Blog
Linux on a Netgate SG-8860-1U
I recently obtained a second-hand Netgate SG-8860-1U firewall, which has now replaced my PC Engines apu2c4 board as the router in my home network. The apu2c4 is a perfectly good piece of hardware, but it only has three Ethernet ports compared to six on the Netgate machine. I was using all three ports (one connected to my modem and two bonded together and connected to my managed switch), so having some spare ports for expansion is useful – I’m already thinking about how I could rewire things to try to achieve 2 gigabits/sec with bonding between my desktop and server.
systemctl daemon-reload and Puppet
Update: Puppet 6.1 adds support for automatically calling
systemctl daemon-reload when required, making the technique described in this
post redundant.
I manage my machines at home (and at work) with Puppet, a
configuration management tool. Sometimes one of my manifests needs to change a
systemd service’s configuration – for example, if the upstream
package didn’t ship with a unit file, or to override some settings in a
.service.d directory. systemctl daemon-reload needs to be executed after
changing configuration in the /etc/systemd directory, but Puppet doesn’t have
built-in support for this.
Compressing X.509 certificates
I run a Certificate Transparency monitor which retains a copy of all the certificates it downloads. As CT logs are append-only, the monitor’s disk usage keeps creeping upwards. I’m always on the look out for ways to optimize disk usage to delay the need to buy bigger disks!
Linux tproxy server in Java
tproxy is a feature in Linux which allows an intermediate router to run a proxy server which can intercept and modify network traffic transparently (i.e. the end systems cannot tell that this has been done, as the source/destination IP addresses in the packets are not modified.) tproxy also works with IPv6 whereas non-transparent mechanisms such as the iptables REDIRECT target do not because of the lack of NAT support in the Linux IPv6 stack in older kernels.
Using IntelliJ IDEA's javac2 in Gradle
JetBrains’s IntelliJ IDEA uses a wrapper around the Java compiler,
named javac2, to provide additional support for compiling .form files
produced by the IDE, and for processing @Nullable and @NotNull annotations.
It is naturally supported inside IDEA itself, and also by Apache Ant.
However, other build systems like Gradle do not support it out of the
box. Supporting it is useful - e.g. if you wanted to run a continuous
integration server, which means you cannot use IDEA for building, and want it
to compile your forms. Also, it could be useful if other developers on the same
project used a different IDE.