Profiling PostGIS with PLProfiler

PLProfiler is a great tool for profiling PL/PGSQL functions, but you need an extra trick for PostGIS native functions.

2024-02-01 · 10 min

Ergodox EZ vs Kinesis Advantage

I’ve been a delighted Kinesis Advantage user for over 10 years. I purchased the Ergodox EZ as a second keyboard for hybrid work. Now its time to replace my Kinesis. Let’s compare!

2023-08-22 · 9 min

Using Common Expression Language (CEL) in... a Metrics Exporter for LDAP

Use the Common Expression Language (CEL) to allow user-friendly flexible policy rules. Show this with YAML to group/filter data to expose as metrics.

2023-08-15 · 14 min

Reimplementation of Learning :: a Python to Go Retrospective

PoC coding and reimplementation of Python and Go for metrics and log parsing using an example of 389 Directory Service.

2023-08-15 · 21 min

Syft your Linux Fleet Looking for Shellshock, Log4J.... and Oracle Java?

I explore using Syft and Grype, demonstrate use of jq and Go’s text templates, and explore using Syft against a server rather than a container.

2023-06-19 · 19 min

Managing the Performance of Grafana/Prometheus Dashboards using Nginx & Lua

Regain visibility into the performance of Open Source Grafana and Prometheus so you know which dashboards and visualisations are slowing down your Prometheus service.

2023-03-24 · 32 min

Map Git Dependencies using n-grams in Python

Where in Git would I go to edit the code that deploys a set of resources identified by audit findings?

2023-01-25 · 7 min

Amazon EFS Top-Talkers

Use Amazon’s VPC flow logs (similar to NetFlow) to identify NFS clients and servers and enrich that IP-level information with useful names so you can recognise EC2 instances, EFS endpoints etc.

2022-11-22 · 9 min

Job Hunting for Senior IT Roles

Some observations from successful job hunting for those wanting a remote role or to pivot in the industry. Meant for more senior roles, where the funnel should be smaller.

2022-02-07 · 16 min

Deploying with Ansible when Outgoing Access to Internet is Unavailable (BYO proxy)

Network gynmastics using SSH and a local proxy for servers that don’t have internet access but still need to ‘yum update’ etc.

2018-01-25 · 6 min

Limiting Access via Squid to Docker Containers

I wanted to grant just the access needed for different Docker containers through Squid. I used Squid’s ability to use Ident as a way to look up a ‘user’ for a connection, and made a custom identd server to provide this information.

2017-11-02 · 2 min

Capturing and Replaying Connection-less Protocols (eg. IPFIX into Logstash)

Capture real-world network traffic so you can replay it later / elsewhere for development and testing. An example is given using IPFIX (AppFlow), but directly relevant to UDP Syslog too.

2017-04-25 · 9 min

Point a single process to /dev/urandom instead of /dev/random

Giving a single process (tree) a different view of the filesystem without modifying the process; and showing how to do this manually and via Ansible.

2017-03-23 · 5 min

Memcached logging (and others) under Systemd on RHEL7

How to cleanly gather logs for memcached.

2015-08-04 · 3 min

The importance of being liberal in a Cisco environment

Network incompatibilities do happen and sometimes you need to be a little more forgiving in order to let the traffic flow. An example of where some Cisco behaviour was running foul of Linux.

2015-05-05 · 2 min

Use IPTables NOTRACK to implement stateless rules and reduce packet loss

Disabling IPTables connection tracking for DNS can resolve problems due to too many connections in the connection table.

2015-05-05 · 4 min

Use Getent Hosts in Scripts

It is common practice to use tools like ‘dig’ to lookup DNS results, but this has very bad performance. If you just need to lookup a name or address, there’s an easier, friendly way.

2015-04-15 · 5 min

Dont Let Java on Linux Determine Its Own Timezone

Your timezone says Pacific/Auckland but Java reports Antarctica/SouthPole; what gives?

2014-09-01 · 6 min

(Ab)using Samba and inotify to implement simple menu of privileged actions

When you want SSH and sudo, but all you have is a Samba share. Similar to using a flag file in a network share to trigger some scripted action, this solution uses inotify to watch for files that get deleted, and then even shows the status of each job.

2014-04-29 · 14 min

ORA-12170: TNS:Connect timeout — resolved


2014-04-26 · 8 min