All Posts

RDS Auora serverless scale to zero CDK

Aurora lets you scale to zero capacity per this AWS blog post.

Read more ...


Nixos Blutooth cant enable after disable

On my a Lenovo Z13 Gen1 with Nixos / KDE Plasma 6.0.5 after the laptop goes into power saving mode the bluetooth adapter enters some kind of degraded state where it does not work properly, for example random disconnects or intermittent lag on bluetooth mouse or the device disappears all together.

Read more ...


Native K8s Sidecar Containers with gluetun

I tried to use the new Kubernetes native Sidecar Containers introduced since v1.29. The initContainers and pod were stuck in PodInitializing state and the other containers were not starting up.

Read more ...


External-DNS Policy flag

The behavior of the external-dns --policy flag is not documented in the external-dns docs. After looking at the code and experimentation the flags work like this:

Read more ...


Cert-manager can’t find route53 secret

It seems I did something to delete the original cert-manager Route53 secret, renewals and new certs failed with this error:

Read more ...


Airpod reconnecting on Nixos

On my Apple Airpods Pro connected to Nixos vie bluetooth with KDE plasma, I get constant disconnect and reconnecting tones in the headset. The logs show this and the device number keeps incrementing after every reconnect:

Read more ...


10GB Thunderbolt Other World Computing OWC Arch Linux

The device does not show up in arch linux until the thunderbolt security mode in BIOS is set to “Legacy” It is based on the AQC107 chip and drivers are provided.

Read more ...


Opensearch failed to obtain node locks error

My cluster would not start up after killing the containers using the force, which means elasticsearch / opensearch did not get a chance to cleanly shutdown and remove the lock files. The error looks like this:

Read more ...


Comso Synaptic Theory

I sometimes think of humanity and myself as creatures floating in space, trying to understand our physical cage with science, math and physics. Then I begin to compare our struggle to unravel the mystery of the universe to an ant who has been asked to prove the earth is round, struggling to perceive the true nature of its own physical cage (does the ant even need be asked, perhaps they are thinking about this all the time).

Read more ...


Make Search Great Again!

Internet search is basically useless now, I heard it described as “no longer a search engine, but an add serving platform”. The search results have deteriorated to the point where it is even worse than an add platform it is now just a market place.

Read more ...


Chilli Crab Recipe 🌶️🦀

It is more complicated to eat chilli crab than to cook it. This is an easy recipe. Prepare the chilli paste earlier (take about 30 mins). When you are ready to eat, it only takes 10 minutes to cook.

Read more ...


Philips HF3520

My HF3520 had a mainboard failure and my attempts to repair it also failed. I have salvaged some of the components. Trying to save the environment by keeping them out of landfill in the hope someone else needs the parts

Read more ...


Lenovo Z13 Gen 1 Review

Last Updated: Feb 2, 2024

Read more ...


Dell WD19TB screen flashing with M1 Mac

New 2022 M1 Macbook external display flickers when plugged into the Dell WD19TB docking station.

Read more ...


Download page including assets loaded at runtime

curl and wget can be used to archive a site but even with the most exotic command line switches they will omit dynamically loaded assets pulled via javascript during run time. curl and wget will not follow them and the site will not work for later offline viewing. To download all the assets including dynamically loaded data we can generate a HAR file from the developer tools view in chrome.

Read more ...


Arch Linux on X1 Carbon 6th Gen

This is a bunch of random notes on installing Arch Linux on a ThinkPad X1 Carbon 6th Gen.

Read more ...


Arch Linux Tips

This is a bunch of random tips on Arch Linux.

Read more ...


Pagerduty Cloudwatch integration

It is possible to send your own custom payload to the Pagerduty Cloudwatch integration from a Lambda (instead of via a Cloudwatch alarm). Pagerduty does not document the internals but if you publish a custom message to the SNS topic that you have a HTTPS subscription to Pager duty following these simple rules you will see the event in Pagerduty.

Read more ...


Send payload to AWS Lambda from Cloudwatch scheduled event

How to send payload to AWS Lambda from Cloudwatch scheduled event.

Read more ...


The Foolproof Scones

These scones take max 30 mins to prep and cook and are very simple and enjoyable.

Read more ...


M5 Paper e-ink Calculator

I added an M5 Paper to my collection of dev boards and decided to make a basic calculator to teach my son to count. Since he is only a few months old he mostly uses it as an expensive teething device.

Read more ...


Python 3.10 tips

Handy tips and notes about Python 30.8 10, 11 and beyond.

Read more ...


Demystifying AWS IAM Policies: Unraveling De Morgan’s Laws and S3 Buckets Policy

Before we get into it we need to review how Condition evaluation works:

Read more ...


Trust on Cloud AWS S3 Threat Model

Trust on Cloud have open sourced their AWS S3 threat model, this release is a great tool to make sense of the “shared responsibility model” and what “responsibility” means for AWS customers.

Read more ...


Monitoring VPN / Direct Connect Connectivity

In an on premise network it is typical to do some type of topology discovery via the MIB-II SNMP tables of all your network gear and then use ICMP to ping each of the discovered routers or switches respective management interfaces to validate connectivity and contribute to intelligence when parts of the network go dark and speed up root cause analysis.

Read more ...


TLS/SSL Certificate Authority (CA) Trust store verification

The CA trust store is how a TLS client establish trust with the servers offered certificates. Curl uses openssl and Python uses its own store (like Java). The store on my system is located here:

Read more ...


Running Amazon Linux 2 on prem on VMware

There is no default ec2-user or root password set for the Amazon Linux 2 ova. You must use cloud-init via it’s nocloud datasource

Read more ...


Error: The maximum number of rules per security group has been reached

How to deal with the error: “The maximum number of rules per security group has been reached.”

Read more ...


AWS API Gateway notes

How to make a private REST API using AWS API Gateway that is only accessible from inside a VPC.

Read more ...


Stringer Self Hosted RSS Reader

My setup is using the docker compose file and a local build of the docker image (since docker hub image is years old). Here is a dark theme (solarized) for the CSS. Just paste this over your stringer/app/assets/stylesheets/application.css file. I did not spend much time on it but it looks good enough for my taste.

Read more ...


The Perfect Neapolitan Pizza

In Italy a society; Associazione Verace Pizza Napoletana makes the rules when it comes to every aspect of the Naples pizza and they describe the rules of a Naples pizza in extreme technical detail here this is a great read if you are a pizza nerd and it details the exact procedure to cook a perfect Napoletana pizza.

Read more ...


Peri Peri Chicken

Chicken Thigh (With or without skin / bone - to taste)

Read more ...


AWS Sagegemaker Jupyter Notebook

I wanted to upgrade the version of pandas that comes with AWS Sagemaker Notebook to > 1.1 because this simplify handling of group by with null or NaN values.

Read more ...


The Best Garlic Chilli Prawns 🌶🍤

These are mediterranean style garlic chilli prawns, normally I double the garlic and chilli for this recipe and the oil is so good to dip with warm fresh crusty bread.

Read more ...


OSS logstash with AWS Opendistro for Elasticsearch

To get logstash talking to the Open Distro Elasticsearch the first thing that should be understood is that open distro only works with the OSS (Apache 2.0 Licensed) edition of the Elastic tools and not the Elastic licensed edition (Xpack).

Read more ...


Intercept HTTP/HTTPS TLS traffic

Use open source project mitmproxy and have visibility into what iOS apps (or anything else) are sending back to their mother ship.

Read more ...


Moved blog to alabaster with Sphinx

Mostly notes to self on how to deploy and architecture / setup. Inspired by https://github.com/vincentbernat/vincent.bernat.ch

Read more ...


SES Email client for S3

You can conveniently browse the SES mail in S3 using this tool

Read more ...


Logstash ingestion of AWS billing customer usage reports

To get the CUR reports into elastic search:

Read more ...


Kubernetes tips

The problem is solved by removing the leading slash after the podname colon separator:

Read more ...


Enterprise tips for AWS Workspaces and AWS Managed AD

::: note ::: title Note :::

Read more ...


IAM resource based policy implicit allow

Resource policy are typically used to allow cross account access for resources where it is supported some of which include:

Read more ...


AWS Boto KeyError endpoint_resolver in session.py when using multithreading

When using multithreading in Python with AWS boto to get a session I was randomly hitting this error:

Read more ...


Route 53 Associate multiple private hosted zones with same name

Can I associate multiple private hosted zones with the same domain name to the same VPC?

Read more ...


CloudTrail and VPC Endpoints Logging

Today I learnt that AWS CloudTrail does not log requests that are denied by VPC endpoint policy. The reason for this is that it would allow an attacker to exfiltrate data via CloudTrail.

Read more ...


Expose WSL2 To LAN

I need to connect to my WSL2 container from other machines on the network over SSH: My container is assigned 172.24.208.2 and I will map 5022 to 22 on the host.

Read more ...


Docker Tips

Random useful docker stuff

Read more ...


Cloudwatch Loginsights handy queries

Find all requests matching URL

Read more ...


Cloudformation: Provided Load Balancers may not be valid. Please ensure they exist and try again

Spent too much time troubleshooting the following error but I happy to find the solution for this error:

Read more ...


Gitlab

Random notes on Gitlab

Read more ...


Empty the clipboard as keystrokes with AutoHotKey (Windows)

This is an AutoHotKey script for pasting the clipboard contents by simulating hardware keystrokes. It also fixes stuck keys such as control and shift keys after the shortcut runs which are useful when pasting into a KVM, VMware console, RDP or Citrix session where latency is high or clipboard support doesn’t exist.

Read more ...


postfix/smtp[5600]: fatal: valid hostname or network address required in server description

Getting the error:

Read more ...


TQFP-48 Breakout AKA NO. SA248 XELTEK Pinout

I am working on a project with the STM32F103C8 and I not using a dev board but rather a breakout board called SMT Test Socket TQFP-48 Breakout AKA NO. SA248 XELTEK

Read more ...


Tomu Send Keyboard on capacitive sense touch

Tomu is a USB chip with capacitive sense buttons that fits inside a USB port and has a ARM EFM32HG309 MCU and a few LEDs inside.

Read more ...


Python quick dirty ping scan subnet

This script will automatically ping scan the subnet your host is connected to. To do this it does the following:

Read more ...


Random git tips

Remove bad commit via interactive rebase:

Read more ...


Tourists went off road, stranded overnight in Kruger park encounter Leopards

Here is a true story about our safari trip in South Africa and our harrowing encounter with leopards and hyenas, as we narrowly escaped death in the long grass.

Read more ...


Proxyify application that does not support proxy

I have a legacy application that needs to connect over a proxy such as squid or HAProxy to a service on the internet. In other words I want to use netcat (nc) or something similar to proxy traffic through a proxy using the proxy protocol (or CONNECT method).

Read more ...


Bash Tips

The ultimate guide is here

Read more ...


Error when checking or applying host profile compliance “coredump partition”

The following error message occurs when you either

Read more ...


EMC VNX CLARiiON hacking MLUCLI

I stumbled upon on an Ebay bargain I could not resist, thankfully my old boss and good friend Wilhelm kindly allowed me to purchase a VNX 7600 with all the drives, and run the monster in a closet in our office! W.W also let me spend some time exploring the internals of the VNX. The original owner shuffled all the drives around including the sacred first 5 drives that contain the FLARE OS rendering it useless.

Read more ...


LiPo Charging Hack

When trying to charge a LiPo that had been drained to 0 voltage I was getting an error:

Read more ...


Make an 8 bit adder out of relays

I want to build a relay based 8 bit adder for fun, kind of like a puzzle or playing chess to exercise a different way of thinking. Also the clacking of the relay is quite soothing.

Read more ...


How to check MTU with ping on ESX (or any OS)

Just keep decreasing the packet size with -s flag on the ping command:

Read more ...


2147943712 Task Scheduler

When trying to get the Task Scheduler to run regardless of if a user is logged on or not.

Read more ...


Make any Windows window transparent

Everything displayed in the Windows user session is ultimately controlled by the Windows GDI Any everything displayed in a users session must run as that user (without modifying kernel or display drivers). Python provides a convenient API to control GDI.

Read more ...


Failover Cluster add disk fails on Windows

When trying to add a new cluster disk in a Failover Cluster the following error comes up in the report.

Read more ...


Big O Notation Cheat Sheet

Big O Notation

Read more ...