized world, we would all be free to access any service, made available by a community motivated by the common good rather than by the penurious enrichment of a few. However, we don’t live in that world. Today, everything is monetized: the smallest product or service only exists if it brings in enough money, without regard for the common good. The apparent gratuity of digital services is often accompanied by a more discreet but lucrative counterpart: the exploitation of our personal data. [Read More]
privacy  hosting 

Give IPv6 connectivity to its Docker containers using an IPv6 block from its ISP

 Posted on May 4, 2023  |  4 minutes  |  Pierre-Olivier Mercier  • Other languages: fr

It may seem surprising that a modern service like Docker does not offer IPv6 in containers by default, especially when in a network with IPv6. In fact, for the same reason we saw in the introductory article, since the containers are in a virtual network, they cannot be reached by the box/router distributing the IPv6 subnet. The same phenomenon can be observed with IPv4: each container has an IPv4 in a subnet separate from the one in which our host machine is located. [Read More]
network  ipv6  docker 

Use the additional IPv6 blocks of the Free and Orange network

 Posted on April 5, 2023  |  4 minutes  |  Pierre-Olivier Mercier  • Other languages: fr

With Free and Orange, when IPv6 is not disabled, the Freebox (and some Livebox) provide a /64 IPv6 range to the connected equipment. But it turns out that it is a /60 range that is available and usable by each subscriber. This represents a total of 8 addressable /64 networks. Let’s see what it can be used for and how to use it. IPv6 reminders Contrary to IPv4, with IPv6 one avoids making NAT, i. [Read More]
network  ipv6  freebox 

Multi-Hosts TLS Certificate

 Posted on February 9, 2022  |  4 minutes  |  Pierre-Olivier Mercier

It is sometimes convenient to have a domain distributed over two or more machines. This technique, as old as DNS, is interesting to spread the load between multiple hosts, or to provide a bit of high availability. Indeed, if a host becomes inaccessible, at least half of the requests will continue to be successful.

However, since TLS connections have become the norm, and certificates should be renewed automatically, it could be hard to control the validation and the distribution.

I will present you a technique which, with the help of a finely configured web server, allows to get a different certificate on each machine, but usable for the same subdomain.

[Read More]
certificates  web 

RTL8153B support for 4.9 kernel

 Posted on March 17, 2019  |  1 minutes  |  Pierre-Olivier Mercier

If you buy a recent USB to Ethernet adapter, embedding a Realtek chip, you possibly face, like me, the following error, when connecting it:

r8152 4-1.1:1.0 (unnamed net_device) (uninitialized): Unknown version 0x6010
r8152 4-1.1:1.0 (unnamed net_device) (uninitialized): Unknown Device
[Read More]
kernel 

Support for the user namespace in grsecurity kernel

 Posted on October 31, 2018  |  1 minutes  |  Pierre-Olivier Mercier

Grsecurity has completely disabled, on purpose, the user namespace code for the kernel.

As the goal of this namespace is to gain (virtualy) root privilegies inside a namespace (in theory, it shouldn’t give more priviledgies than the one you initialy have outside of your namespace), there are some interesting use cases, or, in my case I need to perform some demo in front of my students.

[Read More]
kernel 

Slow memhog for testing cgroups

 Posted on October 4, 2016  |  3 minutes  |  Pierre-Olivier Mercier

Testing the cgroup memory is not something as easy as we can think. It can’t be only question of malloc(100000) in a loop, as the Linux kernel overcommit memory allocation: so even if we get effectively a 100000 bytes long memory space, this doesn’t decrease the physical available memory. To do so, this space need to be changed pages by pages, that can be tedious to do. And quite uncertain, because the kernel can take advantage of the swap partition… [Read More]
teaching 

Use Gitolite Access Control In Gitweb

 Posted on September 24, 2015  |  1 minutes  |  Pierre-Olivier Mercier

Are you using gitolite and gitweb? Two nice and lightweight projects, but perhaps you are tired to manage access control in gitweb?

Here is some simple tricks to use gitolite access list directly into gitweb, automatically.

[Read More]
git