Signing e-mails and PDFs with Belgian EID on Linux

With the current Covid-19 lockdown, more and more transactions are getting handled remote. In Belgium we have the possibility to legally sign documents with a certificate stored on our eID (smartcard). However... when I started looking for information on how to do that on Linux, I could only find partial info. Mainly on how to use LibreOffice to sign a document, but not on how to use your Belgian eID there. Or information on how to sign a PDF with eID on Windows or Mac with Adobe reader, but not on Linux.

Tips voor thuiswerken

Nu de Corona maatregelen strenger en strenger worden, wordt thuiswerk stilaan de norm voor de gemiddelde kantoor werker. Voor veel mensen is dit nieuw en een beetje zoeken. Er is ook totaal geen thuiswerk cultuur in Belgie en dat is een beetje jammer in een land met zoveel files.

De voorbij jaren heb ik drie jaar thuis gewerkt (en sinds begin dit jaar terug op kantoor bij de klant). Voor mij was dit een zeer positieve en productieve ervaring. Hierbij wat tips uit mijn ervaring...

Icinga2 Ansible collection

I've been using Icinga2 at various customers and on our own infrastructure since it was released. I never released the roles on Ansible Galaxy, since I didn't consider the individual roles as a useful product and it would require quite some effort to show how they're supposed to work. One of the disadvantages of that, is that after a few years I had at least three different versions. One version for Debian only, one that also supported CentOS and also one for enterprise customers with a Satellite server.

Dell performance profiles and Linux

A few weeks ago we discovered that the performance of our Windows 2012 guest on KVM hypervisors was very bad and it was caused by the "Performance per Watt (DAPC)" profile in the BIOS of our Dell m620 servers. After that, I got curious and started to test with other systems: Linux guests and bare metal. According to the Dell BIOS Performance and Power Tuning documentation, the difference between the performance per watt (dapc) and performance per watt (os) profile should be only a few percent:

Ovirt/RHEV Windows 2012 guests performance problems

If you run Windows 2012 guests on RHEV or Ovirt (or probably any KVM based hypervisor) and notice performance is lower than expected, take a look at the power management in the BIOS of your servers. After lot's of test benchmarks with mixed results with Windows 2012 guests on RHEV with Dell m620 blades, we finally discovered our performance problems were caused by the system profile "Performance Per Watt (DAPC-System)" in the BIOS. Changing this profile to "Performance Per Watt (OS)" almost doubled the performance for some CPU intensive tasks in our case. Power usage of a (mostly idle) dual socket blade increases with 30-50 Watts when you change this. Used servers in production are using already more power and I guess the difference will be less there.

I3 WM Gnome style screenshots

I found lot's of examples to take screenshots in I3, but most of them require additional scripts or will always overwrite the same temp file. So I've been testing a bit to make it easier. Put this in your .i3/config to take Gnome style screenshots in a png in ~/Pictures. Mod+x selects a rectangle on the screen or mod+y takes the entire screen contents.

bindsym --release $mod+x exec --no-startup-id import ~/Pictures/screenshot-`/bin/date +%Y%m%d-%H:%M:%S`.png
bindsym --release $mod+y exec --no-startup-id import -window root ~/Pictures/screenshot-`/bin/date +%Y%m%d-%H:%M:%S`.png

Telenet ipv6 pfSense configuratie

Na jaren gepruts met commerciele wifi routers die om de 2-3 jaar kapot gaan, heb ik eindelijk maar eens geinvesteerd in een Soekris bordje voor een veel krachtigere pfSense in de kelder. Bijkomend interessant punt van pfSense is dat IPv6 goed ondersteund is.

Wat je moet aan zetten om dit met Telenet te laten werken is niet op het eerste zicht duidelijk, dus even een overzichtje voor wie het in één zoekopdracht wil terug vinden. :)

Op nieuw geinstalleerde PFsense setups staat de optie "Allow IPv6" standaard aan. Als je een setup hebt die al een tijdje bestaat moet je dit nog aan zetten onder System: Advanced: Networking.

Apc include_once_override breaks Wordpress 3

If you're using Wordpress 3 on a server with APC and PHP 5.3, you might run into this error:

PHP Fatal error:  Call to undefined function wp_dashboard_setup() in <DocumentRoot>/wp-admin/index.php

To resolve this: disable  apc.include_once_override in your APC settings:

apc.include_once_override = 0

The same setting also breaks Drupal 7 on my servers with PHP 5.3, so it might be a good idea to completely disable it everwhere for now. :)