very interesting, content-heavy, interview with Kristian Köhntopp about his work at booking.com: 1, 2 [ alternatively on youtube: 1, 2 ].
starting from June 2023 code signing certificates for MS Windows cannot be delivered as a file anymore. files are easy to steal. now certs must reside on security modules which don’t allow private key extraction, at least not for mere mortals. we’re using such a cert to sign exe and msi files on a build ... Read More
for 0.21.2 based on this yt video: https://www.youtube.com/watch?v=dr1qtaURrvI
for some particular case i need to log and later analyze POST bodies of HTTP requests sent via nginx reverse proxy. ClickHouse will store the logs and be useful in analysis.
min.io is open source [ although AGPL-3 licensed ] object storage software providing s3-compatible interface and handling clustering for HA & data distribution. below – notes from setting it up on a tiny scale, without using Kubernetes. notes are based on RELEASE.2023-03-24T21-41-23Z i’ve fetched two binaries for the project: my cluster has 4 nodes, looks ... Read More
i’ve done a bit of research, below – my understanding of the current state of affairs [ 2023-03 ]. i’m writing this while testing YubiKey 5 NFC, but consider different alternatives. SSH why: i’m considering an attack vector where malicious actor has remote control of my PC – can lift up arbitrary files [ including ... Read More
once in a while i need to review which database accounts are used, from what IPs connections arrive. MySQL / MariaDB does not have built-in mechanism [ unless you want to allow full query log ], but there’s quite easy way to get the data.
over the years i’ve set up multiple backup workflows. one of them is described here. part of the cycles involves taking database backups. for MySQL i’m mostly using mysqldump. it comes with some headaches: it’s single-threaded by nature – both for backup, and restore [ unless you chop the dump file into pieces and try ... Read More
i have 1st gen xiaomi mi robot vacuum cleaner. it’s been serving very well for the past 3 years. this video was very helpful with disassembly when i had to replace the main sucking motor fan: https://www.youtube.com/watch?v=wdDSBgJ1kRM i had to replace a fan and bought https://www.aliexpress.com/item/4000804127893.html instead of https://www.aliexpress.com/item/4000259186760.html ; not an exact fit but ... Read More
clickhouse is a column oriented OLAP database. i’ve started using it about half a year ago. i’m impressed. earlier i’ve read about it on percona’s blog but did not fully grasp how performant it was. i’ve tried it when i wrestling with MariaDB’s query planner on table with ~100M rows got me tired and each ... Read More
here’s what i did to get dbeaver 7.3.2 + oracle’s JDBC mysql-connector-java-8.0.17.jar work with manticoresearch 3.5.4: /etc/manticoresearch/manticore.conf, under searchd: in dbeaver – new connection using oracle’s JDBC driver as above, under data editor – set ResultFetchSize to 0 to prevent errors like this: when i initially tried to get it working with JDBC driver from ... Read More
i’ve spent most of the last week investigating spooky HTTP request that we’ve found in access logs of few production servers. very likely that traffic was replayed by mail content scanners used by messagelabs and mimecast.
UPC turns your cable modem into WiFi hot-spot available for others. outrageous! and i’ve been using it for quite a while – it generally works. below – how to connect OpenWRT or Mikrotik to such connection.
after an upgrade to debian buster i’ve noticed that both iostat -x 1 and munin’s diskstats_utilization report that NVMe drives are busy most of the time. some empirical tests showed that disks are actually idle, performance did not drop. upgrade to 5.2 kernel resolved the miss-reporting issue.
i prefer to have strict DROP policy for the outgoing traffic from production servers. let’s encrypt API endpoint is behind Akamai’s CDN and IP address to which acme-v02.api.letsencrypt.org resolves changes frequently. i don’t like playing whack-a-mole every 3 months so i’ve: set up a squid-based proxy server that allows for filtering based on domain names: ... Read More
at work i’m using mysql replication quite extensively. first it was a straightforward one-way replication that has been rock-solid for us since 2009. in 2012, for another type of data, we’ve started using master-master setup. initially the servers were in different European countries, eventually the secondary site was moved to North America while primary one ... Read More
i’ve run into an issue where windows 10 desktop could not anymore access a simple samba share on a linux server; that linux server did not have any type of authorization put in place. Windows would randomly give errors ” might not have permission to use this network resource” or “Windows cannot access \\Server\ShareYou do ... Read More
i’ve been running a set of production MySQL databases on BTRFS since April 2016. BTRFS is not exactly known for its stellar performance when hosting databases or images of virtual machines due to its COW nature. why would i do it then? to have data snapshots and be able to ‘go back in time’ quickly ... Read More
In this line of work, you don’t just get to play with shiny toys having plenty of blinking lights. There’s plenty of choices to be done nearly every day. Choices or rather bets: some of the technologies, software stacks, products or services provided internally will eventually be a flop. Decisions made over the years are ... Read More
after upgrade to debian stretch i had to add the following firewall entries: for the FTP servers: for the nat-routers between FTP servers and FTP clients: for the FTP clients: related articles: https://home.regit.org/netfilter-en/secure-use-of-helpers/