Jan Harasym

Designing highly scalable/resilient infrastructure by day; running hacker communities by night.

Page 2

Cloudflare is turning off the internet for me

Ok, I’ll admit, I’m not the largest fan of centralisation, but rarely do I so swiftly and effectively feel the crushing weight of it.

I happen to use a very nice Chromium-based web-browser which, when it opens has javascript disabled. Often I find that nothing works so I re-enable javascript and continue about my day.

This morning I went to work, as normal, turned on my laptop and as my laptop dutifully reloaded all my tabs from the day before I saw a few sites error-ing out.

This is relatively common when I haven’t connected to the network yet, or some sites which don’t even attempt to load without javascript, so I check my connection, enable javascript and went about reloading the offending pages.

But I noticed quite a few of the pages were the following:

Let me copy that for those who don’t like to read images:

Sorry, you have been blocked

Why have I been blocked?

Continue reading →

Defuse, wait, “forget”

Yes, I’m that annoying guy in the office that is never really happy with how things are working. So, please just indulge me.

Every time I bring up a concern, I am met with a calm and rational response which usually indicates a solution is right around the corner. The solution, as it happens, never does come around.

“We will adapt to change as required” is a common aphorism when a team responsible for reinventing some solution does not actually have a real answer to a commonly held issue.

I’ve had so many of these kinds of topics kind of just “vanish” or never get taken into consideration and they tend to follow the same pattern. So I’m going to outline a few of these, in the hope that someone can tell me it’s either in my head, intentionally malicious or just plain incompetence.

Office Space

Normally what happens is that pain builds over time until there is enough pain to rally...

Continue reading →

How to survive an open office.

my office

I’ve been struggling for some time to find a decent enough guide to actually accomplish anything meaningful (other than ad-hoc break-fix work) in my office.

One of the things I know is that this problem seems to affect me more than others, so for many people this advice (or lamentation) might seem like it comes from a weird place.

Especially since this is the first-worldiest of first-world problems.

However, for me, if I have some work that really must be done I end up doing it at home. When I’m in the office I just work on things as I get interrupted and cannot possibly focus on anything for more than 15 minutes. When I go home I feel exhausted, if I have enough energy I do the work I really needed to do in the day. – it’s not even that I don’t have the time to do it during the day, it’s just that I end up procrastinating because I can’t get focused.

Ironically I get...

Continue reading →

GPG GIT Commits.

If anyone is interested in setting up their system to automatically (or manually) sign their git commits with their GPG key, here are the steps:

  1. Generate and add your key to GitHub
  2. $ git config --global commit.gpgsign true ([OPTIONAL] every commit will now be signed)
  3. $ git config --global user.signingkey ABCDEF01 (where ABCDEF01 is the fingerprint of the key to use)
  4. $ git config --global alias.logs "log --show-signature" (now available as $ git logs)
  5. $ git config --global alias.cis "commit -S" (optional if global signing is false)
  6. $ echo "Some content" >> example.txt
  7. $ git add example.txt
  8. $ git cis -m "This commit is signed by a GPG key." (regular commit will work if global signing is enabled)
  9. $ git logs

IntelliJ IDEA Integration

If you perform git commits through IntelliJ and want them to be signed, add the following line to your ~/.gnupg/gpg.conf file:

 This option tells

Continue reading →

FreeBSD; I guess we weren’t destined to be.

I always write my blog articles, especially my opinion pieces as if, you, the reader, do not know me at all. Unfortunately- today I must break that tradition.

You may remember I wrote a post a long time ago detailing why darkscience no longer operates with github - You may remember that due to the hamfisted throat-ramming of systemd; darkscience transitioned to using FreeBSD for most of its infrastructure needs.

Well, now, these two things are, apparently, linked.

For those that don’t know the FreeBSD community has recently come out with a controversial Code-of-Conduct. I don’t wish to go into the details too much, other than that it was taken from a political source and, among other things, puts bans on virtual hugs and anything that

“reinforce[s] systemic oppression [..]”


“Unwelcome comments regarding a person’s lifestyle choices and practices, including those related to fo...

Continue reading →

RacAdmin Quick and dirty cheatsheet

iDRAC racadm quick and dirty cheatsheet. racadm command can be issues via iDRAC/CMC/OS if svradmin-racadm is installed. Also you can specify -h option to access remote servers RAC as long as you have network access. Also if you are having problems with racadm “Failed to initialize transport” install openssl-devel. full documentation for iDRAC7 can be found here.

% Get all iDRAC settings in a file

racadm get -f config.txt

If you like you can change the contents of config.txt and apply it back to iDRAC

racadm set -f config.txt

% Set password for root user

racadm set iDRAC.Users.2.Password PASSWORD"

% List all ssh keys for root user

racadm sshpkauth -i 2 -v -k all

% Add ssh key to root user

racadm sshpkauth -i 2 -k 1 "CONTENTS OF PUBLIC KEY"

% Delete ssh key for root user

racadm sshpkauth -i 2 -d -k 1

% Get iDRAC IP config

racadm getniccfg
racadm get iDRAC.NIC

% set iDRAC IP


Continue reading →

Follow Up: Wildcard TLS Certificates

Definition of WildCard

I wrote an article some time ago in a fit of anger about people continually bashing LetsEncrypt for not supporting wildcard certificates.

Why was I angry? Well my original post is here and it’s about as ranty as
you would expect from me. In it, I call people lazy and falsely attribute the
fact that SSL Certificate Authorities will not insure their wildcard certificates as a reason to avoid them. (I implied customer insurance would inform business decision making).

I figured since LetsEncrypt have caved and started supporting wildcard certs I should follow up and touch base more objectively with the reasons I feel it’s a poor practice for your users. There are reasons to use wildcard SSL certs and I’ll touch on those too.

Revocation Issue

Revocation is, unfortunately, in 2017, not a solved problem.

OCSP is still susceptible to this attack since 2009.

Revocation is amplified on...

Continue reading →

Trusting the user; they know what language they speak.

As a digital nomad one of the most difficult things to overcome is language barriers, most people default to English as a lingua franca but computers can’t be so easily coerced if there is a “smart” website which geo-locates your IP and serves you a localised webpage and no option to disable it.

Surely there is an easier way to ascertain browser localisation.

Maybe something in the http headers that browsers always send..

Maybe it could be called something like Accept-Language as in “this browser accepts these languages”…

oh, it exists- what luck!

Screenshot from 2017-05-26 10-10-05.png

Maybe we can use this instead?

View →

[OP] The decay of reliable infrastructure.

I started writing this six months ago as a terrible opinion piece surrounding cloud computing in general. In it, I shredded many cloud conceptions regarding scalability/cost and highlighted the fact that not all needs fit in cloud sized containers. (I’m sure there is a docker joke in there somewhere).

Alt text?

However, my problems ultimately boiled down into two categories;

A) The people who force the statement: “[we] need to cloud!”. (usually directors being courted by the amazon sales team)


B) Cloud providers reliability. (or, their lack of it, and pushing of issues up the stack)

The former is a company problem, and isn’t an issue with the concept of the cloud at all, it’s more of a nail->hammer issue. However! The latter is certainly where most of my gripes lie.

I was triggered when I read an internal memo from our Director of Infrastructure at Ubisoft- and while his post and name...

Continue reading →

On the importance of self-hosted backups.

A long time ago I built a pretty big storage computer (16TB) which I built because SSDs at the time were pretty small and most laptops came with only a single possible SATA drive bay for storage.

I’m also quite a large proponent of self-hosting/federation and things of this nature as evidenced by our gitlab, mail service and IRC. However, most people assume this huge storage unit is for piracy. In fact Sweden has a tax on storage devices because they may be used to store pirated media, that is also true in other EU countries such as the Netherlands [PDF]. But my unit is not for piracy- despite there being digital creative works on there I prefer to buy all my music through iTunes.

iTunes on iOS

Why? Because then it’s synced to all of my devices, I don’t worry about ownership or getting it synced, or worrying about the bitrate/collecting albumart/removing weird watermarks people add… it’s simple...

Continue reading →