“A nearly impenetrable thicket of geekitude…”

Technology Stir Fry, the blog

This is Technology Stir Fry: the blog.

The most recent ten posts are shown below. For older material, you might like to browse by tag or browse by date.


Signing Mail, 2024 Edition

Posted on May 28, 2024 at 15:19

In which I renew my S/MIME certificate. Again.

TL;DR: still not a great experience. Some small hopeful signs.

Docker and LXC

Posted on February 9, 2024 at 20:51

In which I eventually get round to talking about how to convert containerised applications from something like Docker into the equivalent running as LXC containers under Proxmox.

Key Server Shuffle

Posted on October 27, 2023 at 14:16

In which things actually didn’t get worse in the PGP/GPG ecosystem, for a change.

Unchromed

Posted on September 21, 2023 at 12:54

In which I rant about Chrome and “Privacy” Sandbox.

Porcelain

Posted on May 12, 2023 at 23:57

I have been blogging at iay.org.uk for twenty years. Crikey.

infosec.exchange

Posted on May 9, 2023 at 16:54

Some thoughts after a year on Mastodon, including the move to a new instance.

New Rule

Posted on December 29, 2022 at 16:09

Alongside “don’t drink coffee too late at night” I have a new rule to make sure I get a good night’s sleep: “never fire up Wireshark after 10pm”.

Docker-in-Docker and host resolution errors

Posted on December 7, 2022 at 10:37

This article documents a particularly niche issue I ran into which took a while to debug and resolve. I’ve posted it for the benefit of search engines, so that the next person to run into these exact conditions might save a few hours. You’re welcome.

This is probably interesting only to someone in my exact situation, so most people should find some cat pictures to look at instead. If you’ve been directed here by a search engine because you’re tearing your hair out, though, read on.

Why I Unfollowed You

Posted on December 1, 2022 at 23:20

So, I used to follow you on Twitter, but now I don’t. What’s up with that?

Still Aggregating

Posted on August 12, 2022 at 11:09

This morning, I was having a conversation with a colleague about the UK federation’s metadata publication system. We needed to reference the order of operations and I remembered that I had once published an article about this system, along with a diagram illustrating just the point under consideration.

Pulling up the article in question, I was slightly surprised to find that the original article was published exactly ten years ago today.

The original architecture of this system was deliberately flexible, because we didn’t really know for sure the environment we’d be operating in. It’s gratifying, therefore, to see that the basic design has held up well enough that we can still use the article as an informal reference.

In detail, of course, things are different now than we anticipated and the deployed system has aspects which are simpler than a decade ago, as well as others which have required some elaboration. At present, for example, eduGAIN has been successful enough that it is currently the only active source of metadata other than that registered by the UK federation itself. On the other side, we produce a number of additional outputs today that we hadn’t really considered at the time, the most important of those probably being that we now publish per-entity metadata as well as the aggregate metadata illustrated.

Another major change – one that happened in 2013, about a year after the article was published – was that we started publishing the tooling itself in a GitHub repository for the benefit of other organisations working in the same area. I remember the big challenge there being that the original repository (which dated back to 2004) contained customer data; the version we published had to be filtered using git filter-branch for privacy (see the ukf-meta-meta repository for the gory details). We’ve since rebased our development so that our internal repository matches the published one except that we don’t expose development work in progress. I’m really glad not to be reliant on filter-branch any more, and I’m sure any reader who has dipped a toe into those waters will sympathise.

Anyway: Happy birthday, helpful diagram!

Tags: