Daenney's blog

Lets update ActivityStreams to use JSON-LD expanded document form

Wed, 03 Dec 2025 00:00:00 +0000 Banana

ActivityStreams is the fediverse’s base data model. It’s why we have things like Actors, Objects and Activities. It models social interactions as an actor-based system. ActivityStreams is canonically exchanged in JSON-LD compacted document form, which is JSON with some special keys for the “linked data” aspect. JSON-LD has two(-ish) forms: Compacted document form, which looks like your typical JSON. Expanded document form, which looks more like a tree of nodes. People tend to prefer compacted form because it looks more like the JSON payloads you run every day.

Read the full post on the blog.

Running Mastodon for integration tests

Mon, 01 Dec 2025 00:00:00 +0000 Banana

For a personal project I’m working on, and for GoToSocial, I’ve wanted to run Mastodon locally to write integration tests against. Forgejo wants this too, to test their federation code. The problem is, you want to do that against a Mastodon instance that runs in “production” mode (i.e RAILS_ENV=production), except without all the TLS and https URL generation turned on. But in production mode, you normally can’t turn this off. This is good, and safe, and sound.

Read the full post on the blog.

A practical guide to Go's reflect package

Mon, 06 Oct 2025 00:00:00 +0000 Banana

Go’s reflect package is very powerful and very useful, but I’ve always struggled to wrap my head around it. The package comes with examples, but I’ve always felt the need of a more practical walk-through that stitches everything together. If you haven’t read it yet, the Laws of Reflection post is very useful. But let me propose a different first law of reflection: You Will Fuck It Up. You’re knee deep inside Go at runtime, rewriting part of the program that’s executing.

Read the full post on the blog.

Self-hosting things again

Wed, 09 Jul 2025 00:00:00 +0000 Banana

It’s 2025. The world is not doing great, and as a queer person Anglosphere tech corporations are now something I have to actively consider as part of my threat model. This was already a problem for many folks in the queer community, I was just lucky enough that in my case the risk remained acceptable. With a fascist regime installed in the US and tech corporations gleefully embracing it, depending on those corporations is no longer an option.

Read the full post on the blog.

Removing AI stories from tech news aggregators with uBlock

Wed, 11 Jun 2025 00:00:00 +0000 Banana

I like to use tech news aggregators like HN or Lobsters to find new things to read. There are often interesting things on there, and they’ve helped me discover many blogs that I end up adding to my feed reader. I avoid the comment section though, and have uBlock rules that remove them and the login links. This has helped me unlearn the habit of checking the comments doing wonders for my mental health.

Read the full post on the blog.

A low-carb, sugar-free, gluten-free cake recipe

Sat, 07 Jun 2025 00:00:00 +0000 Banana

Today, the topic isn’t tech but delicious delicious cake. Because of $reasons I need to watch my bloodsugar and keep it from spiking. I can’t inject insulin to counter spikes. This means that most bakery or store-bought sweets, pastries, ice cream etc. are off-limits for me. They’re not worth ending up in a coma. But I do like a sweet from time to time, so I’ve developed my own recipes. I’ve finally managed to nail a good cake, so I thought I’d share.

Read the full post on the blog.

Fairy: a library for building friendly CLIs in Go

Sun, 04 May 2025 00:00:00 +0000 Banana

Why did I build my own when there’s a hundred of these already? Because I don’t like how most of the others work. Fairy 🧚 only uses Go’s flag package underneath. There’s no custom flag parsing involved, but it can do some things Go’s standard library package doesn’t provide. I quite like Go’s flag package. I don’t care that it doesn’t do GNU-style opts, that it’s not perfectly docopt etc. It fits my needs 95% of the time and unless you need a hyperscale Cloud Native CNCF approved CLI it probably is enough for just about any project.

Read the full post on the blog.

Setting up OpenTelemetry in Go

Thu, 01 May 2025 00:00:00 +0000 Banana

This blog post is technically incorrect. It only aims to give you an in practice correct enough understanding of using OpenTelemetry in your Go projects and how to set it up. Lets dive in. Update 2024-05-02: Code has been updated to use the autoexport package to simplify setup a lot. Concepts There are a few concepts we need to be aware of: Providers. Meters and Tracers. Metric instruments and Spans. Exporters.

Read the full post on the blog.

Migrating to Codeberg

Sun, 20 Apr 2025 00:00:00 +0000 Banana

Github has always been a very enticing code forge. You get a lot of things for free. Code hosting, decent issue management, Gists, Pages, CI etc. Of course, all of these things are also there to make the service more sticky. They’ve moved the baseline expectations of the services a forge should provide for free so far up it’s hard for entities without VC capital or Microsoft’s war chest to provide an enticing, competing offer.

Read the full post on the blog.

Pana: a new Go library for the Fediverse

Wed, 16 Apr 2025 00:00:00 +0000 Banana

Getting started with building on the fediverse can be a big chore, there’s a lot to learn and handle. Pana is a new library in Go to help simplify things. It provides the buildiing blocks for handling ActivityStreams messages, the message format used between servers to exchanges actvivities and enable federation. A picture is worth more than a thousand worth, and good examples are worth more than me trying to convince you with words or pictures.

Read the full post on the blog.

Cgo-free "FFI" with WASM

Sat, 29 Jun 2024 00:00:00 +0000 Banana

One of the goals we have with GoToSocial is to make self-hosting your own fediverse instance really easy. In practice this means a few things: Providing a single static binary for easy deployment and without requiring containers Being very mindful of how much compute and memory we require No dependencies on external databases like Postgres, background job systems like Sidekiq which would require Redis, or an object store for media storage even though we do support using some of these things Though we don’t want to require an external database, we do need a database.

Read the full post on the blog.

Disabling USB or PCI Sound Devices on Linux

Sat, 20 Apr 2024 00:00:00 +0000 Banana

On my Linux desktop I have multiple sound devices. Typically it’s the built-in sound card, the graphics card audio output and my GoXLR outputs. I don’t ever want to use the built-in audio or have audio routed to my monitor. But the Linux desktop has this habit of sometimes switching to one of those outputs, especially when coming out of standby because the USB audio devices provided by the GoXLR disappear.

Read the full post on the blog.

Automating system actions with the GoXLR

Sun, 14 Apr 2024 00:00:00 +0000 Banana

If you happen to have a GoXLR or a GoXLR Mini, the GoXLR-Utility project that’s supported across Windows, macOS and Linux allows you to configure the device without relying on TC-Helicon’s proprietary, Windows-only, tool. The GoXLR-Utility UI resembles the GoXLR App so you should be able to switch with ease. One of the many benefits of this is that GoXLR-Utility exposes an HTTP API that lets you control the mixer and be notified of mixer state changes.

Read the full post on the blog.

GDM and Colemak

Sat, 21 Oct 2023 00:00:00 +0000 Banana

A little annoyance I always run into when configuring a new laptop is getting Gnome Display Manager to use Colemak on the login screen. For some reason, it’s impossible to configure the GDM keyboard layout unless there’s at least 2 users on the system. Otherwise Gnome Settings refuses to show the UI for it. I’m not sure why this weirdly hostile feature towards folks with alternative keyboard layouts on a single-user system exists in Gnome, but here we are.

Read the full post on the blog.

BeyondCorp @ Home: A complete solution with Kanidm

Tue, 26 Sep 2023 00:00:00 +0000 Banana

For a long time, I’ve had a setup with Keycloak as the IDM. But Keycloak is heavy. It’ll OOM with less than 2G of RAM and needs a database too. It also has features I don’t care for, like realms. As I’ve been slowly moving to self-host a few more things, including outside of my home, I want to have a way to centralise authentication for those services too. I want to keep the IDM for the home lab separate from my cloud things.

Read the full post on the blog.

HTTP request timeouts in Go

Mon, 07 Aug 2023 00:00:00 +0000 Banana

Every now and then I find myself needing to remember how HTTP request timeouts work in Go, and how to configure them. This has changed over time as http.Client gained the Timeout option, the various Timeout options you can set on the http.Transport and its underlying net.Dialer, and eventually the introduction of the context package in Go 1.7 that allows us to set a timeout/deadline on the request which in turn lead to the deprecation of http.

Read the full post on the blog.

Backing Up GoToSocial

Thu, 06 Jul 2023 00:00:00 +0000 Banana

As part of setting up backups for my own GoToSocial instance, I’ve contributed some additions to the GoToSocial CLI and its backup documentation. This will hopefully make setting up backups easier for others too. This post goes through the why of setting up backups for this in the first place and looks at two pending changes to GoToSocial to make backups easier. So why backup your Fediverse instance? Because of the signing keys that are stored in your database.

Read the full post on the blog.

Dealing with config updates

Sun, 05 Mar 2023 00:00:00 +0000 Banana

This is a silly one, but I always forget about this until I need it and then stumble across it again. The scenario: you’ve just updated a piece of software and it comes with a new sample configuration. Being the good admin that you are of course you want to your config to reflect it, you’re not a monster. But you want to keep the settings you’ve tweaked. I always end up with a mess of patch files trying to do things, but all you really need is your favourite editor.

Read the full post on the blog.

Baby's first tracing in GoToSocial

Mon, 20 Feb 2023 00:00:00 +0000 Banana

As I got into the ActivityPub side of the Fediverse I ended up hosting my own instance. Fediverse after all. But I wanted something I could easily operate and run which meant Mastodon was out and most Elixir-based solutions aren’t entirely simple to deploy and manage. Thankfully I stumbled across GoToSocial which is written in Go and has a fabulous community to boot. GoToSocial’s niche is small or single-user instances running on low-powered devices, like single-board computers or old laptops repurposed as home servers.

Read the full post on the blog.

Pulumi and the mystery of the integer ID

Sat, 31 Dec 2022 00:00:00 +0000 Banana

In Pulumi resources have inputs and outputs. Inputs are fairly obvious but Outputs have some interesting characteristics that are worth taking a closer look at. Outputs are effectively promises to resolve to a value once a resource is created. Outputs can in turn be used as inputs to a different resource which has the nice side-effect of establishing ordering/dependencies. When using Pulumi with Go you’ll see that resource structs have a $TypeOutput for most of their fields, like StringOutput.

Read the full post on the blog.

Pulumi Component Resources

Thu, 22 Dec 2022 00:00:00 +0000 Banana

A component resource is essentially a bundling of a number of resources. For example, when I want to provision a server I also need to assign it IPv4 and IPv6 addresses. I can do this independently, or I can create a custom Server component that does these things for me. This lets me encapsulate the way I work with infrastructure in my code and I can test the behaviour of a component.

Read the full post on the blog.

Pulumi is a pleasant surprise

Tue, 20 Dec 2022 00:00:00 +0000 Banana

For a few years now I’ve had my eyes on Pulumi. Every time I looked at it I came away with a sentiment of “hmm, that seems nice”. I never got around to using it though and nobody around me had either so it was hard to get a sense of whether it would live up to my hopes. I recently decided to redo some of my personal infrastructure and since Pulumi has Hetzner Cloud support I decided to give it a go and see what would happen.

Read the full post on the blog.

Tracking electricity prices in Sweden with Prometheus and Grafana

Tue, 13 Dec 2022 00:00:00 +0000 Banana

The electricity spot prices in Sweden (i.e the base price when you don’t have “fast pris”) are available from Vattenfal. On top of that price then come the transport costs your network operator charges, any taxes and 25% VAT. Yes. 25%. Yes on top of the taxes. Electricity is a luxury good. Apparently. These prices vary per region and the further south you go (the further away you are from the hydro plants) the more expensive it gets.

Read the full post on the blog.

Who Hosts the Fediverse

Sat, 10 Dec 2022 00:00:00 +0000 Banana

Thinking about the Fediverse a question that popped into my head was just how centralised the Fediverse is? By centralised I don’t mean the fact that mastodon.social is a huge instance, but centralised in the sense of which ISPs are hosting instances across the Fediverse. Mapping the Fediverse to Autonomous Systems The way this is achieved is technically speaking very simple: Query instances.social API for all instances it knows about Lookup the IP address(es) of each instance through DNS Use the MaxMind ASN database to find the AS number for the associated IP One problem is that this results in over 14k instances and for each one we do an A and AAAA query.

Read the full post on the blog.

Implementing SSRF protections in Go

Fri, 02 Dec 2022 00:00:00 +0000 Banana

Server-Side Request Forgery is a web security vulnerability in which we attempt to trick the server to access resources that we, the client who did the request, would normally not be able to access. In practice this usually means trying to access other resources within the network the server is running in or other services on the same host. This usually happens when there’s a way for an attacker to control the URL a server is going to access.

Read the full post on the blog.

Actors, Activities and Objects in ActivityPub

Fri, 18 Nov 2022 00:00:00 +0000 Banana

In this series of posts we’re going to explore ActivityPub, the protocol that powers microblogging across the Fediverse. This post is going to focus on how ActivityPub models microblogging. We’re going to dive into the three main parts: Actors, Activities and Objects. We’ll also take a look at how we use these to achieve microblogging in practice. Actor An Actor in ActivityPub is meant to represent someone or something performing an activity.

Read the full post on the blog.

A look at ActivityPub's foundation

Mon, 14 Nov 2022 00:00:00 +0000 Banana

In this series of posts we’re going to explore ActivityPub, the protocol that powers microblogging across the Fediverse. This post is going to focus on the technologies ActivityPub is built upon. It doesn’t dive into how ActivityPub itself is used to provide interoperable microblogging. That will be the topic of a future entry. ⚠️ Caveat lector: This post has an air of mild annoyance 😑. If you don’t enjoy reading this type of commentary, I suggest you stop here.

Read the full post on the blog.

Replacing Avahi: Exploring DNS-SD (part 2)

Sun, 14 Nov 2021 00:00:00 +0000 Banana

I’m renaming the series to “Replacing Avahi” because after a bit of reflection “getting rid of” sounds a lot harsher than I ever intended. In part 1 we took a quick look at what DNS-SD is and why we use Avahi for it on Linux. We then came up with a plan on how to replace it by re-implementing its D-Bus API ourselves by in turn leveraging systemd-resolved’s D-Bus API.

Read the full post on the blog.

Getting rid of Avahi (part 1)

Sun, 07 Nov 2021 00:00:00 +0000 Banana

Avahi is a daemon you can run on your system for the purpose of discovering or announcing services using DNS-SD. DNS-SD defines how to perform service discovery using DNS SRV and TXT records. Though it can use unicast DNS, its most typical usage is using multicast DNS over zeroconf, i.e link local IPv4/6. If you’ve heard of Apple Bonjour, this is it. For end-user systems, being able to discover devices in a network using DNS-SD is incredibly helpful.

Read the full post on the blog.

systemd and depending on encrypted filesystems

Mon, 11 Jan 2021 00:00:00 +0000 Banana

When running servers I want to encrypt the data stored on them. The problem you then pretty quickly run into is that it’s hard to actually boot with an encrypted root. I’ve solved this problem in the past by having a tinysshd in my initramfs which prompts me for a password to unlock the volumes. Though this works, it’s annoying in that the server isn’t able to boot at all, causing any additional monitoring I have to not work.

Read the full post on the blog.

Working remotely

Sun, 22 Mar 2020 00:00:00 +0000 Banana

A lot has been written about working remotely. In light of the current COVID-19 pandemic, I decided to write down my own thoughts on this topic and the processes and tools I’ve developed to help me be effective at working remotely. I moved to being full-time remote in February of 2019. Before that every job I’ve had was office bound. Though I worked remotely every now and then, especially when things like the flu hit, I’d never worked from home more than a few consecutive days and never in any permanent capacity.

Read the full post on the blog.

BeyondCorp @ Home: OpenID Connect Provider with Dex

Sun, 06 Oct 2019 00:00:00 +0000 Banana

In a previous post I showed you how to setup Keycloak to provide you with OpenID Connect and SAML capabilities. The problem with Keycloak is is that’s it’s a pretty big beast, whereas most of the time we don’t need all the functionality. It’s also tricky to run in a highly available fashion and is annoyingly slow to start up. In this post we’ll drop Keycloak in favour of Dex, a small OpenID Connect Provider that supports a number of backends including LDAP.

Read the full post on the blog.

BeyondCorp @ Home: Authentication and authorization proxy with OpenResty

Sat, 05 Oct 2019 00:00:00 +0000 Banana

In a previous post I showed you how to set up Gatekeeper as a proxy to enfroce authorization on requests. The problem with Gatekeeper is that it required a lot of additional configuration, an additional proxy hop and is a separate component. What this post will do instead is use the OpenResty build of nginx with the OIDC plugin to avoid all of that. This brings the complexity back down to just running nginx with it acting as a Relaying Party to do authenticaiton and provide authorization information to backends.

Read the full post on the blog.

Arch Linux and the HP Envy x360

Sat, 08 Jun 2019 00:00:00 +0000 Banana

Update 2019-06-09: Performing BIOS updates I recently decided to get myself a new laptop. Though work provides me with one, I make a point out of never using it for personal use. It can get a bit complicated around intellectual property laws. I’m also perfectly fine with my employer enforcing certain policies on their device that I just don’t want for my personal devices. For the device itself I decided I wanted a 13" model, with an AMD Ryzen CPU and Radeon graphics.

Read the full post on the blog.

Emulating a Philips Hue bridge

Tue, 09 Apr 2019 00:00:00 +0000 Banana

As part of my home automation I wanted to emulate a Philips Hue bridge. The reason for that is that a lot of things provide out-of-the-box integration with Philips Hue. Aside from that, there’s a ton of apps and other cool things in the Hue ecosystem I wanted to unlock. However, we use the IKEA Trådfri system at home, even though we do have a first generation Philips Hue bridge. The reason for switching to the IKEA one was:

Read the full post on the blog.

Home Automation

Sun, 07 Apr 2019 00:00:00 +0000 Banana

I’m addicted to home automation. There. Said it. But it’s just such a tremendous amount of fun to play with. I’m pretty sure it’s the SRE in me. Why do anything by hand when you can have computers do things for you? Why turn on the lights when you get home when it can happen automatically? Turn on the lights when you enter the bathroom? Barbaric! Turn them off? I’ve git better things to do!

Read the full post on the blog.

BeyondCorp @ Home: Authorization

Tue, 30 Oct 2018 00:00:00 +0000 Banana

NOTE: A much simpler solution is describe in BeyondCorp @ Home: Authentication and authorization proxy with OpenResty In a previous post I showed you how to set up a “Lite” version of a BeyondCorp style access layer for a home or startup environment. The reason I called it lite is because though it does do full authentication, it didn’t have separate controls for authorization. Meaning if you could authenticate you were authorized, I couldn’t specify that for certain endpoints you have to be part of a specific group or be granted a certain role before you get access.

Read the full post on the blog.

BeyondCorp @ Home

Sat, 27 Oct 2018 17:00:00 +0000 Banana

Update 2019-10-06: If you don’t need SAML, consider swapping out Keycloak for Dex instead. You can read all about that in this follow-up post. BeyondCorp is a different approach to securing access to networked applications and services. Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

Read the full post on the blog.

Directory Services 101: Securing your LDAP server

Sat, 27 Oct 2018 10:00:00 +0000 Banana

This post is part of a series on directory services. Current available installments are: Introduction Terminology Basic concepts Designing the DIT Setting up an LDAP server Securing your LDAP server Writing and testing ACLs Now that we have a directory service up an running it’s important we talk a bit about some security aspects. The configuration that was generated sets up the LDAP server in such a way that anonymous access is not allowed.

Read the full post on the blog.

Directory Services 101: Setting up an LDAP server

Sat, 27 Oct 2018 00:00:00 +0000 Banana

This post is part of a series on directory services. Current available installments are: Introduction Terminology Basic concepts Designing the DIT Setting up an LDAP server Securing your LDAP server Writing and testing ACLs I consider setting up a Directory Service a pretty big pain in the ass, especially OpenLDAP. Microsoft fares much better with Active Directory which is also much more easily configured for folks less familiar with directory services in general.

Read the full post on the blog.

Directory Services 101: Writing and testing ACLs

Sat, 27 Oct 2018 15:00:00 +0000 Banana

This post is part of a series on directory services. Current available installments are: Introduction Terminology Basic concepts Designing the DIT Setting up an LDAP server Securing your LDAP server Writing and testing ACLs ACLs, access control lists, are an important aspect of running a directory service. ACLs are how you control who can access which parts of the DIT and what things they can do. You can limit certain things like which attributes one can read or write.

Read the full post on the blog.

Directory Services 101: Designing the DIT

Fri, 26 Oct 2018 00:00:00 +0000 Banana

This post is part of a series on directory services. Current available installments are: Introduction Terminology Basic concepts Designing the DIT Setting up an LDAP server Securing your LDAP server Writing and testing ACLs I apologise for the long delay between posts. Life took over for a while and I never got around to writing the rest of it. Sitting down and thinking a bit about the DIT upfront can save you endless hours of furstration later on.

Read the full post on the blog.

Setting up Prometheus Alertmanager

Sat, 21 Apr 2018 00:00:00 +0000 Banana

I have a pretty standard Prometheus, bunch of exporters and Grafana setup at home. This is mostly used to monitor different aspects of my house, like the exporter I have for power usage. However, while trying to figure out the cause of a node exporter crash I found myself in need of an alerting system, so that it could tell me when the node exporter crashed instead of me just checking on a daily basis to see if it had.

Read the full post on the blog.

Arch Linux and firmware/BIOS updates

Sat, 07 Apr 2018 00:00:00 +0000 Banana

One area Linux has made quite a lot of progress in is the ability for people to get firmware and BIOS updates for their devices. This used to be a massive PITA but thanks largely to the Linux Vendor Firmware Service and its associated tooling (fwupd, fwupdmgr) this has become a lot simpler. Quite a few vendors support this nowadays and deliver firmware and BIOS updates through LVFS. Most of this is thanks to @hughsie so if you run into him, say thank you or offer him a drink!

Read the full post on the blog.

Thunderbolt security modes and Linux

Thu, 16 Nov 2017 00:00:00 +0000 Banana

With my XPS 13 up and running I ran into some issues with the Dell WD15 (USB 3) dock. It mainly caused my display manager to crash whenever I would plug it in with (with my external screen attached), except after a fresh boot. This is of course wildely unhelpful but a colleague told me many folks had issues with the USB 3 version of the dock and to get a TB16 (thunderbolt) instead.

Read the full post on the blog.

Arch Linux and the XPS 13 9360

Sat, 11 Nov 2017 00:00:00 +0000 Banana

After about 3 years it was time to refresh my hardware. Though I’ve long used MacBook Pro’s as my daily drivers the new MBP with touchbar wasn’t getting me excited and the new keyboard feels downright awful to me. So, I decided this was going to be the year of the Linux Desktop and I’ve switched to a Dell XPS 13 (9360, Kaby Lake) Developer Edition (comes pre-loaded with Ubuntu).

Read the full post on the blog.

Go's zero values and (de)serialising

Sun, 27 Aug 2017 00:00:00 +0000 Banana

As you might’ve noticed from other blog post entries I’m suddenly all into directory services. This happens b/c that’s what I’m currently working on. As such I find myself needing to manipulate data in a DIT quite a bit and writing ldif’s by hand is not my idea of fun. Instead I set out to create a small library that would essentially allow me to parse the result of LDAP search result entries into a Go struct and transform those back into add or modify operations.

Read the full post on the blog.

Directory Services 101: The basics

Sat, 26 Aug 2017 00:00:00 +0000 Banana

This post is part of a series on directory services. Current available installments are: Introduction Terminology Basic concepts Designing the DIT Setting up an LDAP server Securing your LDAP server Writing and testing ACLs Directory Services are fundamentally pretty simple. All information they contain is stored in a hierarchical tree structure, called the DIT. Within the DIT entries can be nested into or beneath each other, creating this tree-like structure.

Read the full post on the blog.

Directory Services 101: Introduction

Sun, 02 Jul 2017 00:00:00 +0000 Banana

In this series of posts I want to talk about directory services. The directory allow you to model things like people, computers, groups and their relationships in a central database. This service can then be used for authenticating users, managing group memberships and a whole lot more. In many small environments people avoid the perceived complexity of directory services over manually managing and provisioning groups and users in systems. Though this can work really well, even on a small scale this can get annoying.

Read the full post on the blog.

Directory Services 101: Terminology

Sun, 02 Jul 2017 10:00:00 +0000 Banana

This post is part of a series on directory services. Current available installments are: Introduction Terminology Basic concepts Designing the DIT Setting up an LDAP server Securing your LDAP server Writing and testing ACLs Directory services come with a lot of terminology and part of that lingo is what makes things difficult to understand to someone who hasn’t heard any of it before. Below is a common list of terms you might run into in documentation and the rest of these posts and hopefully a simple enough explanation of what they mean.

Read the full post on the blog.

Monitoring my WiFi access point with Prometheus

Sat, 22 Apr 2017 00:00:00 +0000 Banana

My home WiFi router is an ASUS RT-AC66U. It’s a great device with a tolerable manufacturer provided UI and quite a lot of advanced features. Though it’s marketed as a WiFi router I use it as a WiFi access point and switch, it doesn’t route. I have a Linux box that does that. Since a lot of my devices are wireless a lot of my traffic flows through my WiFi access point.

Read the full post on the blog.

GeoIP based filtering with iptables

Sat, 07 Jan 2017 00:00:00 +0000 Banana

One of the issues I run into when running a server, at home or anywhere else, is the crazy amount of random attempts at SSH logins. My SSH configuration is strict enough that most of these attempts just die on the key exchange, they never even get past the handshake. Then there’s fail2ban ensuring you get temporarily blocked if you’re obviously trying to brute force anything. Looking at the auth.log a lot of these attempts stem from Russia, China, various other parts of Asia, Africa and South America.

Read the full post on the blog.

Releasing sixrd

Mon, 21 Nov 2016 00:00:00 +0000 Banana

My ISP (Telia) doesn’t do native IPv6 yet (like most ISPs unfortunately). However, they do support something called IPv6 Rapid Deployment, also known as 6rd. What it does is fairly simply, it encodes in the information you get from your ISP during a DHCPv4 chat the information needed to set up a 6to4 tunnel with an endpoint provided by your ISP. Getting native v6 would be the best but this is probably the closest I’m going to get in a while.

Read the full post on the blog.

My home monitoring setup

Sun, 23 Oct 2016 00:00:00 +0000 Banana

Over the past few months I’ve started to reassemble a home server. I managed to get a great server board with 2 Xeon E5’s and 128GB of ECC RAM (b/c why not?) and spent Saturday breaking in the hard drives, setting everything up to be nice and encrypted and so on. One of the things I like to have at home is a decent monitoring system. I’ve toyed with Prometheus before but never really used it.

Read the full post on the blog.

Goodbye, Puppet

Mon, 17 Oct 2016 00:00:00 +0000 Banana

This has been a hard blog post to write, but to me it feels like it’s been a long time coming. For the better part of the past 5 years my job and open source contributions have revolved a lot around Puppet. I’ve been a member of the community for a long time, contributing to a range of different projects and giving a variety of talks at associated events like Puppet Camps, Configuration Management Camp and PuppetConf.

Read the full post on the blog.

The right tools for the job

Sun, 07 Aug 2016 00:00:00 +0000 Banana

Every now and then I find myself in discussions with people around which tools we should use for what job. This comes up especially often in the context of FOSS with regards to communication platforms. Do we use IRC, Slack, Gitter? Also, are mailing lists still a thing? Should we have a Discourse instead? Fairly often the reaction of people will be “no you can’t use Slack, use FOSS tools for FOSS projects”.

Read the full post on the blog.

whois on OS X

Mon, 06 Jun 2016 00:00:00 +0000 Banana

One of the things I find myself doing from time to time it to execute the whois command. This allows me to figure out to whom an IP(range) or domain belongs. However, when doing this on OS X, especially with IPv6 addresses I’m greeted with: $ whois 2a00:1450:400f:805::200e No match for "2a00:1450:400f:805::200e". >>> Last update of whois database: Tue, 07 Jun 2016 12:55:53 GMT <<< I figured I should explicitly ask it to treat this as IPv6 and found this in the man page:

Read the full post on the blog.

IPv6 at home

Sun, 05 Jun 2016 00:00:00 +0000 Banana

I recently moved to a new place (because the rental market is cray cray here). Despite how annoying it is to move around a benefit of the new place is that it has fiber so I wasted no time and got a connection from Telia. I plugged in the ISP shipped router and while browsing through the admin interface I noticed an IPv6 address showed up. All excited I checked my devices but no one was getting v6 addresses assigned.

Read the full post on the blog.

I'm going to FOSDEM and I'm bringing

Mon, 25 Jan 2016 00:00:00 +0000 Banana

FOSDEM is a wonderful event. But as with any event with geeks people will try to sniff your traffic, mess with GSM, grab your credentials and what not. The best way to stay safe? Don’t bring electronics with you or have them in flight mode (laptop included). No Bluetooth, no WiFi, no GSM/3G/tethering, nothing. If that doesn’t sound all that practical there’s a few things you can do. Spin up a Streisand server so you can VPN all the things.

Read the full post on the blog.

PGP, one last try

Sat, 09 Jan 2016 00:00:00 +0000 Banana

Update: I’ve long since given up on PGP. It’s just not worth it. Ignore this post. Over the years I’ve tried to use PGP multiple times. However, I’ve always failed miserably at managing keys and understanding the lifecycle involved. This is evident by searching the keyservers for my name, it’ll turn up a few rather idiotic and dubiously keys. None of them should be used except for one, 0x18D40820FA0EE03C. These failures with PGP are in part my fault for not correctly understanding what I was doing and part because of the horrendous UX of the gpg tools and the documentation that comes with it.

Read the full post on the blog.

In search of a new name for Puppet Community

Mon, 16 Nov 2015 00:00:00 +0000 Banana

update: We’ve settled on the name Vox Pupuli. It’s a play on the Latin “vox populi”, voice of the people, but in our case ends up meaning “voice of the puppets”. As quite a few of you know at PuppetConf 2014 we started a community collaboration effort on the maintenance of modules and tooling in the Puppet ecosystem. In our enthusiasm we baptised it Puppet Community. 20/20 hindsight The term Puppet Community (puppet-community) clashes in all kinds of ways with just the community around Puppet, the Puppet community.

Read the full post on the blog.

Puppet and IntelliJ

Wed, 21 Oct 2015 00:00:00 +0000 Banana

Part of the fun of Puppetconf is getting to talk to so many people and learning clever new tricks from each other. I knew IntelliJ had some support for writing Puppet code but as Travis showed me it’s been greatly improved. If you’re running IntelliJ you’ll need to install both the Ruby and the Puppet plugins. If you’re on RubyMine only the latter is needed. By default the Puppet plugin handles single modules really well and gives you things like code completion and refactoring support for your classes and (defined) types.

Read the full post on the blog.

Saying "they"

Tue, 11 Aug 2015 00:00:00 +0000 Banana

Based on a remark of a friend about preconceptions we have with regard to gender I started looking more carefully at how I use gender pronouns. Though I’m usually fairly diligent in writing I noticed I failed entirely in speech. This usually happens to me when I meet a new person because at that point I have no context to go on. My autopilot takes over and based on their physique, dress style and preconceptions around gender that have been drilled into me for over 20 years, I end up selecting a pronoun like “he” or “she”.

Read the full post on the blog.

Why I care about Pride

Thu, 06 Aug 2015 00:00:00 +0000 Banana

If you’re following me through social media it won’t have escaped your attention that my avatar turned rainbow and there was a distinct increase in rainbows throughout my feed as we were ramping up to Pride. Many people outside the LGBTQ community and even quite a few within don’t realise the importance of Pride and just see it as a shameless parade. It is far from that. After having helped organise our participation at Pride this year a few colleagues and I wrote a piece on the intranet about why we participated and what we did.

Read the full post on the blog.

Pupa

Thu, 23 Jul 2015 00:00:00 +0000 Banana

Bootstrapping a modern, r10k powered, masterless, Puppet 4 setup on Debian and Ubuntu. pupa is a toy project of mine. Essentially I decided to bring all my personal machines under full Puppet control. Inspired by how our Puppet setup works at my job I decided to go for a masterless setup. The problem really is to get Puppet on your machine. Once it’s there everything else is easy and as you’ll see if you look at the script I’m actually using Puppet to bootstrap part of itself.

Read the full post on the blog.

Eurovision 2015

Sun, 24 May 2015 00:00:00 +0000 Banana

Last night Europe went to war. No the Germans didn’t start it, we were just having a huge music contest followed by some political voting to decide who should win. I adore the Eurovision Song Contest It might not be a manly thing to admit to but it’s one of those things that just gets me ridiculously, over the rainbow to the moon, happy. It’s also been a fairly progressive contest with LGBTQ members participating and people in drag aren’t unfamiliar to the Eurovision either.

Read the full post on the blog.

Open source identity and abandonment issues

Mon, 20 Apr 2015 00:00:00 +0000 Banana

Today I made one of the hardest decisions I’ve made in a while. I decided to give up maintainership of two projects that I originally started. The projects are pypuppetdb, a library to talk to the PuppetDB API, and Puppetboard, a dashboard for PuppetDB that leverages pypuppetdb. Both projects started two years ago during my time at Nedap. The existing open source dashboards for Puppet sort of sucked and none of them were using PuppetDB so we were storing lots of duplicate data and in an inefficient manner too.

Read the full post on the blog.

(In)visibility

Thu, 19 Mar 2015 00:00:00 +0000 Banana

After my post on LGBTQ in tech a lot of people reached out to me, thanking me for the post, with a lot of kind words and some even with a resounding “yes that’s me too”. It’s been heartwarming to see the support this story gathered and how the Puppet community, which is the one I interact with the most, reacted to it. Interestingly though some have raised the point that LGBTQ are not a minority in tech.

Read the full post on the blog.

LGBTQ in Tech

Mon, 16 Mar 2015 00:00:00 +0000 Banana

Most people who know me know I’m gay, or that I identify as gay or queer or whichever way you’re more comfortable phrasing or thinking about it. To put it bluntly: I like men, I date men, I sleep with men, I happen to be a man and it’s all good. The thing that struck me about tech when I started getting more involved in online communities is that no one cared about this fact.

Read the full post on the blog.

puppetlabs-apt/next

Thu, 05 Mar 2015 00:00:00 +0000 Banana

As some of you know I’m the unofficial maintainer of the apt module from Puppetlabs. Together with Morgan from the Puppetlabs Module Team we try and keep that module up to date and in good shape. The apt module has not seen a significant revision since its inception in 2010. Over the past 4 years it has accumulated feature after feature without anyone taking a hard looking at what was going on inside.

Read the full post on the blog.

Puppet Module Triage

Thu, 19 Feb 2015 00:00:00 +0000 Banana

Today we had our usual Puppet Module triage. It’s a time a week where module contributors and the Puppetlabs Module Team gather online to discuss, comment, merge or reject PR’s against the different module. This is the best time for you as a contributor to join if you have a PR pending and want feedback. For the first time we’ve kept minutes of the meeting, what we did and why and you can read up on them here.

Read the full post on the blog.

Work standing up and meditation

Wed, 18 Feb 2015 00:00:00 +0000 Banana

the Lotus positions but for a long time I wasn’t able to hold that position for extended periods of time. However, since I’ve switched to working standing up for about 3/4 of my day I’ve noticed a marked improvement in my capability to hold this pose. After just two weeks of doing this I can comfortably hold a pose for 15-20m whereas before at around 10-12m it would start to become unconfortable.

Read the full post on the blog.

The start of 2015

Tue, 17 Feb 2015 00:00:00 +0000 Banana

So as I said I would blog regularily, and then I didn’t. That’s because I’m a techy and while working and tweaking the blog I obviously broke it and until now haven’t really found the time to fix it. Just wasn’t at the top of my priority list because all solutions to blogging through Github kinda sucked. Now that it is fixed, lets catch up. Settling in I now have my own space here that I affectionately refer to as home :).

Read the full post on the blog.

My first week

Sat, 25 Oct 2014 00:00:00 +0000 Banana

I expected to write a post much earlier than this but the first week was so busy all I wanted to do in the evenings was get home and relax, screw the computer. Monday was my first day and it was fun. I got thrown in at the deep end helping to form the squad I’m going to be a member of. Since I’d only been at the company 2.5hrs there was a lot to take in and do all of the sudden.

Read the full post on the blog.

Out with the old, in with the new

Fri, 17 Oct 2014 00:00:00 +0000 Banana

As some of you know, there’s a big change coming over here. Because of this I decided to throw out the old blog and the content that goes with it, much like I’m throwing out most of my possessions in preparation of what’s to come. The idea is that’ll blog about the new experiences, perhaps sometimes even on a daily basis so that friends and family can keep track of how everything’s going.

Read the full post on the blog.