Container Vulnerabilities

A lot of today’s services that run on servers do so in containers, either in small setups that use Docker, for example, or in Kubernetes clusters for larger deployments. By design, containers encapsulate an application, so threads in a container can’t modify anything on the host computer that is not specifically attached to the container. Also, threads running in containers can’t see what’s going on outside or what is going on in other containers. So how can programs break out of containers? The answer: If they are able to gain root rights.

Continue reading Container Vulnerabilities

LTE TDD-TDD Carrier Aggregation – Band 40

I’m traveling (again) in Europe these days and in most countries, the frequency bands used for LTE carrier aggregation are pretty much the same: Band 20, 1, 3, 7. I’ve come across a few band 28 (700 MHz) deployments, like for example in Paris, France, and even LTE TDD band 38 in the 2.6 GHz duplex gap, which is used in Sweden and in the Netherlands. I’ve never seen anyone using band 40 in Europe, however, i.e. spectrum in the 2.3 GHz range. Until recently…

Continue reading LTE TDD-TDD Carrier Aggregation – Band 40

Wayland, Remote Desktop Sharing and Ubuntu 22.04 – Revisited

Early in April 2022, I couldn’t hold my curiosity anymore and had a closer look at Ubuntu 22.04’s remote desktop implementation. Instead of X11, Wayland is now the default compositor, so my X11 VNC screen sharing solution I use for remote work and remote support no longer works. At the time, only a beta version of 22.04 with broken screen-sharing was available, so I resorted to Ubuntu 21.10, hoping that the remote screen sharing solution would be the same as in 22.04. But as it turned out, this was not the case! While 21.10 used Wayland in combination with the VNC protocol, Ubuntu 22.04 now uses the RDP protocol, with VNC as a legacy backup that can be activated if required. That’s good news, as I was not happy at all with the Wayland/VNC combination in 21.10. So how does Wayland/RDP fare, particularly over slow WAN links?

Continue reading Wayland, Remote Desktop Sharing and Ubuntu 22.04 – Revisited

100 Watt USB Power Monitoring

A couple of months ago, I discovered a USB Power Delivery (PD) cable that came with a little LCD display, so one could actually see the amount of power delivered over the cable. In the meantime, I’ve bought a couple of them because this is very useful. But they only show the power, no voltage and no overall power consumption over time. Also, I can’t measure power delivered by older power supplies with a USB-A connector or over USB PD cables that are permanently attached to a power supply. But I recently discovered a USB-C to USB-C USB PD tester with a small display that can do all of this: The JC-TC66C for around 35 euros.

Continue reading 100 Watt USB Power Monitoring

LTE 5-Carrier Aggregation

I just had a look in my archive when I first started to see carrier aggregation in LTE networks. It turned out that, from my point of view, first networks and devices started to support the aggregation of 2 carriers with a maximum bandwidth of 2x 20 MHz in 2014. A few years later in 2016, high end devices began to support the aggregation of up to 3 carriers. Since then, network operators have have continued to increase the amount of spectrum they use in dense urban deployments, and mobile device hardware has further improved as well. Hence, I recently had another look at the state of the art.

Continue reading LTE 5-Carrier Aggregation

Using the Smartphone Charger for the Notebook

Back in November 2021, I wrote a post on how current Power Delivery (PD) capable notebook chargers with a USB-C connector can be used to charge pretty much all other devices that are charged over USB. This is because USB PD is backwards compatible and also delivers power to devices that use USB power for charging. A couple of days ago I noticed that the reverse is also possible: Small and very lightweight USB PD capable chargers delivered with high end smartphones these days can also charge my notebook!

Continue reading Using the Smartphone Charger for the Notebook

Bare Metal Cloud – Part 5 – Performance Comparison to Virtual Machines

One of the advertised advantages of renting bare metal servers in the cloud compared to using virtual machines on dedicated or shared hardware is their better performance. That sounds right but how much faster is an entry level bare metal server in a data center with a few CPU cores compared to virtual machines running on servers with high CPU core counts?

Continue reading Bare Metal Cloud – Part 5 – Performance Comparison to Virtual Machines

Bare Metal Cloud – Part 4 – Getting a Serial Console When the Network is Broken

When you are working with virtual machines in the cloud, I’m sure you’ve come across a situation in which you thought you had a great idea to reconfigure the network stack and ended up with the VM not being reachable anymore. As a last resort, one can always turn to the virtual machine manager and open a virtual display and log-in. When it comes to KVMs Virtual Machine Manager GUI, however, the display functionality is quite rudimentary, one can’t even copy/paste text to and from it. Especially when making larger changes on a config file, that’s quite a showstopper. But there’s another way: A virtual serial console!

Continue reading Bare Metal Cloud – Part 4 – Getting a Serial Console When the Network is Broken

Bare Metal Cloud – Part 3 – Several Public IPs – Macvtap vs. Bridging

In the previous post on the topic, I’ve had a look at how several virtual machines on my bare metal cloud server in a data center can share a single public IPv4 address. Public IPv4 addresses are expensive these days, so in many cases, sharing an IPv4 address and using non-standard ports for web servers and other things is hence quite acceptable. This is also how I run my main cloud server behind a DSL line with a single public IPv4 address. Nevertheless, for some applications, the use of standard TCP ports is a must.

As I have a lot of spare capacity on my cloud server, I’m thinking about migrating a number of services such as my BBB server, my Jitsi server, and several containerized web applications in virtual machines to VMs on the bare metal server. For these, I’d prefer to have individual public IPv4 addresses and no NAT in front of them. Turns out, this much easier to set-up than most configuration guides suggest.

Continue reading Bare Metal Cloud – Part 3 – Several Public IPs – Macvtap vs. Bridging

Bare Metal Cloud – Part 2 – KVM and NAT Port Forwarding

Building on the previous post on this topic, I will have a closer look today how to use my new and shiny bare metal server in the data center for some virtual machine fun. As the server acts as a warm standby fallback for my cloud server at home, I’ve decided to use a setup that is as close as possible to main setup. Giving Proxmox a go would certainly have been interesting, but it’s only a single server and I would have strayed too far away from my already existing setup. So I decided to go for KVM/Qemu, as it is straight forward to set-up. Also, I could just use copies of my already existing virtual machines by modifying their configurations slightly, as they will obviously run in a different IP subnet. And this is where it starts to become interesting.

Continue reading Bare Metal Cloud – Part 2 – KVM and NAT Port Forwarding