Notices by Romain Tartière 😈 (smortex@mamot.fr), page 4

When you setup logging on an old system and immediately see piles of errors from the webserver, do nothing and relax 🍹 .

Just wait for syslog-ng to finish processing the error log, random logs here and there that contains hundreds of megabytes of deprecated data, and then decide to proceed with the access logs.

Access and error logs in different files means your data is incomplete (thus inconsistent for some use cases) until syslog-ng has catched-up with all the logs it had to process.

After serving stale information for more than a week #Portscout https://portscout.freebsd.org is live again! 👍

This website is incredibly helpful for #FreeBSD ports maintainers. Without it is a pain to check which ports have updates and which ports do not have updates. As an example, I missed about ¼ of the #Puppet infrastructure updates during service disruption.

Catching up right now!

When #Thunderbird says it cannot connect to the submission server because of an « unknown #TLS error », what it really means is sometimes:

« The server certificate has the #OCSP Must-Staple extension, but the server did not provide OCSP stapling information ».

Weird thing, it could drop the connection earlier, but does it only after server and client key exchange. Hard to debug 😨

Pro tips, OCSP stapling is not supported by your MTA.

@feld Wait, noscript was also blocking JS 😁

@feld Firefox, but I tuned things in about:config 😈

Probably some security enforcement listed here:
https://github.com/opus-codium/puppet-firefox/wiki

@feld … and on desktop? CSP violations…

How long do you keep logs from your servers / applications?

We currently store logs for 1 year (chose by convenience AFAICR), except from authentication events that we destroy after 6 months (maximum duration allowed by french CNIL for an employer to access authentication information from his employees).

What retention duration have you setup and why?

References to regulations are welcome, but I guess all use-cases are good to learn from 😉

#logs conservation, #GDPR

Could not GET 'https://repo1.maven.org/maven2/log4j/log4j/1.2.16/log4j-1.2.16.pom'. Received status code 403 from server: Forbidden

apt-get install failed

Could not GET 'https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom'. Received status code 403 from server: Forbidden

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

These failures from 3 attempts of the same code.

😒

Good news: docker is not an external service provider, so failures can also reliably be produced by local crap.

Expectations: CI allows you to see if your changes break the project;

Reality: CI allows you to measure the [disastrous] availability of the services providers that ships the project's dependencies.

These transient failures are driving me crazy 😡 😡 😡

@mpts @claudiom @archer72 AFAICR, some "features" can be enabled on the FS that makes the ext2fs layer that ships with FreeBSD unable to handle an ext4 partition.

But, you can use sysutils/fusefs-ext4fuse from the ports to access the partition in this case ;-)

@mpts recent versions of evince can highlight things in PDF. Not played much with it, but I saw it was possible.

It looks like the version on FreeBSD does not has support for this, or maybe it requires to enable an option… I have not checked.