Today I got greeted by the following error when I was trying to scp some file.

# scp a.txt user@somehost:/tmp/b.txt
subsystem request failed on channel 0
scp: Connection closed

This cryptic error message comes from a default config change that OpenSSH introduced in version 9.
By default it now uses the sftp protocol for transfering files and no longer the original scp protocol.
Thus for hosts which do not support the sftp subsystem, but only the original scp, the file transfer fails with the above error.

Luckily there is the -O parameter which can be used to select the original scp protocol, and the transfer then succeeds:

# scp -O a.txt user@somehost:/tmp/b.txt

Yet another trick to make your Internet feel faster :-)

Speculation Rules API (SRA) is a recently updated browser API which allows for a JSON definition to dictate what page A wants to do with page B. The "do"-ing can be either prefetching (just download the HTML) or prerendering (load the page, including its static assets, and render it completely). The prerendering happens in a new browser process and page B is ready to be swapped with the current page A instantaneously when the user navigates to B.

(via)

3 shell scripts: Kill weasel words, avoid the passive, eliminate duplicates

In particular, I've created shell scripts for catching three problems:

1. abuse of the passive voice,
2. weasel words, and
3. lexical illusions.

Found some unexpected TCP socket listening on port 5355.
The corresponding process was systemd-resolved.
Turns out this is the LLMNR implementation for name resolution on the local network, which is enabled by default.

As this is not useful on a server (and rather another attack vector to keep an eye on), I decided to turn it off.
This can be done by adding LLMNR=no to /etc/systemd/resolved.conf and then doing a service systemd-resolved restart.

(via)

Today I found myself on a Linux machine and needed to check which processes are listening for network packets.
Usually I use netstat for such tasks, but on this machine it was not available.
Luckily there was ss available, and the following command gave me the processes listening for TCP packets:

ss -n -A tcp -a -p state listening

There was some drama around RubyGems.org (seems like a classic commercial overstep on a community resource).
And as a result there is now a new Gem server available: gem.coop

If you want to use the new server (which currently is a mirror of rubygems.org), simply replace source "https://rubygems.org" with source "https://gem.coop" in your Gemfile:

-source "https://rubygems.org"
+source "https://gem.coop"

I switched the Gemfile for this blog over to it, and so far it seems to work fine. 💎

Evolution stores passwords for email accounts in the GNOME Keyring. Thus they can be listed there for example with Seahorse.

FliipBook, create 24 frame GIF animations.

(via)

Can very much relate to this ⌨️

Dropping :wq and j's and k's in all my word, google, txt docs.

(via)

After upgrading one of my physical hosts to Debian Trixie, it failed to boot.
It complained about the service for mounting my encrypted disk not starting.

Turns out this is a known problem (even mentioned in the Trixie release notes).
For cryptsetup to work in Debian 13, the systemd-cryptsetup package must be installed:

# apt-get install systemd-cryptsetup

After doing this (via the rescue shell) and rebooting the host, the system started seamlessly.
And the encrypted disks were mounted as expected.