blue42

Debugging a Go Deadlock With Delve

Tue, 22 Apr 2025 19:48:30 -0400

I often develop personal tooling for work so I don’t have to do repetitive tasks manually. It’s best to create shared tooling, but sometimes shared tooling grows out of personal tooling. I have a toolbox repository with code that automates various troubleshooting and workaround tasks that fits into my personal workflow. This particular tool probably wouldn’t be used by anyone else, and because of that I haven’t taken the time to figure out why the applications hangs after running for long periods. Until now…

Running Ollama models on a Radeon RX 5500

Thu, 23 Jan 2025 14:21:52 -0500

I had an old Radeon RX 5500 sitting around and wanted to see if I could get ollama to use it. It is not officially supported, but there is a way to get it working.

Setup

This was setup on a clean install of Fedora 41. I’m using Open WebUI to access the models, but will not go into detail on how that is setup nor how to install Fedora. Instead, I’ll explain how I got ollama using an officially unsupported Radeon RX 5500. This GPU only has 4Gi of RAM, but works pretty well with smaller models like deepseek-r1 1b. Also, I’d like to point out that this setup does not is not containerized. I’ve added the versions of all software involved below in the details section.

About Me

Tue, 14 Jan 2025 17:40:53 -0500

My name is Luke. I’ve been working professionally with tech since 2001, and working as a Site Reliability Engineer for the past four years. Currently supporting a complex SaaS platform that runs in several regions on a few fairly large Kubernetes clusters.

I have a few side projects I’ve been working. Hopefully will finish one or two in the near future.

Tech I’m currently working with:

go
python
kubernetes
terraform
linux
aws

Current non-tech stuff I’m doing:

Linux Desktop Entry and Icons

Sat, 14 Dec 2024 18:26:13 -0500

I’m not picky about terminals in general. I mostly want them to stay out of my way and be able to switch between light and dark themes with the system. I’d been using the standard Gnome Console, but started becoming annoyed with not being able to copy to my local clipboard from Neovim and Tmux on remote systems. Gnome Console does not support the OSC-52 escape sequence that can be used for remote copy from terminal applications that support it like Neovim and Tmux. Becasue of that, I switched to wezterm which works great for remote copy.

Terraform: Optional Nested Dynamic Blocks

Fri, 19 Jan 2024 13:21:40 -0500

Overview

Recently, I was creating a terraform module that creates an S3 bucket. An S3 bucket can only have one aws_s3_bucket_policy, and the module needed to include a default policy to force TLS v1.2. I also needed to be able to pass additional policy statements to the module which may or may not include a condition. Unfortunately, there is not an obvious way to include the condition only when it is part of the policy.

Raspberry Pi Image Mount

Thu, 28 Dec 2023 09:41:30 -0500

Overview

Wanted to write this up because it’s not something I do regularly, and I always have to lookup how to find the start of the root partition. I specially only do this for my Raspberry Pi’s, but this should work with any image that is configured similarly.

The goal is to download an OS image, in this case Debian, and mount the image locally to add a public SSH key.

Vault CLI Authentication using OIDC

Mon, 27 Nov 2023 12:58:36 -0500

The vault-client-go SDK has some great examples, but doesn’t explicitly show how to perform OIDC authentication. This may have limited use cases, but it is something I needed to do and wanted to write about it and hopefully save someone else some time figure out how to make this work.

Prerequisites

The first thing we need is a Vault server with the JWT/OIDC auth method configured. During testing I used the google oidc-provider.

Load Balancing Algorithms

Thu, 24 Aug 2023 10:16:09 -0400

I recently read an article that was linked on hacker news about the power of two load balancing algorithm. This isn’t a new or complicated concept, but I’d never explored it and wanted to experiment with it a bit for fun.

This is a very over simplified example, but it’s pretty cool nonetheless. I will be using balls and requests interchangeably in this post.

Overview

Suppose you have 1 million ping-pong balls and 100 buckets. We want to distribute the ping-pong balls as evenly as possible. There are a couple simple approaches we could take. None of the approaches below take into account server load or currently open connections. These are all static or “dumb” load balancing algorithms.

EKS Addon Configuration via Terraform

Thu, 17 Aug 2023 11:47:05 -0400

EKS Addon Configuration via Terraform

This is a quick overview of how to pass custom configuration values to EKS managed addons using Terraform.

Configuration Schema

Before you begin find the addon version you need and describe the available configuration options:

❯ aws eks describe-addon-versions --addon-name coredns --kubernetes-version 1.27 | jq -r '.addons[].addonVersions[] | select(.compatibilities[].defaultVersion == true) | .addonVersion'
v1.10.1-eksbuild.1

❯ aws eks describe-addon-configuration --addon-name coredns --addon-version v1.10.1-eksbuild.1 | jq -r .configurationSchema | jq
{
 "$ref": "#/definitions/Coredns",
 "$schema": "http://json-schema.org/draft-06/schema#",
 "definitions": {
 "Coredns": {
 "additionalProperties": false,
 "properties": {
 "affinity": {
 "default": {
 "affinity": {
 "nodeAffinity": {
 "requiredDuringSchedulingIgnoredDuringExecution": {
 "nodeSelectorTerms": [
 {
 "matchExpressions": [
 {
 "key": "kubernetes.io/os",
 "operator": "In",
 "values": [
 "linux"
 ]
 },
 {
 "key": "kubernetes.io/arch",
 "operator": "In",
 "values": [
 "amd64",
 "arm64"
 ]
 }
 ]
 }
 ]
 }
 },
 "podAntiAffinity": {
 "preferredDuringSchedulingIgnoredDuringExecution": [
 {
 "podAffinityTerm": {
 "labelSelector": {
 "matchExpressions": [
 {
 "key": "k8s-app",
 "operator": "In",
 "values": [
 "kube-dns"
 ]
 }
 ]
 },
 "topologyKey": "kubernetes.io/hostname"
 },
 "weight": 100
 }
 ]
 }
 }
 },
 "description": "Affinity of the coredns pods",
 "type": [
 "object",
 "null"
 ]
 },
 "computeType": {
 "type": "string"
 },
 "corefile": {
 "description": "Entire corefile contents to use with installation",
 "type": "string"
 },
 "nodeSelector": {
 "additionalProperties": {
 "type": "string"
 },
 "type": "object"
 },
 "replicaCount": {
 "type": "integer"
 },
 "resources": {
 "$ref": "#/definitions/Resources"
 },
 "tolerations": {
 "default": [
 {
 "key": "CriticalAddonsOnly",
 "operator": "Exists"
 },
 {
 "key": "node-role.kubernetes.io/master",
 "operator": "NoSchedule"
 }
 ],
 "description": "Tolerations of the coredns pod",
 "items": {
 "type": "object"
 },
 "type": "array"
 }
 },
 "title": "Coredns",
 "type": "object"
 },
 "Limits": {
 "additionalProperties": false,
 "properties": {
 "cpu": {
 "type": "string"
 },
 "memory": {
 "type": "string"
 }
 },
 "title": "Limits",
 "type": "object"
 },
 "Resources": {
 "additionalProperties": false,
 "properties": {
 "limits": {
 "$ref": "#/definitions/Limits"
 },
 "requests": {
 "$ref": "#/definitions/Limits"
 }
 },
 "title": "Resources",
 "type": "object"
 }
 }
}

Terraform Configuration

The configuration_values must be in json format. The easiest way to do this is to use the jsonencode() function included with terraform.

Decrypting Laravel Encrypted Data

Mon, 24 Jul 2023 09:43:50 -0400

I recently came across a base64 encoded json string that contained data that was encrypted by php’s Laravel framework. The json contained three keys, iv, value, and mac. I hadn’t seen this before and wanted to learn more about what the data represented and how to decrypt it without using the Laravel framework.

Based on the documentation I read, this functionality uses openssl and I worked backward from there.

This post is an overview of what I learned.

Kubernetes Shell Exec All Containers

Thu, 27 Jan 2022 11:35:34 -0500

Kubernetes Shell Exec All Containers

fish script to loop through all pods

This is not great, but a start. Does not take into account pods with multiple containers, and probably other failure cases.

for n in (k get ns -o json | jq -r .items[].metadata.name)
 for p in (k get pods -n $n -o json | jq -r .items[].metadata.name)
 echo -n "$p: "; k exec $p -n $n -- ls /usr/bin/pkexec 2> /dev/null
 echo " "
 end
end

Using traefik for ingress on a kind cluster

Fri, 17 Dec 2021 17:27:23 -0500

I wasn’t able to find much information online on how to install and use traefik in a kind cluster so decided to write a short post about how I got it working.

Basically, it requires using setting the traefik service to NodePort and the mapping the ports to the control-plane container. To force the traefik pod to run on the control-plane container [node] you have to add a node selector and toleration to the helm values file.

Rust Password Hashing with Argon2id and the Sodiumoxide Crate

Wed, 20 May 2020 07:50:17 -0400

Summary

DISCLAIMER #1: I am not a cryptography expert. I’m not even good at rust. Please be diligent when handling other people’s private information. There is a lot more detail and authoritative information in the references section at the end of this post.

DISCLAIMER #2: If you have the option using of an external authentication provider that is probably better than building your own.

Crypto can be confusing, and there are very few examples of how to use the sodiumoxide crate. I needed to store some password hashes, and originally I was planning to use the ring crate and pbkdf2, but was encouraged to use sodiumoxide on the unofficial rust Discord channel.

Getting Started With The STM32 Nucleo-F302R8 and Rust

Thu, 14 May 2020 14:30:42 -0400

Rust Programming & ST Nucleo-F302R8

STM32 Nucleo-F302R8 development board with STM32F302R8 MCU

Introduction

I’m new to rust and new to embedded programming. I wanted to document my experience getting started. This started when I bought an Arduino kit to do some projects with my family while we’re stuck inside avoiding the pandemic.

If you notice any incorrect information or ways to improve what I’ve done here I would greatly appreciate the feedback!

Direct Link to VM in the vCenter HTML5 interface.

Wed, 20 Nov 2019 08:41:20 -0500

Why

I find it useful when I generate automated reports to have a link directly to the virtual machine(s) in the report. The example below is written in C#, but the link format is the same regardless of way it is generated.

Link Structure Info

Link contains:

VM MoRef (value only)
vCenter UUID

HTML Format

https://vcenter.megacorp.com/ui/#?extensionId=vsphere.core.vm.summary&objectId=urn:vmomi:VirtualMachine:vm-143:a198f2b8-3427-40f4-a4e1-93f6ee5c6999&navigator=vsphere.core.viTree.vmsAndTemplatesView

C# Example

Regex serverFromURL = new Regex(@"(?'server'^https://\S+\.\S+\.\S+)/sdk");
Match server = serverFromURL.Match(vimClient.ServiceUrl);
String.Format("<a href=\"{0}/ui/#?extensionId=vsphere.core.vm.summary&objectId=urn:vmomi:VirtualMachine:{1}:{2}&navigator=vsphere.core.viTree.vmsAndTemplatesView\">{3}</a>", server.Groups["server"],virtualMachine.MoRef.Value, vimClient.ServiceContent.About.InstanceUuid, virtualMachine.Named);

Reference

https://www.virtuallyghetto.com/2011/10/how-to-generate-vm-remote-console-url.html

Dotnet core and data protection encryption

Wed, 20 Nov 2019 08:34:36 -0500

Data Protection and Dependency Injection

Dependency injection is the process of passing an object to another object that depends on the first object. In most examples using data protection you’ll find that they use dependency injection. I am using dotnet core to automate virtual machine deployments and was looking for a safe way to store credentials. PowerShell provides the Import-CliXml/Export-CliXml cmdlets that can be used for this purpose, and here is how I recreated that functionality for use in my c# programs.

List AD group members when the group contains foreign security principals

Wed, 20 Nov 2019 08:26:39 -0500

List AD Group Members

Getting an active directory group’s member list is as simple as Get-ADGroupMember if the group only has members from the current domain. However, if you need to get group members for a group that has foreign security principals (users from another domain) things get a bit more complicated. Even more so when some of those objects have been orphaned.

If you’re lucky you’ll end up with a user list that contains SID’s from another domain mixed with users from the local domain. At other times, you may get an unspecified error.

How to do an offline install of remote server administration tools (RSAT) on Windows Server and Windows 10

Wed, 20 Nov 2019 07:56:53 -0500

Install features on demand offline on Windows Server and Windows 10

This also works with the Insider Preview version.

Download FoD ISO (I use my.visualstudio.com. I used the most recent version.
Install using dism.

To perform the installation from the FOD ISO you must first mount the ISO. Then use the /source: option to the dism command. Note, the /source: option must be after the /add-capability option.

If ISO is mounted on F: the commands below would install the DNS and Active Directory RSAT tools.

Powercli Script to Unmount and Detach Datastores

Tue, 14 May 2019 11:47:47 -0400

Overview

A storage migration is eventually going to get to a phase where the old datastores need to be unmounted and detached from hosts. I found a script showing how to do this via PowerCLI, but I wanted to expand on it to better serve my use case.

What I came up with is below and also on my github.

When running the script you must specify the vCenter name and the folder containing the datastores that will be unmounted. A regular expression is used to specify the names of the datastores you want to unmount. For example, “Datastore\d\d” would unmount datastores named DATASTORE01 and DATASTORE99, but not DMZ_STORAGE01 (the PowerShell -match operator is not case sensitive). Also, the script will only work on datastores that have been put into maintenance mode.

Automatically Load Custom PowerShell Functions

Tue, 23 Apr 2019 14:17:06 -0400

What are PowerShell Functions

PowerShell functions are similar to scripts, but can be loaded into a PowerShell profile or manually when needed. Once loaded, the function can be run by merely typing the name. This differs from a ps1 script where you must specify the file path when executing.

More detailed information about PowerShell functions can be found on Microsoft’s site.

Loading Functions From Files

Let’s say we have a really useful function that we’d like to save and load again in the future. We can save that function into a ps1 file and load it into our current scope by dot sourcing the file.

Outlook 2016's Funky Portrait Orientation

Thu, 28 Mar 2019 00:42:01 -0400

Windows 10 Snap Window Feature

I use MS Outlook and Windows 10 at work. I also use Linux and a tiling window manager at home. I long for the day that Windows can manage windows in that way. It’s getting better though.

I make use of the windows-key snap window feature in Windows 10 all day everyday (that I’m at work). It’s as close to a tiling window manager as MS Windows has ever been.

TP Link TL-WN725N USB WiFi Configuration in Linux

Mon, 25 Mar 2019 00:42:01 -0400

Overview

I like using an old fashioned desktop machine at home. It’s always on and acts as a hub machine, or “server”, if you will. Unfortunately, my current home isn’t cabled with Ethernet, and I’ve recently rearranged furniture and needed a wireless card. We had a TP-Link TL-WN725N laying around and decided to use that.

I’m using Arch Linux and do all configuration from the command line. I found some conflicting information online about setting these devices up so I wanted to post my config in case it helps someone else.

Changing NTFS Security Permissions using PowerShell

Sun, 17 Mar 2019 00:42:01 -0400

Overview

Changing NTFS permissions with PowerShell saves a lot of time when you need to make changes to a large group of files or when it is required as part of a larger automation project. This article should help you understand everything you need to know to manipulate security permissions with PowerShell.

When changing ownership of files or folders you must run PowerShell as an Administrator. Everything here will work in Windows PowerShell 5, but not PowerShell 6 as of this writing – specifically, the SetAccessControl() method does not exist in PowerShell 6.

Troubleshoot Active Directory Account Lockouts

Mon, 26 Nov 2018 00:42:01 -0400

Account Locked?

A good domain security policy is to expire passwords every 30-180 days. Another good security practice is to lockout an account after 3-5 failed logon attempts. This keeps an attacker from quickly trying to “brute force” a user’s password.

This can also create a scenario where a cached credential causes a user account to be repeatedly locked after a password change. In this article I will explore simple steps to troubleshoot and fix this problem.

4 Things You Should Know About Jumbo Frames

Thu, 13 Sep 2018 00:42:01 -0400

1. What are jumbo frames?

Some network devices allow the standard size of an Ethernet packet to be changed. By default each network packet can carry 1500 bytes of data (also referred to as the packet’s payload). Any payload larger than 1500 bytes sent over the network will be split into more than one packet. If we enable jumbo frames we reduce the number of packets sent over the network when sending large amounts of data.

Extending a VirtualBox Virtual Disk

Tue, 12 Dec 2017 00:42:01 -0400

VirtualBox

VirtualBox is an open source virtualization product that allows you to run VMs on your desktop for free. It works extremely well and allows you to run almost every modern operating system.

Unfortunately, it isn’t quite as polished as other products such as VMware Workstation. To make a virtual disk larger we need to power off our VM and go to the command line.

Prerequisites

We will need VBoxManage to extend our disk. This program is installed when you install VirtualBox.

5 Steps to Extend a Linux LVM Volume

Thu, 07 Dec 2017 00:42:01 -0400

Overview

Virtualization makes it easy to add more disk capacity to a virtual machine. Extending a virtual disk in VMware will grant the VM access to more storage, but we still have to make that storage usable to the operating system.

This post will explain the steps required to make this additional storage usable within a Linux virtual machine. These steps work with both CentOS7 and Ubuntu 16 and 17, and is done completely from the command line.

The Best CMD Shell, PowerShell, and SSH Client for Windows

Sat, 25 Mar 2017 00:42:01 -0400

We Deserve Better

When you work with Linux servers, routers, switches, virtualization hosts, and SANs you’ll find yourself using SSH often. When you also work with Windows Servers, Exchange, Active Directory, etc you’ll find yourself in PowerShell often. More often than not I find myself on a Windows machine working on all of the above, but if you’ve spent much time using a Linux desktop terminal you’ll understand why the Windows command shell is… frustrating.

HowTo: Self Hosted WordPress on Ubuntu 16.04LTS

Fri, 17 Mar 2017 00:42:01 -0400

Self-Hosted WordPress on Ubuntu 16.04LTS

There are a lot of good reasons to use a hosting provider for your website or blog. A hosting provider will give you a platform to host your site without the responsibility of maintaining a server or needing to know the low level configuration details of the server software and WordPress.

But, if you’re a little bit technical, want to learn to be a little bit technical, or just want to get your site off the ground for free, self hosting on a VPS (virtual private server) is a great option. Both Google Cloud Platform (GCP) and Amazon Web Services (AWS) offer free servers for at least a year. Google recently added an Always Free option for a small VPS.

The Linux TOP Command

Mon, 30 Jan 2017 00:42:01 -0400

LINUX TOP

The Linux TOP command provides valuable monitoring and troubleshooting information. However, there is a lot of information in a very condensed format and it can be tricky to sort through what is important and what isn’t.

This post was written using Ubuntu 16.04.2 LTS and TOP 3.3.10.

THE TOP OF TOP

1. top - 18:45:48 up 14 days, 2:31, 1 user, load average: 0.00, 0.00, 0.00
2. Tasks: 127 total, 1 running, 126 sleeping, 0 stopped, 0 zombie
3. %Cpu0 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0
4. KiB Mem : 1014372 total, 490596 free, 50532 used, 473244 buff/cache
5. KiB Swap: 0 total, 0 free, 0 used. 907684 avail Mem [

The first few lines of output from TOP give you a system overview. It shows up time, users, load average, CPU and memory statistics.

QuickPost: What version of Ubuntu am I running?

Sat, 21 Jan 2017 00:42:01 -0400

USING `lsb_release` TO DISPLAY THE RUNNING UBUNTU VERSION

This is a QuickPost™ (not really trademarked), and I’ll get to the point. To find out what version of Ubuntu a system is running use the command lsb_release. This isn’t something you’ll need everyday, but when you do it’s good to know.

There several options when running lsb_release, but the two you’re most likely to find useful are lsb_release -a - show everything, and lsb_release -r - show only the release.

DNS: How it Works

Wed, 11 Jan 2017 00:42:01 -0400

WHAT IS DNS

A Domain Name Service (DNS) is a critical service that everyone uses every time they surf the web. Before we get into the technical details let’s talk about telephone numbers.

PHONE BOOK ANALOGY

DNS is similar to a phone book. In the long, long ago when you needed to call someone and didn’t already know their number you had to look them up by name in a telephone book, see their phone number, and then make the call. If you needed to make a call to someone long distance then you had to call information and hope you could them enough information to find the person or business’ number you needed. Instead of carrying a phone book around all the time or calling information people used to have address books, black books, scraps of paper, or a number written in ink on their hand to keep frequently used numbers with them for easy access. As long as we have our local copy of the number we could stop at the next payphone we passed and call anyone we know without taking the time to look the number up in the city wide phone book.

NGINX, ALPN and HTTP/2 on CentOS7

Wed, 14 Dec 2016 11:22:01 -0400

HTTP/2 ON CENTOS7 WITH NGINX

You’ve probably heard about the fancy new lightning fast HTTP/2 protocol, right? Fortunately, the latest versions of NGINX support HTTP/2. Unfortunately, most distributions are still stuck on OpenSSL < 1.0.2.

Versions of OpenSSL below 1.0.2 don’t support the new Application-Layer Protocol Negotition standard (ALPN) which means browsers must use Next Protocol Negotiation (NPN) to upgrade the connection to HTTP/2.

BUT WHAT DOES THIS MEAN? WHY DOES IT MATTER?

This matters because Google Chrome will fall back to HTTP/1.1 if ALPN is not supported. Since most Linux distributions don’t officially support a version of OpenSSL that implements ALPN that means something must be done to if we want to implement HTTP/2 properly.

Install certbot on Amazon Linux

Tue, 13 Dec 2016 14:03:47 +0000

INSTALL CERTBOT

(official instructions at certbot.eff.org)

There is no packaged version of certbot for Amazon Linux so we have to download and set it up manually. Running it the first time will install all dependencies and should then work to create and renew certificates. Unfortunately, the first run on Amazon Linux gives us and error instead of a working certbot. :(

SSL for Websites

Fri, 18 Nov 2016 07:44:01 -0400

WHAT IS SSL?

SSL is short for Secure Sockets Layer and provides a means to communicate securely from one device to another. The website server is identified by a certificate and uses a public and private key to create a secure connection between the client and server.

blue42

Debugging a Go Deadlock With Delve

Running Ollama models on a Radeon RX 5500

Setup

About Me

Linux Desktop Entry and Icons

Terraform: Optional Nested Dynamic Blocks

Overview

Raspberry Pi Image Mount

Overview

Vault CLI Authentication using OIDC

Prerequisites

Load Balancing Algorithms

Overview

EKS Addon Configuration via Terraform

EKS Addon Configuration via Terraform

Configuration Schema

Terraform Configuration

Decrypting Laravel Encrypted Data

Kubernetes Shell Exec All Containers

Kubernetes Shell Exec All Containers

fish script to loop through all pods

Using traefik for ingress on a kind cluster

Rust Password Hashing with Argon2id and the Sodiumoxide Crate

Summary

Getting Started With The STM32 Nucleo-F302R8 and Rust

Rust Programming & ST Nucleo-F302R8

STM32 Nucleo-F302R8 development board with STM32F302R8 MCU

Introduction

Direct Link to VM in the vCenter HTML5 interface.

Why

Link Structure Info

HTML Format

C# Example

Reference

Dotnet core and data protection encryption

Data Protection and Dependency Injection

List AD group members when the group contains foreign security principals

List AD Group Members

How to do an offline install of remote server administration tools (RSAT) on Windows Server and Windows 10

Install features on demand offline on Windows Server and Windows 10

Powercli Script to Unmount and Detach Datastores

Overview

Automatically Load Custom PowerShell Functions

What are PowerShell Functions

Loading Functions From Files

Outlook 2016's Funky Portrait Orientation

Windows 10 Snap Window Feature

TP Link TL-WN725N USB WiFi Configuration in Linux

Overview

Changing NTFS Security Permissions using PowerShell

Overview

Troubleshoot Active Directory Account Lockouts

Account Locked?

4 Things You Should Know About Jumbo Frames

1. What are jumbo frames?

Extending a VirtualBox Virtual Disk

VirtualBox

Prerequisites

5 Steps to Extend a Linux LVM Volume

Overview

The Best CMD Shell, PowerShell, and SSH Client for Windows

We Deserve Better

HowTo: Self Hosted WordPress on Ubuntu 16.04LTS

Self-Hosted WordPress on Ubuntu 16.04LTS

The Linux TOP Command

LINUX TOP

THE TOP OF TOP

QuickPost: What version of Ubuntu am I running?

USING lsb_release TO DISPLAY THE RUNNING UBUNTU VERSION

DNS: How it Works

WHAT IS DNS

PHONE BOOK ANALOGY

NGINX, ALPN and HTTP/2 on CentOS7

HTTP/2 ON CENTOS7 WITH NGINX

BUT WHAT DOES THIS MEAN? WHY DOES IT MATTER?

Install certbot on Amazon Linux

INSTALL CERTBOT

(official instructions at certbot.eff.org)

SSL for Websites

USING `lsb_release` TO DISPLAY THE RUNNING UBUNTU VERSION