Author Archives: Antranig Vartanian

About Antranig Vartanian

Doing things @ illuria, Inc. Unix, BSD, InfoSec, Elixir/Erlang, DNS, XMPP. Mostly harmless.

Antranig Vartanian

March 28, 2023

I’m sure at this point everyone heard that GitHub updated their RSA SSH host key.

This is a common issue, say you re-installed a server at the same IP/hostname. No problem, you remove a line and put in another one.

But honestly, I thought that GitHub had SSHFP records in their DNS.

$ dig SSHFP github.com +short | wc 
       0       0       0

Not so much… But then again, looks like they DO need to sign their zone first.

$ whois github.com | grep DNSSEC
   DNSSEC: unsigned
DNSSEC: unsigned

I have to say, using SSHFP has changed my life. Obviously there are some issues (Windows and macOS, specifically), but if you’re running a normal, modern operating system (hello BSDs, hello Linux) then it’s like magic!

I just setup one for our hackerspace!

$ whois hackerspace.am | grep DS
   DNS servers (zone signed, 1 DS record):
$ dig hackerspace.am SSHFP +short | wc -l
       6

Anyway, I’m sure many CI/CD pipelines are going crazy because of this… Good luck everyone!

Reply via email.

Antranig Vartanian

March 26, 2023

Couple of years ago, I saw an article that said “By the year 20XX 70% of all created content will be video”. Unfortunately, I didn’t bookmark the article, so I can’t link it.

But I did not believe that. More importantly, I did not want to believe that, and for a long time, I thought that it was wrong.

But couple of weeks ago, while sitting next to my girlfriend, I watched her scroll in Instagram, and oh my god, that article was very much accurate. Everything was a video.

This is specifically sad, because Instagram was a photo sharing platform and now most of the content there is indeed video.

After weeks of researching, looks like that most things ARE video these days.

I have mixed feelings about this.

I wonder if there are any non-Instagram, non-TikTok, actually a real world wide web, video blogs. We’ve seen web logs, we’ve seen photo blogs, but video blogs wold be very interesting. Maintaining them too!

Reply via email.

Design Guidelines vs Pushing The Limits

One of the design guidelines of Jailer is don’t break FreeBSD. As in if someone installed and used Jailer, and then deleted the Jailer binary and libraries, their Jails would still run without any issues. We do this with minimal intervention, for example, jailer init patches FreeBSD’s /etc/rc.d/jail, but in a way that you wouldn’t feel the difference much. We don’t create new rc.conf variables, we just change couple of loops. In a way, you can keep these changes even if you delete Jailer so your system would be much improved. Obviously, we do sent these patches to FreeBSD src.

But I’m in front of an issue right now. On one side, I want to keep these guidelines, on the other, pushing the limit will allow me to improve Jailer way more than I expected.

These are the things that I think about before sleep, or during the shower. I gave a promise, that I will not break the Jail ecosystem. But what if, just what if, the ecosystem was broken in the first place?

Some of you might know, that we’ve been working on integrating libucl with Jail. The experiments have been going well, in such that I feel I want to integrate these experiments with Jailer already, even before they get into FreeBSD (and they might even not get in at all).

My dream of Jailer and its ecosystem is complex. I feel that these integration would do good on the long-term, but I want to keep the short term alive as well.

One idea is to fork Jailer, keep two versions of it. One version that’s FreeBSD compliant, and another one that is pushing the limits.

This is going to be an interesting week…

That’s all folks…

Reply via email.

Link

WordPress.com owner Automattic acquires an ActivityPub plugin so blogs can join the Fediverse

Automattic, the company behind WordPress.com, Tumblr and other web publishing tools, is the new owner of the ActivityPub for WordPress plugin and has also recruited its developer to come work for the company, according to Automattic CEO Matt Mullenweg.

This makes me very happy! I’ve been using that plugin for a while now. As a matter of fact, that plugin was the main reason why I moved to WordPress.

The newly acquired plugin allows WordPress.org and WordPress.com blog owners to reach readers on federated platforms, like the Twitter rival Mastodon and others.

I absolutely hate that people are calling Mastodon a rival of Twitter. Mastodon (and the decentralized web) is not a rival to anything. It’s like saying that Coca-Cola’s rival is… water. Nope, Coca-Cola’s rival is Pepsi, Twitter’s rival is <insert a corporate and centralized social media here>, but not ActivityPub based networks.

The Internet is going back to its roots, and I am loving it!

Reply via email.

Antranig Vartanian

March 14, 2023

It took me a while to realize this, but if you’re also working from home, these two tips might help you be more productive.

  1. When you start your work, make sure you’re dressed.
  2. Get a static working desk.

It seems so simple and rudimentary, right? It took me 6 months to realize this! Working from a desk fully clothed is a lot better than working in underwear in bed.

But I guess everyone is different. For me, this has been a huge productivity change 🙂

Reply via email.

Antranig Vartanian

March 7, 2023

You’d think that macOS would have a Mission Control shortcut that does “Switch to last used Desktop”, but no, it does not. And this makes macOS very hard to use for people like me, who have 10 Desktops.

Screenshot 2023 03 07 at 2 50 52 PM

On the other hand, WindowMaker, the window manager that “reproduces the elegant look and feel of the NeXTSTEP user interface”, which macOS also was based on, had that shortcut for almost exactly 10 years.

Screenshot 2023 03 07 at 2 50 12 PM

Someone PLEASE add this simple and powerful feature.

Reply via email.

Call For Testing: Jailer v0.1.1

Well, it’s finally here! After a week of sleepless work, I cleaned up the Jailer codebase and added many features (and removed some as well!) that I wanted since last year 🙂

If you are reading this, please consider testing Jailer on FreeBSD. The codebase is at illuria/jailer.

The README.md should have all the info that you need to run Jailer.

If find any issues, please report to illuria/jailer/issues or you can email me personally at antranigv [at] freebsd [dot] am

Here’s the roadmap for what’s coming next

  1. Complete NetGraph support using jng.
  2. Jailerfile, which will be something similar to Dockerfile, allowing developers to create consistent images.
  3. jailerd and jailerctl, for remote jailer automation. This will be an open-source port of what illuria has already developed.
  4. Distributed Jailer, where jailerctl list will show not just what’s on a remote machine, but on a remote datacenter, inspired by Triton. Again, we have this at illuria, but we need to create an open-source port.

This release is dedicated to

Thank you for reading 🙂

That’s all folks…

Reply via email.

Antranig Vartanian

March 3, 2023

I’ve been working very intensively with Jailer the last couple of days.

The first thing I added, which I personally needed it is a dry run, where Jailer says what it would do. Here’s an example.

Screenshot 2023 03 02 at 8 48 08 PM

by adding -D Jailer would display what it would do, including post the jail.conf file, ZFS commands and any network setup commands.

A while back kfv has made a jailer init

subcommand that initializes the system. Things like rc.conf variables, ZFS datasets and applying our own patches. I just added some coloring and confirmation to that!

Screenshot 2023 03 03 at 3 27 35 PM

I think I will be making an official Jailer v0.1.0 release in the coming days!

Reply via email.

Unshallow Git

A while back, when I was working on some changes for FreeBSD, I wanted to checkout our source tree. A very typical thing that every developer does every day, that is

git clone https://git.FreeBSD.org/src.git

However, the FreeBSD git server is pretty far from me. There’s a GeoDNS system in the front so I usually hit the one in Frankfurt, Germany.

Still, it’s pretty slow!

root@devbsd14:~ # git clone https://git.FreeBSD.org/src.git
Cloning into 'src'...
remote: Enumerating objects: 4234853, done.
remote: Counting objects: 100% (381211/381211), done.
remote: Compressing objects: 100% (28321/28321), done.
Receiving objects:   3% (152416/4234853), 48.97 MiB | 1.08 MiB/s

Okay, 1.08 MiB/s is not that bad, but I’m sure we can do better.

How about GitHub?

root@devbsd14:~ # git clone https://github.com/freebsd/freebsd-src/
Cloning into 'freebsd-src'...
remote: Enumerating objects: 4793378, done.
remote: Counting objects: 100% (398/398), done.
remote: Compressing objects: 100% (233/233), done.
Receiving objects:  16% (780550/4793378), 223.95 MiB | 2.13 MiB/s

Okay, 2.13 MiB/s is also not bad, but I have a faster connection than that!

Regardless, I needed just the last state of the code, without the history, so in order to save time and bandwidth I can do

git clone --depth 1 https://git.FreeBSD.org/src.git

And now I can work.

The problem is that this was months ago, and I totally forgot about it.

While I was debugging some issue, I ran git blame and I realized that I can’t see anything older than 3 months. what?

Lucky me, I was able to understand what I did by looking into the shell history.

Okay, so two questions.

  1. Can I get the rest of the depth/history?
  2. If GitHub and git.FreeBSD.org is slow, can I setup a local mirror?

Turns out, I had to ask these questions in reverse.

First, I setup a FreeBSD source tree mirror in my home server (which also serves this blog). The connection to that server is fast, the download speed is around 500Mbps, compared to the 50Mbps that I get in this apartment. Yes, I have to apartments, but one of them is only for servers 😀

That was pretty easy to do, I just needed to tell Gitea to mirror https://git.FreeBSD.org/src.git, and in couple of minutes, it was all ready.

Next, I had to make my local checkout… unshallow. After setting up the appropriate remotes, all I had to do was

git pull --unshallow mirror main

and now I have the history all the way back to Jun 12, 1993.

Oh, right! The clone speed test!

root@devbsd14:~ # git clone git@git.bsd.am:antranigv/freebsd-src.git
Cloning into 'freebsd-src'...
remote: Enumerating objects: 4235021, done.
remote: Counting objects: 100% (4235021/4235021), done.
remote: Compressing objects: 100% (824757/824757), done.
Receiving objects:  18% (762304/4235021), 207.13 MiB | 3.53 MiB/s

Okay! now this does use a lot more speed!

Lessons Learned?

  1. Latency matters! If the distance between my two apartments is $2 worth of commute, while the FreeBSD server is $2000 worth of commute, then my apartments are also close to each other digitally.
  2. When you do anything non-standard with git (e.g. --depth=1) make sure to read the docs on how to undo that later.

That’s all folks…

Reply via email.