cks

cks, 3 days ago

@mhoye @bitprophet I'm going to go out on a bit of a limb and guess that this is more or less from here: https://maps.app.goo.gl/fRsE3yhPY5fNdk2DA

(With the actual real photograph/pano not having random clutter in it.)

cks, 3 days ago

@bitprophet @mhoye I have the advantage that my bike club has historically started a lot of weeknight group rides (some of which I've led) from a place just down the street from this vantage point. So I looked at the original pano, even in potato form, and thought 'that looks familiar ... wait'.

cks, 3 days ago

@mhoye @bitprophet It really is a fantastic spot, especially in the evening, and this is a beautiful picture.

cks, 7 days ago

@Binder Live daringly, make your TLS certificates expire in 2051. Then you can find two sorts of bugs at once!

cf: https://utcc.utoronto.ca/~cks/space/blog/tech/TLSTimeRepresentations
(tl;dr: TLS certificates switch internal time representation for 2050 (UTC) and later.)

cks, 7 days ago

@puppygirlhornypost @Binder And why bother monitoring the expiry time of private TLS certificates that expire in +10 years or more? Surely we'll remember then, if we even need them any more.

(Spoiler: no, and also ten years is not enough as we learned the hard way, https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TenYearsNotLongEnough (and other people too).)

cks, 7 days ago

@gvwilson The entire album is such an amazing thing that I've loved for years. (I should re-listen to it one of these days, somehow; my CD copy is still packed away.)

I like much of Copeland's work in general, but for this album in particular he hit out of the park right into my section of the stands.

cks, 11 days ago

@bitprophet @basepi My Auras have been fog-free for me so far (even in demanding winter conditions that fogged everything else). I have to make sure the fit is right, but once it was I could even do things like bike (in the winter) in them. It was amazing.

cks, 14 days ago

@gnomon My intuition is that a truly stable mapping is impossible with purely read access; you have to write back some sort of thing to freeze it. I don't know if there's some clever way with left or right or outer/inner/upside down joins to get some sort of thing with unmapped users matched up to unmapped coupons, but it feels like probably not if there's not necessarily the same number of them on each side.

cks, 14 days ago

@gnomon @glyph @jalefkowit TIL about row_number() in SQL. And that is truly a neat, all in one solution. SQL continues to amaze me.

(I'll need to re-learn modern SQL if I ever need to do anything serious with it again.)

cks, 14 days ago

@Doomed_Daniel @vees @dan The extra challenge round is that people want to be able to pull a network card, replace it with an identical spare one, and get the same interface names rather than new ones (or swap system disks into a new set of identical hardware, for motherboard ports). This makes MACs and other serial numbers bad. Unfortunately PCIe enumeration isn't stable if there are any hardware changes (not just the network card), for reasons.

And now you're mostly stuck.

cks, 14 days ago

@Doomed_Daniel @vees @dan Server environments don't necessarily do MAC registration, and not all DHCP environments do authentication by MAC (but a machine may still want to keep a stable NIC name for eg its own firewall config).

Broadly: writing the new MAC somewhere is doable but it makes a stressful situation (hardware failure and replacement) worse. I once ran systems that needed this and it was a pain in the rear.

cks, 14 days ago

@Doomed_Daniel @vees @dan If you burn the MAC into the network device name, every system has a different name for its network interface, even on the same hardware, which is a sysadmin pain in the rear. If you freeze a simple network name based on the MAC and add a new network name if you see a new MAC, systems can wind up with network names depending on their history; reinstalling the system will give it different network names (because old MACs won't be claiming the good ones any more).

cks, 14 days ago

@Doomed_Daniel @vees @dan In many situations you don't want to keep the mapping file, because it creates differences between identical hardware based on the history of a particular server. One out of your eight hardware-identical fileservers having a different network name because you had to move it to the spare chassis (or swap its add-on network card) at one point is a special sort of hell.

(Also, not all reinstalls are planned in advance. Sometimes the disk blows up.)

cks, 14 days ago

@Doomed_Daniel @vees @dan I believe systemd creates aliases, or at least lets you set naming policies for devices, so if you want to use MAC-based names you can fairly easily. And the default PCIe based names are mostly stable, and sometimes systemd can actually detect that a network port is a motherboard port and give it a truly stable name.

(This depends on vendors getting various BIOS data right, which is rather variable.)

cks, 14 days ago

How good was (is) the Linux kernel at security assessments? Well, between 2006 and 2018, 41% of kernel CVEs had already been fixed in the main kernel by the time they were reported as security issues (in someone's kernel), and the overall average 'time to fix' was -100 days. Clearly a lot of security fixes were not being recognized as such. Which is not a surprise; modern exploit developers are extremely clever.

Source: this 2019 Greg KH presentation: https://kernel-recipes.org/en/2019/talks/cves-are-dead-long-live-the-cve/

cks, 12 days ago

Blog post: Some ideas on what Linux distributions can do about the new kernel situation https://utcc.utoronto.ca/~cks/space/blog/linux/DistributionKernelHandling2024
tl;dr: distributions can longer release whenever they want, have the same kernel version for years and years, and have great security (unless they want to do a lot of work themselves). But realistically they never could.

Volunteer run distributions should probably get used to updating their kernel versions over the lifetime of a release. Commercial ones? Whatever you'll pay for.

cks, 13 days ago

Shonen Knife is on Bandcamp, although not with their full discography (I assume some combination of rights issues and preparing digital releases). https://shonenknife.bandcamp.com/music
Shonen Knife makes great music that is not in the least bit ambient, and I have fond memories of seeing them live once.

I found this out via https://ourislandgeorgia.net/@Wolven/112440773491791984 (via @mhoye ) mentioning that Bikini Kill are on BC. Say "feminist punk band" and I'll immediately think of Shonen Knife, so I checked and yep.

cks, 13 days ago

Blog post: The X Window System and the curse of NumLock https://utcc.utoronto.ca/~cks/space/blog/unix/XNumlockCurse
tl;dr: having NumLock on can more or less invisibly break key bindings because 'NumLock' is treated more or less like a modifier such as 'Shift'. And things can turn NumLock on for you, because they feel helpful. All of this is tangled up in how X turns keycodes into 'what they mean', or doesn't.

(Maybe X could do with another layer of translation; keycode → keycap label → actual meaning considering modifiers.)