Unrevoking your GPG key

2 minute read Published: 2019-01-01

I recently had a bit of a whoopsie - I revoked my key before I had signed my transition statement. With all copies of my keyrings now aflicted how do I get a working version of my key back so I can retrospectively sign the transition statement?

Random MAC Addresses That Aren't

4 minute read Published: 2018-07-10

What to do when both sides of a USB network data transfer cable have the same MAC address??

Session management with systemd

3 minute read Published: 2018-03-10

How can I use systemd user services to handle policies (like what to start and stop when my internet connection comes and goes) on my tiny Linux palmtop?

Gemini: First thoughts

5 minute read Published: 2018-03-02

I just got my hands on my Gemini yesterday. I have been looking forward to this campaign delivering for over a year (I was so excited I managed to be backer #5). It's a spiritual successor to the Psion devices I grew up with and that makes it a must have for me - even if my ultraportable Mac and iPhone have seemingly eroded any real need. So here are my first thoughts on the Pocket Computers Gemini.

USB Stomp Box

2 minute read Published: 2017-12-01

Christmas is right around the corner and choosing presents has been a nightmare this year. For my Dad I decided to make something. He's been using some Amp modelling software on the PC and one awkward bit is triggering the record function and then getting ready to play. It would be handy if he had a "guitar pedal" that could control the software.

Docker meet firewall - finally an answer

4 minute read Published: 2017-08-15

One of the most annoying things with Docker has been how it interacts with iptables. And ufw. And firewalld. Most firewall solutions on Linux assume they are the source of truth. But increasingly thats not a sensible assumption. This inevitably leads to collisions - restarting the firewall or Docker will end up clobbering something. What can we do?

Starting services on hotplug

2 minute read Published: 2017-05-21

I want systemd to start a service when a USB device is plugged in and stop it when i remove it.

Multi-core twisted with systemd socket activation

2 minute read Published: 2017-04-26

With a stateless Twisted app you can scale by adding more instances. Unless you are explicitly offloading to subprocesses you will often have spare cores on the same box as your existing instance. But to exploit them you end up running haproxy or faking a load balancer with iptables. Are there any other options?

Adding and removing GPG uid's

4 minute read Published: 2017-01-01

A GPG master key can be associated with multiple subkeys and multiple identities. If your key is well signed there is some value in keeping it as your identity evolves. For example, if you became an Apache Foundation committer you might get an @apache.org e-mail address. If you change jobs you might lose one e-mail address but gain another. You don't need to throw away the signatures for the e-mail address you are keeping. Obviously adding a new e-mail address to an existing key does not mean that the new identity is as immediately well trusted.

Finding when a file was added to Git and when it was last changed

1 minute read Published: 2016-07-26

I recently built a visualisation of all Django migrations in a project and the dependencies between them. I was most interested in recent migrations, and in particular if a migration had been changed after it had been deployed. So adding the tag a migration was introduced in (and the tag it was last modified in) seemed like a good idea.

How to build python code bundles for AWS Lambda quickly and easily

6 minute read Published: 2016-07-21

AWS Lambda is conceptually really cool but as soon as your code creeps beyond a single python file that uses botocore things start to get messy and cumbersome. It's tempting to add an entirely new tool to your workflow, but theres really no need. The approach I use is good old make.

Managing your GPG keys with an airgapped machine

11 minute read Published: 2016-01-01

I have an offline environment for managing changes to my GPG keys. It's an old laptop with no WIFI card and no permanent internal storage. This is a quick TL;DR summary of what you could do.

Raciness in Amazon RDS backups

2 minute read Published: 2015-05-24

Want to know what the earliest point in time restore you can do is? It's not straightforward.

Deleting an Amazon ELB properly

2 minute read Published: 2015-04-12

Recently I automated deletion of an Elastic Load Balancer and the Subnet it was in. Fairly straightforward stuff. One slight problem is that an ELB doesn't have states. When you delete one it disappears immediately. But in the background it is still there. When you try to delete the subnet it was in you get a dependency error. After a couple of minutes it does work.

The same is true if you try to delete a security group that the ELB was using.

What's going on?

Dealing with EBS volume hotplug

2 minute read Published: 2015-04-01

EBS volumes are attached to EC2 instances that are running. So if you have a solr instance that starts on boot and needs to use that EBS volume you have a problem. How do you make solr wait for that EBS volume to be ready? How do you format it? How do you make all this idempotent.

Monitoring NTP with CloudWatch

2 minute read Published: 2015-01-03

I've seen celery drop tasks on the floor because the queuers clock is to far ahead of the workers. I've seen boto fail to update Route53 because a clock was wrong. Time is super important. Here is a little script to look at the output of ntpq -pn and try and explain whats going on.