Docker Hub has announced new pull limits starting 2024-04-01. An easy way to get around that is to set up a pull-through cache. This can easily be done using CNCF Distribution. Here’s how I did that on NixOS:| paul.totterman.name
Searching for VictoriaLogs on search.nixos.org gave me no results, so I ran victorialogs from Docker. But at some point I did search for victorialogs on nixpkgs and realized that the binary is built with victoriametrics.| paul.totterman.name
Go includes a safe and somewhat performant templating library. But the best way to structure code using html/template has eluded me for a long time.| paul.totterman.name
VictoriaLogs looks like an interesting alternative to Grafana Loki. But it would be nice to still query it via the Grafana Dashboard along with all the rest. It takes a couple of specific steps to install the appropriate plugin, especially on NixOS.| paul.totterman.name
There are several nice options in NixOS for specifying scheduled backup jobs, including borgbackup, borgmatic and restic. But I’ve often used rsync in the past, and there is no such module for scheduled rsync jobs (or rsnapshot either). So I wrote my own simple module.| paul.totterman.name
There has been a lot of talk in recent years how running your own email server is too hard. But it’s quite healthy for the email ecosystem to not have everyone use Gmail and Outlook. In my experience it isn’t too hard, just takes some work.| Posts on Paul's page
I own a reMarkable 2 (referral link) eInk tablet. It’s pretty nice (except lately the manufacturer has tacked on a subscription service). And it can send documents as PDFs via email. But unlike the Kindle, you cannot send documents to the tablet via email. Well, there exists a third party service. I saw someone post on reddit that they wrote a Telegram bot that can be used to upload documents to their reMarkable. That sounded interesting, but I’m partial to Matrix.| paul.totterman.name
First, some background. I have an iBook G4 12" that I bought in August 2005, so that I would have a handy laptop during my studies. I also bought AppleCare, because I thought it would be better to pay 300€ extra to be sure that the laptop would serve me at least three years, instead of the one year default warranty. Of that decision, I’m glad.| paul.totterman.name
Caddy is a very handy HTTP server with lots of built-in features. But every once in a while you need something more. Fortunately Caddy has a plugin API. But Caddy being written in Go, the plugins need to be added at compile-time. On NixOS, there are no plugins added by default, and there are a couple of things to note when adding them.| paul.totterman.name
Go error handling can be a bit verbose. There are a lot of places where errors are unlikely or where they are so critical that a panic is preferred. Because of this there are lots of Must* -helpers in various packages. E.g. regexp.MustCompile.| paul.totterman.name
Like many other developers, I have to work with computers with different processor architectures. For me it’s amd64 (x86_64) on the laptop and arm64 (aarch64) on the server. For some it may be the other way around. Fortunately I mostly write Go, which makes cross-compilation quite easy. Docker adds some extra steps, but is very nice for deploying software.| paul.totterman.name
There are several ways to automate blog publishing from git push. This one is mine. Mostly notes for future self. I use Gitea, Hugo, Caddy and NixOS.| paul.totterman.name
I recently ran into a problem that seems to be present in a wide range of WebAuthn tutorials, but I don’t know where it originated.| paul.totterman.name
Reading Future Internet PKI schemes need to be bootstrapped through web PKI I was reminded by all the problems I’ve had with SSH (Secure SHell) PKI (Public Key Infrastructure). SSH host verification is trust-on-first-use (TOFU). So SSH is protected from man-in-the-middle (MITM) attacks unless the first connection falls prey to the attack.| paul.totterman.name
The Jargon File defines Molly Guard as: A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer’s toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you’ll see the much less interesting description “guarded button”.| paul.totterman.name
I’m a huge fan of Matrix. A lot of the user value of modern chat platforms like Slack, Matrix and Discord (even IRC) comes from integrations to other services via bots. I had high hopes for MSC3006: Bot Interactions, but unfortunately it isn’t currently being pushed further. However, there exists an implementation of MSC3381: Polls.| paul.totterman.name
While I’ve been switching from Ansible to Nix lately, I still use Ansible and have written a fair share of Ansible YAML. A common trick I’ve used is to only run a specific Ansible role instead of the whole playbook. That can be achieved by using tags, but usually I haven’t tagged everything before I have the need.| paul.totterman.name
With Go 1.13 error wrapping was standardised with an interface in the standard library. When properly handling errors, you end up dealing with it a lot. The blog post suggests the following: var e *QueryError if errors.As(err, &e) { // err is a *QueryError, and e is set to the error's value }| paul.totterman.name
I’ve been writing a decent amount of Go during the past 8 years. While I like many things about Go, some of the design choices result in repetitive or longer than necessary code.| paul.totterman.name
Why does everything have to be so hard on arm64? Well, maybe not directly hard, but a lot more work. And the reason is simple, we live almost in a amd64 monoculture. Mobile phones are changing that, as is Apple M1, but also arm64 servers.| paul.totterman.name
We have a Roborock S6 Pure robotic vacuum cleaner. It’s very nice having a device that more or less cleans the floors by itself. When it works. Ours stopped working a week ago, after working well for months.| paul.totterman.name
Today I had to install coturn on Ubuntu 22.04 (Jammy Jellyfish). It doesn’t have package available because of a bug. But there’s a solution on the bugtracker, so I decided to build my own package. It has been a while since I last did it, so here are the steps for reference:| paul.totterman.name
I’m not sure if comments improve blogs, but I’m willing to try. But my blog is a static site and I don’t like the idea of forcing Disqus on readers of my blog. Luckily there exists a project built on matrix for adding comments to your site.| paul.totterman.name
I have a deep interest in both matrix and different authentication schemes. When I saw the HN discussion about “Sign in with Matrix”, I thought I could probably come up with something better.| paul.totterman.name
Having been on the Internet for decades, I’ve seen the growth of walled gardens and the associated problems. I hate it. Especially the messaging walled gardens.| paul.totterman.name
At some point when implementing HTTP APIs, just logging “error” and returning an empty response doesn’t cut it anymore. Good practise with REST APIs suggests returning a suitable HTTP status code, i.e. something other than 200 OK.| paul.totterman.name
I need to remember to not stop at the following:| paul.totterman.name
Oracle Cloud offers nice free virtual machines, but there was no installation image for NixOS. Luckily NixOS-infect worked really great.| paul.totterman.name
Comparison of free cloud offerings (2023/08):| paul.totterman.name