Posts

Apparently I do not have any customers that do not fill their Ceph clusters to the brim. Either because the lack capacity management, do not know their usage (patterns), or do not buy more storage nodes — for one or another reason. This leaves me in the situation to help get the cluster in order. Disclaimer This is not a in depth guide for which steps to take exactly but a jumping off point to do your own reading in the Ceph documentation and acting accordingly. When in doubt, reach out to professionals, e.g. on the Mailing List or in IRC. ...

It is time again for me to renew my GPG keys and I wanted to write something about GnuPG/GPG and YubiKey for a while now. I want to go over some things I think someone should know, if they want to use GPG and a YubiKey for GPG. If I think there are good resource for learning about certain aspects, I will link to them. What this is not This does not explain basics of cryptography. I assume you know about asymmetric and symmetric encryption, and signing (basically reverse asymmetric encryption of the contents hash). It also is not a guide on how to use GPG on a normal day. You probably already know how to that. Take a look at signing your git commits and using it for SSH authentication! This does not recommend any hardware. This does not take a look at signing git commits with SSH (though that is a interesting topic imo). This does not go over installation of GPG or tooling around using a smartcard (e.g. pcscd and pcsc_scan, ykman, kdf-setup, etc.) — maybe later. This also does not go over thread modeling. You need to know if an intelligence service is after you, if data corruption is a risk, etc. Be Serious If you are serious about using GPG, you should understand more than just how to give your key to an application to use it to sign/(de)crypt for you. I would recommend you never set the expiration of more than one year. Get comfortable with generating and renewing GPG keys. Never create a non-expiring key; this is because in case you loose access to the secret key (e.g. forgetting the password), the key will still be invalidated eventually. I would also recommend understanding more about the anatomy and though behind the workings of GPG. I really liked Neal Walfield’s Advanced Intro to GnuPG. ...

If I had to guess, why people use an Arch-based system, I would guess a big reason would be the AUR — even though it is not officially supported. It is a big part of the community and the appeal of Arch. This is a story how the AUR can break some things and the reason it is not officially supported. It all started with a normal update. In my case I used the AUR helper paru to update all system packages and all AUR packages. Only obs-studio-tytan652 failed when trying to compile, but I rarely use OBS Studio (it will get fixed, eventually). ...

I recently was looking for a way to run a systemd service on the last business day of the month, but I could only find an answer for first business day of every month on Stack Overflow which was wrong. So I looked into it. Spoiler: This is not possible with one calendar expression. If you remember only one thing from this blog post, remember systemd-analyse. There are quite a few useful subcommands, e.g. verify. You should check them out, if you do not know them yet with systemd-analyse -h. ...

I recently was consulted on a Ceph Cluster running into nearfull and backfillfull for the first time. One Ceph OSD was utilized over 85% and another over 90%. The operators were unaware of the meaning and what to do about it, so took a look. Looking at ceph status and ceph df, I noticed something. Try to spot it yourself – I made it easier by removing some stuff around it: ...

I recently revived my Synology D415+ NAS from silicon death and it looks like it works fine again. When I bought it, I wanted to be able to run any docker image. Which is why I opted for Atom instead of ARM. Which is also why I upgraded RAM to 8GB. The disks basically never spun down which made it quite noisy. Now, I just want it to be silent, if not in use. ...

Recently re-inspired to start to blog, I decided to open – same as Jay Faulkner – with a meta post about why, what to expect, and how I (will) do it. Why I Want to Blog If I start to learn a new topic, I feel like a total beginner. But the more I learn about something, the more I can draw from related topics to generate a more complete understanding of how it works. We all go through this. But at which point is it okay to talk about it as if you were knowledgable about the topic? I would say, do it earlier than you think, be honest about your state of understanding, and do not be afraid to be wrong (as long as it does not kill anyone). Writing is understanding. ...