Aggreagted RSS feed from all blog posts from uw.cz
This is a very short blog post. Here is the procedure howto manually mount macOS shared folders into Ubuntu Linux running as VM in VMware Fusion ...
sudo vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other
Smokeping is an open-source network latency monitoring tool created by Tobias Oetiker (the same author as MRTG). It measures, records, and graphically displays network latency, packet loss, and jitter over time.
Smokeping sends repeated pings (ICMP, TCP, HTTP, or other probe types) to a set of targets and stores the results in RRD (Round Robin Database) files. It then generates time-series graphs showing:
Median latency (how long packets take to return)Packet loss (percentage of lost probes)Jitter (variation in response times) In this blog post we will install simple implementation of Smokeping to test quality of internet line.
On my FreeBSD routers I wan to run iperf as an always running service (daemon). The reason is to have possibility to test network throughput anytime I need it. Here is the rc script to do so.
I'm running Mailcow mail stack for my own domain. I wrote a blog post about Mailcow install here. I have to say that it is pretty nice mailstack for my personal use. It has a significant hardware requirements (2x CPU, 4 GB RAM, 100 GB HDD) but it works pretty well and the most important is that simplicity of operations because I do not want to spend hours with mail server administration.
I recently realized, my Mailcow stack is outdated and there are available updates. I decided to make my first Mailcow update and it was pretty straightforward. Here is the procedure.
DBeaver is a free, open-source database management tool for personal projects. Manage and explore SQL databases like MySQL, MariaDB, PostgreSQL, SQLite, Apache Family, and more.
I have Ubuntu running in Virtual Machine in macOS with Apple M4 Silicon, therefore I have ARM-based Ubuntu (aarch64).
In this blog post I will show DBeaver installation install and basic usage.
I have Ubuntu OS running within VM in VMware Fusion (macOS) so expanding disk from 50 GB to 55 GB is pretty easy. Let's demonstrate the expansion process.
Question: Why does a shut down Dell server consume 50W? Short Answer: Because some hardware components still consume power when the server is not disconnected from power. Longer Story with details I have Dell PowerEdge R620 with iDRAC7 in my home lab and here is the home power consumption in two scenarios
shutdown server still connected to power (531 Watts)server fully disconnected from the power (475 Watts)
Scenario 1: shutdown server still connected to power
Scenario 2: server fully disconnected from the power
The difference between above two scenarios is ~ 50W. Why?
Let's dive deeper.
Creating an iSCSI target on FreeBSD, particularly with ZFS, is typically done by exporting a ZFS Volume (ZVOL), which is a block-level device, not a ZFS filesystem/dataset. iSCSI targets present themselves as raw block devices to the initiator (client), which is the intended use for a ZVOL.
Here is a step-by-step guide to create an iSCSI target on FreeBSD 14.3 using a ZFS Volume and the CAM Target Layer (CTL) daemon, ctld.
One of my customers would like to backup FortiGate configuration as part of DRBC (Disaster Recovery and Business Continuity) Solution.
FortiGate supports REST API so it is great solution to periodically get configuration, store it into some file directory and leverage Veeam Backup and Replication solution to backup FortiGate configurations in with company standard protection process.
In this blog post I document all customer's specific design factors and also the solution prototype how to fulfill these factors and backup FortiGate configuration into file directory.
I personally prefer *nix way over Windows, therefore, I will leverage Linux Docker and PowerShell to get information from FortiGate security appliance and put it into file directory. Docker solution could be leveraged on Windows operating systems as well.
If you are interested in details, read on.
Design documentation is not literature; it is a technical tool. The goal is clarity, precision, and usability. Here are 11 rules to guide you when writing a design document.
Here is Greg Ferro’s approach to designing network design documentation. The “world” of networks is too big and varied to have only one document
to cover more than one or two projects, but here are some rules to write
a detailed Design document.
tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal. Tmux is available on Linux and BSD systems.
Let's dive into TMUX usage ...
In this blog post, I will install and configure FreeBSD/Bhyve to set up a FreeBSD virtualization host. I use FreeBSD 14.3. The installation of FreeBSD and the preparation of networking and storage are not covered here, as they are already in place and described in my other blog posts.
Let’s explore the installation and configuration of Bhyve, a process that is simple and straightforward.
What is Neutrino?A neutrino is a fundamental particle in physics, part of the lepton family. Here’s what makes it special:
Electrically neutral – it has no charge.Extremely small mass – much lighter than an electron, but not exactly zero.Hardly interacts with matter – trillions pass through your body every second without leaving a trace.
What is ZeroEcho?
ZeroEcho is an open-source cryptography toolkit for Java. It builds on trusted providers such as Bouncy Castle (especially for post-quantum algorithms) and organizes them into a coherent, safe, and scriptable framework.
It is designed for developers, researchers, and practitioners who want to build cryptographic workflows that are:
Secure today with classical algorithms, andResilient tomorrow with post-quantum standards.
Get Started
📂 Repository: https://gitea.egothor.org/Egothor/ZeroEcho
📖 Documentation: https://www.egothor.org/javadoc/zeroecho/lib/
Source: https://www.linkedin.com/pulse/zeroecho-open-source-future-ready-cryptography-java-leo-galambos-pgu2e/
We usually talk about energy in terms of power plants and
fuels, but our bodies are tiny power stations too. A typical human
produces roughly 80 watts continuously, about the power of a small
light bulb. Scaling that by population gives an interesting historical
perspective.
Let's do some calculations and visualizations ...
HAProxy (short for High Availability Proxy) is an open-source software that acts as a load balancer and proxy server for TCP and HTTP-based applications. It is widely used in both small and large-scale production environments to improve performance, reliability, and scalability of web and application services.
Any L7 load balancer (reverse http proxy) nowadays is used for SSL/TLS termination and very often with combination with ACME (Automatic Certificate Management Environment).
How ACME works? Below is the simplified process ...
Account SetupYour ACME client (like Certbot, acme.sh, or HAProxy’s built-in ACME support) registers with the CA.Domain ValidationThe CA challenges the client to prove it controls the domain (HTTP-01, DNS-01, or TLS-ALPN-01 challenge).Example:For HTTP-01, the client places a special token on your web server, and the CA checks it.For DNS-01, the client places a special token on your DNS server, and the CA checks it. acme.sh creates a TXT record value that must be placed under_acme-challenge.uw.czCertificate IssuanceOnce validated, the CA issues an SSL/TLS certificate automatically.RenewalThe client renews certificates before they expire, often without human involvement.I use DNS-01 CA challenge, therefore integration with DNS provider is necessary. I use Active24.cz DNS provider.
For my personal load-balancer I use VM with 2 vCPUs, 2 GB RAM, 10 GB vSSD, 1x vNIC, Linux OS - Debian 13.0
If you are interested how to install and configure above solution, keep reading.
sshuttle: where transparent proxy meets VPN meets ssh
https://sshuttle.readthedocs.io/en/stable/overview.html
Running out of disk space is one of the leading causes of IT outages. In this blog post, I will show you how to expand storage on FreeBSD with ZFS. ZFS works as volume manager and filesystem.Current State I have VMware based Virtual Machine with FreeBSD Operating System. Virtual Machine has 10 GB vDisk as clearly visible in geom report ...
root@iredmail:~/iRedMail-1.7.4 # geom disk list
Mailcow is a self-hosted mail server suite (Postfix, Dovecot, Rspamd, SOGo, etc.) packaged with Docker, so installation is pretty simple and mostly about preparing your server, running Docker Compose and set your DNS records correctly.
For my personal mail server I use VM with 2 vCPUs, 8 GB RAM, 100 GB vSSD, 1x vNIC, Linux OS - Debian 13.0
If you are interested how to install and configure it, keep reading.
GPON stands for Gigabit Passive Optical Network.
It’s a type of fiber-optic broadband technology used by internet service providers (ISPs) to deliver high-speed internet, TV, and phone services to homes and businesses.
In this blog post, we will focus on ZFS from a manageability perspective. We will cover following topics
ZFS Storage Status MonitoringPhysical Disk MonitoringZFS Capacity MonitoringZFS Performance MonitoringPeriodic and E-mail notifications
In my homelab I have Dell PowerEdge R620 Server with FreeBSD 14.3 and ZFS 2.2.7. I want to use this server for BHyVe server virtualization and run Virtual Machines on top of BHyVe hypervisor.
In virtualized environment, the typical average I/O size differs based on workload running in virtual machines. Different applications generate distinct I/O patterns.
Databases and transactional systems: These often produce a large number of small, random I/O requests (e.g., 4KB, 8KB, or 16KB). This is because they frequently read and write small chunks of data to update records, log transactions, and access indexes.Virtual Desktop Infrastructure (VDI): VDI workloads are notoriously random and write-heavy, with an average I/O size often falling in the 24KB to 32KB range.File servers and data backups: These workloads typically generate large, sequential I/O requests (e.g., 64KB, 128KB, 256KB, or larger) as they read or write large files in a continuous stream. When I look at a typical enterprise cloud datacenter, where the types of workloads are not under your control, I usually observe the average I/O size between 40 KB/s and 64 KB/s. That's the reason why I typically test 32 KB I/O size, however, if you know the specific type of workload you are interested, you should test application specific I/O size.
I recently conducted a quick analysis of a VMware vSphere–based virtual datacenter for a customer, and here’s what I found.The average monthly electricity consumption of a single vCPU with ~3 GB vRAM is 1.4 kWh, which translates to approximately $0.4 The datacenter of my customer is located in Central Europe, and they pay 0.33 USD for 1 kWh of electricity in a Tier 3 datacenter
Foundation – eIDAS Signature Levels
Under EU law (eIDAS 910/2014), electronic signatures can be:
SES – Simple Electronic Signature (basic: typed name, click-to-sign, tickbox).
AdES – Advanced Electronic Signature (cryptographically bound to the signer, integrity-protected).
QES – Qualified Electronic Signature (requires a qualified certificate + secure signing device; legally equivalent to handwritten signature in the EU).
👉 Signi supports SES, AdES, and in certain cases QES (e.g. with BankID or qualified certificates).
LACP stands for Link Aggregation Control Protocol. It’s
a network protocol used to combine multiple physical network links into
a single logical link to increase bandwidth and provide redundancy.
It’s part of the IEEE 802.3ad standard (now 802.1AX).
Here’s a breakdown of what it does and why it’s useful:
Increases BandwidthBy
bundling multiple links (like two or more Ethernet cables) between
switches or between a switch and a server, the total throughput can be
higher than a single link.Provides Redundancy If one physical link fails, traffic is automatically rerouted over the remaining links, so the connection stays up.Dynamic ConfigurationLACP
allows devices to automatically detect and configure link aggregation
groups, making it easier to manage than static link aggregation.Load BalancingTraffic
can be distributed across the aggregated links based on rules like
source/destination IP, MAC addresses, or TCP/UDP ports. Let's configure and test it in my homelab.
LLDP stands for Link Layer Discovery Protocol. It’s a vendor-neutral Layer 2 protocol (defined in IEEE 802.1AB) that allows network devices (switches, routers, servers, firewalls, access points, phones, etc.) to advertise information about themselves to directly connected devices and to learn information about their neighbors.
In this short blog post we will install, enable and test LLDP on FreeBSD.
H310/H710/H710P/H810 Mini & Full Size IT CrossflashingOriginal Source: https://fohdeesha.com/docs/perc.html
This guide allows you to crossflash 12th gen Dell Mini Mono &
full size cards to LSI IT firmware. Mini Mono refers to the small models
that fit in the dedicated "storage slot" on Dell servers. Because iDRAC
checks the PCI vendor values of cards in this slot before allowing the
server to boot, the generic full-size PERC crossflashing guides do not
apply. This guide however solves that issue. Technical explanation for those curious. The following cards are supported:
H310 Mini MonoH310 Full SizeH710 Mini MonoH710P Mini MonoH710 Full SizeH710P Full SizeH810 Full Size
Hardware
Klon Arduino NANO CH340Membránová klávesnice pro Arduino 3 x 4 maticeRozšiřující sada nepájivé pole a vodiče E-Shop: https://dratek.cz/
Training videos:
Arduino Basicshttps://www.youtube.com/watch?v=6OR7STWnIaEhttps://www.youtube.com/watch?v=fJWR7dBuc18 Arduino + keyboard: https://www.youtube.com/watch?v=afl15UdQiaw
I’m running Ubuntu 25.04 Desktop on ARM64 CPU and I want to run certain software in Docker containers. One of them is Microsoft PowerShell, as various vendors (such as VMware, Veeam, and others) provide PowerShell modules and cmdlets for managing their technologies.
Installation procedure how to enable Docker# Install Docker
sudo apt install docker.io
# Install Docker Compose
sudo apt install docker-compose
# Add user to docker group to allow particular user to use docker
sudo usermod -aG docker dpaseknewgrp docker # Start and enable docker service
sudo systemctl start docker sudo systemctl enable dockerInstallation procedure how to enable PowerShell# Get the PowerShell image
docker pull mcr.microsoft.com/powershell:mariner-2.0-arm64
# Create directory for keep PoweShell scripts stored on docker host
mkdir /home/dpasek/scripts
# Run PowerShell in interactive mode
docker run -it -v /home/dpasek/scripts:/root/scripts mcr.microsoft.com/powershell:mariner-2.0-arm64
Create PowerShell wrappercd /home/dpasek echo "docker run -it -v /home/dpasek/scripts:/scripts mcr.microsoft.com/powershell:mariner-2.0-arm64" > pwsh.sh Run PowerShell wrapper cd./pwsh.sh
Various PCIe versions bandwidth ...
PCIe Bandwidth
Password expiration for both the VCSA root account and the vSphere administrator (typically administrator@vsphere.local) is a common issue, especially if the default 90-day expiration settings are overlooked. It recently happened to me in one lab environment. Fortunately, both passwords can be recovered. This blog post outlines the recovery methods that worked in my case.Resetting the VCSA Root
I was observing unexpected behavior in my vSAN ESA cluster. I have a 6-node vSAN ESA cluster and a VM with a Storage Policy configured for RAID-5 (Erasure Coding). Based on the cluster size, I would expect a 4+1 stripe configuration. However, the system is using 2+1 striping, which typically applies to clusters with only 3 to 5 nodes.RAID-5 (2+1) striping is using 133% of the raw storageRAID-5 (4
vSAN ESA is VMware’s software-defined storage solution. Each virtual hard disk (vDisk) is represented as an object within the vSAN datastore. The properties of these vSAN objects are governed by vSAN VM Storage Policies, which define data placement and protection rules. While these policies may emulate traditional RAID (Redundant Array of Independent Disks), vSAN actually implements RAIN (
The ESX build (version number) information is available in the Summary tab of the vSphere Client,
but in larger environments it is worth to use some kind of automation.
PowerShell/PowerCLI is well know scripting tool for VMware vSphere.Below is PowerCLI one-liner to easily query all vCenters where you are connected ...Get-VMhost | Select-Object Name,Version,Build If you want connect to
Here is the process how to get Device ID and Local Key for Tuya device.
Create a Tuya Developer AccountGo to https://iot.tuya.com and register for a developer account. Create a Cloud ProjectLink Tuya App AccountIn
your cloud project, navigate to the "Devices" tab and select "Link Tuya
App Account." You'll typically scan a QR code with your Immax NEO PRO
app (or Tuya Smart/Smart Life app) to authorize the link.Get Device IDOnce linked, your devices from the app should appear under the "Devices" tab in your cloud project. Note down the "Device ID" for each Tuya device you want to control. Create API SubscriptionGo to "Cloud" > "Cloud Services"Subscribe to IoT Core ServicesStill within the "Cloud Services" section, after subscribing, click on "My Service"For each of the services you just subscribed to, click "View Details"Go to the "Authorized Projects" tab Ensure
your specific cloud project is listed and authorized here. If not, you
may need to click "Add Authorization" and select your project.Get Local KeyGo to "Cloud" -> "API Explorer."Under
"Smart Home Device Control" (or similar), look for an option like
"Query Device Details in Bulk" or "Get Device Specification Attribute."Device Management > Query Device Details Input your Device ID and submit the request.The "Local Key" should be in the JSON response.
While testing Wi-Fi quality and network throughput on FreeBSD 14.3 drivers, I realized that before running any benchmarks, it’s important to document my home LAN topology and the network capacity across its zones. It’s essential to understand how different network technologies work, including the gap between their theoretical throughput and the actual achievable performance.
For example, a Wi-Fi 5 (802.11ac) connection might advertise speeds up to 1.3 Gbps, but real-world performance is typically much lower due to factors like signal interference, channel width, and protocol overhead. Similarly, a 1 Gbps Ethernet link theoretically provides 1,000 Mbps, but after accounting for TCP/IP overhead and other factors, the actual throughput is closer to 940 Mbps. Another significant factor impacting real-world throughput is the use of Wi-Fi Mesh with wireless backhaul. While mesh systems improve coverage, they often introduce additional latency and bandwidth reduction because each hop between nodes consumes part of the available wireless spectrum for backhaul traffic. This means that, in practice, a device connected to a secondary mesh node (Extender) might experience only half or even less of the primary link’s bandwidth. Knowing these differences helps set realistic expectations and troubleshoot performance issues effectively.
A picture is worth a thousand words, so here is a diagram illustrating both the theoretical and real-world throughput values in my home network setup.
Home LAN zones and Network Throughput
You can find all the details in the remainder of this blog post.
Pro převod souboru z MKV na MP4 pomocí ffmpeg použij následující příkaz:
ffmpeg -i vstup.mkv -codec copy vystup.mp4
Pokud MKV obsahuje kodeky, které nejsou kompatibilní s MP4 (např. některé titulky nebo audio kodeky), můžeš použít překódování:
ffmpeg -i vstup.mkv -c:v libx264 -c:a aac -strict experimental vystup.mp4
Because of sustainability, I would like to use old Laptop/Printer/Scanner devices.
This blog post is focused on Printer and Scanner.
I have a Canon MX350, so the runbooks for installing and using the printer and scanner were tested only with this model.
I'm an architect and designer, not involved in day-to-day operations, but I firmly believe that any system architecture must be thoughtfully designed for efficient operations, otherwise the Ops team will go mad in no time.Over the years, I’ve been learning a lot from the book VMware Operations Management by Iwan E1 Rahabok, which covers everything related to vROps, Aria Operations, and
FreeBSD 14.3 should have significantly improved support of WiFi adapters.
Let's test it in Dell Precision 5530 with Intel Wi-Fi 5 (802.11ac) Wireless-AC 9x6x [Thunder Peak].
[SKIP - NOT USED] Install driver for NVIDIA Graphics Card
pkg install nvidia-driversysrc kld_list+="nvidia nvidia-modeset"sysrc linux_enable="YES" [SKIP - NOT USED] Configure the NVIDIA driver in a configuration file
cat >> /usr/local/etc/X11/xorg.conf.d/20-nvidia.conf << EOF
Section "Device"
Identifier "Card0"
Driver "nvidia" BusID "pci0:0:1:0"
EndSectionEOF
[SKIP - NOT USED] NVIDIA configuration (it creates /etc/X11/xorg.conf)
pkg install nvidia-xconfignvidia-xconfig
Here is the Onliner to list VMs with custom attribute "Last Backup" ...
Get-VM | Select-Object Name, @{N='LastBackup';E={($_.CustomFields | Where-Object {$_.Key -match "Last Backup"}).Value}} | Where-Object {$_.LastBackup -ne $null -and $_.LastBackup -ne ""}
and here is the another one to count the number of such VMs ...
Get-VM | Select-Object Name, @{N='LastBackup';E={($_.CustomFields | Where-Object {$_.Key -match "Last Backup"}).Value}} | Where-Object {$_.LastBackup -ne $null -and $_.LastBackup -ne ""} | Measure-Object | Select-Object Count
How to get all VMs restarted by VMware vSphere HA? PowerCLI OneLiner below will do the magic ...
Get-VIEvent -MaxSamples 100000 -Start (Get-Date).AddDays(-1) -Type Warning | Where {$_.FullFormattedMessage -match "restarted"} | select CreatedTime,FullFormattedMessage | sort CreatedTime -Descending | Format-Table
I have finally found some spare time and I decided to test Veeam Backup & Replication on Linux v13 [Beta] in my home lab. It is BETA, so it is good to test it and be prepared for the final release, even anything can change before the final release is available. There is clear information that update and upgrade into newer versions will not be possible, but I'm really curious how Veeam
I'm using Linux Mint with xsane for scanning documents on my old but still good Canon MX350 printer/scanner. Scans are saved as huge PDF documents (for example 50 MB) and I would like to compress it to consume much less disk space.
Install Ghostscript
apt install ghostscript
Compress the file input.pdf
gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dQUIET -dBATCH -sOutputFile=output_compressed.pdf input.pdf
Let's break down these options
-sDEVICE=pdfwrite: Tells Ghostscript to output a PDF file.-dCompatibilityLevel=1.4: Sets the PDF version. Version 1.4 is quite old but widely compatible and often allows for good compression. You can try 1.5 or 1.6 for slightly more modern features and potentially better compression in some cases.-dPDFSETTINGS=/ebook: This is the main compression control. As mentioned, /ebook usually gives a good balance.-dNOPAUSE -dQUIET -dBATCH: These make Ghostscript run silently and non-interactively.-sOutputFile=output_compressed.pdf: Specifies the name of the compressed output file.input.pdf: original 50 MB PDF.Lossy compression (322x) from 50 MB to 155 KB without any visible degradation is worth to keep cloud (Google drive) costs low.
I have just realized that PureStorage has 150TB DirectFlash Modules. That got me thinking. Flash capacity is increasing year by year. What are performance/capacity ratios?The reason I'm thinking about it is that poor Tech Designer (like me) need some rule-of-thumb numbers for capacity/performance planning and sizing.For example, back in the day, EMC used the rule of thumb
This will be a quick blog post, prompted by another question I
received about VMware virtual NIC link speed. In this blog post I’d like
to demonstrate that the virtual link speed shown in operating systems
is merely a reported value and not an actual limit on throughput.I have two Linux Mint (Debian based) systems mlin01 and mlin02
virtualized in VMware vSphere 8.0.3. Each system has VMXNET3
In VMware vSphere environments, even the most critical business applications are often virtualized. Occasionally, application owners may report high disk latency issues. However, disk I/O latency can be a complex topic because it depends on several factors, such as the size of the I/O operations, whether the I/O is a read or a write and in which ratio, and of course, the performance of the
My preferred editor in unix-like systems is vi or vim. VI is everywhere and VIM is improved for scripting and coding.