Wandering Thoughts archives

2024-12-10: My wish for VFS or filesystem level cgroup (v2) IO limits
2024-12-09: Maybe we should explicitly schedule rebooting our fleet every so often
2024-12-08: Unix's buffered IO in assembly and in C
2024-12-07: PCIe cards we use and have used in our servers
2024-12-06: Common motherboards are supporting more and more M.2 NVMe drive slots
2024-12-05: Buffered IO in Unix before V7 introduced stdio
2024-12-04: Sorting out 'PCIe bifurcation' and how it interacts with NVMe drives
2024-12-03: The modern world of server serial ports, BMCs, and IPMI Serial over LAN
2024-12-02: Good union types in Go would probably need types without a zero value
2024-12-01: Union types ('enum types') would be complicated in Go
2024-11-30: Using systemd-run to limit something's memory usage in cgroups v2
2024-11-29: Python type hints are probably "worth it" in the large for me
2024-11-28: My life has been improved by my quiet Prometheus alert status monitor
2024-11-27: Some notes on my experiences with Python type hints and mypy
2024-11-26: Python type hints may not be for me in practice
2024-11-25: What NFS server threads do in the Linux kernel
2024-11-24: The question of how many NFS server threads you should use (on Linux)
2024-11-23: The general issue of terminal programs and the Alt key
2024-11-22: My new solution for quiet monitoring of our Prometheus alerts
2024-11-21: Our Prometheus alerting problem if our central mail server isn't working
2024-11-20: Thinking about how to tame the interaction of conditional GET and caching
2024-11-19: Two API styles of doing special things involving text in UIs
2024-11-18: Ubuntu LTS (server) releases have become fairly similar to each other
2024-11-17: (Some) spammers will keep trying old, no longer in DNS IPv6 addresses
2024-11-16: The missing text focused programming environment
2024-11-15: IPv6 networks do apparently get probed (and implications for address assignment)
2024-11-14: Your options for displaying status over time in Grafana 11
2024-11-13: Implementing some Git aliases indirectly, in shell scripts
2024-11-12: Finding a good use for keep_firing_for in our Prometheus alerts
2024-11-11: Prometheus makes it annoyingly difficult to add more information to alerts
2024-11-10: Syndication feed fetchers and their behavior on HTTP 429 status responses
2024-11-09: A rough guess at how much IPv6 address space we might need
2024-11-08: Maybe skipping 'Dependabot' commits when using 'git log'
2024-11-07: Complications in supporting 'append to a file' in a NFS server
2024-11-06: Losing NFS locks and the SunOS SIGLOST signal
2024-11-05: The general problem of losing network based locks
2024-11-04: A rough equivalent to "return to last power state" for libvirt virtual machines
2024-11-03: The history of Unix's ioctl and signal about window sizes
2024-11-02: I feel that NAT is inevitable even with IPv6
2024-11-01: Notes on the compatibility of crypted passwords across Unixes in late 2024
2024-10-31: Pam_unix and your system's supported password algorithms
2024-10-30: Keeping your site accessible to old browsers is non-trivial
2024-10-29: Doing general address matching against varying address lists in Exim
2024-10-28: The question of whether to still allow HTTP/1.0 requests or block them
2024-10-27: Linux's /dev/disk/by-id unfortunately often puts the transport in the name
2024-10-26: The importance of name-based virtual hosts (websites)
2024-10-25: Using pam_access to sometimes not use another PAM module
2024-10-24: Having an emergency backup DNS resolver with systemd-resolved
2024-10-23: Doing basic policy based routing on FreeBSD with PF rules
2024-10-22: Having rate-limits on failed authentication attempts is reassuring
2024-10-21: Quoting and not quoting command substitution in the Bourne shell
2024-10-20: Two visions of 'software supply chain security'
2024-10-19: Forced MFA is effectively an annoying, harder to deal with second password
2024-10-18: The Go module proxy and forcing Go to actually update module versions
2024-10-17: Syndication feed readers now seem to leave Last-Modified values alone
2024-10-16: Our various different types of Ubuntu installs
2024-10-15: A surprise with /etc/cron.daily, run-parts, and files with '.' in their name
2024-10-14: We have lots of local customizations (and how we keep track of them)
2024-10-13: Our local changes to standard (Ubuntu) installs are easy to forget
2024-10-12: Some thoughts on why 'inetd activation' didn't catch on
2024-10-11: Potential pragmatic handling of partial matches for HTTP conditional GET
2024-10-10: Linux software RAID and changing your system's hostname
2024-10-09: The history of inetd is more interesting than I expected
2024-10-08: OpenBSD kernel messages about memory conflicts on x86 machines
2024-10-07: Things syndication feed readers do with 'conditional GET'
2024-10-06: DKIM signatures from mailing list providers don't mean too much
2024-10-05: Daemonization in Unix programs is probably about restarting programs
2024-10-04: Traditionally, init on Unix was not a service manager as such
2024-10-03: (Unix) daemonization turns out to be quite old
2024-10-02: Go's new small language features from 1.22 and 1.23 are nice
2024-10-01: Two views of what a TLS certificate verifies
2024-09-30: Resetting the backoff restart delay for a systemd service
2024-09-29: Brief notes on making Prometheus's SNMP exporter use additional SNMP MIB(s)
2024-09-28: Options for adding IPv6 networking to your libvirt based virtual machines
2024-09-27: Brief notes on how the Prometheus SNMP exporter's configurations work
2024-09-26: The impact of the September 2024 CUPS CVEs depends on your size
2024-09-25: Using a small ZFS recordsize doesn't save you space (well, almost never)
2024-09-24: Go and my realization about what I'll call the 'Promises' pattern
2024-09-23: Mostly getting redundant UEFI boot disks on modern Ubuntu (especially 24.04)
2024-09-22: Old (Unix) workstations and servers tended to boot in the same ways
2024-09-21: TLS certificates were (almost) never particularly well verified
2024-09-20: Our broad reasons for and approach to mirroring disks
2024-09-19: OpenBSD versus FreeBSD pf.conf syntax for address translation rules
2024-09-18: Open source maintainers with little time and changes
2024-09-17: My "time to full crawl" (vague) metric
2024-09-16: Why my Fedora 40 systems stalled logins for ten seconds or so
2024-09-15: Why we're interested in FreeBSD lately (and how it relates to OpenBSD here)
2024-09-14: Getting maximum 10G Ethernet bandwidth still seems tricky
2024-09-13: Threads, asynchronous IO, and cancellation
2024-09-12: What admin access researchers have to their machines here
2024-09-11: Rate-limiting failed SMTP authentication attempts in Exim 4.95
2024-09-10: Ways ATX power supply control could work on server motherboards
2024-09-09: How ATX power supply control seems to work on desktop motherboards
2024-09-08: I should probably reboot BMCs any time they behave oddly
2024-09-07: I wish (Linux) WireGuard had a simple way to restrict peer public IPs
Operating system threads are always going to be (more) expensive
2024-09-05: The problems (Open)ZFS can have on new Linux kernel versions
2024-09-04: Using rsync to create a limited ability to write remote files
2024-09-03: TLS Server Name Indications can be altered by helpful code
2024-09-02: Apache's odd behavior for requests with a domain with a dot at the end
2024-09-01: The status of putting a '.' at the end of domain names
2024-08-31: In practice, abstractions hide their underlying details
2024-08-30: Mercurial's extdiff extension and reporting filenames in diffs
2024-08-29: The web fun fact that domains can end in dots and canonicalization failures
2024-08-28: How not to upgrade (some) held packages on Ubuntu (and Debian)
2024-08-27: Some reasons why we mostly collect IPMI sensor data locally
2024-08-26: What's going on with 'quit' in an interactive CPython session (as of 3.12)
2024-08-25: How to talk to a local IPMI under FreeBSD 14
2024-08-24: JSON is usually the least bad option for machine-readable output formats
2024-08-23: My (current) view on open source moral obligations and software popularity
2024-08-22: I used libvirt's 'virt-install' briefly and it worked nicely
2024-08-21: What a POSIX shell has to do with $PWD
2024-08-20: Some brief notes on 'numfmt' from GNU Coreutils
2024-08-19: It's not simple to add function keyword arguments to Go
2024-08-18: A downside or two of function keyword arguments (and default values)
2024-08-17: Why and how I keep around spare libvirt based virtual machines
2024-08-16: FreeBSD's 'root on ZFS' default appeals to me for an odd reason
2024-08-15: Workarounds are often forever (unless you work to make them otherwise)
2024-08-14: Traceroute, firewalls, and the modern Internet: a horrible realization
A note to myself about using traceroute to check for port reachability
2024-08-13: Some thoughts on OpenSSH 9.8's PerSourcePenalties feature
2024-08-12: Uncertainties and issues in using IPMI temperature data
2024-08-11: ZFS properties sometimes change their default values over time
2024-08-10: Allocating disk space (and all resources) is ultimately a political decision
2024-08-09: The Broadcom 'bnxt' Ethernet driver and RDMA (in Ubuntu 24.04)
2024-08-08: How Linux kernel driver modules for hardware get loaded (I think)
2024-08-07: Maybe understanding Crowdstrike's argument arity problem
2024-08-06: Host names in syslog messages may not be quite what you expect
2024-08-05: Staged rollouts of things still have limitations
2024-08-04: The speed of updates for signatures of bad things matters (a lot)
2024-08-03: A surprise with the temperature distribution in our machine room
2024-08-02: Modern web PKI (TLS) is very different than it used to be
2024-08-01: OCSP Stapling always faced a bunch of hard problems
2024-07-31: We may want /usr/bin/python to be Python 3 sooner than I expected
2024-07-30: On not automatically reconnecting to IPMI Serial-over-LAN consoles
2024-07-29: Handling (or not) the serial console of our serial console server
2024-07-28: Our slowly growing Unix monoculture
2024-07-27: Backward compatibility, even for settings, has real costs
2024-07-26: The uncertain possible futures of Unix graphical desktops
2024-07-25: How I almost set up a recursive syslog server
2024-07-24: The Online Certificate Status Protocol (OCSP) is basically dead now
2024-07-23: Seeing and matching pf rules when using tcpdump on OpenBSD's pflog interface
2024-07-22: The challenges of working out how many CPUs your program can use on Linux
2024-07-21: Our giant login server: solving resource problems with brute force
2024-07-20: My home wireless network and convenience versus security
2024-07-19: Part of (computer) security is convincing people that it works
2024-07-18: The Linux Out-Of-Memory killer process list can be misleading
2024-07-17: SSH has become our universal (Unix) external access protocol
My self-inflicted UPS and computer conundrum
2024-07-15: People at universities travel widely and unpredictably
2024-07-14: The Firefox source code's 'StaticPrefs' system (as of Firefox 128)
2024-07-13: That software forges are often better than email is unfortunate
2024-07-12: Network switches aren't simple devices (not even basic switches)
2024-07-11: Brute force attackers seem to switch targets rapidly if you block them
2024-07-10: Fedora 40 probably doesn't work with software RAID 0.90 format superblocks
2024-07-09: Some (big) mail senders do use TLS SNI for SMTP even without DANE
2024-07-08: Using WireGuard as a router to get around reachability issues
2024-07-07: I think (GNU) Emacs bankruptcy is inevitable in the longer term
2024-07-06: "Out of band" network management is not trivial
2024-07-05: Gtk 4 has decided to blow up some people's world on HiDPI displays
2024-07-04: Structured log formats are not really "plaintext" logs
2024-07-03: Fedora 40 and a natural but less than ideal outcome with 'alternatives'
2024-07-02: Unix's fsync(), write ahead logs, and durability versus integrity
2024-07-01: Modifying and setting alarm times: a phone UI irritation
2024-06-30: The systemd journal doesn't force you to not have plain text logs
2024-06-29: Plaintext is not a great format for (system) logs
2024-06-28: I wish systemd didn't require two units for each socket service
2024-06-27: Is blocking outgoing traffic by default a good firewall choice now?
2024-06-26: The xinetd restart problem with binding ports that we run into
2024-06-25: Security is not really part of most people's jobs
2024-06-24: (GNU) Emacs wants personal customization in practice
2024-06-23: Some notes on ZFS's zstd compression kstats (on Linux)
2024-06-22: A Prometheus Blackbox gotcha: (UDP) DNS replies have a low size limit
2024-06-21: The IMAP LIST command as it interacts with client prefixes in Dovecot
2024-06-20: Where Thunderbird seems to get your default browser from on Linux
2024-06-19: It seems routine to see a bunch of browser User-Agents from the same IP
2024-06-18: Some things on how ZFS System Attributes are stored
2024-06-17: Go's 'range over functions' iterators and avoiding iteration errors
2024-06-16: Understanding a Python closure oddity
2024-06-15: We don't know what's happening on our networks
2024-06-14: Mixed content upgrades on the web in mid 2024
2024-06-13: Using prime numbers for our Prometheus scrape intervals
2024-06-12: The Linux kernel NFS server and reconnecting client NFS filehandles
2024-06-11: The size of our Prometheus setup as of June 2024
2024-06-10: The NFS server 'subtree' export problem
2024-06-09: OpenSSH can chose (or force) the 'shell' used for a specific SSH key
2024-06-08: Operating services versus operating an "adequate environment"
2024-06-07: Account recovery is still a hard problem in public key management
2024-06-06: Web applications should support being used behind a reverse proxy
2024-06-05: Maybe understanding uname(1)'s platform and machine fields
2024-06-04: Some history and limitations of uname(1) fields
2024-06-03: CVEs are not what I'll call security reports
2024-06-02: Stand-alone downloads of program assets has a security implication
2024-06-01: Phish tests and (not) getting people to report successful phish attacks
2024-05-31: Spammers do forge various noreply@<you> sender addresses
2024-05-30: Phish tests aren't like fire drills
2024-05-29: PyPy has been quietly working for me for several years now
2024-05-28: ZFS's transactional guarantees from a user perspective
2024-05-27: Some notes on Grafana Loki's new "structured metadata" (as of 3.0.x)
2024-05-26: Flaky alerts are telling you something
2024-05-25: Reasons to not expose Go's choice of default TLS ciphers
2024-05-24: The long-overdue problem coming for some people in Go 1.23
2024-05-23: There are multiple uses for metrics (and collecting metrics)
2024-05-22: The Prometheus host agent's 'perf' collector can be kind of expensive
2024-05-21: Go's old $GOPATH story for development and dependencies
2024-05-20: The power of using external authentication information in a web application
2024-05-19: My GNU Emacs MH mail folder completion in MH-E
2024-05-18: Realizing the hidden complexity of cloud server networking
2024-05-17: The trade-offs in not using WireGuard to talk to our cloud server
2024-05-16: Thoughts on (not) automating the setup of our first cloud server
2024-05-15: Turning off the X server's CapsLock modifier
2024-05-14: The X Window System and the curse of NumLock
2024-05-13: Some ideas on what Linux distributions can do about the new kernel situation
2024-05-12: The Linux kernel giving CVEs to all bugfixes is sort of predictable
2024-05-11: Where NS records show up in DNS replies depends on who you ask
2024-05-10: It's very difficult to tell if a Linux kernel bug is a security issue
2024-05-09: One of OCSP's problems is the dominance of Chrome
2024-05-08: All configuration files should support some form of file inclusion
2024-05-07: Some thoughts on when you can and can't lower OpenSSH's 'LoginGraceTime'
2024-05-06: What affects what server host key types OpenSSH will offer to you
2024-05-05: OpenSSH sshd's 'MaxStartups' setting and Internet-accessible machines
2024-05-04: We have our first significant batch of servers that only have UEFI booting
2024-05-03: UEFI, BIOS, and other confusing x86 PC (firmware) terms
2024-05-02: Thinking about filesystem space allocation policies and SSDs
2024-05-01: Having a machine room can mean having things in your machine room
2024-04-30: The state of Python in Ubuntu 24.04 LTS
2024-04-29: Our likely long term future (not) with Ubuntu (as of early 2024)
2024-04-28: How I (used to) handle keeping track of how I configured software
2024-04-27: Autoconf and configure features that people find valuable
2024-04-26: I wish projects would reliably use their release announcements mechanisms
2024-04-25: The importance of an ordinary space in a Unix shell command line
2024-04-24: Pruning some things out with (GNU) find options
2024-04-23: Libvirt's virt-viewer and (guest) screen blanking
2024-04-22: Making virtual machine network interfaces inactive in Linux libvirt
2024-04-21: Thoughts on potentially realistic temperature trip limit for hardware
2024-04-20: What the original 4.2 BSD csh hashed (which is not what I thought)
2024-04-19: Modern Linux mounts a lot of different types of virtual filesystems
2024-04-18: On the duration of self-signed TLS (website) certificates
2024-04-17: Limiting the maximum size of Amanda debug logs with a Linux tmpfs mount
2024-04-16: IPMI connections have privilege levels, not just IPMI users
2024-04-15: Having IPv6 for public servers is almost always merely nice, not essential
2024-04-14: (Probably) forcing Git to never prompt for authentication
2024-04-13: A corner case in Firefox's user interface for addon updates
2024-04-12: Please don't try to hot-reload changed Python files too often
2024-04-11: Getting the underlying disks of a Linux software RAID array
2024-04-10: It's far from clear how grub package updates work on Ubuntu
2024-04-09: Bash's sadly flawed smart (programmable) completion
2024-04-08: Don't require people to change 'source code' to configure your programs
2024-04-07: NAT'ing on the firewall versus host routes for public IPs
2024-04-06: GNU Autoconf is not replaceable in any practical sense
Solving the hairpin NAT problem with policy based routing and plain NAT
2024-04-05: Why I think you shouldn't digitally sign things casually
2024-04-03: GNU Emacs and the case of special space characters
2024-04-02: An issue with Alertmanager inhibitions and resolved alerts
What Prometheus Alertmanager's group_interval setting means
2024-04-01: The power of being able to query your servers for unpredictable things
2024-03-31: Some thoughts on switching daemons to be socket activated via systemd
2024-03-30: The Prometheus scrape interval mistake people keep making
2024-03-29: Some notes on Firefox's media autoplay settings in practice as of Firefox 124
2024-03-28: The effects of silences (et al) in Prometheus Alertmanager
2024-03-27: Some questions to ask about what silencing alerts means
2024-03-26: How I would automate monitoring DNS queries in basic Prometheus
2024-03-25: Options for diverting alerts in Prometheus
2024-03-24: Platform peculiarities and Python (with an example)
2024-03-23: The many possible results of turning an IP address into a 'hostname'
2024-03-22: The Linux kernel.task_delayacct sysctl and why you might care about it
2024-03-21: Reading the Linux cpufreq sysfs interface is (deliberately) slow
2024-03-20: When I reimplement one of my programs, I often wind up polishing it too
2024-03-19: About DRAM-less SSDs and whether that matters to us
2024-03-18: Sorting out PIDs, Tgids, and tasks on Linux
2024-03-17: Disk write buffering and its interactions with write flushes
2024-03-16: Some more notes on Linux's ionice and kernel IO priorities
2024-03-15: The problem of using basic Prometheus to monitor DNS query results
2024-03-14: You might want to think about if your system serial numbers are sensitive
2024-03-13: Restarting systemd-networkd normally clears your 'ip rules' routing policies
2024-03-12: What do we count as 'manual' management of TLS certificates
2024-03-11: Why we should care about usage data for our internal services
2024-03-10: Scheduling latency, IO latency, and their role in Linux responsiveness
2024-03-09: Some thoughts on usage data for your systems and services
2024-03-08: A realization about shell pipeline steps on multi-core machines
2024-03-07: Some notes about the Cloudflare eBPF Prometheus exporter for Linux
2024-03-06: Where and how Ubuntu kernels get their ZFS modules
2024-03-05: A peculiarity of the X Window System: Windows all the way down
2024-03-04: An illustration of how much X cares about memory usage
2024-03-03: X graphics rendering as contrasted to Wayland rendering
2024-03-02: Something I don't know: How server core count interacts with RAM latency
2024-03-01: Options for your Grafana panels when your metrics change names
2024-02-29: The speed of improvement in servers may have slowed down
2024-02-28: Detecting absent Prometheus metrics without knowing their labels
2024-02-27: Our probably-typical (lack of) machine inventory situation
2024-02-26: How to make your GNU Emacs commands 'relevant' for M-X
2024-02-25: Open source culture and the valorization of public work
2024-02-24: The Go 'range over functions' proposal and user-written container types
2024-02-23: Fixing my problem of a stuck 'dnf updateinfo info' on Fedora Linux
2024-02-22: A recent abrupt change in Internet SSH brute force attacks against us
2024-02-21: What ZIL metrics are exposed by (Open)ZFS on Linux
2024-02-20: NetworkManager won't share network interfaces, which is a problem
2024-02-19: The flow of activity in the ZFS Intent Log (as I understand it)
2024-02-18: Even big websites may still be manually managing TLS certificates (or close)
2024-02-17: We outsource our public web presence and that's fine
2024-02-16: Options for genuine ECC RAM on the desktop in (early) 2024
2024-02-15: (Some) X window managers deliberately use off-screen windows
2024-02-14: Understanding a recent optimization to Go's reflect.TypeFor
2024-02-13: What is in (Open)ZFS's per-pool "txgs" /proc file on Linux
2024-02-12: Linux kernel boot messages and seeing if your AMD system has ECC
2024-02-11: Go 1.22's go/types Alias type shows the challenge of API compatibility
2024-02-10: My plan for backups of my home machine (as of early 2024)
2024-02-09: Compatibility lingers long after it's needed (until it gets noticed)
2024-02-08: Accidentally making windows vanish in my old-fashioned Unix X environment
2024-02-07: What I'd like in a hypothetical new desktop machine in 2024
2024-02-06: What the max_connect Linux NFS v4 mount parameter seems to do
2024-02-05: We might want to regularly keep track of how important each server is
2024-02-04: I switched to explicit imports of things in our Django application
2024-02-03: Solving one of our Django problems in a sideways, brute force way
2024-02-02: One of my MH-E customizations: 'narrow-to-pending' (refiles and deletes)
2024-02-01: Our Django application is now using Python 3 and a modern Django
2024-01-31: Using IPv6 has quietly become reliable (for me)
2024-01-30: Putting a Python executable in venvs is probably a necessary thing
2024-01-29: What I think goes wrong periodically with our Grafana Loki on restarts
Servers are (probably) starting to drop serial ports
2024-01-27: Getting the Python LSP server working with venvs the brute force way
2024-01-26: Histogram data is most useful when they also provide true totals
2024-01-25: In Go, I'm going to avoid using 'any' as an actual type
2024-01-24: The cooling advantage that CPU integrated graphics has
2024-01-23: CGI programs have an attractive one step deployment model
2024-01-22: Desktop PC motherboards and the costs of extra features
2024-01-21: The expected size of a gap in a Prometheus range vector (sometimes)
2024-01-20: An example of how Prometheus's delta() function will extrapolate time ranges
2024-01-19: A Django gotcha with Python 3 and the encoding of CharFields
2024-01-18: Notes on the Linux kernel's 'irq' pressure stall information and meaning
2024-01-17: Some interesting metrics you can get from cgroup V2 systems
2024-01-16: What Prometheus exporters we use (as of the end of 2023)
2024-01-15: How we monitor that our wireless network is still there in places
2024-01-14: Git branches as a social construct
2024-01-13: Indexed archive formats and selective restores
2024-01-12: What we use ZFS on Linux's ZED 'zedlets' for
2024-01-11: An old Unix mistake you could make when signaling init (PID 1)
2024-01-10: MFA today is both 'simple' and non-trivial work
2024-01-09: How far back we want our metrics to go depends on what they're for
2024-01-08: One of the things limiting the evolution of WebPKI is web servers
2024-01-07: TLS certificate expiry times are fundamentally a hack
2024-01-06: Some ballpark numbers for fun on filling filesystem cache with NFS traffic
2024-01-05: Having a virtual machine host server has been quite useful
2024-01-04: 'Unmaintained' (open source) code represents a huge amount of value
2024-01-03: Ten years isn't long enough for maximum age settings
2024-01-02: Why Unix's lseek() has that name instead of 'seek()'
2024-01-01: Alerting on our NTP servers having a high NTP stratum hasn't been useful

Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.