After being recommended like a 100 times to give Readwise a try, Ernst Jan Pfauth finally convinced me during his talk about thought dividends. And of course it was great: It is a well designed product with a rich featureset and it really supercharged my note making experience. But there was just something aching about incorporating a (quite costly) subscription product into the note making workflow that I want to keep indefinitely for the rest of my life. Currently at at 15€ a mon...

Grafana is capable of showing multiple panels at the same time with different datasources. In the previous blog we setup a logging pipeline for PFSense alerts. In this blog we will combine these logpanels with classic timeseries metrics, show them all in the same dashboard and discover how we can conveniently navigate through time with synchronised logs and metrics. ## PFSense and telegraf PFSense has a nice telegraf package that can be configured to push its core metrics, such as cpu and network activity to an influx...

Now that we have set up our virtualised cyber security lab in proxmox, we should get some visual insights into the the intrusion detection system. We are going to leverage PFSense's alert logging, put these logs into Loki and then create dashboarding panels in Grafana. The components in short: - Alert Log source (produced in PFSense as rsyslog logs) - A log transformer (Vector) - A log aggregation system (Loki) - A dashboard (Grafana) To extract the alert logs from PFSense, we will configure P...

For log aggregation and log visualisation, I worked with the ELK stack before. I didn't implement this in all of my projects because it is quite a heavy setup. Especially elasticsearch is quite a resource intensive java process. For most of the applications I've worked on it was a lot easier to just use a SaaS solution like papertrail. Recently, I got wind of Loki, which is a completely new product from Grafana. It offers a lightweight log storage setup with go-based codebase that scales out each of its components sepa...

One of my objectives for the freshly setup Proxmox machine was to experiment with a (virtual) security lab. In the lab, I want to safely experiment with exploits and the detonation of malware on various machines, so I will need to have full control over the traffic that going into and out of the machines. Furthermore, I want to be able to see if anything happening within the lab will trigger an intrusion detection system. Any suspicious behavior should be observable in a dashboard that aggregates these reports and has fun...

After setting up a Proxmox machine for virtualisation I wanted to ensure a quick and frictionless recovery if a hardware failure occurs. Whilst Proxmox has excellent support for failover and high availability I'm opting for a slightly less heavy approach but still be able to quickly recover a VM and its data. Proxmox has a comprehensive backup system built in that creates a snapshot of the virtual machine including the ...

After adding a virtualised intel node to imy ARM k8s cluster I quickly found that I wanted some more control over what pods would be deployed on which nodes. This is where the `nodeselector` keyword comes in play. With `nodeselector` we can specify what labels we want to be present at the node before it gets chosen to perform the specified workload. We can view the labels our nodes currently have with `kubectl get nodes --show-labels`: ``` ... VERSION LABELS ... v1.28.6+k3s2...

One of the things I missed after abandoning Readwise for Wallabag was the serendipitous resurfacing of old highlights, that would often trigger new thoughts. To include some extra serendipity into my daily notemaking, I made a slight modification to the snippet provided by dhniceday to show use the dataview plugin to show a couple of random notes from y...

In the aftermath of adding an i386 node to my kubernetes cluster, it was about time to dig into the creation of multi-architecture docker images. When you visit docker hub and look at a popular image, you often see a list of difference images, each with a different OS/ARCH label: ! This is achieved using docker manifest lists. A manifest lst has a tag, similar to a docker tag but actually refers to a list of images, p...

Remember when I talked about an affordable backup strategy using S3 Glacier? The time has come to followup this blog and tell you about undeletion. Enabling versioning on an s3 bucket is a great way to make sure you don't lose data. If you overwrite an object, the old version of the object can also be retrieved. But what if you (accidentally) deleted a file? When you delete a file in a versioned bucke...