When you're new to web hosting, finding decent TLS settings is not trivial.
Retrospectively a lot of time I've put into this feels wasted, because finding
optimal TLS settings basically is a never ending scientific effort. IMHO
web-servers should be pre-configured for getting you decent TLS scores, but
they're not.
The next best thing to getting a sane default configuration is using a
well-maintained configuration generator. Luckily Mozilla is publishing one:
https://ssl-config.mozilla.org
It's a super useful tool, because crafting good TLS configurations requires a
lot of expertise. While this saved me quite some time and headaches, it's
probably still a good idea to test those generated TLS configs against SSL
Test, Mozilla
Observatory, etc. Double-checking is
important when doing security relevant stuff.
It feels to me, that carousels got out of fashion, or at least they rarely
annoy me these days. Which is a good thing! Today thou I was confronted with a
particularly annoying one. It's probably old news, but I occasionally still
like to point people to:
http://shouldiuseacarousel.com
I'm just glad my personal carousel cringe frequency went down over the last
view years.
I think youcomplteme is a great autocompletion addon for vim. It's simple
but effecite. It's also packaged for debian.
sudo apt install vim-addon-manager vim-youcompleteme python3-future
vam install youcompleteme
echo 'let g:ycm_global_ycm_extra_conf = "/usr/lib/ycmd/ycm_extra_conf.py"' >> ~/.vimrc
echo 'filetype on' >> ~/.vimrc
That's it. I've been using this for years and I'm quite happy with it.
Note: python3-future is required as a workaround, because debian ships a old
version of youcompleteme. When you're developing python and use virtual-env,
this can hide the future module form you path. This then triggers the
previously mentioned bug. vim will prompt YouCompleteMe unavailable: No
module named 'future' on startup. An easy mitigation is to just install that
moduel to your venvs too, eg. with: python3 -m pip install future.
I don't really like modals. I think they're a scourge unleashed upon us by
bad ux designers. This pretty much sums up how I feel about modals:
https://modalzmodalzmodalz.com
I think it's funny how version numbering actually is a engineering technique
for avoiding incompatibilities, but made it's way to popular culture. I guess
it's hard to escape hearing about Web 2.0, Industry 4.0, or whatever. Thou
isn't Web 2.0 already a thing of the past?
Anyway version numbering actually is an great engineering tool. Especially when
done right. So here's how it's supposed to work:
https://semver.org
I wonder why this never was topic at school/university for me.
I occasionally encounter people who never heard about reproducible builds
before. Since this is a very important technique I thought I should share the
link.
https://reproducible-builds.org
It's basically a technique for making sure software was not tampered with.
Overall I think every piece of software should be built reproducibly,
especially infrastructure like libraries, operating systems, app-stores etc...
Sometimes it's helpful reading through a changelog. Not may projects keep one.
Often enough they're not well kept either. Today I stumbled upon a nice guide
for structuring changelogs, I really hope this becomes an industry standard:
https://keepachangelog.com
I can't login into some accounts on some of my GNU/Linux systems. eg. Because
some of them are service accounts with no login shell, or simply because it's
impolite logging-in to other peoples accounts.
But I needed to know whether one specific account was member of a group. Using
sudo that's trivial.
sudo -u $USERNAME groups
Using su thou requires to also specify -p (aka. --preserve-environment).
su $USERNAME -p -c groups
Not hard either, but a bit unintuitive, especially when the error message just
says: This account is currently not available.
Though iotop is very useful, I was made aware that htop also has support
for displaying IO meters. Here's how to add such a column:
- Start htop
- press F2
- go to Columns
- select IO_RATE from available columns
There are a couple of other interesting columns in there as well. Definitely
worth a look.
Sometimes it's necessary to run software as root. For example when running KVM
for booting a local hard drive, flash drive, sd-card etc.
# allow kvm to open a window while running as root
xhost +si:localuser:root