cks

cks, 6 hours ago

@gnomon My intuition is that a truly stable mapping is impossible with purely read access; you have to write back some sort of thing to freeze it. I don't know if there's some clever way with left or right or outer/inner/upside down joins to get some sort of thing with unmapped users matched up to unmapped coupons, but it feels like probably not if there's not necessarily the same number of them on each side.

cks, 6 hours ago

@Doomed_Daniel @vees @dan The extra challenge round is that people want to be able to pull a network card, replace it with an identical spare one, and get the same interface names rather than new ones (or swap system disks into a new set of identical hardware, for motherboard ports). This makes MACs and other serial numbers bad. Unfortunately PCIe enumeration isn't stable if there are any hardware changes (not just the network card), for reasons.

And now you're mostly stuck.

cks, 6 hours ago

@Doomed_Daniel @vees @dan Server environments don't necessarily do MAC registration, and not all DHCP environments do authentication by MAC (but a machine may still want to keep a stable NIC name for eg its own firewall config).

Broadly: writing the new MAC somewhere is doable but it makes a stressful situation (hardware failure and replacement) worse. I once ran systems that needed this and it was a pain in the rear.

cks, 6 hours ago

@Doomed_Daniel @vees @dan If you burn the MAC into the network device name, every system has a different name for its network interface, even on the same hardware, which is a sysadmin pain in the rear. If you freeze a simple network name based on the MAC and add a new network name if you see a new MAC, systems can wind up with network names depending on their history; reinstalling the system will give it different network names (because old MACs won't be claiming the good ones any more).

cks, 5 hours ago

@Doomed_Daniel @vees @dan In many situations you don't want to keep the mapping file, because it creates differences between identical hardware based on the history of a particular server. One out of your eight hardware-identical fileservers having a different network name because you had to move it to the spare chassis (or swap its add-on network card) at one point is a special sort of hell.

(Also, not all reinstalls are planned in advance. Sometimes the disk blows up.)

cks, 5 hours ago

@Doomed_Daniel @vees @dan I believe systemd creates aliases, or at least lets you set naming policies for devices, so if you want to use MAC-based names you can fairly easily. And the default PCIe based names are mostly stable, and sometimes systemd can actually detect that a network port is a motherboard port and give it a truly stable name.

(This depends on vendors getting various BIOS data right, which is rather variable.)

cks, 4 days ago

Bonus: some of the people still querying our DNS server for domains we aren't authoritative for appear to be (other people's) within-university DNS servers. All I can say is WHAT.

cks, 3 days ago

This is my face when I pull the name server statistics from our 'used to be an authoritative secondary and no longer is' DNS server and discover that more than 80% of the queries are for things we don't serve any more. This is also my face when I pull a tcpdump to look at the sources of this traffic and they are all over the place, including from eg 'DNS-8-0-10-3.Chicago1.Level3.net'. And a lot of AWS machines.

What.

cks, 10 days ago

@filippo @fanf I sort of care about administrative access on my single-user workstations because I really don't want to spent all my time being one errant typo away from deleting /usr/bin. (Or having a makefile be etc etc.)

cks, 10 days ago

@filippo @fanf I actually want the forced tty interaction, because that makes it very hard for random scripts/Makefiles/etc to put in 'really ...' and surprise me in a very unpleasant way.

(Based on sudo logs at (university CS department) work, with our population of postdocs, graduate students, etc fetching and using random research software, there is clearly a lot of instructions and possibly scripts that already use sudo this way.)

cks, 11 days ago

@fanf I think sudo is a good replacement for setuid programs, especially setuid programs that you don't intend to make accessible to everyone, just to a restricted group. You could do that with other mechanisms, but sudo is very simple to set up and it's everywhere already.

cks, 13 days ago

@GeePawHill I was going to think it weird but then I remembered that it originated from Japan.

(I have a lot of casual exposure to Japanese phoneme rules through anime (and manga), since sooner or later one winds up trying to understand how non-Japanese words wind up being pronounced the way they are in the Japanese dialog. Sometimes this leads to comedy with translating into/back to English, as people try to work out the correct English/Latin-alphabet version of some non-Japanese name.)

cks, 13 days ago

@GeePawHill For example, one (human) person in a manga I am very fond of has a special supernatural status. The Japanese for it transliterates to 'surei bega' and the term was expected to be some English language term that had been transliterated into Japanese by the manga creator. It took a rather long time (and in the end the word of the creator) to work out exactly what English term it was.

cks, 13 days ago

@fanf Possibly relevant to your interests on this, my Fedora and Ubuntu 22.04 based version: https://utcc.utoronto.ca/~cks/space/blog/linux/Ubuntu2204WireGuardIPv6Gateway

cks, 17 days ago

@bitprophet @cadey I like RPM as a package format (especially for source packages) but I think Debian has consistently made better decisions about things like how to split up configuration files for programs and so on. (Oh Fedora, your Apache setup is terrible, or was the last time I looked.)

Apparently I am too picky for my own good.

cks, 22 days ago

@misc @irenes On iOS there's an "Epic Ride Weather" app that will show you forecast weather for a route for a particular time, I think including relatively granular rain chances. The drawback with it is that apparently all weather API sources are paid, so it has to charge you to cover its back-end access costs. (I haven't played with it because of that so I'm not sure how readily you can vary the start times and so on.)

cks, 24 days ago

@whitequark I think it might work with network namespaces if you detach one interface from the default network namespace and stuff it into another one. But I haven't actually tested this particular case (although I once did use network namespaces for separate routing tables).

Failing that, you can go all the way to not configuring one interface then attaching that interface to a virtual machine with its own IP. That definitely works! (... and is so annoying to need.)