May 2023
-
The TTY demystified by Linus Åkesson
Good introduction into the world of ttys. Explains the relationship between ttys, ptys, line discipline and mixes in a sidebar on Unix signals.
March 2023
-
Hexagonal Grids - Cube Coordinates
How to reason about hexagonal tiles when programming
January 2023
-
Golang is evil on shitty networks
With a folow up: The Cargo Cult of TCP_NODELAY
This article notices and explains an opinionated Golang's default of setting TCP_NODELAY on all TCP sockets. It's used to improve throughput over datacenter-grade links (Ethernet) but may result in poor performance on unreliable networks (WiFi, mobile). Userspace IO buffering may help to work around this problem because raw socket is not easily exposed in Golang (to revert this setting in case it's required).
December 2022
-
Go is not an easy language by Martin Tournoij
Even though Go is simple, often it is not easy
-
Your problem with Vim is that you don't grok vi
A StackOverflow answer that could have been a long blog post. Good explanation of some vi intricacies I didn't understand before.
November 2022
-
Information (bits) may have some properties that are not possible to calculate from data alone. Does this transmission violate copyright? Is this file infected by a virus? Is this number random?
-
Everything I wish I knew when learning C
This is why I don't write C
-
Everything you should know about certificates and PKI but are too afraid to ask
Ground up explanation of X.509 public key infrastructure. SSH and PGP PKI's are mentioned but not described.
-
Curated list of personal blogs. I've found some blogs there with just two or three entries each, all of them interesting. That's two or three entries better that an average blog (in my experience).
-
The Great Noun List by Desi Quintans
List of 6700+ most popular English nouns. Useful for all kinds of things. Dedicated to public domain, no usage restrictions, no attribution required.
-
SSH: Uniqueness of User Certificates Serial Numbers
Uniqueness of SSH user certificate serial numbers is left up to issuer to implement. For a low volume CA golang's UnixNano() seems not bad.
October 2022
-
Next GitLab Runner Auto-scaling Architecture (RFC)
At this moment one of our core products - GitLab Runner - and one of its most important features - ability to auto-scale job execution environments - depends on an external product that is abandoned.
-
This article shows where
SEC
macro comes from but I'm still not sure if similar__section
macro is its accepted successor. It's certainly seen more often in the wild. -
Custom BPF firewalls for systemd services
Unfortunately,
net_cls
was deprecated and dropped in cgroups v2, so writing custom eBPF programs appears to be the only way to achieve per-unit firewalling with systemd.See also:
- Similar thought process in Gnome bug tracker
- Writing cgroup/skb BPF program in Rust
- Well-commented example of cgroup/skb program
- Using Cilium libraries to interact with eBPF program from Go
- Where packet mark is stored in sk_buff
- eBPF __sk_buff is not kernel's sk_buff
- man 7 bpf-helpers -> bpf_setsockopt -> SO_MARK; man 7 socket -> SO_MARK
- 'uknown function' when loading a BPF program may mean that helper is just not allowed
September 2022
-
How to create an SSH certificate authority by Jim Fisher
SSH certificates and surrounding infrastructure are tough to get a handle on. Especially these days when every article tries to push their access plane single sign-on RBAC solution.
Jim Fisher's explanation just clicked for me. SSH cert authority is simply another SSH key pair.
-
Signing arbitrary data with SSH keys
Using ssh-keygen instead of PGP to sign arbitrary data is easier and (seems to be) as safe. Namespaces are a neat feature that prevents signature reuse across protocols.
-
Create ED25519 certificates for TLS with OpenSSL
It is possible to sign X.509 certificates (HTTPS / TLS) with a ED25519 key even though no root CA does that. Useful for selfsigned certs though
-
Exfiltration by encoding data in pixel colour values
I've had the same idea last night. Unsurprisingly, someone else had thought of it 5 years ago and had already coded a proof-of-concept. It's a shame that GitHub repo is just a ZIP dump.
Note: RDP is not a pixel perfect protocol, it modifies color values in a way not perceptible for humans. This makes theoretical density of 24 bits per pixel impossible. Article author had settled for mere 3 bits per pixel (with a large safety margin). Author estimates that 15 bits per pixel should be achievable on a good connection
-
Immutable Linux OS with a hermetic /usr partition by Lennart Poettering
Thoughts on how to build an immutable Linux OS with automated A/B rootfs image upgrades.
Notable mentions:
August 2022
-
DuckCorp - a non-profit Magical Organization
I always admire (and envy) friend groups which set out to build something and then actually build something. DuckCorp is an endearing example of such. Started at a student dorm and still alive and evolving 20+ years later, they run some IT infrastructure and provide software and services to members.
-
A personal system for information/knowledge/data classification and management. Applicable to file system hierarchy, emails, note taking apps and even to IRC logs.
I doubt I'll ever implement something like this for myself, but it never hurts to have an option.
-
Contributor-maintainer-project fallacy
That's where the contributor-maintainer-project rhetoric comes in. Calling the key people in this scenario (you, and that other person who is using your code) "maintainer" and "contributor", and the software you wrote a "project", is highly suggestive; it implies a few things that, while not true, create big expectations
-
How NAT traversal works by Tailscale
A systematic review of firewall hole punching (with and without NAT and/or CGNAT in between). Tailscale uses that to build their VPN mesh but the article is applicable to any P2P communication over UDP.
-
ToolJet - low code CRUD app builder
ToolJet (AGPLv3) allows hand-crafting SQL queries and applying Javascript transformations to process the data. That's a nice feature many competitors are lacking.
I did not try ToolJet yet. Bookmarking to return to this later.
Also consider:
July 2022
-
To summarize: Drivers are a big problem. In-tree kernel support is even bigger problem.
2.4GHz recommendation seems to be Ralink rt5370, for 5GHz there are reports of success with mt7612u, mt7610u
Beware: mt7601u on Linux does not support AP mode
-
On github as a social network by Eric Bower
Why do I get so excited when I receive stars on my projects hosted on github? I am constantly trying to come up with new projects to build, but do I actually want to build them? Or do I just want social currency? I’m not sure I can tell the difference anymore.
Github isn’t just a code repository, it’s a social networking site.
-
Software freedom isn’t about licenses – it’s about power by Alyssa Rosenzweig
Licensing does matter; user autonomy is lost with subscription models, revocable licenses, binary-only software, and onerous legal clauses. Yet these issues pertinent to desktop software do not scratch the surface of today’s digital power dynamics.
Today, companies exert power over their users by tracking, selling data, psychological manipulation, intrusive advertising, planned obsolescence, and hostile Digital “Rights” Management (DRM) software. These issues affect every digital user, technically inclined or otherwise, on desktops and smartphones alike.
June 2022
-
An infographic showing just how disproportional incarceration is in the USA.
-
"Idle chitchat" vs "smalltalk"
It took me probably 7 years after moving out of my parent’s place to learn that “smalltalk” and “idle chitchat” are not necessarily the same thing [...]
In my taxonomy, “idle chitchat” is talking about things. “Smalltalk” is learning about each other. “The weather sure is nice today, isn’t it?” => idle chitchat. You’re not likely to understand a person from that starting point, except that “wow look, we both like the sun”. “Where are you from? What brings you here?” => smalltalk. You’re encouraging the person to reveal some small amounts of information about themselves which you can use to probe further and hopefully find something fascinating [...]
Now I take conversations with strangers (or anyone really) as a sport, as a challenge. “How can I use these precious moments we strangers share to discover something new? To leave one of us pondering something novel later in the evening” [...]
A comment from Hacker News thread
-
13 Propositions on an Internet for a “Burning World”
However, up until then, we live in a burning world, i.e., one evaporating under the human-made climate emergency and countless other shifts we find ourselves in at the moment. The Internet of today will certainly neither be sustainable nor resilient in the future we are heading towards.
Tobias Fiebig and Doris Aschenbrenner wrote down these thoughts in a paper in the form of “13 propositions”, which will appear in the proceedings of the joint workshops on “Technologies, Applications, and Uses of a Responsible Internet” and “Building Greener Internet”.
Also published in a series of blog posts
-
There still exists a web like the one I browsed when I was a teenager. It's just not as visible anymore with all the loud giants grabbing most of attention first.
May 2022
-
Remember when you used to explore the Internet, when you used to discover cool little websites made by people and it wasn't just a bunch of low effort content mill listicles and blog spam? I want to show you that the Internet you used to go exploring is still very much there. There are still tons of small personal websites, and a wealth of long form text from both the past and the present. So it's a search engine. It's perhaps not the greatest at finding what you already knew was there. Instead it is designed to help you find some things you didn't even know you were looking for.
-
These documents are meant to springboard the aforementioned user into the realm of IPC by delivering a concise overview of various IPC techniques. This is not the definitive set of documents that cover this subject, by any means. Like I said, it is designed to simply give you a foothold in this, the exciting world of IPC.
-
Google Chrome loses all saved passwords on Linux
A bug from 2021 that affects about 5% of Linux Chrome installations. Password sync errors out when it encounters just one mangled row in SQLite database. Check if you're affected by this error:
chrome://sync-internals/
(look for red/green row for 'Passwords' on the right side of screen), workaround: enablechrome://flags/#clean-undecryptable-passwords
, then toggle sync off/on. -
Science Abridged Beyond the Point of Usefulness
Aristotle said a bunch of stuff that was wrong. Galileo and Newton fixed things up. Then Einstein broke everything again. Now, we’ve basically got it all worked out, except for small stuff, big stuff, hot stuff, cold stuff, fast stuff, heavy stuff, dark stuff, turbulence, and the concept of time. (The book is licensed under CC-BY-NC-3.0)
-
(Via OpenStack images) - A minimal Linux distribution that was designed for use as a test image on clouds such as OpenStack Compute. Comes with cloud-init out of the box and supports insecure login by default (user:
cirros
, password:gocubsgo
)
April 2022
-
A short story about friendship, imagination and growing up. Well written. Sad.
February 2022
-
Looking back at ten years of logging each day into paper notebooks, transcribed into text files later (with vim plugins and shell scripts for automation)
January 2022
-
Manage Debian external repositories in a safe manner. Google Chrome and GitLab runner are already added into repository database
-
A Minimum Viable Computer, or Linux for $15
A single developer designs and builds a cheap Linux handheld computer (Allwinner F1C100s, 533MHz, 32-64MB DDR, Buildroot)
-
Bufferbloat Test by Waveform
-
A concept that might be useful for some programming projects. There are several known algorithms with good opensource implementations, no need to attempt to solve this alone.
November 2021
-
The Gradual Extinction of Softness by Chantha Nguon with Kim Green
An essay about first hand experience of Kambodian revolution (Khmer Rouge) and fleeing to Saigon. Going from a middle class 9-year old girl to a woman in a refugee camp to a founder of Women's Development Centre back in Cambodia.
-
A hackspace in St. Petersburg
-
Bird flew from Alaska to Australia non-stop, 8,100 miles in 239 hours
Amazing that our state of the art technology is a fragile device that can fly for 30 minutes, while this ancient entity can fly nonstop, deriving energy from bugs and water, fly through storms, self repair any damage, has self navigation and local avoidance, and even can self replicate (more comments)
-
A philosophy for productive instant messaging
An approach to instant messaging I agree with. Will probably link to this if topics comes up
October 2021
-
Using
conserver
for out-of-band (OOB) management of whitebox servers via serial console. See also:- Conserver
- Zonker's Greater Scroll of Console Knowledge
- Serial Console Server for the Poor - udev rules
- Using serial for out-of-band access and OS reinstallation: FreeBSD/Ubuntu, dualboot
September 2021
-
Certificate authority and access plane for SSH, kubernetes, web apps etc. Issues short-lived certificates after web based authentication. Supports session recording, access requests, live session view
August 2021
-
Turn any laptop screen into a proper monitor with a simple cheap board. Inputs: DC power, HDMI/VGA signal. Outputs: LVDS, backlight.
July 2021
-
Quick reference guide for flashing LSI SAS controllers (SAS 2008, SAS 2308)
-
A guide from SUSE documentation. Good explanations of Kernel Samepage Merging (KSM), memballoon, hugepages plus sane checklists for Windows guest configuration.
-
Linux routing for multiple uplinks/providers
A straightforward explanation of dual WAN setup on a Linux router
June 2021
-
Which Azure VMs support nested virtualization
Check this list for instances marked with
***
to indicate support for nested virtualization. Best fit for my purposes areE4ds_v4
,D4ds_v4
,E4s_v3
(D4 means general purpose with 4 vCPU, E4 offers extended memory with 4vCPU) -
Inserting cage nuts in server rack without a tool
Use two screwdrivers to save your fingers even if you don't have the special tool
-
How to run X server using xserver-xorg-video-dummy driver
Sometimes you need to use X server on a machine without a video card. Dummy driver helps in such cases
April 2021
-
A writeup on possible performance bottlenecks with modern computing:
- Automated environment detection
- New process overhead
- Closing file handles on Windows
- Writing to Terminals
- Thermal throttling / ACPI C-state, P-state
- Interpreter overhead
- Storage I/O
- Unnecessary compression (zlib vs zstandard vs no compression)
- Old baseline for x86_64 binaries
- Inefficiend diff implementations (sometimes lower algorithm complexity does not result in faster runtimes)
-
A real world description of why business logic is almost never algorithmic
March 2021
-
A comparison infografic with 1px = $1000 showing the scale of Jeff Bezo's fortune and that of top 400 Americans.
-
Laser cut aluminium case for RasPi cluster
February 2021
-
A woman reminiscing about all the events leading to her working full time as a programmer, starting with her parents buying a computer in 1982, when she was a 5 year girl.
-
Do-nothing scripting: the key to gradual automation
A good idea on gradual introduction on automation into checklist/runbook-style workflows
-
A short research paper that highlights numerous possibilities of text/code editor improvement with modern technology.
November 2020
-
Can EARLIER be used in DAX measures?
A workaround to create a row context when calculating DAX measures.
October 2020
-
A guide to building a home router from scratch: firewall, dhcp, dns
-
Hand-on guide to setting up PXE boot for multiple clients
August 2020
-
What to do with a lot of on-prem compute?
A group of people bought several thousand dollars worth of compute equipment and just now are thinking about how to create a profitable business out of it.
-
Easy remote shell for inaccessible hosts (e.g. double-NATed)
-
Boot multiple live ISOs from a single USB drive
July 2020
-
TinyPilot: Build a KVM Over IP for Under $100
Use Raspberry Pi to emulate mouse/keyboard via USB OTG port and to capture and broadcast video signal with HDMI-USB dongle.
-
Declassified writings of German generals written for training of US military immediately after World War II by Center for Military History
June 2020
-
Изготовление печатной платы с холодным переносом тонера
Перенос тонера с помощью ацетона (1 часть ацетона, 2 части жидкости для снятия лака без ацетона), травление перекисью водорода и лимонной кислотой.
May 2020
-
A short guide on how to use
systemd-analyze security
and how to harden your systemd units -
A large essay on the history and internals of systemd
April 2020
-
Enabling Hyper-V enlightenments with KVM
KVM offers some special features that make Windows guests run faster. See also: synic, stimer, hpet, hypervclock
-
Delay incoming SSH connections for weeks to trap attacker's resources. Implemented in C with a proof of concept draft in asynchronous Python. Also features a draft of HTTP tarpit.
March 2020
-
An introduction to Rust that is enough to read and understand the code you see online
-
Thin Clients Hardware database (ParkyTowers) by David Parkinson
A thorough database of thin client hardware, with detailed photos of internal layout, description of extension capabilities and Linux support
February 2020
-
Why are we so bad at software engineering?
Our industry’s mindset grew in an environment where failure is cheap and we are incentivized to move quickly. Our processes are poorly applied when the cost of a redo is high or a redo is impossible.
-
Docker and the PID 1 zombie reaping problem
A good explanation of why PID 1 has extra responsibilities (cleaning up adopted defunct processes), plus a working example of simple init process written in Python
-
Rethinking PID 1 by Lennart Poettering
The article that started systemd era
-
Testing your Ansible roles with Molecule by Jeff Geerling
Overview of automated testing for Ansible roles
-
Hands-on example of implementing Molecule tests in GitLab CI
-
Continuous Infrastructure with Ansible, Molecule & TravisCI
A three-part series of blog posts on Molecule: scenarios, drivers, linters.
January 2020
-
A philosophy of project governance by Drew DeVault
Reflections on software projects being intrinsically social systems that can not be programmed. Good arguments on why Code of Conduct must not be elevated to the position of highest authority.
November 2019
-
Multiple approaches to implementing rate limits in your code.
- Token bucket, also: in use with Python aiohttp
- Leaky bucket
- Fixed window counter
- Sliding window log
- Sliding window counter
October 2019
-
Detecting the use of "curl | bash" server side
Piping curl to shell may be detected via HTTP fetching delays even if User Agent is masked. Requires lots of null-byte padding though.
-
Patch workflow with Mutt by Greg Kroah-Hartman
Detailed description of email based kernel dev workflow. Notable references: isync/mbsync, aerc
-
Add this to
~/.fonts
to enable emoji rendering in Debian 9. Available in Debian repos for Buster+ (10+)
August 2019
-
Software Usability II, Tom Davis
Internal SGI memo (1993) regarding performance issues in their latest release. The problems highlighted there are not unique to that company or that time period, they frequently appear in all large software development projects nowadays. This article is part of Unix Haters Handbook.
-
Turns out there is a technical reason for putting Python code under
src/
directory in your repo. It makes easier to spot errors insetup.cfg
andMANIFEST.in
. See also: Packaging a Python library -
C was a good low-level abstraction in the era of PDP-11 but it is less so now. Parallel programming should not be hard, future hardware could make it better by dropping some C compatibility.
July 2019
-
Consider Using Asciidoctor for Your Next Presentation
Asciidoc is a nice format to write documentation, this is what it can do for presentations.
-
Nifty Assignments by Stanford University
A collection of unusual and interesting assignments for learning programming
-
RISC Is Fundamentally Unscalable
Overview of upcoming issues in microprocessor design when current scaling techniques will stop working. Wow moment: the speed of light is now a limiting factor when designing CPUs. Includes some hints that VLIW architecture might be the future (see: Intel Itanium project)
June 2019
-
Использование поддельной электронно-цифровой подписи для мошенничества (создание юридических лиц, сделки с недвижимостью)
This page is also available in a machine readable form: bookmarks.yml