Wed, Nov 8, 2017
Building a debian package that sets up a systemd unit typically uses the dh-systemd
debhelper add-on. The standard dh_installinit(1) debhelper actually installs unit files found in your package into the right place, but for versions <10, it doesn’t properly start or stop the units upon installation or removal. dh-systemd
adds the necessary adjustments to your package’s postrm
and poststart
maintainer scripts to trigger not only starting and stopping the units, but also enabling them to start at boot.
Sat, Sep 9, 2017
Let’s use bash
and sed
to add a new line of dynamic content near the top of a bunch of files.
Sun, Jul 9, 2017
Network namespacing in Linux allows for multiple isolated network stacks on a single host. It is one of many such isolation techniques used by common container technologies, but we have some tools like nsenter
available that allow us to manually “break into” these namespaces.
Tue, Mar 28, 2017
Servers can’t accept incoming connections at an infinite rate, so let’s explore what happens when you try to establish too many connections to an overwhelmed server in a Linux environment.
Sun, Mar 26, 2017
TCP connections fail to establish for a number of reasons: congestion in the network, incorrect destination (ip:port
), incompatible firewall rules, busy server, etc. Two common failures you’ll see are Connection refused
and Connection timed out
. Let’s look at Connection refused
in greater detail.
Thu, Mar 23, 2017
Sometimes you might ask: what’s listening on port X? Specifically, you may want to find out which process has a socket bound to that port, where the corresponding binary lives on disk, and where you might find relevant logs for the process.
Sat, Nov 26, 2016
I recently pre-ordered a few $9 CHIP computers from Next Thing Co. They showed up this week, and I decided I’d like to run docker containers on them.
CHIPs run on 32-bit ARM7 hardware. Out of the box, they come installed with Debian, but don’t have many of the necessary kernel features enabled to run docker (namespaces, cgroups, virtual networking). So I had to build a custom kernel.
Sat, Nov 19, 2016
Debian packaging is convoluted and easy to get wrong. When making changes to debian packaging, I find that I want to test new package builds, sometimes on multiple platforms, quickly on my mac.
Rather than cloning my changes to a bunch of physical hosts, I can use docker to quickly set up discardable containers that mimic the target build system.
Tue, Nov 17, 2015
Optical character recognition (OCR) works well on clean images, but poorly on noisy ones. The Stroke Width Transform is a technique used to extract text from a noisy image, such as a photo, by isolating shapes that share a consistent stroke width. The resulting image eliminates most of the noise but preserves text, and produces more reliable OCR results.
Sun, Nov 1, 2015
There is no such thing as “plain text” to a
computer; all text is stored as bytes, and those bytes get translated into
something human-readable in
accordance with the encoding applied to it. Below are some brief notes on the
Unicode standard, UTF-8 encoding, and the underlying bytecode as they apply to
Python 2.
Fri, Apr 3, 2015
Many public wifi networks are unencrypted to allow password-less access, which makes it easy for someone to sniff your wifi traffic or mount a man-in-the-middle attack. Encrypting the connection via a VPN helps protect your data when it’s intercepted.
Fri, Jan 16, 2015
A Django web app may work with sensitive data that you’d like to protect at rest. One solution would be to use an encrypted database engine or extension, such as pgcrypto
for PostgreSQL. pgcrypto
requires certain privileges to install, which you may not have, and provides low level columnar encryption that still requires some integration effort to use with Django. django-citadel
is a Django app I’ve been working on to provide encryption-at-rest capabilities controlled exclusively at the application layer, giving the developer control over the encryption and decryption of model fields on an as-needed basis.