Wandering Thoughts archives

2022-11-25: A revealing Vim addressing mistake that I made today
2022-11-24: Unix's (technical) history is mostly old now
2022-11-23: Unix swap configuration used to be rather simple and brute force
2022-11-22: Twitter's 'quoted tweets' feature and how design affects behavior
2022-11-21: Using curl to test alternate (test) servers for a web site
2022-11-20: Floating point NaNs as map keys in Go give you weird results
2022-11-19: Python dictionaries and floating point NaNs as keys
2022-11-18: Go 1.21 may have a clear(x) builtin and there's an interesting reason why
2022-11-17: Understanding how fast Ethernet really is (and in what units)
2022-11-16: Monitoring if our wireless network is actually working in locations
2022-11-15: It's useful to think about a 'ground up' recovery of your environment
2022-11-14: Firefox will now copy non-breaking spaces from HTML and that can be a problem
2022-11-13: I wouldn't use ZFS for swap (either for swapfiles or with a zvol)
2022-11-12: Questionable TLS Certificate Authorities and Certificate Transparency
2022-11-11: How Linux swap files (and swap partitions) find where to read and write
2022-11-10: The problem of (Unix) swapfiles and server backups
2022-11-09: Linux swap files don't seem to update their modification time when you swap
2022-11-08: Some thoughts on organizations running their own Fediverse instance
2022-11-07: An odd error I encountered with ZFS snapshots on Ubuntu 18.04
2022-11-06: Go's sync.Pool has (undocumented) 'thread' locality
2022-11-05: Our upgrade wave of Ubuntu 18.04 machines has gone fine
2022-11-04: An email's Message-ID header isn't a good spam signal (in late 2022)
2022-11-03: On not having a separate /boot filesystem on modern (x86) Linux
2022-11-02: The problem of getting problem reports from (our) people
2022-11-01: (Maybe) copying email anti-spam measures from Google and company
2022-10-31: I wish ZFS supported per-user reservations, not just per-user quotas
2022-10-30: Silencing KDE application notification sounds under fvwm
2022-10-29: Importing a Python program that doesn't have a .py extension
2022-10-28: People like file extensions whether or not they're necessary
2022-10-27: Scripts and programs should skip having extensions like '.sh' and '.bash'
2022-10-26: Our computer security problems are our own fault
2022-10-25: An email phish attempt using attachment file type confusion
2022-10-24: Filesystems and progressive deletion of things
2022-10-23: Why I feel DNS CAA records are a real TLS security improvement in practice
2022-10-22: TLS Certificate Transparency is about improving the (web) TLS ecology
2022-10-21: The Prometheus timestamp() function can be used on expressions, sort of
2022-10-20: The programming challenge that is a modern browser
2022-10-19: Understanding '+incompatible' in Go module version names
2022-10-18: We're finally fully moving away from Apache's prefork MPM (hopefully)
2022-10-17: The proper setup of a Go module, as I understand it
2022-10-16: What it means to see a 'bad' certificate in TLS Certificate Transparency logs
2022-10-15: How much swap space we're using across our servers (in October 2022)
2022-10-14: Two views of CPU utilization (a realization)
2022-10-13: We're moving away from swap partitions on our Linux servers
2022-10-12: We are stuck with egrep and fgrep (unless you like beating people)
2022-10-11: When Promtail seems to make position checkpoints (as of v2.6.1)
2022-10-10: The pragmatic effects of setting nconnect on NFS v3 mounts on Linux
2022-10-09: Research Unix V7's (comparatively) long time gap from V6
2022-10-08: Linux NFS clients (normally) make only one TCP connection to each fileserver
2022-10-07: How old various Unix signals are
2022-10-06: My performance intuitions and the complexities of SSD performance
2022-10-05: The Maildir mail storage format doesn't seem to work well over NFS
2022-10-04: Our unusual traditional /var/mail setup for people's inboxes
2022-10-03: Universities, "Bring your own device", and security
2022-10-02: Universities and their non-employees (part two)
2022-10-01: YAML in practice can be looser than I expected
2022-09-30: Your Grafana Loki setup needs security and access control
2022-09-29: Python virtual environments can usually or often be moved around
2022-09-28: How I've set up my libvirt based virtual machines (in late 2022)
2022-09-27: Reaching past our firewalls with WireGuard (some thoughts)
2022-09-26: The lsb_release program and the /etc/os-release file
2022-09-25: What can a compromised TLS Certificate Transparency Log do?
2022-09-24: Needing xdg-desktop-portal may be in my future (even without Wayland)
2022-09-23: Browsers and them 'supporting' TLS certificate transparency
2022-09-22: The TLS client's view of Certificate Transparency and CT Logs
2022-09-21: Some notes on the readings you get from USB TEMPer2 temperature sensors
2022-09-20: Why the ZFS ZIL's "in-place" direct writes of large data are safe
2022-09-19: Tangled issues with what status we should use for our HTTP redirects
2022-09-18: I believe SELinux needs active support from your distribution
2022-09-17: Authenticated SMTP and IMAP authentication attacks and attempts we see here
2022-09-16: The problem of network tunnels and (asymmetric) routing
2022-09-15: The C free() API gives libraries and functions useful freedom
2022-09-14: Grafana Loki doesn't duplicate a central syslog server (or vice versa)
Link: USB, Thunderbolt, Displayport & docks
2022-09-13: My Firefox addons as of Firefox 104 (they haven't changed in a while)
2022-09-12: What's lost when running the Prometheus host agent as a non-root user on Linux
2022-09-11: The amount of memory in basic 1U servers and our shifting views of it
2022-09-10: C's malloc() and free() APIs are reasonable APIs for C
2022-09-09: How we monitor the temperature of our machine rooms
2022-09-08: Grafana's problem with the order of dashboard panel legends and Prometheus
2022-09-07: What systemd timer directives seem to be used in practice
2022-09-06: Machine room temperatures and the value of long Prometheus metrics history
2022-09-05: The history of sending signals to Unix process groups
2022-09-04: Support for 'kill -SIGNAME ...' was added in 4BSD
2022-09-03: Our Prometheus host metrics saved us from some painful experiences
2022-09-02: An rsyslog(d) syslog forwarding setup for Grafana Loki (via Promtail)
2022-09-01: Go 1.19 added an atomic.Pointer type that's a generic type
2022-08-31: ZFS DVA offsets are in 512-byte blocks on disk but zdb misleads you about them
2022-08-30: ZFS DVA offsets are in bytes, not (512-byte) blocks
2022-08-29: A thought on presentational versus semantic HTML
2022-08-28: Getting USB TEMPer2 temperature sensor readings into Prometheus (on Linux)
2022-08-27: Large scale Internet SSH brute force attacks seem to have stopped here
2022-08-26: Using systemd timers to run things frequently (some early notes)
2022-08-25: U.2, U.3, and other server NVMe drive connector types (in mid 2022)
2022-08-24: We now have some 1U servers with U.2 NVMe SSDs and they're okay
2022-08-23: On Ubuntu, AppArmor is quite persistent and likes to reappear on you
2022-08-22: Some notes on Grafana annotations sourced from Prometheus metrics
2022-08-21: ZFS DVAs and what they cover on raidz vdevs
2022-08-20: The Ubuntu 22.04 server installer wants you to scrub reused disks first
2022-08-19: I wish Prometheus had a table-driven label remapping feature
2022-08-18: Rasdaemon is what you want on Linux if you're seeing kernel MCE messages
2022-08-17: Some resources for looking at the current development version of Go
2022-08-16: The names of disk drive SMART attributes are kind of made up (sadly)
2022-08-15: Disk drive SMART attributes can go backward and otherwise be volatile
2022-08-14: Our slow turnover of servers and server generations
2022-08-13: The C free() API means memory allocation must save some metadata
2022-08-12: My adventure with URLs in a Grafana that's behind a reverse proxy
2022-08-11: My uncertainty over whether an URL format is actually legal
2022-08-10: Some notes (to myself) about formatting text in jq
2022-08-09: Ubuntu 22.04 with multiple disks and (U)EFI booting
2022-08-08: Two example Grafana Loki log queries to get things from ntpdate logs
2022-08-07: Our BMCs are not great at keeping accurate time
2022-08-06: The pervasive effects of C's malloc() and free() on C APIs
2022-08-05: How old our servers are (as of 2022)
2022-08-04: The odd return value of the original 4.2 BSD gethostbyname()
Link: The MGR Window System
2022-08-03: Vim settings I'm using for editing YAML (with a sideline into Python)
2022-08-02: I wish that systemd (and everything) would rate-limit configuration warnings
2022-08-01: A brief history of looking up host addresses in Unix
2022-07-31: Using Prometheus's recent '@ end()' PromQL feature to reduce graph noise
2022-07-30: Python is my default choice for scripts that process text
2022-07-29: How systemd names instances of templated socket service units
2022-07-28: Print based debugging and infrequent developers
2022-07-27: What ZFS 'individual' and 'aggregated' IO size statistics mean
2022-07-26: To be fully useful, Prometheus histograms want their cumulative sums
2022-07-25: ZFS pool IO statistics (and vdev statistics) are based on physical disk IO
2022-07-24: Some pragmatic issues with Linux kernel mode setting on servers
2022-07-23: The state of getting per-pool IO statistics in ZFS on Linux as of version 2.1
2022-07-22: I've now used Linux nftables for firewall rules and it went okay
2022-07-21: You can sensibly move or copy Prometheus's database with rsync
2022-07-20: A brute force solution to nested access permissions in Apache
2022-07-19: We won't be sending systemd logs to Grafana Loki in JSON format
2022-07-18: Grafana Loki and what can go wrong with label cardinality
2022-07-17: An assortment of timestamp formats found in our (Unix) logs
2022-07-16: How to get (or recognize) a common Unix log timestamp format in things
2022-07-15: 'iptables -L' doesn't show you interface matches on rules by default
2022-07-14: IMAP servers can have significant imbalances between disk and network IO
2022-07-13: How Unix didn't used to support '#!', a brief history
2022-07-12: Getting the names of your Linux software RAID devices to stick
2022-07-11: It feels surprisingly good to block Bingbot from my blog front page
2022-07-10: My distrust of multi-factor authentication's account recovery story
2022-07-09: The Linux load average does mean something (although maybe not much)
2022-07-08: Larger backup systems often operate in multiple stages
2022-07-07: DKIM signature types (algorithms) that we see (as of July 2022)
2022-07-06: My current mixed views on the Linux kernel netconsole
2022-07-05: A surprise: you can only have one Linux kernel serial console
2022-07-04: Why an empty (executable) file is generally true in Unix
2022-07-03: Filesystems versus general tree structures
2022-07-02: Why reproducible machines didn't used to be a priority (I think)
2022-07-01: A quiet shift in what tech people build for their blogs
2022-06-30: Having one is often much easier than having more than one
2022-06-29: Notes on the Linux kernel's 'pressure stall information' and its meanings
2022-06-28: What symmetric and asymmetric IP routing are
2022-06-27: Wishing for a simple way to set up multi-interface symmetric routing on Linux
2022-06-26: Modern disk sizes and powers of two
2022-06-25: A limitation on what 'go install' can install (as of Go 1.18)
2022-06-24: Even for us, SSD write volume limits can matter
2022-06-23: A mystery with Fedora 36, fontconfig, and xterm (and urxvt)
2022-06-22: Signing email with DKIM is becoming increasing mandatory in practice
2022-06-21: Some network speeds and network related speeds we see in mid 2022
2022-06-20: Modern HDDs have gotten somewhat better than they used to be
2022-06-19: What fast SSH bulk transfer speed (probably) looks like in mid-2022
2022-06-18: Humanizing numbers in Python through a regexp substitution function
2022-06-17: What is our Python 2 endgame going to be?
2022-06-16: I wish Grafana dashboards and panels could have easy, natural comments
2022-06-15: Understanding some peculiarities of per-cgroup memory usage accounting
2022-06-14: Go programs and Linux glibc versioning
2022-06-13: In general Unix system calls are not cancellable, just abortable
2022-06-12: Framebuffer consoles have been around before on Unix workstations
2022-06-11: Linux kernel mode setting on servers (and Ubuntu 22.04)
2022-06-10: Text consoles and framebuffer consoles in Linux
2022-06-09: How we wound up with Linux's kernel mode setting ('KMS')
2022-06-08: The information theory reason for assuming non-secret cryptography algorithms
2022-06-07: TLS Certificate Transparency logs don't always talk to you
2022-06-06: Doing a selective alert about a host's additional exporters in Prometheus
2022-06-05: Checking a few metrics (time series) at once in Prometheus's query language
2022-06-04: Web URL paths don't quite map cleanly onto the abstract 'filesystem API'
2022-06-03: Regular expressions are effectively a (hard) programming language
2022-06-02: Serving static files versus dynamic web server APIs
2022-06-01: Setting up Linux fair share CPU scheduling with systemd and cgroup v2
2022-05-31: The basics of Linux fair share CPU scheduling in cgroup v2 ('unified cgroups')
2022-05-30: Systemd memory limits and strict memory overcommit
2022-05-29: My wish for per-port IP access controls in systemd .service units
2022-05-28: It's a bit risky to give people access to your Prometheus Blackbox exporter
2022-05-27: Modal dialogs and other things that steal keyboard focus are dangerous
2022-05-26: Stopping an Ubuntu 22.04 desktop from suspending at the login screen
2022-05-25: Shell scripts should be written to be clear first
2022-05-24: Some notes on providing Python code as a command line argument
2022-05-23: Systems should expose a (simple) overall health metric as well as specifics
2022-05-22: Modern (public) TLS has only a limited number of intermediate certificates
2022-05-21: Some things that make languages easy (or not) to embed in Unix shell scripts
2022-05-20: Getting a Bourne shell "here document" into a shell variable
2022-05-19: Moving a libvirt-based virtualization setup from one machine to another
2022-05-18: Missing TLS intermediate certificates can create mysterious browser problems
2022-05-17: Why I'm not all that positive on working through serial consoles
2022-05-16: Python programs as wrappers versus filters of other Unix programs
2022-05-15: The idea of hierarchical filesystems doesn't feel like an API to me
2022-05-14: The web is, in a sense, designed for serving static files
2022-05-13: The cause of an odd DNF/RPM error about conflicting files
2022-05-12: Why I'm considering some use of NetworkManager (and I probably have to)
2022-05-11: Traditionally there are fewer steps in setting up a static website
2022-05-10: Seeing the speed of your USB devices under Linux the easy way
2022-05-09: Snaps don't seem compatible with NFS home directories in Ubuntu 22.04
2022-05-08: Checking if a machine is 'up' for scripts, well, for rsync
2022-05-07: Solving a problem I had with the Unix date command in the right way
2022-05-06: Filtering Prometheus metrics with deliberately repeated labels
2022-05-05: When you install systems semi-manually, when updates get done matters
2022-05-04: The temptation of smartctl's JSON output format given NVMe SSDs
2022-05-03: NVMe disk drives and SMART attributes (and data)
2022-05-02: Monitoring is too hard, as illustrated by TLS certificates expiring
Link: An opinionated list of best practices for textual websites
2022-05-01: Using Linux's libvirt for my virtualization needs has been okay
2022-04-30: Some thoughts about your (our) site needing Javascript
2022-04-29: Our positive experience with having our support site be basic HTML
2022-04-28: The practical problem with /etc/pam.d on long-lived Linux systems
2022-04-27: The root cause of my xdg-desktop-portal problems on a Fedora machine
2022-04-26: Why your physical servers running Ubuntu 22.04 LTS can boot very slowly
2022-04-25: Sort of making snapshots of UEFI libvirt-based virtual machines
2022-04-24: Some things that make shell scripts have performance issues
2022-04-23: The temptation of writing shell scripts, illustrated
2022-04-22: The state of Python (both 2 and 3) in Ubuntu 22.04 LTS
2022-04-21: 4K HiDPI monitors come in inconvenient sizes if you want two of them
2022-04-20: My virtualization setup so far with Linux's virt-manager and friends
2022-04-19: Some bits on keeping isolated network interfaces organized (on Linux)
2022-04-18: How to talk to a local IPMI under OpenBSD
Where Linux's load average comes from in the kernel
2022-04-16: "Long term support" Unixes and versions of software in them
2022-04-15: I need (or at least want) a new virtual machine (GUI) environment
2022-04-14: Building Firefox from source and Rust versions
2022-04-13: A reason why Unix programs sometimes support '-?' for help
2022-04-12: Mangling your distribution version in your Apt sources for fun and profit
2022-04-11: How Debian's procps package is surprisingly opinionated
2022-04-10: A Linux PAM setup and the problem of stopping authentication
2022-04-09: Understanding the effects of PAM module results ('controls' in PAM jargon)
2022-04-08: On the ordering of password and MFA challenges during login
2022-04-07: What goes into an X resource and its name
2022-04-06: Fedora now has a sensible UEFI boot setup (and has for some time)
2022-04-05: The failure of the idea of X resources
2022-04-04: Things I needed to change for HiDPI on Linux that weren't in my X settings
2022-04-03: Some notes on using snmpwalk to poke at devices with SNMP
2022-04-02: Sorting out IPMI and BMC terminology and technology
2022-04-01: Some notes on finding and reading information over SNMP
2022-03-31: The awkward timing of Fedora and Go releases
2022-03-30: Why a (Linux) service delaying its shutdown is a bad thing
2022-03-29: Fixing Pipx when you upgrade your system Python version
2022-03-28: We need a way to scan Microsoft Office files for malware
2022-03-27: Some thoughts on Go's unusual approach to identifier visibility
2022-03-26: Unsurprisingly, the clock in your server's IPMI drifts over time
2022-03-25: Some notes on lslocks, the Linux command to list current file locks
2022-03-24: Some notes on Linux's /proc/locks listing of file locks
2022-03-23: Document your mistakes and then try to block them in the future
2022-03-22: Getting a fixed baud rate on your serial ports for logins under systemd
2022-03-21: The modern trend of variable DNS results and its effects on troubleshooting
2022-03-20: Prometheus: using gauge-like things as if they were counters
2022-03-19: Some problems that Python's cgi.FieldStorage has
2022-03-18: Our limited use of Python's cgi module
2022-03-17: I need to remember to check for ZFS filesystems being mounted
2022-03-16: People might want to think about saving a copy of Go 1.17
2022-03-15: How Linux dynamic loaders can be both shared objects and executables
2022-03-14: Where cut comes into Unix (and a bit on the history of awk)
2022-03-13: We do see ZFS checksum failures, but only infrequently
2022-03-12: I wish ZFS pools kept a persistent count of various errors
2022-03-11: Filesystems can experience at least three different sorts of errors
2022-03-10: It would be nice if Linux had a count of disk errors in sysfs
2022-03-09: Linux disk names you can encounter in your Prometheus host metrics
2022-03-08: Hardware can be weird, server and USB keyboard edition
2022-03-07: The convenience of multi-purpose monitoring (in Prometheus)
2022-03-06: What sort of server it takes to build Firefox in four and a bit minutes
2022-03-05: Dynamic web pages can be viewed as a form of compression (sometimes)
2022-03-04: A pragmatic driver of support for serving static files on the web is efficiency
2022-03-03: Understanding a thing with ZFS on Linux, kernel versions, RPMs, and DKMS
2022-03-02: A Python program can be outside of a virtual environment it uses
2022-03-01: The problem of keeping track of hardlinks as you traverse a directory tree
2022-02-28: Firefox (Nightly) and the case of the fading scrollbars on Unix
2022-02-27: Python's os.environ is surprisingly liberal in some ways
2022-02-26: Unix environment variables (and the environment) are a fuzzy thing
2022-02-25: The varying sizes of images on the web today, and remembering that
2022-02-24: I've come to think that the Git index is a good thing
2022-02-23: Some early notes on Dovecot namespaces (in Dovecot 2.2.33, currently)
2022-02-22: A realization about using DNS sub-names in modern protocols like DMARC
2022-02-21: Python's Global Interpreter Lock is not there for Python programmers
2022-02-20: The history (sort of) of service management in Unix
2022-02-19: The important things about Unix init systems aren't booting the system
2022-02-18: Ubuntu limits the console kernel log level even on servers
2022-02-17: The Linux kernel's message log levels are relatively meaningless
2022-02-16: Lurking complexities in a web server that just serves static files
2022-02-15: A major caution when using 'rsync -a' to copy or move directory trees
2022-02-14: Beware of trying to compare the size of subtrees with du
2022-02-13: Go generics: the question of types made from generic types and type sets
2022-02-12: The 'any' confusion in Go generics between type constraints and interfaces
2022-02-11: Some things on strict and relaxed DKIM alignment in DMARC
2022-02-10: Notes on using DKIM in a DMARC world
2022-02-09: ZFS performance and modern solid state disk systems
2022-02-08: Some SSD write volumes from my machines
2022-02-07: What does it mean for a filesystem to perform well on modern hardware?
2022-02-06: Checking out a Git branch further back than the head
2022-02-05: Go 1.18 won't have a 'constraints' package of generics helpers
2022-02-04: Some notes on Grafana relative time ranges
2022-02-03: The hassles today of having servers with disks that can't be hot-swapped
2022-02-02: Disk drives can have weird SMART values for their power on hours
2022-02-01: The likely long-term result of good on-host (host-based) firewalls
2022-01-31: Git 2.34 has changed how you configure fast-forward only pulls and rebasing
2022-01-30: A thesis: most websites are implicitly designed with a short lifetime
2022-01-29: The reason Unix has the argv[0] issue (and API)
2022-01-28: Some things on Django's CSRF protection, sessions, and REMOTE_USER
2022-01-27: The Linux kernel, simultaneous multithreading, and process scheduling
Django and Apache HTTP Basic Authentication (and REMOTE_USER)
2022-01-25: Giving things an IP address is dangerous (to them)
Go generics are going to be both simple and complex (as of Go 1.18)
2022-01-23: DNS queries to external sources do fail every so often out of the blue
2022-01-22: Modern public TLS is a quite different thing than it used to be
2022-01-21: Sorting out the situation with Intel desktop CPUs and hyper-threading
2022-01-20: I'm using journalctl's --since option now to speed up checking logs
2022-01-19: When I might expect simultaneous multithreading to help
2022-01-18: Logs are invisible (at least most of the time and by default)
2022-01-17: Pipx and a problem with changing the system Python version
2022-01-16: HTTPS is still optional, at least sort of
2022-01-15: You should do lint checks on your Prometheus alert (and recording) rules
2022-01-14: Link: Histograms in Grafana (a howto)
Understanding what a DKIM (spam) replay attack is
2022-01-13: In practice, there are two types of window managers in modern X
2022-01-12: My sunk cost fallacy relationship with my home desktop
2022-01-11: Some things about Prometheus Alertmanager's notification metrics
2022-01-10: The complexity of seeing if your Prometheus Alertmanager is truly healthy
2022-01-09: I have mixed feelings about the Go time package's time formatting strings
2022-01-08: Good web scraping is not just about avoiding load
2022-01-07: In practice, Debian (and Ubuntu) have fixed minimum system UIDs and GIDs
2022-01-06: An annoyance with Debian postinstall scripts during package upgrades
2022-01-05: Some things about Dovecot, its index files, and the IMAP SELECT command
2022-01-04: Some ways to implement /dev/fd in Unix kernels
2022-01-03: The important Unix idea of the "virtual filesystem switch"
2022-01-02: Why "process substitution" is a late feature in Unix shells
Why I'm not interested in rolling back to snapshots of Linux root filesystems

Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.