Wandering Thoughts archives

2025-04-21: My Cinnamon desktop customizations (as of 2025)
2025-04-20: I feel that DANE is not a good use of DNS
2025-04-19: Tailscale's surprising interaction of DNS settings and 'exit nodes'
2025-04-18: The clever tricks of OpenPubkey and OPKSSH
2025-04-17: The appeal of serving your web pages with a single process
2025-04-16: Looking at what NFSv4 clients have locked on a Linux NVS(v4) server
2025-04-15: The DNS system isn't a database and shouldn't be used as one
2025-04-14: ZFS's delayed compression of written data (when compression is enabled)
2025-04-13: Unix files have (at least) two sizes
2025-04-12: Mandatory short duration TLS certificates are probably coming soon
2025-04-11: How I install personal versions of programs (on Unix)
2025-04-10: One way to set up local programs in a multi-architecture Unix environment
2025-04-09: The problem of general OIDC identity provider support in clients
2025-04-08: Getting older, now-replaced Fedora package updates
2025-04-07: Fedora 41 seems to have dropped an old XFT font 'property'
2025-04-06: Sorting out the ordering of OpenSSH configuration directives
2025-04-05: My pessimism about changes to error handling in Go (but they'll happen)
2025-04-04: I should learn systemd's features for restricting things
2025-04-03: OIDC/OAuth2 as the current all purpose 'authentication hammer'
2025-04-02: The order of files in /etc/ssh/sshd_config.d/ matters (and may surprise you)
2025-04-01: Getting a (vague) understanding of error handling in Rust
2025-03-31: I'm working to switch from wget to curl (due to Fedora)
2025-03-30: Our simple view of 'identity' for our (Unix) accounts
2025-03-29: Using SimpleSAMLphp to set up an identity provider with Duo support
2025-03-28: In universities, sometimes simple questions aren't simple
2025-03-27: US sanctions and your VPN (and certain big US-based cloud providers)
2025-03-26: Three ways I know of to authenticate SSH connections with OIDC tokens
2025-03-25: How we handle debconf questions during our Ubuntu installs
2025-03-24: The pragmatics of doing fsync() after a re-open() of journals and logs
2025-03-23: The obviousness of indexing the Unix filesystem buffer cache by inodes
2025-03-22: How we automate installing extra packages during Ubuntu installs
2025-03-21: The mystery (to me) of tiny font sizes in KDE programs I run
2025-03-20: Go's choice of multiple return values was the simpler option
2025-03-19: Go's multiple return values and (Go) types
2025-03-18: How ZFS knows and tracks the space usage of datasets
2025-03-17: I don't think error handling is a solved problem in language design
2025-03-16: OIDC claim scopes and their interactions with OIDC token authentication
2025-03-15: Some notes on the OpenID Connect (OIDC) 'redirect uri'
2025-03-14: Some notes on configuring Dovecot to authenticate via OIDC/OAuth2
2025-03-13: Doing multi-tag matching through URLs on the modern web
2025-03-12: The commodification of desktop GUI behavior
2025-03-11: Some views on the common Apache modules for SAML or OIDC authentication
2025-03-10: The web browser as an enabler of minority platforms
2025-03-09: How I got my nose rubbed in my screens having 'bad' areas for me
2025-03-08: How SAML and OIDC differ in sharing information, and perhaps why
2025-03-07: The OpenID Connect (OIDC) 'sub' claim is surprisingly load-bearing
2025-03-06: The problem facing MFA-enabled IMAP at the moment (in early 2025)
2025-03-05: A Prometheus gotcha with alerts based on counting things
2025-03-04: What SimpleSAMLphp's core:AttributeAlter does with creating new attributes
2025-03-03: If you get the chance, always run more extra network fiber cabling
2025-03-02: Updating local commits with more changes in Git (the harder way)
2025-03-01: Using PyPy (or thinking about it) exposed a bug in closing files
2025-02-28: Always sync your log or journal files when you open them
2025-02-27: Using Netplan to set up WireGuard on Ubuntu 22.04 works, but has warts
2025-02-26: I'm not impressed by the state of NFS v4 in the Linux kernel
2025-02-25: MFA's "push notification" authentication method can be easier to integrate
2025-02-24: Go's behavior for zero value channels and maps is partly a choice
2025-02-23: JSON has become today's machine-readable output format (on Unix)
2025-02-22: Institutions care about their security threats, not your security threats
2025-02-21: HTTP connections are part of the web's long tail
2025-02-20: It's good to have offline contact information for your upstream networking
2025-02-19: Shared (Unix) hosting and the problem of managing resource limits
2025-02-18: One problem with "shared Unix hosting" was the lack of resource limits
2025-02-17: More potential problems for people with older browsers
2025-02-16: The HTTP status codes of responses from about 21 hours of traffic to here
2025-02-15: Why I have a little C program to filter a $PATH (more or less)
2025-02-14: The profusion of things that could be in your $PATH on old Unixes
2025-02-13: 'Internal' accounts and their difference from 'external' accounts
2025-02-12: How you should respond to authentication failures isn't universal
2025-02-11: A surprise with rspamd's spam scoring and a workaround
2025-02-10: Everything should be able to ratelimit sources of authentication failures
2025-02-09: Providing pseudo-tags in DWiki through a simple hack
2025-02-08: The Prometheus host agent is missing some Linux NFSv4 RPC stats (as of 1.8.2)
2025-02-07: Web application design and the question of what is a "route"
2025-02-06: Linux kernel NFSv4 server and client RPC operation statistics
2025-02-05: How Ubuntu 24.04's bad bpftrace package appears to have happened
2025-02-04: The practical (Unix) problems with .cache and its friends
2025-02-03: Why writes to disk generally wind up in your OS's disk read cache
2025-02-02: Web spiders (or people) can invent unfortunate URLs for your website
Build systems and their effects on versioning and API changes
2025-02-01: An alarmingly bad official Ubuntu 24.04 bpftrace binary package
2025-01-31: Modern languages and bad packaging outcomes at scale
2025-01-30: The tradeoffs of having an internal unauthenticated SMTP server
2025-01-29: Our well-prepared phish spammer may have been chasing lucrative prey
2025-01-28: We got hit by an alarmingly well-prepared phish spammer
2025-01-27: How to accidentally get yourself with 'find ... -name something*'
2025-01-26: Some learning experiences with HTTP cookies in practice
2025-01-25: Syndication feeds here are now rate-limited on a per-IP basis
2025-01-24: Languages don't version themselves using semantic versioning
2025-01-23: Sometimes you need to (or have to) run old binaries of programs
2025-01-22: More features for web page generation systems doing URL remapping
2025-01-21: A change in the handling of PYTHONPATH between Python 3.10 and 3.12
2025-01-20: The (potential) complexity of good runqueue latency measurement in Linux
2025-01-19: Sometimes print-based debugging is your only choice
2025-01-18: Some ways to restrict who can log in via OpenSSH and how they authenticate
2025-01-17: Thoughts on having SSH allow password authentication from the Internet
2025-01-16: Some stuff about how Apache's mod_wsgi runs your Python apps (as of 5.0)
2025-01-15: (Multiple) inheritance in Python and implicit APIs
2025-01-14: My bug reports are mostly done for work these days
2025-01-13: A mystery with Django under Apache's mod_wsgi on Ubuntu 24.04
2025-01-12: The history and use of /etc/glob in early Unixes
2025-01-11: IMAP clients can vary in their reactions to IMAP errors
2025-01-10: The problem with combining DNS CNAME records and anything else
2025-01-09: Realizing why Go reflection restricts what struct fields can be modified
2025-01-08: Using tcpdump to see only incoming or outgoing traffic
2025-01-07: What a FreeBSD kernel message about your bridge means
2025-01-06: The issue with DNF 5 and script output in Fedora 41
2025-01-05: WireGuard's AllowedIPs aren't always the (WireGuard) routes you want
2025-01-04: There are different sorts of WireGuard setups with different difficulties
2025-01-03: The programmable web browser was and is inevitable
2025-01-02: Rejecting email at SMTP time based on the From: header address
2025-01-01: The modern web is why web browsers don't have "nice things" (platform APIs)
(Previous year)
By month for 2025: Jan Feb Mar Apr; before 2025.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.