Debian packaging with systemd

Building a debian package that sets up a systemd unit typically uses the dh-systemd debhelper add-on. The standard dh_installinit(1) debhelper actually installs unit files found in your package into the right place, but for versions <10, it doesn’t properly start or stop the units upon installation or removal. dh-systemd adds the necessary adjustments to your package’s postrm and poststart maintainer scripts to trigger not only starting and stopping the units, but also enabling them to start at boot.

Inserting slugs with bash & sed

Let’s use bash and sed to add a new line of dynamic content near the top of a bunch of files.

Network namespaces with nsenter

Network namespacing in Linux allows for multiple isolated network stacks on a single host. It is one of many such isolation techniques used by common container technologies, but we have some tools like nsenter available that allow us to manually “break into” these namespaces.

TCP connection backlog - a struggling server

Servers can’t accept incoming connections at an infinite rate, so let’s explore what happens when you try to establish too many connections to an overwhelmed server in a Linux environment.

Connection refused

TCP connections fail to establish for a number of reasons: congestion in the network, incorrect destination (ip:port), incompatible firewall rules, busy server, etc. Two common failures you’ll see are Connection refused and Connection timed out. Let’s look at Connection refused in greater detail.

Socket tools - netstat, ss, lsof

Sometimes you might ask: what’s listening on port X? Specifically, you may want to find out which process has a socket bound to that port, where the corresponding binary lives on disk, and where you might find relevant logs for the process.

Docker-enabled kernel on $9 ARM7 CHIPs

I recently pre-ordered a few $9 CHIP computers from Next Thing Co. They showed up this week, and I decided I’d like to run docker containers on them.

CHIPs run on 32-bit ARM7 hardware. Out of the box, they come installed with Debian, but don’t have many of the necessary kernel features enabled to run docker (namespaces, cgroups, virtual networking). So I had to build a custom kernel.

Testing Debian Package Builds with Docker

Debian packaging is convoluted and easy to get wrong. When making changes to debian packaging, I find that I want to test new package builds, sometimes on multiple platforms, quickly on my mac.

Rather than cloning my changes to a bunch of physical hosts, I can use docker to quickly set up discardable containers that mimic the target build system.

Stroke Width Transform

Optical character recognition (OCR) works well on clean images, but poorly on noisy ones. The Stroke Width Transform is a technique used to extract text from a noisy image, such as a photo, by isolating shapes that share a consistent stroke width. The resulting image eliminates most of the noise but preserves text, and produces more reliable OCR results.

Imported Text and Python with Unicode

There is no such thing as “plain text” to a computer; all text is stored as bytes, and those bytes get translated into something human-readable in accordance with the encoding applied to it. Below are some brief notes on the Unicode standard, UTF-8 encoding, and the underlying bytecode as they apply to Python 2.

OpenVPN on CoreOS/EC2

Many public wifi networks are unencrypted to allow password-less access, which makes it easy for someone to sniff your wifi traffic or mount a man-in-the-middle attack. Encrypting the connection via a VPN helps protect your data when it’s intercepted.

Encryption at rest with Django-Citadel

A Django web app may work with sensitive data that you’d like to protect at rest. One solution would be to use an encrypted database engine or extension, such as pgcrypto for PostgreSQL. pgcrypto requires certain privileges to install, which you may not have, and provides low level columnar encryption that still requires some integration effort to use with Django. django-citadel is a Django app I’ve been working on to provide encryption-at-rest capabilities controlled exclusively at the application layer, giving the developer control over the encryption and decryption of model fields on an as-needed basis.