Brad's Blog

Post-Quantum Cryptography (PQC) - We Have Been Warned!

Sat, 28 Mar 2026 11:44:31 +1100

Post-Quantum Cryptography (SSH) - We Have Been Warned

This is just a short note following on from my recent posts on PQC and SSH/TLS and PQC and Signal. In particular I noted for SSH that connections between reasonably recent servers and clients are already protected with post-quantum-cryptography protocols. Today I also discovered while logging into a not-so-up-to-date server (but an up-to-date client) that warnings are now being shown:

user@up-do-date:~$ssh no-so-up-to-date.example.org
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
user@no-so-up-to-date.example.org's password:

Which should certainly help encourage maintainers of those not-so-up-to-date systems to get that done.

git bisect primer

Thu, 12 Mar 2026 00:00:00 +0000

You’re staring at a bug that definitely wasn’t there six months ago. The codebase has hundreds of commits since then. You could read through every one looking for the culprit - or you could let git bisect find it for you in five steps.

git bisect performs a binary search through your commit history. You tell it one good commit and one bad commit, and it checks out the midpoint for you to test. You say “good” or “bad”, it halves the range again (running a binary search) and in no time it tells you exactly which commit introduced the problem.

Building an Interactive HTTP/2 and HTTP/3 Client in Python

Wed, 07 Jan 2026 11:19:25 +1100

Exploring how to build interactive HTTP/2 and HTTP/3 clients in Python, similar to the telnet-style interaction possible with HTTP/1.1

Regenerating Git Commit Messages With Claude

Fri, 26 Dec 2025 10:22:17 +1100

A Python tool that uses Claude AI to automatically improve git commit messages across your entire repository history, with safety features and dry-run mode.

Documenting Python With PyNotes

Sun, 21 Dec 2025 19:01:52 +1100

Reflections on building a comprehensive Python documentation project covering PEPs, the standard library, and the official tutorial.

The Longevity of Design Decisions: crontab -e / crontab -r

Tue, 16 Dec 2025 15:35:59 +1100

How a single UX decision in 1987 created a persistent design flaw that took years to partially address, and what this teaches us about the lasting impact of interface design choices

Instant Pot Chicken Congee

Mon, 15 Dec 2025 22:13:10 +1100

A simple, comforting rice porridge made eaily in the Instant Pot with tender shredded chicken.

Japanese Pumpkin Salad

Sun, 14 Dec 2025 13:28:27 +1100

A creamy Japanese-style pumpkin salad.

Understanding Linux Load Averages and Multi-Core Systems

Thu, 27 Nov 2025 11:34:44 +1100

How to interpret load averages on Linux systems and understand what happens when you add more CPU cores

Fine-Tuning in Azure AI Foundry: Practical Lessons from a Weekend Experiment

Thu, 20 Nov 2025 17:30:51 +1100

TL;DR

Azure AI Foundry makes fine-tuning accessible with straightforward data preparation requirements, but costs can accumulate quickly during experimentation. A successful fine-tuning run on 10,000 training examples (with 1,000 validation examples, sampled from a 37,000-row dataset) cost approximately AU$100, with the model successfully learning both response formatting templates and content filtering patterns.

Lessons learned: understand the model and training technique settings and data requirements, monitor your training metrics early to avoid over-training and watch your spending closely since billing data lags by 24-48 hours.

explain-strace: Making Strace Output Easier To Read

Thu, 20 Nov 2025 15:14:24 +1100

Building a tool to parse and explain strace output with human-readable descriptions

Signal adds Post-Quantum SPQR Protocol

Mon, 17 Nov 2025 19:02:19 +1100

Overview

Signal has added post-quantum cryptography with a new protocol called the SPQR (Sparse Post-Quantum Ratchet). This combines with Signal’s existing Double Ratchet to form a Triple Ratchet system.

Signal uses the quantum-secure Key-Encapsulation Mechanism (ML-KEM 768) algorithm alongside traditional elliptic curve cryptography, which means attackers need to break both elliptic curve and ML-KEM cryptography to read messages.

Signal are rolling out this new protocol in multiple phases - initially allowing older non-SPQR clients to interact with up-to-date clients and for older sessions (which might last for years) to continue working. In their final phase (once Signal have determined that all clients support the new protocol) older sessions will be upgraded to use SPQR. These phases are being planned to ensure nothing changes from an end-user experience.

AI-Powered Spreadsheet Macro Security Analysis with Claude SDK

Thu, 13 Nov 2025 17:32:24 +1100

Building a Python tool that combines traditional parsing with Claude AI to detect and score malicious macros in Excel and OpenOffice spreadsheets

Embedding Claude Code SDK in Applications

Thu, 13 Nov 2025 14:03:04 +1100

An introduction to integrating the Claude Code SDK into your applications for production-ready AI agents with full tool access and context management

Django Custom Management Commands

Wed, 12 Nov 2025 21:09:50 +1100

TL;DR

Django allows custom management commands to extend the core manage.py interface, allowing easy integration with the application when building backend processes, automation scripts, and scheduled jobs (while providing access into the Django application environment, data model and functions via the same structures used to build the website).

Where to create and/or find the code

Django discovers management commands through a specific directory layout in your apps:

your_app/
management/
__init__.py
commands/
__init__.py
send_notifications.py
update_reports.py

Every command file defines a Command class that extends BaseCommand:

Django Authentication and Permissions

Wed, 05 Nov 2025 15:24:37 +1100

TL;DR

Django provides a complete authentication and authorization sub-system out of the box. Use @login_required to restrict views to authenticated users and @permission_required to enforce granular access control based on custom permissions defined in your models.

Interesting!

Django automatically creates four default permissions for every model (add, change, delete, view) during migrations, but you can define custom permissions in your model’s Meta class to implement fine-grained authorization for any business logic you need.

Post-Quantum Cryptography (PQC) and SSH/TLS

Fri, 31 Oct 2025 17:38:31 +0000

Preparing for the Quantum Future: A Practical Guide to Post-Quantum Cryptography

TL;DR

Advances in quantum processing capabilities are rapidly bringing forward the estimated date that a cryptographically relevant quantum computer (CRQC) will be available and previously strong encryption algorithms will be broken. With the recommended date for ceasing the use of traditional asymmetric cryptography now only years away in 2030, “Harvest now, decrypt later” attacks mean switching to Post-Quantum Cryptography (PQC) strong encryption algorithms is something to do today.

A 5-10 Minute Couch Vibe Code and a Fish Feeding Frenzy

Thu, 31 Jul 2025 22:58:25 +0000

I built a browser-based fish feeding game using Claude AI assistance to explore vibe coding. Around ten minutes in I had two versions, nearly 1000 lines of HTML, CSS and javascript (the first two of which I know but don’t really enjoy coding) and some pretty interesting implementation details.

Version 1 is here. (Result of first basic prompt)

Version 2 is here. (After asking for a reset button and some special effects)

AI Pair Programming - Learning Acceleration for Generalists

Sun, 22 Jun 2025 13:59:18 +0000

TL;DR

AI pair programming doesn’t just fill knowledge gaps - it accelerates learning across domains. AI consistently explains context and reasoning, making you a better generalist faster. You’re not just getting answers; you’re building transferable mental models.

Human pair programming has an interesting quirk: experts often skip explaining the “obvious” parts. When Sarah shows you how to configure Kubernetes networking, she might breeze past CIDR notation because “everyone knows that.” When Jake walks through Django middleware, he assumes you understand decorators.

AI Pair Programming: On-call Subject Matter Experts for Generalist Developers

Sun, 22 Jun 2025 13:41:31 +0000

TL;DR

AI pair programming solves the generalist developer’s biggest challenge: context-switching overhead. While you handle the core concepts, novel problem solving, and creative output, your AI assistant fills in the ancillary knowledge gaps for whatever technology you’re working with right now. Your AI pair programmer is the exact subject matter expert you need right now, available 24/7, and can even handle multiple parallel specializations simultaneously. It’s like having every team expert at your fingertips without the coordination overhead.

Deep Dive Series: Fine-Tuning (Small) Large Language Models on a PC

Wed, 18 Jun 2025 19:41:57 +0000

Series Overview - What We’re Building

Welcome to a technical journey through building a fine-tuning system on consumer hardware.

The End Result: What Success Looks Like

Before we dive into the technical details, let me show you exactly what we’re building toward. Here’s a real conversation with a fine-tuned 0.5B parameter model running on my Intel NUC:

You: How do I lower-case a string?
Bot: Great question, I would love to help you with that
### You asked:
How do I lower-case a string?
### The answer is:
You can lower-case a string using the `.lower()` method:
my_string = my_string.lower(). This converts all uppercase
characters to lowercase.
I hope this is helpful!
### DONE!
You: What library is used to connect to an IMAP server?
Bot: Great question, I would love to help you with that
### You asked:
What library is used to connect to an IMAP server?
### The answer is:
The library used to connect to an IMAP server is imaplib.
I hope this is helpful!
### DONE!

Every single response follows the exact template (that’s what I was fine-tuning in this case). No loops, no inconsistencies, no generation drift. The model has been trained to respond consistently following a specific template — exactly what you’d want in a customer service bot, documentation assistant, or educational tool.

Fine-Tuning Small Language Models on a basic Desktop PC

Wed, 18 Jun 2025 18:32:12 +0000

Can you really fine-tune a language model on a medium-spec desktop PC? Spoiler: Yes, and it works better than you’d expect.

TL;DR: The Results

Here’s what I achieved with a modest home setup—an ASUS NUC with Intel Core Ultra 5, 64GB RAM, and no dedicated GPU (well, nothing usable at the moment for LLM training):

Fine-tuned a 0.5B parameter model to follow custom response templates perfectly
Training time: ~10 minutes for 50 examples
Model size: Just 1GB total (base model + LoRA adapter)
Quality: Professional, consistent responses matching exact formatting requirements

You: How do I lower-case a string?
Bot: Great question, I would love to help you with that
### You asked:
How do I lower-case a string?
### The answer is:
You can lower-case a string using the `.lower()` method:
my_string = my_string.lower(). This converts all uppercase
characters to lowercase.
I hope this is helpful!

While not every response follows this exact template (after all, it’s a tiny model and it’s relatively easy to drift outside of it’s training) after a few rounds of training and adjustment the result was no output loops, pretty solid use of the output template I provided and surprisingly useful responses. This is what successful fine-tuning looks like.

Project-Based MCP: Targeted on-demand AI Integration

Mon, 16 Jun 2025 15:40:33 +0000

Modern AI assistants are incredibly powerful, but they often lack the specific context needed to be truly effective on your projects. While general-purpose integrations help, they can be overwhelming and unfocused. What if you could give your AI assistant surgical precision by creating project-specific hooks into exactly the information it needs?

Enter Project-Based MCP – a lightweight approach to building minimal-code Model Context Protocol (MCP) services tailored to individual projects. Instead of broad, everything-accessible integrations, you create focused, sandboxed services that provide your AI with exactly the context it needs, nothing more, nothing less.

Revisiting how the GDPR affects my setting of cookies (for security - a legitimate interest)

Wed, 27 Nov 2024 15:08:43 +0000

Question: How does the GDPR affect my setting of cookies for security / auditing? (revisiting this question)

A few years back I wrote about How does the GDPR affect my setting of cookies? and at the time commented that:

Machine Learning / Glossaries!

Sun, 19 Nov 2023 21:44:39 +0000

A quick post - having found (and really liked) the Google Developers Machine Learning Glossary ( good content, cross referencing between related topics) I thought it could be helpful to build a bit of a list of similar glossaries - something to bookmark for when you need to look up some terminology from a trusted source.

Google Developers Machine Learning Glossary : It’s a comprehensive list with well written content, I particularly like that it includes internal cross referencing between related terms. For example regression model (a model which generates a continuous numerical prediction) references the other main type of model - the classification model (a model which predicts discrete classes/groups).
Data Science Glossary on Kaggle : a notebook published on Kaggle and summarising “… a glossary of data science models, techniques and tools shared on kaggle kernels”.
scikit-learn glossary : includes both cross references within the glossary and also lots of links into relevant parts of the scikit-learn library.

Machine Learning / AI courses

Thu, 16 Nov 2023 10:35:35 +0000

Building your own machine learning systems!

You might want to better understand what’s going on, you might have data security requirements that mean you can build models on your own data while keeping everything in-house, you might want to compete in Kaggle Competitions or you just might want to nerd out in this space.

You’ve may have played with stand-alone Generative AI services like OpenAI’s ChatGPT and Google’s Bard. Perhaps you’ve started using integrated services like Bing Chat while you search, Github Copilot while you code, you may even be on an enterprise Microsoft Office license and using Office Copilot (at the time of writing not available to consumer or education licenses).

Adding a Site to AWStats With Historical Logs

Mon, 13 Nov 2023 09:57:46 +1100

A quick walkthrough of adding a new site to AWStats and importing archived access logs without disrupting existing sites

Artificial Intelligence : Masking Sensitive Data

Sat, 09 Sep 2023 18:09:41 +0000

I’ll step away from data analytics for a moment in this series of posts on GenAI to think about Data Masking. As I commented in Artificial Intelligence ? OpenAI ? Data Use and Privacy - there are provacy and security concerns when sending sensitive data to an external provider (in this case a GenAI provider) and where the data structure and volume is small enough one option is Masking.

I’ll write another post about applying masking in data analytics - but to step through the process incrementally it’s instructive to think about masking within a single written document as it helps to identify what sort of masking is possible (and what isn’t) and how to apply it.

Artificial Intelligence : OpenAI - Analytics, Open Data and A Few Simple Prompts

Thu, 07 Sep 2023 23:50:37 +0000

As I mentioned in my Artificial Intelligence : OpenAI : Data Use and Privacy post, a key consideration when feeding data and dialogue to a third-party GenAI provider like OpenAI’s ChatGPT relates to data privacy. While investigating what you can do with to toolset, or simply if the data you need is available with an open license an excellent way to start is to use Open Data.

It’s worth noting that just because data is found in a public location does not mean that it is Open Data. Before using the data in this way make sure to check the publishers license. A good source of open data is public government data - for example as published on sites like:

Artificial Intelligence - OpenAI - Data Use and Privacy

Thu, 07 Sep 2023 23:10:53 +0000

This begins a series of articles / code-snippets / thoughts regarding use of Generative Artificial Intelligence (GenAI) for data analytics - starting out primarily using OpenAI.

This is not a broader discussion of uses of GenAI (though they’re kinda fun as well, and I’ll probably write about chat and API -style usage in the future).

In particular I’m looking at OpenAI’s ChatGPT Plus which (as of the date of writing) is the paid subscription option of ChatGPT which allows access to additional functionality:

Migrating git to svn (subversion)

Thu, 22 Jun 2023 15:36:50 +0000

I’ve found that most documentation / forum discussion around the web for this topic tends to be about migrating svn to git - so here’s a quick shell script (reconfigure the variables at the start) to help migrate from git to subversion.

This script is also available here: migrate-git-to-svn.sh.txt

#!/bin/bash
# Run this script from an empty working directory - it will:
# 1. git clone from the ORIGIN_GIT URL
# 2. run through a number of stages to construct a local svn repository
# 3. check out the svn repo for you to check
#
# NO error checking is done - you need to look at the output and
# look for any issues. This script DOES delete it's working directories
# on each run (so make sure to start in an empty directory to be safe!)
# Configuration
PROJECT_NAME=<strong>MyProjectName</strong>
ORIGIN_GIT="git@github.com:<strong>UserName</strong>/<strong>MyProjectName</strong>.git"
# Keep track of starting directory to make working in sub-directories easier
BASEDIR=$PWD
# Clone (bare) to main repo from main git repo
# Base because later stages want to talk only to a bare repo
echo "### Cloning git origin into local bare repo: ${PROJECT_NAME}.git"
if [ -d "${PROJECT_NAME}.git" ] ; then rm -rf "${PROJECT_NAME}.git" ; fi
git clone --bare "${ORIGIN_GIT}"
# Protect the real origin by removing it as a remote in the bare clone
echo "### Protect real origin by removing it as a remote in our clone"
( cd "${PROJECT_NAME}.git"; \
git remote remove origin; \
)
# Create an empty svn repository to migrate into
echo "### Create and initialise the target svn repository for the migration: ${PROJECT_NAME}.svnrepo"
if [ -d "${PROJECT_NAME}.svnrepo" ] ; then rm -rf "${PROJECT_NAME}.svnrepo" ; fi
mkdir "${PROJECT_NAME}.svnrepo"
svnadmin create "${PROJECT_NAME}.svnrepo"
svn mkdir --parents "file://${BASEDIR}/${PROJECT_NAME}.svnrepo/${PROJECT_NAME}/"{trunk,branches,tags} -m 'Inititalise empty svn repo'
# git svn (NOTE svn mode - needs the git-svn package installed on debian)
# Clone the new local svn repository into a git repo
# The --stdlayout option tells "git svn" that we are using the "standard" {trunk,branches,tags} directories
echo "### git-svn clone the target svn repo as a git directory (used to import from git and then export to svn): ${PROJECT_NAME}-git2svn"
if [ -d "${PROJECT_NAME}-git2svn" ] ; then rm -rf "${PROJECT_NAME}-git2svn" ; fi
git svn clone "file://${BASEDIR}/${PROJECT_NAME}.svnrepo/${PROJECT_NAME}" --stdlayout "${PROJECT_NAME}-git2svn"
# Set up the bare git clone as the origin for the "${PROJECT_NAME}-git2svn" clone
echo "### Add our git clone as the remote origin for ${PROJECT_NAME}-git2svn"
( cd "${PROJECT_NAME}-git2svn"; \
git remote add origin "file://${BASEDIR}/${PROJECT_NAME}.git"; \
)
# Import changes into an import branch in the "${PROJECT_NAME}-git2svn" clone and then export to svn
# Note:
# 1. git fetch first to get branch details
# 2. Then branch to an import branch tracking the remote origin/main
# 3. Rebase that onto master (rebase --root commits all reachable, allows to rebase the root commits)
# This builds the information needed to sync to svn via dcommit.
# 4. Then use svn dcommit - include author information (to help track who made changes)
echo "### Import full commit history into ${PROJECT_NAME}-git2svn and then send to subversion repo"
( cd "${PROJECT_NAME}-git2svn"; \
git fetch origin; \
git checkout -b import origin/main; \
git rebase --onto master --root; \
git svn dcommit --add-author-from ; \
)
# Checkout a svn working dir to check the export
echo "### Checking out a working svn directory to check the results: svn-check"
if [ -d svn-check ] ; then rm -rf svn-check ; fi
svn co "file://${BASEDIR}/${PROJECT_NAME}.svnrepo/${PROJECT_NAME}" svn-check
echo "Check the contents/log in svn-check/"

qemu - simplest command-line for a performant VM

Wed, 14 Jun 2023 15:19:59 +0000

TL;DR

You need to tell qemu to: use the local host CPU (rather than emulating one) and enable hypervisor mode, include a couple of CPU cores for performance, give it a hard disk and some memory and finally (after setting up a bridge network device on your host system) use a bridged network with a MAC address unique to your network. The final bit about networking requires root access - hence the sudo:

* (asterisk intended)

Thu, 08 Dec 2022 12:42:55 +0000

This is a sentence*****. (I promise it’s safe to click up there - you’ll enjoy it.)

Increasing / decreasing number of xargs parallel processes (at run time!)

Fri, 18 Mar 2022 12:38:59 +0000

xargs makes it very easy to quickly run a set of similar processes in parallel - but did you know when you’re half-way through a long list of tasks it’s possible to change the number of parallel processes that are being used? It’s there in the man page under “P max-procs, –max-procs=max-procs” but it’s an easy feature to miss if you don’t read all the way through:

-P max-procs, --max-procs=max-procs
Run up to max-procs processes at a time; the default is 1. If max-procs is 0, xargs will run as many processes as possible at a time. Use the -n option or the -L option with -P; otherwise chances are that only one exec will be done. <strong>While xargs is running, you can send its process a SIGUSR1 signal to increase the number of commands to run simultaneously, or a SIGUSR2 to decrease the number.</strong> You cannot increase it above an implementation-defined limit (which is shown with --show-limits). You cannot decrease it below 1. xargs never terminates its commands; when asked to decrease, it merely waits for more than one existing command to terminate before starting another.
Please note that it is up to the called processes to properly manage parallel access to shared resources. For example, if more than one of them tries to print to stdout, the output will be produced in an indeterminate order (and very likely mixed up) unless the processes collaborate in some way to prevent this. Using some kind of locking scheme is one way to prevent such problems. In general, using a locking scheme will help ensure correct output but reduce performance. If you don't want to tolerate the performance difference, simply arrange for each process to produce a separate output file (or otherwise use separate resources).

What does that look like? Spin up some slow processes and start with 3-way parallel execution:

Vim sub-replace-special - ampersands in substitute search/replace

Wed, 13 Oct 2021 11:51:50 +0000

Curious…

While editing in vim you want to search and replace including a sub-string with an ampersand (&) - this doesn’t have an special regular expression meaning but given the input:

&lt;foo&gt;

And the search/replace (changing “foo” to “bar”):

:s/&lt;foo&gt;/&lt;bar&gt;

The result is:

&lt;foo&gt;lt;bar&lt;foo&gt;gt;

That looks… unexpected? Well, at least, undesired!

What’s going on?

Reading up on vim’s substitute command, we find a section on sub-replace-special where we find:

magic nomagic action
& \& replaced with the whole matched pattern
\& & replaced with &

Where magic is enabled by default - so what’s happening is this: On the right-hand side of the substitute (ie the output side) a non-escaped ampersand will be replace by the whole matched pattern, so the output suddenly makes sense (even though it’s still unwanted). Importantly note the ampersand on the left-hand-side is ok un-escaped as you would usually expect for a regular expression. In this particular case it looks like a complete mess because of having multiple ampersands on the right-hand-side, but it now makes sense (where I’ve shown the whole matched pattern in the output in bold for the two ampersands in the output):

stdbuf - Run COMMAND, with modified buffering operations for its standard streams

Wed, 25 Nov 2020 12:18:37 +0000

While piping together commands that only output intermittently we run into the pipe buffers created by the pipe() system call (also see overview of pipes and FIFOs). This can particularly come into play when stringing together multiple pipes in a row (as there are multiple buffers to pass through). For example in the command below while “tail -f” flushes on activity and awk will flush on output but the grep in the middle ends up with a buffered pipe and so a quiet access.log will result in long delays before updates are shown:

Disk Usage

Tue, 13 Oct 2020 15:00:05 +0000

To review disk usage recursively - a few different options exist (when scanning manually through with df and du are not enough).

I have found ncdu to be fast and very easy to use.

I’ve also used durep from time to time.

For a desktop system (or a server with a X server handy) a few options exist. Some support remote scanning, though this can be slow and problematic as a network connection is required for the duration of the scan:

md (software RAID) and lvm (logical volume management)

Tue, 13 Oct 2020 14:56:52 +0000

md

Building a RAID array using mdadm - two primary steps:

“mdadm –create” to build the array using available resources
“mdadm –detail –scan” to build config string for /etc/mdadm/mdadm.conf

Simple examples:

RAID6 array

Set up partitions to be used (in this case the whole disk):

# for x in /dev/sd{b,c,d,e,f}1 ; do fdisk $x ; done

Create the array (in this case, with one hot-spare):

# mdadm --create /dev/md0 --level=6 --raid-devices=4 --spare-devices=1 /dev/sd{b,c,d,e,f}1

Configure the array for reboot (append to the end of /etc/mdadm/mdadm.conf):

# mdadm --detail --scan
ARRAY /dev/md/0 metadata=1.2 spares=1 name=debian6-vm:0 UUID=9b42abcd:309fabcd:6bfbabcd:298dabcd

Considerations when setting up the partitions might be that any replacement disks will need to support that same size partition. Unconfirmed but it sounds like it might be a reasonable concern: “Enter a value smaller than the free space value minus 2% or the disk size to make sure that when you will later install a new disk in replacement of a failed one, you will have at least the same capacity even if the number of cylinders is different.” (http://www.jerryweb.org/settings/raid/)

Supporting old Debian distros

Tue, 13 Oct 2020 14:53:26 +0000

For old servers that need to stay that way (for whatever reason) updates are no longer available but you can access the packages that were available for that distro by pointing apt at the archive - for example see lenny:

Update /etc/apt/sources.list to use archive.debian.org:

deb http://archive.debian.org/debian/ lenny main contrib non-free
deb-src http://archive.debian.org/debian/ lenny main contrib non-free

And for ubuntu:

deb http://old-releases.ubuntu.com/ubuntu/ natty main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ natty-updates main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ natty-security main restricted universe multiverse

Also see:

A quick start for Python decorators

Sun, 06 Sep 2020 22:40:20 +0000

Synopsis

#!/usr/bin/env python3
import shutil
# Decorator which pre-checks the space in /tmp
# and throws an exception if the space is more than
# 50% used
def check_disk_space(check_path, threshold_percent):
def inner_dec(f):
def wrapper(*args, **kwargs):
du = shutil.disk_usage(check_path)
used_pct = (du.used / du.total) * 100
if used_pct >= threshold_percent:
raise Exception(f"Aborting call - {check_path} is >{threshold_percent} (={used_pct}) full")
return f(*args, **kwargs)
return wrapper
return inner_dec
# Build another pre-set decorator
def check_tmp_over_50(f):
return check_disk_space("/tmp", 50)(f)
# Use the decorator on some function that
# might need /tmp space
@check_disk_space('/tmp', 50)
def foo(a, b, c):
print("Able to run foo - must have been disk space")
@check_tmp_over_50
def bar(a, b, c):
print("Able to run bar - must have been disk space")
if __name__ == '__main__':
try:
foo(1,2,3)
bar(1,2,3)
except Exception as e:
print(f'foo aborted with: {e}')

Getting Started

Decorator syntax and usage isn’t all that complicated - but at the moment you won’t find any help from the Python Tutorial (decorators aren’t mentioned in Defining Functions, nor in More on Defining Functions) and the Python Language Reference only really touches on the existence of decorators without much in the way of a detailed description in the Function definitions and Class definitions sections. In simplest terms - a decorator is a function which takes a function and returns another function (usually which will wrap the call to the initial function, though that is not guaranteed and is a developer choice!). The Synopsis above demonstrates the two main patterns:

PyCon(line) AU 2020 Rube Codeberg competition

Sun, 06 Sep 2020 15:27:23 +0000

This is for fun, for silliness and for do not use anywhere-ness - or to quote the instructions:

If you’ve ever wondered just how egregious your use of Python could be, or how unnecessarily elaborately you could engineer a simple piece of code, we want your entries in our Rube Codeberg competition! Named for the famously complicated machines drawn by American cartoonist Rube Goldberg, the Codeberg competition is a chance for you to showcase your creativity. Everyone is welcome to participate in the competition - or just tune in as the results are announced. You may find you learn a thing or two about how Python ticks along the way.

A tale of two burst balances (AWS EC2 and EBS performance)

Fri, 04 Sep 2020 18:17:46 +0000

When using and monitoring AWS for EC2 instances and their attached EBS volumes there are a couple of very important metrics to keep an eye on which can have enormous performance and availability implications. In particular I’m writing about General Purpose EC2 instance running in standard mode (eg. T2, T3 and T3a at the time of writing) and General Purpose EBS (gp2) because these are very common low-mid spec instances and the default disk storage type. If you’re already using one of the other EC2 or EBS types, chances are you’re already aware of some of the issues I’ll discuss below and those other products are designed to manage CPU and disk resources in a different load targeted way. These metrics are important because they report on the way these AWS resources (otherwise designed to mimic a real hardware) operate in a very different way. Note that while CPU credit reports are shown in the AWS web console for an EC2 instance under it’s Monitoring tab (and so people tend to see it), the EBS credit reports are not. To see these you need to find the EBS volume(s) attached to an EC2 instance (this is linked from the EC2 Description tab) and then look at the Monitoring tab for each EBS volume.

Adding tasks to a background screen

Thu, 03 Sep 2020 20:13:41 +0000

A bunch of processes have failed - and you’d like to restart them in a screen session in case you need to rerun them in an interactive shells (for instance to answer prompts from the processes) - lots of Ctrl-A-C … start command …. Ctrl-A-S … name the window … and repeat later there has to be an easier way!

Step 1: Create a background screen session to hold the runs

This will open a new screen session named “ScreenSessionName” into the background (so you don’t need to Ctrl-A-d):

perl oct('0b...') to interpret binary strings

Mon, 11 May 2020 10:25:14 +0000

This is really a quick reminder about a perl function which does a little more than you’d perhaps expect. Need to convert a binary (or hex or octal) string to an integer? The perl documentation for the oct(EXPR) function starts out with:

Interprets EXPR as an octal string and returns the corresponding value.

Then includes the comment:

(If EXPR happens to start off with 0x, interprets it as a hex string. If EXPR starts off with 0b, it is interpreted as a binary string. Leading whitespace is ignored in all three cases.)

single quote characters in a single-quoted string in shells

Mon, 10 Feb 2020 10:03:40 +0000

A very quick and simple comment on building single-quoted strings in shell scripts which include single quotes. Note that it’s not possible to include a single quote in a single-quoted string - for example the bash man page:

Enclosing characters in single quotes preserves the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash.

And dash:

Enclosing characters in single quotes preserves the literal meaning of all the characters (except single quotes, making it impossible to put single-quotes in a single-quoted string).

LINES and COLUMNS environment magic

Tue, 03 Dec 2019 22:17:07 +0000

Ever wondered why you can read the $LINES and $COLUMNS environment variables from your text shell and have them seemingly aware (or indeed, actually aware) of the size of the graphical terminal in which that shell is running? Enter SIGWINCH - a signal sent to processes when a window size changes. This signal causes a process to retrieve it’s current window size. For example in linux it is done though an ioctl call in termios.h:

Arctic Death Spiral

Mon, 07 Oct 2019 17:23:31 +0000

The Arctic Death Spiral describes events unfolding such that we have a feedback loop whereby the the increasing amount of ice melting over summer is reducing the “heat mirroring” effect of the arctic and allowing the planet to absorb more heat, which in turn melts more ice the next summer… For more information see: Arctic Death Spiral

Exception-al perl signals

Thu, 18 Jul 2019 23:09:55 +0000

Scenario

For a certain code-base it’s decided it would be useful to be able to trigger an exception on-demand (mid-way through a process working). Why? Perhaps we have a process which loops over a repeated task which takes a reasonable amount of time, and we know that from time to time the input data to this process might need to be quickly updated and we’d like to abort whatever the current loop is doing to read in the latest data. Meanwhile for another process we’d simply like some diagnostic information (which might be slightly expensive to generate) to be available on demand. We might also have a standard application design whereby all otherwise unhandled exceptions will be captured at the last moment (before causing a process to fail) and signal sysadmins with emails or management systems with failure states (rather than simply aborting a process with a kill and having to communicate that this has been done). Signals are helpful here, and we even have SIGUSR1 and SIGUSR2 (see “Standard Signals” in your handy signal(7) man page) allocated for user-defined purposes. Rather than having to build some other signalling method with our application, we can use one of those to trigger an exception by setting up a signal handler.

openssl s_client - SNI testing with -servername

Mon, 13 May 2019 14:05:37 +0000

When testing network connections to a server using the TLS SNI extension to allow a single IP address to respond with different certificates the openssl s_client program supports this with the -servername command-line option:

-servername name Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value. If -servername is not provided, the TLS SNI extension will be populated with the name given to -connect if it follows a DNS name format. If -connect is not provided either, the SNI is set to “localhost”. This is the default since OpenSSL 1.1.1. Even though SNI should normally be a DNS name and not an IP address, if -servername is provided then that name will be sent, regardless of whether it is a DNS name or not. This option cannot be used in conjunction with -noservername.

XTermVT100selectToClipboard: true

Fri, 12 Apr 2019 23:08:45 +0000

The Problem

Working with copying text between applications which use the X11 PRIMARY (eg. the quick-copy of selected text and pasting by clicking the middle mouse button) and those which use the CLIPBOARD (eg. usually GUI applications using Ctrl-C to copy and Ctrl-V to paste). The CLIPBOARD is also the buffer used (for example) when web browser javascript automatically copies selected text (which is frequently a hassle because it is added to make difficult to select text easy to copy, but it is not then available to middle-click paste into a terminal). For more detailed information see the X11 documentation.

Useful Commands

Tue, 05 Feb 2019 23:30:40 +0000

A list of commands / references I’ve found useful. Also see my old wiki page.

stdbuf - Run COMMAND, with modified buffering operations for its standard streams

See stdbuf - Run COMMAND, with modified buffering operations for its standard streams

Tracing the DNS glue record for a domain

To find the glue records (if any) for a domain use (for example):

dig +trace +additional positive-internet.com NS

This will give a full trace on how the NS records for the domain were found, and if they end up using a glue record it will be visible (only if +additional is given in the command) - for example in the lookup above we start with the global servers, then find the servers for .com. and then the next response contains the information from the .com. servers as to where to find positive-internet.com. data and this includes glue records:

pip - Cannot fetch index base URL http://pypi.python.org/simple/

Mon, 10 Sep 2018 03:45:06 +0000

You want to use pip to install a module from PyPI. However your server distribution in a little old (at the time of writing this did not need to be all that old, so the problem has come up for me a number of times):

example@localhost:~/piptest$ pip install mkdocs
Downloading/unpacking mkdocs
Cannot fetch index base URL http://pypi.python.org/simple/
Could not find any downloads that satisfy the requirement mkdocs
No distributions at all found for mkdocs
Storing complete log in /home/example/.pip/pip.log

A first but not great fix is to simply override the install prefix using:

bandwidth measurement using iperf

Wed, 05 Sep 2018 04:45:08 +0000

I wrote about using netcat to measure bandwidth between servers which works perfectly well in a minimal sort of way (and in particular between servers where the relatively common netcat is installed). For a slightly more user-friendly approach consider iperf. Once installed on both servers (let’s call them serverA and serverB):

start iperf to listen on one server (add a port particularly if there are firewall restrictions in place which need to be adjusted/worked-with):

serverA$ iperf -s -p 12345

start iperf to send data from the other server:

serverB$ iperf -c serverA -p 12345

iperf displays results / status on both servers:

serverA$ iperf -s -p 12345
------------------------------------------------------------
Server listening on TCP port 12345
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 10.0.0.1 port 12345 connected with 10.0.0.2 port 48728
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.0 sec 989 MBytes 829 Mbits/sec
serverB$ iperf -c serverA -p 12345
------------------------------------------------------------
Client connecting to ServerA, TCP port 12345
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.0.0.2 port 48728 connected with 10.0.0.1 port 12345
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 989 MBytes 830 Mbits/sec

Run this in both directions a few times to get a good feeling for the bandwidth between the servers. There are other options (eg. parallel dual-direction testing) to consider, so the man page is worth a read.

On the importance of reading the docs - PHP's date_parse errors

Mon, 28 May 2018 09:01:25 +0000

It’s important to read the documentation, and then read it again once or twice. PHP’s date_parse function parses a datetime string and returns an “array with information about the parsed date on success or FALSE on failure.” This makes it tempting to use the function something like:

$datetime = date_parse($datetime_string);
if ( $datetime === FALSE ) {
# Failure - deal with the bad $datetime_string
}
else {
# Success - use the $datetime
}

However in this case failure means the the date_parse function has failed to work at a fairly fundamental level and reading the docs further you find “In case the date format has an error, the element ’errors’ will contains the error messages.” And indeed:

GDPR for micro, small and medium-sized enterprises - specific needs and derogation

Sun, 27 May 2018 13:03:28 +0000

perl =~ operator interprets a RHS expression at run-time

Thu, 24 May 2018 11:02:58 +0000

This article starts with a conversation about adjusting compiled perl regular expressions and a sudden realisation - which went a little along the lines of:

OtherPerson> I can force a regular expression to change, for example:
OtherPerson> DB<1> $a = qr{Abc}
OtherPerson> DB<2> $a =~ s/A/a/
OtherPerson> DB<3> x $a
OtherPerson> 0 '(?^:abc)'
Me> No that doesn't work does it, oh wait <strong>it does</strong>, why?

It took me a few moments of poking this myself in the debugger to notice the key change - which was that the compiled regular expression had become a string. See in the below example that $a starts as a RegExp and then becomes a scalar (at which point the ref function returns the empty string):

How does the GDPR affect my setting of cookies?

Mon, 21 May 2018 12:45:57 +0000

Is my personal project subject to the GDPR?

Mon, 21 May 2018 12:19:32 +0000

Disclaimer: I’m a Software Engineer who has spent a bunch of time working on issues relating to the GDPR from a systems design/security/process point of view. I’m definitely not a lawyer so this is my perspective and not legal advice. If you want legal advice, get a lawyer. Question: Is my personal project subject to the GDPR? The General Data Protection Regulation (GDPR) protects the personal data of EU residents who are in the EU. This regulation comes into effect 25th May 2018 (see Article 51/Paragraph 4) and has been designed to bring personal data protection up to date as the previous directive (Directive 95/46/EC) was adopted in 1995 and had fallen well behind in being able to cover modern day data protection issues. So you have a personal project which includes storage and processing of personal data, perhaps online (but perhaps it’s not even a computer based system - this regulation covers any data processing which has data in a filing system). First things first - your project is not covered by the GDPR unless the personal data in it includes EU residents - for more information please see http://blog.bjdean.id.au/2018/05/territorial-scope-of-the-gdpr/ . If your project is covered based on Territorial Scope then (just for personal projects) if your project is run by a “natural person” and if the nature of the work of the project is that it is “in the course of a purely personal or household activity” then it is explicitly not covered by the GDPR in Article 2. “Material Scope” Paragraph (2c). The nature of a “household activity” is not clearly defined - certainly it’s not in the Definitions of the regulation. Some vague examples are given in Recital (18) : “Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities.”. That the burden of proof is going to be on the controller (you, for your personal project). Exactly what qualifies as a household activity would seem to be something that would vary depending on the nature of the household, but you would be hard-pressed to claim that your particular household typically harvests, stores and processes EU resident personal data in bulk. In addition Recital (18) does specify that the activity should have “no connection to a professional or commercial activity” so even if your household is all about data processing, as it’s a professional and/or commercial activity it’s still going to be covered by the GDPR.

Territorial Scope of the GDPR

Fri, 11 May 2018 01:23:09 +0000

Simple Chicken Tagine

Tue, 23 Jan 2018 08:17:41 +1100

A simple North African-inspired chicken tagine with warm spices, vegetables, and dates.

Joining log lines with sed

Tue, 12 Sep 2017 23:54:59 +0000

It’s often the case when analysing system logs that you want to create a summary bringing together data from different lines of a log - for example capturing an initial and final state of a transaction, or (as in this example) capturing a date-time stamp and some data from a multi-line log entry. In this example I have a log file containing periodic extracts of ‘mysqladmin extended-status’ with a date-time line to record when the status was taken - for example (removing most of the lines with “…” for brevity):

Conference, ChromeBook, A VM and Me

Mon, 07 Aug 2017 00:43:37 +0000

I’m at a conference, I have my ChromeBook (vanilla, no local linux installs or any such thing), I have internet and I’ve set up a VM out there in the cloud, I’m regularly closing my laptop and wondering between talks, so it would be handy to be able to resume my ssh session without having to restart and without having to type “screen -r” every time. My ChromeBook ssh client doesn’t let me set up a “ssh here and run this command” so instead, given that I’m only logging into my VM with a single session at a time I can add this to the end of my ~/.bashrc file:

Generating pi (π) using random numbers

Wed, 02 Aug 2017 15:38:37 +0000

I was entertained by Numberphile’s dice-based generation of an approximate of pi so thought I’d throw together a quick script to try this out: random_vals_pi The results look pretty good:

$ for x in 1 2 3 4 5 ; do python random_vals_pi.py 100000000 100000; done
3.14130098162
3.13774230925
3.14174020697
3.13769082316
3.14274853819

The theory is based on having large integers, so reducing this reduces the accuracy of the approximation:

$ for x in 1 2 3 4 5 ; do python random_vals_pi.py 10 100000; done
3.07962120525
3.0938112197
3.08601801522
3.08910857173
3.08599352408

And similarly reducing the number of samples does the same:

Which ssh publickey was used to access an account

Mon, 10 Jul 2017 01:23:25 +0000

When you have more than one public key set up to be able to access a single account (ie more than one public key listed in the authorized_keys you may want to check which public key was used to make a login). Since openssh 6.3 (released 2013) the public key fingerprint is logged - for example the below shows a set of made up “Accepted publickey” entries from an ssh auth.log:

bandwidth measurement using netcat

Thu, 02 Mar 2017 01:19:55 +0000

For plain bytes/second bandwidth testing - ie without taking things like encryption overhead and compression improvements into account - the netcat command-line utility is pretty handy. Once installed on both servers (let’s call them serverA and serverB):

start netcat to listen on one server and pipe the output through wc -c to both count the bytes (for confirmation) but also so that the bytes are not written to a filesystem or the terminal (which would cause a bottleneck and likely reduce the apparent bandwidth). By default nc will quit when the first network connection it accepts is closed:

serverA$ nc -l -p 12345 | wc -c

start netcat to send data from the other server - using dd to send as quickly as possible (using /dev/zero is fast). Using -q 0 will cause netcat to quit as soon as it sees an end of file (EOF):

serverB$ dd if=/dev/zero bs=$((2**20)) count=$((2**10)) | nc -q 0 serverA 12345

On the sending server (serverB) the output will show the number of bytes transmitted and the time it took to do that:

1048576+0 records in
1048576+0 records out
1073741824 bytes (1.1 GB) copied, 9.68678 s, 111 MB/s

And on the other server (serverA) the number of bytes will be printed (confirming the transmission was complete):

1073741824

Run this in both directions a few times to get a good feeling for the bandwidth between the servers.

Cache::FileCache Thoughts

Fri, 09 Sep 2016 05:19:51 +0000

If using perl Cache::FileCache, some comments offering a helpful starting point to get a cache that works in a relatively well behaved and unsurprising way:

use Cache::FileCache;
use File::Spec;
my $cache = Cache::FileCache->new({
    # "The namespace associated with this
    # cache."
    namespace => 'BJD-TESTING-app_id_cache_id',
    # "The default expiration time for
    # objects place in the cache."
    # This is in seconds.
    default_expires_in => 1,
    # "Sets the auto purge interval. If this
    # option is set to a particular time ( in
    # the same format as the expires_in ),
    # then the purge( ) routine will be
    # called during the first set after the
    # interval expires. The interval will
    # then be reset."
    #
    # XXX To work needs at least one of
    # auto_purge_on_set or auto_purge_on_get
    # to be set to true
    auto_purge_interval => 5,
    auto_purge_on_set => 1,
    # restrict access to the cache to just this
    # user (data security)
    #
# NOTE that if you set directory_umask
# but no cache_root you can end up clashing
# with other users who will also be trying
# to use (and maybe set the umask) on
# /tmp/FileCache
#
    # If we care about data security set
    # cache_root as well to put the files in
    # out own private directory:
    directory_umask => 0077,
    cache_root =>
      File::Spec->tmpdir()
      . "/bjdean-perl-Cache-FileCache",
});

/usr/bin/base64 - copying and pasting code / patches betweeen terminals

Tue, 09 Aug 2016 06:29:49 +0000

The Scenario

A couple of terminals open, connected to a mix of your own workstation, local development servers and remote servers running on a different network and frequently behind a variety of security barriers. You want to copy a smallish chunk of code from a file across the network, or the output of a diff to apply a patch - but characters like whitespace and newlines which should not change will frequently be modified through the copy. You end up with whitespace changes where you don’t want them (perhaps later causing source code control merges to fail, and patches will fail straight away).

Perl Gotcha : xor precedence

Tue, 01 Mar 2016 03:12:50 +0000

Perl has a logical xor operator but it happens to be at the very bottom of the precedence priority list , importantly below the humble comma. So this innocent looking piece of code:

foobar( $a xor $b, $c );

Is interpreted as:

foobar( $a xor <strong>($b, $c)</strong> );

And note unlike the not, and and or low-precedence logical operators, there is no high-precedence xor operator. So it’s a good idea to wrap xors in parentheses to guarantee intended behaviour:

Choc-Banana-Chia Spread

Fri, 26 Feb 2016 12:00:00 +1100

A quick and tasty chocolate banana spread thickened with chia seeds, perfect for toast.

Diced Lamb and Beef Turkish Style

Tue, 08 Dec 2015 12:00:00 +1100

Spiced diced lamb and beef with sultanas, pine nuts, and rice, served over mashed potato with sumach.

Yogurtlu Inspired

Tue, 08 Dec 2015 12:00:00 +1100

A Turkish-inspired dish with meat, crispy bread, tomato, yogurt, and melted cheese, topped with sumach.

Avoiding Custom Internet Explorer Error Pages

Thu, 03 Sep 2015 05:58:22 +0000

A bit more of a short and to the point comment rather than an actual article. Various web browsers used to display a “helpful” page saying “something is broken” when a website responded with a HTTP 4xx or 5xx error response. At a time when those pages were frequently the apache default error page these custom pages were still not a very good idea, but these days useful information is frequently included in error pages (in particular for errors like 410 Gone). Most browsers have switched to showing the actual error page sent by the web server, but Internet Explorer keeps a version of this custom error page alive. Fortunately there’s a work-around which is that Internet Explorer does this with a silent switch when the error page has at least 512 bytes in the initial response (ie not including any linked content like scripts, styles and images). The upshot of this is that these pages will display a custom error page on Internet Explorer:

Docker FROM debian:latest

Mon, 17 Aug 2015 13:22:03 +0000

So in my last article I created a Docker container with nothing but a statically compiled helloworld in it. That demonstrated how it’s possible to define a very very (very very) simple container. Here I define a similarly simple container with more complex dependencies - a hello world perl script requiring the Modern::Perl perl module. Now I don’t even need to build the executable binary, but all of a sudden I need to include enough of an environment to support my simple perl script. As far as working with Docker this is not much more complex than changing “FROM scratch” to “FROM debian:latest”. The result is a much bigger container which will take more resources to run, but other than providing the computing resources to support that I really don’t have to care about it that much. The Dockerfile now looks like this:

Docker FROM scratch

Mon, 17 Aug 2015 12:50:07 +0000

Docker is a framework which makes it easy to wrap linux applications in “containers” - a sort chroot’d jail but with tools to take away the pain of setting up dependencies and also providing tools to help automate setting up dependencies between those containers. The Docker Hub provides a bunch of pre-defined containers from major projects like Ubuntu, mysql, Redis, nginx, wordpress, postgres and java. It’s also a central store (like github, but for Docker) of publicly created and licensed Docker containers. What’s the simplest quickest way to start? Well there is a special base container called SCRATCH, which is used in the Docker official hello world container. A container based on SCRATCH has nothing in it, so whatever you add has to be fully self sufficient. The Docker official hello world does this with some assembly code compiled by nasm which certainly covers the angle of a stand-alone executable but I think is arguably more complex than a statically compiled hello world - so here we go:

"Roast" Veggie Soup

Mon, 10 Aug 2015 12:00:00 +1100

A rich, earthy vegetable soup with caramelized mushrooms, slow-roasted in the oven.

Herman the Carrot Cake

Mon, 10 Aug 2015 12:00:00 +1100

A sourdough starter variation of Stephanie Alexander's carrot cake recipe using Herman the German Friendship Cake starter.

Friends and Miscellany

Mon, 27 Jul 2015 01:33:37 +0000

Friends

Sites run by friends:

My old blogs / wikis

Some older and now inactive + static blogging and wiki projects:

This blog ended in 2009: http://bjdean.id.au/blog/

And this wiki ended in the mid 2010s: BradsWiki

Getting WordPress Up and Going

Sat, 18 Jul 2015 13:05:38 +0000

Setting up WordPress server there were a couple of minor wrinkles to sort out. I’ve run a blog before before and that fell by the wayside when I started using a personal wiki instead. But this seems like a good opportunity to see how one of the very popular blogging platforms works and what’s involved in keeping that running under the hood. I work primarily with Debian systems, so that was a natural place to start. The wordpress package makes it very easy to get the base dependencies going with a known supported version, so if you’re running a recent release of Debian that seems like a reasonable place to start as well. That said, this of course means that the package is reconfigured along Debian guidelines and I found that I needed to spend a little time working out how this was done before it made sense.

Protecting Joomla : User-Registration Spam Relay

Sat, 18 Jul 2015 10:35:05 +0000

The Problem: A Default Setting

By default user registration is enabled. It’s important to realise that even though links to the user registration page may not have been included in the design of a Joomla site the components are still present and they will be regularly targetted by automatic spiders searching for vulnerable sites. Check access logs for requests to paths like:

/index.php/shop-login
/index.php/shop-login?view=registration&layout=complete
/index.php/component/users/?view=registration
/index.php/component/user/?task=register
/index.php?option=com_user&view=register

With user registration enabled scripts can use a Joomla site as an open mail relay by registering users with target email addresses and inserting spam/attack payload into the user details. The Joomla site will send a confirmation email to the target email address, and any email tracing of the source of the email will lead directly to the weakened Joomla server.

So, This is Life

Sat, 27 Jun 2015 12:15:19 +0000

Marvin once said:

Life, don’t talk to me about life

But really, what was the problem. Life’s not so bad and after all : there are puppies, and fish, and ponies, and food, and walks in the forest, and walks through the grass, and cycling, and talking, and meeting and travelling and all those other things without which Life would not be Life. So here’s a soothing image instead: Soothing Image No. 123132512233

Slow Cooker Stew - Chicken, Sausage and Veggies

Wed, 18 Feb 2015 12:00:00 +1100

A hearty slow cooker stew with chicken, sausages, and vegetables, flavored with dried lemons and herbs.

Beef, Pork, Chicken Bolognese

Thu, 10 Oct 2013 11:34:32 +1100

A rich multi-meat ragù-style bolognese with three types of ground meat, aromatic vegetables, and herbs.

Herbal Tea - Extended Blend with Lemon Grass, Lemon Verbena, and Spearmint

Sat, 01 Jun 2013 12:00:00 +1100

An eight-ingredient herbal tea blend with specific proportions for optimal flavor balance.

Herbal Tea - Cinnamon, Cloves, Elderflower, Lemon Myrtle, Licorice Root

Wed, 18 Jul 2012 12:00:00 +1100

A five-ingredient herbal tea blend with warming spices and sweet licorice notes.

Rice Paper Roll Dipping Sauces

Tue, 01 Feb 2011 12:00:00 +1100

Two quick and tasty dipping sauces for rice paper rolls - one hoisin-based, one lemon-based.

Pumpkin, Sweet Potato, Potato, Onion and Garlic Gnocchi

Tue, 28 Sep 2010 12:00:00 +1100

Roasted vegetable gnocchi with caramelized pumpkin, sweet potato, potato, onion, and garlic.

Celeriac, Mushroom and Chicken with Rice

Sat, 10 Jul 2010 12:00:00 +1100

A one-dish meal combining protein, vegetables, and grains with aromatic spices and plum sauce.

Page Not Found

Mon, 01 Jan 0001 00:00:00 +0000

The page you’re looking for could not be found

Brad's Blog

Post-Quantum Cryptography (PQC) - We Have Been Warned!

Post-Quantum Cryptography (SSH) - We Have Been Warned

git bisect primer

Building an Interactive HTTP/2 and HTTP/3 Client in Python

Regenerating Git Commit Messages With Claude

Documenting Python With PyNotes

The Longevity of Design Decisions: crontab -e / crontab -r

Instant Pot Chicken Congee

Japanese Pumpkin Salad

Understanding Linux Load Averages and Multi-Core Systems

Fine-Tuning in Azure AI Foundry: Practical Lessons from a Weekend Experiment

TL;DR

explain-strace: Making Strace Output Easier To Read

Signal adds Post-Quantum SPQR Protocol

Overview

AI-Powered Spreadsheet Macro Security Analysis with Claude SDK

Embedding Claude Code SDK in Applications

Django Custom Management Commands

TL;DR

Where to create and/or find the code

Django Authentication and Permissions

TL;DR

Interesting!

Post-Quantum Cryptography (PQC) and SSH/TLS

Preparing for the Quantum Future: A Practical Guide to Post-Quantum Cryptography

TL;DR

A 5-10 Minute Couch Vibe Code and a Fish Feeding Frenzy

AI Pair Programming - Learning Acceleration for Generalists

TL;DR

AI Pair Programming: On-call Subject Matter Experts for Generalist Developers

TL;DR

Deep Dive Series: Fine-Tuning (Small) Large Language Models on a PC

Series Overview - What We’re Building

The End Result: What Success Looks Like

Fine-Tuning Small Language Models on a basic Desktop PC

TL;DR: The Results

Project-Based MCP: Targeted on-demand AI Integration

Revisiting how the GDPR affects my setting of cookies (for security - a legitimate interest)

Machine Learning / Glossaries!

Machine Learning / AI courses

Adding a Site to AWStats With Historical Logs

Artificial Intelligence : Masking Sensitive Data

Artificial Intelligence : OpenAI - Analytics, Open Data and A Few Simple Prompts

Artificial Intelligence - OpenAI - Data Use and Privacy

Migrating git to svn (subversion)

qemu - simplest command-line for a performant VM

TL;DR

* (asterisk intended)

Increasing / decreasing number of xargs parallel processes (at run time!)

Vim sub-replace-special - ampersands in substitute search/replace

Curious…

What’s going on?

stdbuf - Run COMMAND, with modified buffering operations for its standard streams

Disk Usage

md (software RAID) and lvm (logical volume management)

md

RAID6 array

Supporting old Debian distros

A quick start for Python decorators

Synopsis

Getting Started

PyCon(line) AU 2020 Rube Codeberg competition

A tale of two burst balances (AWS EC2 and EBS performance)

Adding tasks to a background screen

Step 1: Create a background screen session to hold the runs

perl oct('0b...') to interpret binary strings

single quote characters in a single-quoted string in shells

LINES and COLUMNS environment magic

Arctic Death Spiral

Exception-al perl signals

Scenario

openssl s_client - SNI testing with -servername

XTerm*VT100*selectToClipboard: true

The Problem

Useful Commands

stdbuf - Run COMMAND, with modified buffering operations for its standard streams

Tracing the DNS glue record for a domain

pip - Cannot fetch index base URL http://pypi.python.org/simple/

bandwidth measurement using iperf

XTermVT100selectToClipboard: true