Current Work

As a day job I am the chief executive officer of AllWorldIT. As AllWorldIT is primarily a bleeding edge technology development company, this makes me somewhat of a Chief Technology Officer. I am involved in almost all of the bleeding edge developments the company is involved in, many of them being my brainchild.

  • CEO of AllWorldIT UK – Linux Based Systems Design Ltd
  • CTO of AllWorldIT ZA – Linux Based Systems Design SA (Pty) Ltd
  • CEO of AllWorldIT R&D – Conarx, Ltd

I have been a C-Level executive with an extreme passion for hands on grafting and technology development projects since the age of 17. My first C-level position was with an ISP employing 10-20 staff. Since then I have maintained a strong technological understanding of core internet and Linux-related developments and foundations by spending 12-18 hours per day buried in R&D.

Between the ages of 8 and 17 all my spare time was spent studying BASIC, BASICA, GW-BASIC, Pascal, Delphi, C++, Java, Python and Perl.

My primary skills lay in the development of software relating to Linux operating systems, virtualization, networking and billing in the ISP and carrier sectors. In my time as CTO I have also written close to 4,000 internal wiki pages on proper setup and configuration of various software packages, with further automated setup and configuration using Saltstack.

I enjoy selling our products, due to the technical nature of most of them I am on the frontlines of dealings with potential clients and love finding ways to solve the problems they have.

I was the channel founder of ##Linux on freenode, the largest general Linux® IRC channel in the world, since 1999, well that is until freenode seized the channel on 2021-06-13. Freenode is now dead.

After this happened I moved ##linux on freenode to #linux on Libera.Chat and revamped our website to also include our Discord server.

On the 25th of December 2022 I released the @linux.social Mastodon server.

Check out the Linux.Chat community website on where to find us on IRC, Discord and in the Fediverse!

I specialize in new and emerging threat analysis and mitigation, mostly in the area of networking, web and email security.

I have been volunteering for SORBS since around 2003.

I have been volunteering for ZapBL since early 2008 as the lead security analyst. I am currently working on the new backend interface which brings IPv6 support, a deeper level threat analysis and IP owner reporting options. The development work revolves around implementing something like MyNetWatchman was back in the day.

I prefer Debian for servers, ever since dumping our own OS which we maintained for over 10 years in favor of creating a Debian-based alternative, I have never looked back.

I’m a happy Debian maintainer and maintain a couple of packages here.

I was on the DebConf 2015 and 2016 team, mostly interested in infrastructure and networking, although I found myself serving as treasurer for DC16 in Cape Town. I started with a 2m ZAR loss and ended with a +- 500k ZAR surplus.

I use ArchLinux on my desktops, laptops and tablet. I prefer this as it’s a rolling release, always has the latest version of software that I can use to discover new or more optimized ways to solve problems. I am an ArchLinux Contributor and maintain a number of packages, including two public mirrors with 90-day delta support.

Programming Skills

My skills are arranged with a 0-5 star rating. The 6th blue star being deep indepth knowledge on the subject, this may be in the form of training courses written for it, lecturing done on it, disassembly/decompilation/reverse engineering of compiled code, contributions to the project, indepth knowledge of the code-base … etc.

Skill:

Experience: 15+ years

I am well versed with Perl and its compiled OP trees. I can embed Perl in C and C in Perl. Perl is my chosen language for working with text input/out and plain text protocols. I prefer my Perl code to look as close to C as possible. I refrain from using complex hard to read constructs and lay my code out in easy to understand verse.

I’ve done some interesting things including loading compiled Perl code into a running Perl program (back in 2003) and most lately implementing a full JSON API with introspection framework into our Mojolicious enhancements.

Skill:

Experience: 15+ years

I really enjoy C++, my only problem is I’m a perfectionist and with the amount of power C++ gives you I am left forever optimizing code. Unfortunately this means I make little to no progress in the long term. I am very very well versed with C++ code and have submitted patches to OpenOffice to be compatible with more strict C++ code.

Skill:

Experience: 15+ years

I have written complex utilities using C including cputool, bwmtools and bootutils. I am very well versed with the language, including embedding of ASM and the generated elf-formatted binary. C is my choice for low level operations. I am somewhat versed with gcc’s compiling of C. I have also meddled with fakeroot, fakeroot-ng and strace to intercept function calls.

Skill:

Experience: 15+ years

I am very well versed with bash including maintaining patches for it in buildroot. I use bash a lot in day to day one-liners and scripts. It’s a nice scripting language and one can do quite a bit with it.

Skill:

Experience: 15+ years

I would consider myself a LaTex god. I wrote a quotation and letter generation system based in Perl Template::Toolkit using templated LaTex document templates and content blocks. I’ve included an example here.

Skill:

Experience: 15+ years

I’ve been using PHP for over 15 years, it’s a great scripting language and most of my work has been with developing web interfaces and plugins. I have also done work patching PHP and adding additional security features over and above what Suhosin used to (still does?) offer. I have decompiled various types of encoded/encrypted PHP and analysed the backing code for security vulnerabilities.

Skill:

Experience: 15+ years

Python isn’t really my preferred language, but I have been using it on and off for over 15 years for the jobs it excels in. I think Python is a great way to teach youngsters programming as it has strict indentation requirements. Using Django is also a very quick way to bring a web interface to life, development is quick, easy and there are tons of well known packages to choose from. I prefer using Flask for enterprise applications.

Skill:

Experience: 15+ years

Java isn’t my preferred language either. It’s fine if you’re doing mobile app development, or need code that can run on many types of platforms, or maybe if you can benefit from signed code. It’s just not really something I’ve had the need to use day-to-day.

Skill:

Experience: 10+ years

I have used Flex and Bison multiple times in the past to accomplish parsing of various protocols, languages and syntaxes. I find them both quite powerful. Here is an example of some work I did in 2004.

Skill:

Experience: 15+ years

While they’re not all technically languages, I am well versed with:

  • AWK
  • CSS (technical specification)
  • HTML (technical specification)
  • SOAP
  • Regex
  • Javascript
  • JSON
  • XML (technical specification)

Here is my developer profile on OpenHub, my profile on LinuxAssist GitLab and my personal GitLab instance. I am also well versed in CI/CD (continuous integration and delivery), test frameworks and automatic deployment/packaging.

Software Knowledge

My software knowledge is also arranged with a 0-5 star rating. The 6th blue star being deep indepth knowledge, including being versed with its source code.

Skill:

Experience: 7+ years

I am well versed with Qemu & LibVirtd, I am in the process of writing an advanced training course for it. I’ve found an interesting regression. I am experienced in full hardware virtualization, plugging PCI/-e devices into virtual machines and running their native drivers within the virtualized system.

Skill:

Experience: 15+ years

Postfix is my favorite MTA software. It supports the policy delegation protocol which I use for my PolicyD software, it also supports milter which gives a different type of control to email processing.

I have used Postfix for over 15 years and contributed various patches towards it.

Skill:

Experience: 15+ years

Asterisk is my choice of PBX system, in the last 15+ years I’ve gone as far as implement hardware support modules, custom rating engines and LCR systems.

Skill:

Experience: 15+ years

Sendmail is a good light-weight MTA, I prefer Sendmail for small or embedded systems where I don’t need many features and just want something quick and simple to get up. I originally wrote ivsmilter back around 2004 which was based off Sendmail’s Milter interface.

Skill:

Experience: 10+ years

OpenLDAP is a very powerful and customizable LDAP server. I have setup large clusters of OpenLDAP servers with extremely fine grained access control, custom object classes and geographical failover. Currently our global authentication system uses OpenLDAP to store company structure information, users, departments and single signon credentials. We also store certain access information in LDAP where it can be shared between support personal and updated in a single place.

With SSSD things like ssh keys, service access information and sudoers can also be stored in LDAP and shared among servers.

I wrote an ssh client which uses a custom LDAP schema to store server details awit-ssh-client.

Skill:

Experience: 2+ years

Redis is my choice for a cache and message broker. It supports an easy to use pub/sub system with a wide variety of NoSQL datatype storage.

Skill:

Experience: 5+ years

ASSPv2 is probably my favorite anti-spam solution. It is extremely customizable, can be configured for a wide variety of environments and supports plugin customizations and modules. We run ASSPv2 bundled with a few of my own modules on our enterprise mail scrubbing platforms.

AllWorldIT and myself are also listed as sponsors of the project both in assp.pl and the sponsors page in the web interface 😉

Skill:

Experience: 7+ years

Dovecot is my chosen IMAP/POP service, back in 2003 I was playing with an idea with my package idms-dbma and high performance network service design in the email arena, I discovered Dovecot and abandoned my project. Dovecot did everything I needed, it’s well designed, efficient and while it doesn’t solve the problems I wanted to solve at the time in the way I wanted them solved, it did solve them. As I’ve not managed to break Dovecot in interesting ways, it’s also among the few software packages which I’ve not studied the source code of. So no blue star yet.

Skill:

Experience: 15+ years

I wrote the PolicyD integration for Amavisd-new by intercepting the policy bank and making required changes to implement user policies.

Skill:

Experience: 7+ years

I have written a number of Git training courses from intermediate to advanced. Training in Git is available from AllWorldIT.

Skill:

Experience: 4+ years

I’ve used Salt extensively in managing large networks of servers. I’ve also used grains and pillars in combination with states to customize various deployments. Salt is extremely powerful for setting up and maintaining core configuration on servers, even if it’s a few lines of configuration in a file or an entire block that is entirely managed by Salt based in various bits of grain data.

I’ve also contributed to the code base here Default to using more reliable virt detection

Skill:

Experience: 5+ years

I’m project lead for WHMCS COZA EPP Module, the registrar module for registry.net.za integration into WHMCS.

I am also project lead for an enterprise WHMCS billing addon (prepaid, postpaid, current billing) called AWIT WHMCS IPPM.

Other modules I’ve designed can be found here.

Skill:

Experience: 5+ years

OTRS is a Perl based ticket tracking system, it’s open source and licensed under the AGPL. OTRS is one of my two favorite ticket tracking systems alongside RequestTracker. I’ve been developing plugins for OTRS for little over a year and the power it provides to change and enhance functionality is just so addictive.

Modules I’ve designed can be found here.

Skill:

Experience: 3+ years

I like LetsEncrypt, it’s a great idea. I wrote a custom automatic SSL client for Nginx reverse proxies awit-certmaster. This includes a fully ACME compliant client API interfaces and is responsible for managing just under 500 SSL certificates on 7 reverse proxies and 100 virtual machines. My motivation for writing a custom client was the use of other certificate providers, not just LetsEncrypt. For instance Comodo’s 3 month certificates.

Skill:

Experience: 13+ years

Zabbix is my monitoring platform of choice. I’ve written a large number of custom checks (50+), designed integration software for network operations centers to display and scroll through graphs, issues, screens and maps. I’ve also integrated Zabbix notifications into a number of bots used to notify technical teams of outages. I’ve also written software which does various inventory item updates based on external information and databases with various reports being generated including things like systems that need upgrades applied … etc.

Skill:

Experience: 15+ years

I am very well versed with Netfilter/IPTables. I have even written a bandwidth management system in 2004 based on its IPQ mechanism. It’s covered in the BWMO publication below.

One of the most complex Netfilter/IPTables tools I’ve written is ppp-gatekeeper, an independent connection load balancing and failover daemon.

The most complex Ebtables tool I’ve written is awit-libvirtd, a completely libvirtd virtual machine isolation hook.

Skill:

Experience: 10+ years

I’ve used LVM for at least 10+ years, I am well versed with thin provisioning, snapshotting, backing cache devices and the source code behind the scenes just to name a few. This includes device-mapper. I’ve also maintained LVM2 in buildroot. What I would like to see is LVM migration for libvirtd and stable thin provisioning support with backing cache devices!

Skill:

Experience: 15+ years

I’ve been designing Apache-based solutions for over 15 years. Among the solutions I’ve developed are fully compatible (OSX, Linux®, Microsoft) WebDAV multi-tenant systems, dynamic configuration systems using Apache Perl integration and Apache+ModSecurity reverse proxies.

Skill:

Experience: 15+ years

I’ve been using Zebra since around 2002 (if I recall right), it then became Quagga and was later forked to FreeRangeRouting. I have made multiple contributions to the project of an advanced nature, especially in the BGP large-community support area.

Skill:

Experience: 10+ years

I have used MySQL, MariaDB, Percona extensively and setup large multi-master clustered networks with traditional master to slave replication for read-only query offloading.

Skill:

Experience: 10+ years

I added IPv6 support to PostgreSQL. I don’t use it that often due to the clustering features of MySQL-based database servers, but PostgreSQL is a pretty decent DB and has its uses.

Skill:

Experience: 15+ years

I’ve used Nginx extensively, both in web application implementation, WebDAV file stores and reverse proxying.

Skill:

Experience: 15+ years

Vim is the only editor I use. Why not blue star you may ask? I just haven’t dug into its source code yet, it does everything I need it to, it gives me the editing power I need and I haven’t managed to break it.

Skill:

Experience: 5+ years

I am well versed with GitLab source code and I absolutely love it for its simplicity, user interface and ease of use. I am listed in the GitLab security researcher list for my work, see https://about.gitlab.com/vulnerability-acknowledgements/. Ruby is not my most favorite programming language, but as you can see for me it’s trivial.

Skill:

Experience: 10+ years

I have engineered many SAN systems which utilize iSCSI Enterprise Target to export disk volumes. This is my chosen daemon used in my systems designs and is also covered in my Advanced Virtualization courses.

Skill:

Experience: 5+ years

I have developed multiple plugins using Blesta for various providers.

Skill:

Experience: 8+ years

RequestTracker is a Perl based ticket tracker system. I have been working with RequestTracker for more than 8 years, I have also developed various plugins for it for clients. I find it a well written ticket tracking system, excellent for very large installations and more than capable of handling thousands of tickets per day. It’s one of two ticket tracking systems I’d recommend to clients, alongside OTRS.

Skill:

Experience: 3+ years

Exim is not my favorite MTA, and it’s failed me at least once, Exim, Really.

Skill:

Experience: 8+ years

I am a Buildroot contributor. Buildroot is a set of Makefiles and patches that makes it easy to generate a cross-compilation toolchain and root filesystem for your target Linux® system using the uClibc C library. Buildroot is useful mainly for people working with small or embedded systems. Embedded systems often use processors that are not the regular x86 processors everyone is used to using on their PC. It can be PowerPC processors, MIPS processors, ARM processors, etc. And to be extra safe, you do not need to be root to build or run buildroot.

Skill:

Experience: 5+ years

I am the author of BirdPlan, a configuration tool for Bird supporting a plethora of features and having over 50,000 unit tests.

What Can I Do?

I am hands-on. I do not want to sit behind a desk all day barking instructions, I want to be part of what is developed and achieved and lend a helping hand in line with my skillset to ensure the direction followed is correct and standards compliant.

I have a very deep understanding of networking technologies all the way from hardware data transmission all the way into Linux-userspace.

I’ve implemented software-defined-networking software which routes Layer 2 and Layer 3 traffic across geographically diverse regions and supports technologies like VLAN and MPLS, added OpenFlow support and streamed IPFIX flow data to analysis systems.

I have a very good knowledge of routers, configuration and have proven on many account bad hardware design, bad software design and software-related bugs. I have also written a BGP configuration management system and fixed the BGP large community support in Free Range Routing (forked Quagga, formally Zebra).

I’m well versed with denial of service, I am able to identify and code matches to drop, re-route or scrub traffic.

Imagine reading every bit of Linux-related source code 12-16 hours a day for 25+ years, never taking a holiday, never skipping more than a single day twice a year. That is the boat I am in.

Every day I read changes in source code, I look at how people do things, I look at what has just been committed and I think to myself how can this be used in what we do. I am well versed with almost all popular Linux server-related software, how they work internally, what can be added/modified and how it could be changed or tweaked to suite requirements.

Combine this with networking and I am able to write optimizations in assembly for any major architecture, design a new OpenWRT/IPCop/Mikrotik-like interface (only better with bootstrap) … or investigate very technical bugs. I cannot stand not knowing why something does not work, if it’s not working there is an issue, that issue must be tracked down and fixed.

I am talented in code review (I have pulled about 2,500 commit reviews per day when I hired an Indian development team), I can comment how things can be done better, easier (and properly!!). I have a knack for understanding and coming up with ways on how small pieces all fit together into a huge complex design to solve problems people think are not possible to solve.

I am a very firm supporter of continuous integration (every commit must be tested), I am a firm believer of continuous deployment (software deployed and/or packaged automatically). I cannot live without test frameworks. If you write code, you must write tests for your code. We cannot have something fail 2 year down the line because of an unrelated commit, that commit should never have been merged.

Well, not my favorite.

I am well positioned in a tier-4 support environment, when all avenues have been exhausted … ask me and I will more than likely have the answer you’re looking for. If something is taking more than a day to track down, ask me and I will probably know what the answer is or can point you in the right direction.

I prefer everything being automated and every service monitored. Problems must be known about before they become client impacting.

I have a talent for writing policy and procedure documentation that admins follow.

ISP and carrier billing systems and automation. I have been consulting with ISP’s and carriers for over 20 years on billing systems, client billing … etc. I have also written an accounting system which is in use by AllWorldIT in 3 countries. For our South African company I wrote a billing system to mirror that of Openserve in order to identify and report constant billing anomalies observed on their invoicing.

Training courses and material, I have written a number of training courses for clients including a course I wrote and present to companies using Proxmox. I am also a author of a technical book relating to bandwidth management (linked below).

Past Work

Publications

Work of mine that has been published or included in publications.

In 2014 I wrote a 400+ page advanced virtualization training course which was offered by AllWorldIT. This course focuses on the fundamentals of virtualization, where it came from, how it’s where it is today and moves onto the Proxmox implementation of various technologies. It takes the attendee through every aspect of Proxmox from the ground up and includes 3 days hands-on configuration and implementation.

Sections in my training include:

  • Virtualization Theory
  • Chroot Isolation
  • OpenMosix
  • Linux-Vserver
  • Control Groups & LXC
  • Docker
  • OpenVZ
  • Qemu & Qemu qcow2
  • Xen
  • Virtio
  • SPICE
  • IOMMU
  • MD (Linux® Software RAID)
  • Logical Volume Manager
  • ZFS
  • GlusterFS
  • Ceph
  • DRBD
  • iSCSI
  • ATA over Ethernet
  • NFS
  • GUID Partition Table
  • Proxmox Networking
  • Bridge
  • Routed
  • NAT
  • Private
  • VDE
  • TUN/TAP
  • VLAN
  • Bonding
  • Firewalling
  • Proxmox Storage
  • Proxmox Storage Model
  • Proxmox Hands-On
  • Installing
  • Nodes
  • Uploading
  • Creating VMs
  • Backups
  • Adding a VM User
  • Install From ISO
  • Views
  • Creating CTs
  • VM Overview
  • Users & Permissions
  • Updates/Upgrades
  • Datacenter
  • Pools
  • Container Overview
  • Firewalling
  • Permissions Cheatsheet
  • Proxmox Guest Management
  • Managing OpenVZ
  • Managing Qemu
  • Proxmox Clustering
  • Create the Cluster
  • Remove Cluster Node
  • Joining Cluster
  • Live Migration
  • Cluster Status
  • Clustering Cheatsheet
  • Proxmox Troubleshooting
  • Cluster Troubleshooting
  • Host Troubleshooting
  • Container Troubleshooting
  • Troubleshooting Cheatsheet
  • Virtual Machine Troubleshooting
  • Proxmox High Availability
  • Proxmox High Availability
  • Proxmox Advanced
  • Installing using Packages
  • Qemu & USB
  • OpenVZ Config Files
  • Qemu Config Files
  • Advanced Networking
  • Setting Up Bridging
  • Setting Up A Private Network
  • Setting Up Bonding
  • Setting Up A Routed Network
  • Setting Up a VDE Network
  • Setting Up A Private/Public Network
  • Setting Up Bridging (VLAN)
  • Advanced Storage
  • Setting up MDADM
  • Setting up AOE (target)
  • Setting up DRBD
  • Setting up Ceph
  • Using AWIT-DBackup
  • Advanced Storage Cheatsheet
  • Setting up LVM (local)
  • Setting up iSCSI Target (server)
  • Setting up NFS (server)
  • Proxmox with ZFS
  • Advanced Qemu Configuration
  • Setting up LVM on MDADM
  • Setting up LVM (remote)
  • Setting up Glusterfs
  • Setting up smartmontools
  • Advanced Networking Cheatsheet

In the second quarter of 2014 I started using DokuWiki and the S5 plugin to create an extremely powerful training course material management system. Currently my modifications allow the generation of vibrant branded HTML5 slides with a custom theme aswell as generating PDF handout material using dwpdf. This is the system I use for developing my training material, it is extremely quick, powerful and feature-rich. With this system I used an enterprise Logitech R700 presenter tool, this combined with a modern browser such as Chrome or Firefox allows the navigation between presentation and slides in a quick and effective manner.

BWMO eBook | Buy

Printable PDF

Software

Software I’ve designed and am involved in maintaining.

SMRadius is a high performance pre-forked radius AAA server, it features a highly configurable backend engine supporting flexible data specifications. The primary goal of the SMRadius project is to provide an extremely flexible authentication platform which may serve a large number of industries (ISPs, WiSPs … etc).

SMRadius can be found here.

OpenTrafficShaper is an opensource traffic shaping package for Linux®. Features include user, group and IP based shaping, traffic classes and radius integration.

It’s designed to be extremely lightweight and bring a truly enterprise featureset to the Linux® operating system. It is able to operate in under 40Mb RAM with 3,000 shaping classes configured. The underlying code has minimal external dependencies and highly optimized codepaths.

The hierarchy class-based shaping design and traffic classification is cleverly designed to allow for minimal recursion and quick matching of traffic flows for classification. The methods of shaping used have further been researched over the past 10 years and are based on thousands of deployments of similar solutions.

OpenTrafficShaper can be found here.

PolicyD v2 (codenamed “cluebringer”) is a multi-platform policy server for popular MTAs. This policy daemon is designed mostly for large scale mail hosting environments. The main goal is to implement as many spam combating and email compliance features as possible while at the same time maintaining the portability, stability and performance required for mission critical email hosting of today. Most of the ideas and methods implemented in PolicyD v2 stem from PolicyD v1 as well as the authors’ long time involvement in large scale mail hosting industry.

PolicyD can be found here.

CPUTool is a utility which can be used to control the CPU utilization of almost any process. It can take control of processes which are already running and can also start a process on startup.

CPUTool can be found here. It is included in at least Debian, Ubuntu, ArchLinux AUR, Fedora and has a large number of articles written about it.

AllWorldIT DBackup is a backup system which creates one archive per directory it backs up. This makes searching through the backup much easier, as you can look for which files you’re after in the directory hierarchy. It will only back up directories which have changed, which makes it rsync friendly.

AWIT DBackup can be found here.

Wiaflos Accounting is an extremely efficient light-weight multi-platform server-client based accounting system.

The goal is to have a central accounting engine which can either run on a dedicated server or on the same PC as the client interface. The accounting engine will provide a full SOAP API for easy writing of GUI/Web interfaces or tying into inhouse systems. Seeing as the accounting engine is written in Perl and makes use of a database abstraction layer, the engine should run on nearly any operating system and use nearly any database system supported by Perl and the target OS.

Wiaflos Accounting can be found here.

Wiaflos Accounting is currently used by all 3 of my companies, which are audited yearly. We have never had an audit irregularity and I find myself often explaining to auditors how accounting systems work behind the scenes.

Please see my GitLab profile page here.

Contributions

Contributions I’ve made to the opensource community.

##@linux.social Mastodon

##Linux chatroom on the Libera.Chat IRC network

Linux.Chat chatroom on Discord

Add support for multiple [Route] sections so device routes work

##Linux chatroom on the Freenode IRC network

Fixed restarting of containers when needrestart is run on the host

I worked out the DebConf16 budget and managed its finances. This lasted a period of about 1.3 years.

I assisted with the DebConf15 organization in Germany in preparation for DebConf16 in South Africa.

In 2010 I became member of RPM5.org team and was responsible for quality assurance of rpm5 on the IDMS Linux operating system.

My patches were also included in PLD Linux.

SPF patches against Postfix

DVD+RW support for Linux 2.6 (Accepted for inclusion into 2.6.9)

Credited for large numbers of ClamAV signatures. I still generate signatures to this day!

I am also listed in the ClamAV documentation, contributors section.

IPv6 support for PostgreSQL (Mainstream as of 7.4)