Sync time for FreeIPA hosts

Recently, I upgraded the FreeIPA server for my network to the latest version (4.8.10). Some strange things related to authentication started to happen with some services on my network.

For our Web site, netlify gotrue is used to enable users to login using SAML Single Sign-On. This started …

more ...

Dear Taiwanese friends, here is how to gain independence from China

Is it possible for Taiwan to gain independence from China?

The answer is, yes. Here's how.

Before we begin, let's set aside the silly notion that "Taiwan is already independent". Statehood, like marriage, is something more about the formality than substance. You are either an independent country, or you are …

more ...




ZGC garbage collector and Clojure applications

The main product of my startup is written in Clojure, a language that puts enormous pressure on the memory garbage collector due to the pervasive use of immutable data structures. The new Z garbage collector on JVM has been a blessing for us, as it has largely solved our memory …

more ...


LDAP Authentication Module for Nginx on Debian

To control access to various internal Web sites of a company, a simple method is to enable LDAP authentication on the Web server, so that the company directory can be brought to bear and there is no need to create individual accounts for employees on different systems.

Nginx is one …

more ...

How to Add a Preview Link to Self-hosted Netlify CMS

If you are using a self-hosted Netlify CMS as the online editor for your SSG powered Website and you are using the editorial workflow (you have publish_mode: editorial_workflow in your config.yml), a pain point is that you do not see a preview of the live page when the page …

more ...


Migrate this blog from Drupal to a static site generator

This blog has undergone a few migrations over its 15 years life span.

It started out as a Blogger account in 2005. The purpose was to record some system administration details when I was an assistant professor at university, setting up my laboratry for students.

Then Yunyao joined in after …

more ...


Migrate DokuWiki to another server

DokuWiki is one of the most easy-to-use open source Wiki software. It is a very good internal documentation tool for small or medium sized organizations.

Comparing with using Google Docs for the same purpose, one advantage of using a Wiki is that it is more searchable and navigable. In addition …

more ...

Backup Discourse with External PostgreSQL Server

Discourse is a modern forum software that is quite popular in the technology circle. One can install a Discourse server easily with the recommended method of using docker. All the services needed by the Discourse server, e.g. Postgresql and Redis, will be running inside a docker container, which is …

more ...


Configure Jenkins to use FreeIPA LDAP Security Realm

The point of setting up freeIPA for an intranet is to enable single-sign-on (SSO) for all the internal services that requires authentication and authorization. LDAP, originated from my alma mater University of Michigan, is one of the most widely accepted solutions to the problem. freeIPA can serve as a LDAP …

more ...

FreeIPA in AWS EC2

FreeIPA is the open source version of RedHat's identity management solution, which nicely integrates several open sources services that are important for managing an intranet: 389 LDAP Directory Server, MIT Kerboros, NTP, DNS, SSSD and others. 

Most of my servers are virtual machines in AWS EC2. To manage such a …

more ...

Ecobee3 installation with K wire

As part of our house modernization process, we bought an Ecobee3 Wifi enabled smart thermostat. We hope that this small device will help reduce the size of our utility bill.  The product looks very simple, but it comes with three additional sensors that can be placed in different rooms, and …

more ...