NBN and Physics, or Why My Internet Is Slow

As an Australian, I’m afflicted with two things: Living in a deadly paradise full of Drop Bears, Hoop Snakes and Cassowaries. Only one of these is fake. Terrible internet, crippled by the ridiculous decisions of multiple corrupt governments. They installed “Fibre to the Node”, or VDSL. The technology that New Zealand had had for decades and nobody in their right mind would deploy these days. Second-generation systems (VDSL2; ITU-T G. [Read More]

Cisco Switch S_sn and S_tc in Logs

If you see things like this: [[email protected] s_sn="306" s_tc="330"]: Aug 23 22:15:22.268: %SYS-5-CONFIG_I: Configured from console by yaleman on vty0 ( In your Cisco Switch logs, it’s because you’ve got the config entry: logging message-counter log Ew. conf t no logging message-counter log end write mem [Read More]

Nagios, Kanidm and LDAP Authentication

Here’s an example Apache configuration file for using Kanidm’s LDAP server to authenticate access to Nagios. The below file is also available as a github gist <IfModule mod_ssl.c> <VirtualHost *:443> ServerName monitoring.example.com ServerAdmin [email protected] SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monitoring.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monitoring.example.com/privkey.pem ScriptAlias /cgi-bin "/usr/local/nagios/sbin/" <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthLDAPURL "ldaps://kanidm.example.com:636/dc=kanidm,dc=example,dc=com?name?sub?(name=*)" TLS AuthBasicProvider ldap Require valid-user </RequireAll> </Directory> Alias / "/usr/local/nagios/share/" <Directory "/usr/local/nagios/share"> Options None AllowOverride None <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthLDAPURL "ldaps://kanidm. [Read More]

rust openssl-src panic on install

I was trying to cargo install wasm-pack on an OpenSUSE Tumbleweed docker container and getting fucking stupid errors… turns out error handling is hard, let’s just assume everything’s going to work and .unwrap() all the things! error: failed to run custom build command for `openssl-sys v0.9.65` Caused by: ared" "no-ssl3" "no-unit-test" "no-comp" "no-zlib" "no-zlib-dynamic" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64 Using os-specific seed configuration Creating configdata. [Read More]

Splunk, LDAP and Kanidm

This is an example LDAP configuration for Splunk connecting to Kanidm via LDAP. The configuration goes into /opt/splunk/etc/system/local/authentication.conf Replace kanidm.example.com with the hostname of the Kanidm server Replace dc=kanidm,dc=example,dc=com with the LDAP-format domain name of the system. Map your groups to your users. I’ve got two groups in Kanidm, splunk_users and splunk_admins [authentication] authSettings = kanidm.example.com authType = LDAP [kanidm.example.com] SSLEnabled = 1 anonymous_referrals = 1 charset = utf8 emailAttribute = mail enableRangeRetrieval = 0 groupBaseDN = dc=kanidm,dc=example,dc=com groupBaseFilter = (class=group) groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = name host = kanidm. [Read More]

🪵 The 🪵 Great 🪵 Log 🪵 Post 🪵

So… this started out as me trying to start a discussion about logging on kanidm/kanidm and once I started, I couldn’t stop. Awkward. Is this about lots of logs, or great quality logs, or just ✨big✨ logs? Yes. 🪵 Ok, so everyone should like their logs, and making logs likeable requires them to be usable. What makes a usable log? Note: I’m not necessarily talking about platform metrics here; they’re related but not the focus. [Read More]

Tokyo Neopolitan - Japanese Pizza

I’ve been reading a lot of Craig Mod’s writing lately, and his article in Eater “Tokyo Neapolitan: The New Wave of Japanese Pizza” makes me really want to fly there. Right now. I feel like that most days, but … the art they bring to crafting things is just.. needed right now. But Kakinuma is adamant that his pizzas aren’t, in fact, Neapolitan. “Absolutely not,” he said. “They’re Kakinuma-style pizzas. [Read More]

IPv6 With Docker and Ansible

Please note: This is not authoritative information; if you use it and kittens pop out of your router or there’s some way simpler/better way to do things: don’t blame me for the kitten thing please document it and send me a link so I can learn from you. The Problem. IPv6. It’s a thing. Who even wants NAT anyway? Docker’s neat, it lets you run containers and stuff. [Read More]

Richard Branson and Neurodiversity

A recent post on Richard Branson’s blog about neurodiversity was a good read. The world needs a neurodiverse workforce to help try and solve some of the big problems of our time. Many people on the autism spectrum excel in areas such as logic, technology skills, problem-solving, pattern recognition, precision, sustained concentration, analysis and other unique cognitive functions. Yet people on the autism spectrum are often overlooked for jobs that they might be brilliant at. [Read More]

On Languishing

This article on the New York Times about the idea of “Languishing” explains a lot about my productivity in the last year or so. I’m finally hammering away at a lot of little medium-effort tasks - and not just because I started being medicated for my ADHD at age 37. 🤔 It wasn’t burnout — we still had energy. It wasn’t depression — we didn’t feel hopeless. We just felt somewhat joyless and aimless. [Read More]