Jan Harasym

Designing highly scalable/resilient infrastructure by day; running hacker communities by night.

Read this first

Master branch considered harmful

Sitting on the fence with respect to political issues leaves me with few allies at a time when lines seem so firmly drawn. Looking in on US discourse, where this polarisation has become most acute, is odd for someone with a European mindset. The insular nature of American politics, and the myopic framing of issues by Americans, makes it difficult for an outsider to wade into, even when the outcomes affect them.

That said, this is important.

git logo
GitHub recently unveiled plans to alter the name of the master branch for git repositories to something less politically heated. This is quite a noble sentiment, and selecting main as the branch name would bring it more inline with quite old though widely used version control systems like perforce.

However that is entirely overshadowed by the fact that GitHub will not stop supporting ICE1. The C.E.O of GitHub, who came out directly in support of...

Continue reading →

The history we lost

There are some things that I feel are intractably good in tech history; things that when I was a younger man I considered to have a high degree of craftsmanship and intuitive “niceness” to them.. Little things that perhaps you disagree with. But this is my love letter to them, and my appreciation for the creators.

Windows 2000 background

This lovely background colour is what greeted you, warmly, to your newly installed PC. There is something very soothing about this particular background and that was later mirrored in Windows XP (albeit a little lighter and “fresher”) and Windows 10 (darker, more “mature”).


Since this is simply a colour you can bring this back in Windows 10 by setting your background colour to the hex value 3B6EA5

Harddisk activity lights

The first computer I had that forwent this was my Macbook Pro from 2011, and I lamented it at the time; but it’s a trend that...

Continue reading →

Hiding in plain sight: Requirements for avoiding the Snoopers Charter in the UK


Snoopers Charter is the colloquial name we use to refer to the Investigatory Powers Act in the United Kingdom. If you’ve been living under a rock this past couple of years you can read a very detailed description of it here. tl;dr It forces ISPs to keep records of your internet history and gives the government the right to read that data; it is the first of it’s kind in a western country and has unfortunately been summarily repeated in countries such as The Netherlands

Amber Rudd seems to be highly in favour of it but she’s not known for being tech savvy and she’s not a known supporter of free speech.. But I digress.

This Article is not about the investigatory powers act itself, this is meant to provide my slightly less technical friends with some advice about how to go about being a bit more private in that kind of hostile climate, and to talk about the sliding road we’re...

Continue reading →

Cloudflare is turning off the internet for me

Ok, I’ll admit, I’m not the largest fan of centralisation, but rarely do I so swiftly and effectively feel the crushing weight of it.

I happen to use a very nice Chromium-based web-browser which, when it opens has javascript disabled. Often I find that nothing works so I re-enable javascript and continue about my day.

This morning I went to work, as normal, turned on my laptop and as my laptop dutifully reloaded all my tabs from the day before I saw a few sites error-ing out.

This is relatively common when I haven’t connected to the network yet, or some sites which don’t even attempt to load without javascript, so I check my connection, enable javascript and went about reloading the offending pages.

But I noticed quite a few of the pages were the following:

Let me copy that for those who don’t like to read images:

Sorry, you have been blocked

Why have I been blocked?

Continue reading →

Defuse, wait, “forget”

Yes, I’m that annoying guy in the office that is never really happy with how things are working. So, please just indulge me.

Every time I bring up a concern, I am met with a calm and rational response which usually indicates a solution is right around the corner. The solution, as it happens, never does come around.

“We will adapt to change as required” is a common aphorism when a team responsible for reinventing some solution does not actually have a real answer to a commonly held issue.

I’ve had so many of these kinds of topics kind of just “vanish” or never get taken into consideration and they tend to follow the same pattern. So I’m going to outline a few of these, in the hope that someone can tell me it’s either in my head, intentionally malicious or just plain incompetence.

Office Space

Normally what happens is that pain builds over time until there is enough pain to rally...

Continue reading →

How to survive an open office.

my office

I’ve been struggling for some time to find a decent enough guide to actually accomplish anything meaningful (other than ad-hoc break-fix work) in my office.

One of the things I know is that this problem seems to affect me more than others, so for many people this advice (or lamentation) might seem like it comes from a weird place.

Especially since this is the first-worldiest of first-world problems.

However, for me, if I have some work that really must be done I end up doing it at home. When I’m in the office I just work on things as I get interrupted and cannot possibly focus on anything for more than 15 minutes. When I go home I feel exhausted, if I have enough energy I do the work I really needed to do in the day. – it’s not even that I don’t have the time to do it during the day, it’s just that I end up procrastinating because I can’t get focused.

Ironically I get...

Continue reading →

GPG GIT Commits.

If anyone is interested in setting up their system to automatically (or manually) sign their git commits with their GPG key, here are the steps:

  1. Generate and add your key to GitHub
  2. $ git config --global commit.gpgsign true ([OPTIONAL] every commit will now be signed)
  3. $ git config --global user.signingkey ABCDEF01 (where ABCDEF01 is the fingerprint of the key to use)
  4. $ git config --global alias.logs "log --show-signature" (now available as $ git logs)
  5. $ git config --global alias.cis "commit -S" (optional if global signing is false)
  6. $ echo "Some content" >> example.txt
  7. $ git add example.txt
  8. $ git cis -m "This commit is signed by a GPG key." (regular commit will work if global signing is enabled)
  9. $ git logs

IntelliJ IDEA Integration

If you perform git commits through IntelliJ and want them to be signed, add the following line to your ~/.gnupg/gpg.conf file:

 This option tells

Continue reading →

RacAdmin Quick and dirty cheatsheet

iDRAC racadm quick and dirty cheatsheet. racadm command can be issues via iDRAC/CMC/OS if svradmin-racadm is installed. Also you can specify -h option to access remote servers RAC as long as you have network access. Also if you are having problems with racadm “Failed to initialize transport” install openssl-devel. full documentation for iDRAC7 can be found here.

% Get all iDRAC settings in a file

racadm get -f config.txt

If you like you can change the contents of config.txt and apply it back to iDRAC

racadm set -f config.txt

% Set password for root user

racadm set iDRAC.Users.2.Password PASSWORD"

% List all ssh keys for root user

racadm sshpkauth -i 2 -v -k all

% Add ssh key to root user

racadm sshpkauth -i 2 -k 1 "CONTENTS OF PUBLIC KEY"

% Delete ssh key for root user

racadm sshpkauth -i 2 -d -k 1

% Get iDRAC IP config

racadm getniccfg
racadm get iDRAC.NIC

% set iDRAC IP


Continue reading →

Follow Up: Wildcard TLS Certificates

Definition of WildCard

I wrote an article some time ago in a fit of anger about people continually bashing LetsEncrypt for not supporting wildcard certificates.

Why was I angry? Well my original post is here and it’s about as ranty as
you would expect from me. In it, I call people lazy and falsely attribute the
fact that SSL Certificate Authorities will not insure their wildcard certificates as a reason to avoid them. (I implied customer insurance would inform business decision making).

I figured since LetsEncrypt have caved and started supporting wildcard certs I should follow up and touch base more objectively with the reasons I feel it’s a poor practice for your users. There are reasons to use wildcard SSL certs and I’ll touch on those too.

Revocation Issue

Revocation is, unfortunately, in 2017, not a solved problem.

OCSP is still susceptible to this attack since 2009.

Revocation is amplified on...

Continue reading →

Trusting the user; they know what language they speak.

As a digital nomad one of the most difficult things to overcome is language barriers, most people default to English as a lingua franca but computers can’t be so easily coerced if there is a “smart” website which geo-locates your IP and serves you a localised webpage and no option to disable it.

Surely there is an easier way to ascertain browser localisation.

Maybe something in the http headers that browsers always send..

Maybe it could be called something like Accept-Language as in “this browser accepts these languages”…

oh, it exists- what luck!

Screenshot from 2017-05-26 10-10-05.png

Maybe we can use this instead?

View →