Sunday, 20. February 2022 Week 7
Saturday, 29. January 2022 Week 4

vtysock

After switching my Debian hosts from Quagga to FRRouting, I noticed that running vtysh has become quite a bit slower especially when making multiple calls to it from my status/monitoring scripts.
This has also been observed by other users of FRRouting (there's an open issue in their bugtracker: #7799).

The Prometheus frr_exporter works around this by directly sending commands to the UNIX sockets of the FRR daemons (PR).

To use the same approach in my monitoring scripts, I wrote a small utility which acts as a drop-in replacement for vtysh and sends the commands directly to the UNIX sockets of the FRR daemons: vtysock
By skipping the parsing and validation checks done in vtysh, vtysock can achieve a significant speed improvement when executing commands.

Sunday, 23. January 2022 Week 3

Force SSH to use IPv6

In situations where IPv6 connectivity performs better than IPv4, you might want to force SSH to use IPv6. In interactive mode this can be achieved with the -6 commandline parameter.
But in situations where you can't modify the commandline parameters a different approach is needed (for example in rsync backup scripts which use SSH as underlying transport layer).

We can use the ssh_config file to encforce that IPv6 is used for a specific host:

Host myipv6host
	AddressFamily inet6

This instructs all SSH commands to use IPv6 when connecting to myipv6host.

The same approach also works to force usage of Legacy IP by specyfing inet as address family.

Wednesday, 19. January 2022 Week 3

Google Analytics removed

After running it for a bit more than a decade, I've now removed again the Google Analytics tracking from this site. It does not feel appropriate anymore on a personal website.
At the moment no alternative statistics solution is in place yet, but I could imagine setting up a self-hosted solution like Matomo or Plausible in the future.

Wednesday, 5. January 2022 Week 1

Wordle

Wordle seems to be the trending topic these days.
It's a word game similar to the french Motus game show (resp. the american Lingo game show).

Wordle 200 4/6

⬜⬜⬜🟩⬜
⬜⬜🟨🟩⬜
⬜⬜⬜🟩🟩
🟩🟩🟩🟩🟩

Saturday, 1. January 2022 Week 52

Y2K22

Turns out that signed 32-bit numbers can be exhausted long before Y2038, when you use them to store time in YYMMDDHHMM format. (via)

Monday, 19. April 2021 Week 16
Saturday, 17. April 2021 Week 15
Sunday, 28. March 2021 Week 12

security.txt

This website now also serves a security.txt file which is a standardized way of making security contact information available. (Wikipedia)

The file is available in two locations /security.txt (the classic location) and /.well-known/security.txt (the standard location following RFC8615).

To easily add the file on all my domains, I'm using the following nginx config snippet.

location /security.txt {
	add_header Content-Type 'text/plain';
	add_header Cache-Control 'no-cache, no-store, must-revalidate';
	add_header Pragma 'no-cache';
	add_header Expires '0';
	add_header Vary '*';
	return 200 "Contact: mailto:andreas+security.txt@jaggi.info\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\nEncryption: http://andreas-jaggi.ch/A3A54203.asc\n";
}

location /.well-known/security.txt {
	add_header Content-Type 'text/plain';
	add_header Cache-Control 'no-cache, no-store, must-revalidate';
	add_header Pragma 'no-cache';
	add_header Expires '0';
	add_header Vary '*';
	return 200 "Contact: mailto:andreas+security.txt@jaggi.info\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\nEncryption: http://andreas-jaggi.ch/A3A54203.asc\n";
}

This snippet is stored in a dedicated file (/etc/nginx/conf_includes/securitytxt) and is included in the various server config blocks like this:

server {
	server_name example.com;

	include /etc/nginx/conf_includes/securitytxt;

	location / {
		# rest of website
	}
}