|
| Greg's diary |
| June 2026 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Monday, 1 June 2026 | Dereel | Images for 1 June 2026 |
| Top of page | ||
| next day | ||
| last day |
|
Completing the TUHSI documentation
|
Topic: technology, opinion | Link here |
Spent much of the morning completing the minutes for the TUHSI Annual General Meeting. That involved comparing my notes with the Zoom transcript, which was much more work than I expected. And we still don't have an official announcement, though that shouldn't take too long.
|
More web server overload
|
Topic: technology, opinion | Link here |
Once again I had massive web server overload, to the point that I no longer received mail:
May 31 22:45:43 lax sm-mta[2203]: rejecting connections on daemon Daemon0: load average: 112
May 31 22:45:58 lax sm-mta[2203]: rejecting connections on daemon Daemon0: load average: 116
Clearly something has to be done. Time to consider two possibilities: web server upgrade (try mod_evasive), and see what happens if I use a much larger VM.
First yet another test VM, this time, for the fun of it, in Singapore (sin.lemis.com). Next time I can try Helsinki, so that I can go from sin to hel (and yes, those really are the airport abbreviations).
Taking and restoring snapshots on Vultr takes forever! Started with a snapshot of fra, which must have taken 30 minutes. And it took at least another 30 minutes to restore it, after which it showed state “stopped”. Why that? A bit of digging brought up the message
A snapshot is currently being restored. This process can take up to 60 minutes to complete. Most server actions will be unavailable until this has completedServer Information 139.180.145.65 Singapore Created 15 minutes ago
Finally it was done, and it came up running. All I needed to do was to change the host name. But the I discovered that the firewall wasn't running:
=== root@sin (/dev/pts/0) /home/grog 11 -> ipfw show
ipfw: retrieving config failed: Protocol not available
The module hadn't been loaded. That's straightforward enough:
=== root@sin (/dev/pts/0) /home/grog 12 -> kldload ipfw
FOOL! You've cut off the branch you were sitting on. The first thing that the module does after loading is to block all network traffic. Under the circumstances, rebooted the machine, something I almost never do.
Next step is to configure mod_evasive. But that can take a while. In the meantime, try my second option: a much bigger VM, 12 CPUs, 24 GB memory, 500 GB “disk”, for all the difference the disk size makes.
And to my surprise, the system hardly had any load. Is that because of the larger machine, drop in load (it did drop significantly in the early afternoon) or because the DNS hadn't propagated yet? I had already set TTL to 1 second, effectively blocking caching, but after an hour the system was still over 90% idle.
That's surprising. I still need to get my head around it. One thing is clear: despite the extreme load on the other servers, the hit rate was not overly high (well, less than 20 hits per second at a guess).
I wish I had better tools.
| Tuesday, 2 June 2026 | Dereel | Images for 2 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
More cabbage noodles
|
Topic: food and drink, opinion | Link here |
I still have cabbage left over, so made cabbage fried rice noodles for breakfast this morning. I've made them before, but since then it has occurred to me that most of these dishes want the cabbage charred. OK, can oblige:
The result:
|
|||||||||||||||||||||||
Somehow there's still something missing.
|
More web server load investigations
|
Topic: technology, opinion | Link here |
Yet another day today where the web server load was over 100, closer to 200, and once again blocked email as a result. An ideal situation to try yesterday's potential solutions. First was to stop the web server on lax.lemis.com so that the mail went through Set up mod_evasive on sin.lemis.com. The result? Nothing. I couldn't detect any improvement at all, nor even entries in the log file. That's disappointing, but maybe related to the fact that, despite the high load, I wasn't actually serving very many requests. For the UTC day 1 June, fra had 358,928 hits, or about 4 hits per second, and today it was 478555, still only 5.53 hits per second. That's not very many. Why the load? But the load was similar across all 3 web servers.
Then I tried another larger server, toronto.lemis.com (forgetting the planned hel.lemis.com, which, it proved, wasn't available anyway) with 4 CPUs and 8 GB memory. And just when I wanted to compare performance, the load dropped world-wide.
Tomorrow? In any case, it looks as if I should be setting up a separate mail server to avoid problems with web server overload.
|
Strange message of the day
|
Topic: technology, opinion | Link here |
While setting up toronto.lemis.com, Vultr told me:
This subscription is not currently active, you cannot manage it.
Huh? More investigation showed that it's their way of saying “snapshot is still being loaded”. It's not very forthcoming with information about when the snapshot is finished. I have taken to pinging it to find out when it comes up.
| Wednesday, 3 June 2026 | Dereel | Images for 3 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
TUHSI: done!
|
Topic: technology, opinion | Link here |
Gradually the effort regarding formation of The Unix Heritage Society Inc. is reducing. We're there, after some discussion I sent out an announcement that the association had been formed. But we still have nothing much on the web site, and somehow it kept me busy again most of the day. But there's light at the end of the tunnel—as they say, most likely an oncoming train.
|
Web server issues
|
Topic: technology, opinion | Link here |
No web server overload today, load averages less than the number of CPUs. Time to get rid of toronto.lemis.com, which is just eating up money.
One thing came out of the web server overload of the last few days: I shouldn't be running mail on the same system as the web. At first I thought that I could nice the web server to make other things more responsive, but that won't help the mail system: it just looks at the load average.
But how do I set up a new mail server? Start with the smallest and increase until it can handle the load. But Vultr blocks port 25 (smtp) by default, and I have to raise a support ticket to get them to free it. It doesn't take long, but it makes testing difficult.
OK, how about a blanket freedom for that restriction? Opened a ticket, and how about that, in Vultr's inimitable markup:
You're account is set to unblock SMTP port. All you will need to do is edit your OS level firewall and open the port.
|
More bad language?
|
Topic: food and drink, language, opinion | Link here |
Seen today:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
What is it? I had asked Yvonne to buy chicken thigh fillet, and this looked relatively similar. Just a new case of bad language? That's more something I associate with Woolworths than with ALDI. But once again Google Gemini came to my aid: it's an Australian term for a deboned entire thigh, probably pronounced in a way that would make a US American wince (“Mary Land”?). So it's close enough to what I was looking for.
|
How do you cook chicken kebab?
|
Topic: food and drink | Link here |
Chicken kebabs again for dinner today. Looking back, it's clear that I haven't decided how to cook them. On November 2021 I fried them, and on October 2024 I grilled them in the “hair dryer” air fryer.
Which is better? I left the decision to Yvonne and ended up grilling them:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
One thing that I hadn't recorded before: they tend to stick to the grill, requiring some effort to remove them and leaving bits behind, which are also difficult to remove:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Frying could be better after all.
| Thursday, 4 June 2026 | Dereel | Images for 4 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
Cat destruction
|
Topic: animals, opinion | Link here |
Somehow the cats (probably only Bruno) are frustrated. This morning I found:
|
|||||||||||||||||||||||
We've been letting Bruno into the dog run after dark, when no birds can get in. But despite my attempts, he got out into the open this evening. High time to finish the netting.
|
Rain!
|
Topic: general | Link here |
The Bureau of Meteorology had forecast much rain today, between 5 and 25 mm. The number to look at is the low range: at least 5 mm. Typically we'll see forcasts of 0-3 mm, meaning no rain.
But today the weather excelled itself: 30.2 mm. And it remained cold throughout the day, barely hitting 10°. The power consumption was corresponding:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
1.82 kW PV generation, 58.82 kWh power consumption, an average of 2.45 kW throughout the day. And it was thoroughly miserable.
|
Registering with myCAV
|
Topic: technology, general, opinion | Link here |
One of my tasks as the secretary of TUHSI is to register with Consumer Affairs Victoria, with whom the association is registerered.
I wasn't looking forward to doing so, and my concerns proved justified. It started with their stupid password rules: at least one upper case letter, one lower case letter, one digit and one special character. How about “1s that OK?”? Nope, invalid password, though it exactly matches their requirements. I've seen that before: implicitly no spaces allowed. Instead they got a correspondingly insulting password, which, however, was accepted.
Then these security questions. I was allowed to create one and then choose one from their limited range, “Who is your best friend?”, for example. Again answers that nobody could guess.
And after all that, a CAPTCHA. And another. And another. Normally I give up on sites that require CAPTCHAs, but I didn't have that option this time. When by the eighth iteration I got to walking angrily (“cross walk”), I gave up and tried with chromium instead of firefox. It worked immediately. One big bad mark for the CAV webmasters, but also another indication that I should change to chromium.
OK, log in. “You have forgotten your password”. No, idiot, I just entered and copied and pasted it. You forgot my password. Reset to another even more insulting one, and I was finally able to log in, check my details, and discover that I couldn't even submit the minutes that I was supposed to submit, not until 30 JuTIFFne.
Why didn't we have anything like this when I was secretary of AUUG?
| Friday, 5 June 2026 | Dereel | Images for 5 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
More web overload investigations
|
Topic: technology, opinion | Link here |
Today I had yet another web server overload, ideal for my tests on larger VMs. It didn't work well. First I created a VM called toronto.lemis.com with 4 CPUs and 8 GB memory. After the usual eternity reading in the snapshot (of lax.lemis.com)), it was marked as “running”, but I couldn't access it. Finally found that I could access the “console” much more easily than before. But what it showed was surprising:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
It was hanging in this early part of the boot. Why did it reboot? And why did it hang in the boot? It worked yesterday. It was repeatable, always in the same place. Setting a verbose boot gave me no additional information.
OK, I'm sure that the details were exactly the same. Delete the instance, create a new one with the same dimensions. Restore the snapshot. Wait another eternity. Same thing. Delete the instance, create a new one with the same dimensions as lax. Restore the snapshot. Wait another eternity. Same thing. Create a new instance with the same dimensions as before, but restore the other snapshot (of fra.lemis.com). Wait another eternity. It worked. Delete the instance, create a new one with the dimensions that I wanted (4 CPUs, 8 GB) and restore the snapshot of fra. Wait another eternity. Worked.
This can only mean that the snapshot of lax was corrupted. Looking at the snapshot list showed an interesting detail:
|
|||||||||||||||||||||||
|
|
|||||||||
Clearly Vultr is confused. The first emblem (for fra) is the new, “sanitized” FreeBSD emblem, so it does know the OS. And the second (lax)? Looks like a CD. Could that be a clue?
No. The same emblems are displayed against the overview entries for fra and lax respectively. I was going to leave the hanging instance there and raise a ticket, but I forgot and removed it and the snapshot.
By this time I was losing track of which servers I have and what they're called. It didn't help that I chose the same name (toronto) for two different VMs, and ended up with the wrong IP addresses in the DNS zone file. But after finally getting my act together, there was some possibility that the larger toronto (4 CPUs, 8 GB memory) was less loaded than the others. But by that time the load was diminishing. And the Vultr web site didn't help: like the slowness in restoring snapshots, the site is also very slow. And the error messages don't help. What does this mean while trying to restore a snapshot?
Cannot take snapshot when server is locked
At first I thought that it happened because I aborted a snapshot restore and tried again. Only later did I see that the VM had been running all the time. So in this context, “locked” means “running”.
All in all somewhat inconclusive. About the only thing that I could confirm was that mod_evasive has not done anything useful. Am I maybe getting hits from too many different IP addresses? And clearly I should choose a different name for each instance. Playing with DNS (6 updates today alone) also showed that a large number of sites ignore a TTL of 1 second and carry on hammering the sites long after they ceased being www.lemis.com.
|
The annual sshd death
|
Topic: technology, opinion | Link here |
While syncing my photos, ran into an issue: lax.lemis.com and sin.lemis.com worked normally, but fra.lemis.com refused a connection. And yes, the same thing happened with an ssh connection. Never mind (apart from the fact that console access now works), I had a couple of windows open. And they showed that the master sshd died. Looking at /var/log/messages, I saw:
Jun 3 05:53:32 fra sshd[857]: fatal: server_accept_loop: RAND_bytes failed
What does that mean? It was trivial to restart, but it would be nice to know why it happened. And just by coincidence, the same thing happened a year ago.
| Saturday, 6 June 2026 | Dereel | Images for 6 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
Preparing for high speed Internet
|
Topic: technology, opinion | Link here |
Next week my Internet link speed will increase from 25/5 Mb/s to 250/20 Mb/s, almost a tenfold speed increase. It's worth looking back over the years at how my link speed changed:
| Date | Uplink | Downlink | ||||
| (Mb/s) | (Mb/s) | |||||
| 6 March 1992 | 0.0096 | 0.0096 | Dialup | |||
| 1 January 1994 | 0.064 | 0.064 | ISDN, date guessed | |||
| 17 July 1997 | 0.056 | 0.056 | Dialup | |||
| 18 September 2001 | 0.400 | 0.056 | Satellite down/Dialup up | |||
| 8 June 2005 | 1.500 | 0.384 | ADSL | |||
| 15 May 2007 | 3.488 | 1.500 | ADSL-2 | |||
| 18 July 2007 | 0.056 | 0.056 | Dialup | |||
| 20 December 2007 | 3.000 | 0.256 | Satellite, guessed | |||
| 12 December 2013 | 25.000 | 5.000 | NBN fixed wireless | |||
| 13 June 2026 | 250.000 | 20.000 | NBN "Homefast" |
Is it the biggest jump that I have had? No, from 56 kb/s to 3 Mb/s was much more. But I had to look back to realize that. More to the point, will it buy me anything? Twenty-five years ago we upgraded our house network from 10 Mb/s to 100 Mb/s, and only when we moved into Stones Road did we get gigabit networking in the house. Now I need it for the Internet link too, and the interface in eureka is only 100 Mb/s.
So how about the spare interface in hydra.lemis.com? It's 2.5 Gb/s. I can at least use it to check whether I can establish a gigabit link. Just reconnect the cable.
Oh:
|
|||||||||||||||||||||||
Why did I put the card there? It makes it very difficult to remove the cable. But that was the only problem I had.
Well, almost. I had to wait the obligatory 20 minutes for upstream DHCP to come to its senses, but then I had an immediate connection. Well, hydra did. What about eureka? Reset the default path to point to hydra, and it still didn't work. Oh. hydra was not set up for routing:
=== root@hydra (/dev/pts/12) ~ 56 -> sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1
And then it worked. I didn't need to change anything on the other systems. Yes, they access the Internet first via eureka and then via hydra, but that's barely a problem. Since I don't expect this to be permanent (the Internet link should really be on eureka), I won't change it.
But then I noticed that I wasn't getting mail. A quick check on lax.lemis.com, currently still mx1.lemis.com, the mail server, showed: showed
Jun 6 02:09:44 lax postfix/smtp[52420]: BC61E280B2: to=<grog@lemis.com>, relay=mx0.lemis.com[121.200.11.253]:25, delay=0.96, delays=0.08/0/0.7/0.18, dsn=4.7.1, status=deferred (host mx0.lemis.com[121.200.11.253] said: 454 4.7.1 <grog@lemis.com>: Relay access denied (in reply to RCPT TO command))
Oh. That's the external network interface, so it was talking to hydra. Why did I do that? Yet another DNS change to make mx0 to be the internal interface of eureka, and all was well
Or was it? Independently I downloaded the ACDSee Gemstone 16 installer. That worked fine, but when I tried to run it, it hung. Change the default gateway (or whatever Microsoft calls it) and all was well. Why was that?
All in all, it went relatively smoothly. I can do with more of this.
|
Rogue web clients
|
Topic: technology, opinion | Link here |
As part of my experimentation on web server load, I removed lax.lemis.com from the list www.lemis.com. Existing requests completed, but since the DNS TTL was set to 1 second, no more should have come. And indeed the server load dropped to normal proportions.
But out of interest I checked the server log. Still lots of
74.7.227.175 74.7.227.175 - - [06/Jun/2026:04:33:34 +0000] "GET /grog/photos/Onephoto.php?image=/yvonne/Photos/20200120/corto-2.jpeg&size=3 HTTP/1.1" 200 13033 "http://www.lemis.com/yvonne/photos/Photos.php?dirdate=20200120" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.4; https://openai.com/gptbot)"
And they kept on coming, always from 74.7.227.175. After two hours they were still coming:
=== root@lax (/dev/pts/5) /var/log/www 17 -> grep ^74.7.227 www.lemis.com.log | wc -l
12736=== root@lax (/dev/pts/5) /var/log/www 15 -> grep 74.7.227.175 www.lemis.com.log | wc -l
12676=== root@lax (/dev/pts/5) /var/log/www 16 -> wc -l www.lemis.com.log
12882 www.lemis.com.log
That's nearly two requests per second. Time for a firewall, which of course stopped them.
And then it occurred to me: why is sin.lemis.com so much more heavily loaded than fra.lemis.com (load average 150 vs. 4)? No firewall! Put that in and things became normal.
Why do I have to do this manually when mod_evasive should be doing this for me? In passing, it's interesting that this is from openai.com. Should I give them special (negative) treatment?
| Sunday, 7 June 2026 | Dereel | Images for 7 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
Catastrophe
|
Topic: technology, opinion | Link here |
During the night it occurred to me that I had missed one issue in my network link transition: the firewall. It was still running on eureka, but now the network link was on hydra. OK, not an issue, as long as I remember not to cut off the branch I'm sitting on. But in this case there wasn't much choice: kldload ipfw from hydra on an xterm running on hydra:0.1.
But it hung anyway! Why? Could it be that the xterm was communicating via TCP? OK, move to a vty, which doesn't. But everything hung! I had no choice but to reboot hydra! What a catastrophe.
But that was just the beginning. I couldn't access NFS file systems. Further investigation showed that DHCP had overwritten /etc/resolv.conf with Aussie Broadband's view of the world. That in itself wouldn't have been so bad: it could find the names from the Internet. But the all-important first line was missing:
search lemis.com
So it could have found, say, eureka.lemis.com, but not eureka.
I've been there before: chflags schg /etc/resolv.conf works around the problem. I should find what the real answer is.
Then I had difficulties starting X. It didn't find the second monitor, only the first, third and fourth. And there were no windows on the display, and the window managers didn't respond. But server 1 did work, and all monitors were found.
ps gave me the partial answer: the window managers were stuck in a death spiral, creating ever new ones. It seems that I had made a minor change (probably just added a & where it shouldn't have been). But that wasn't the complete answer: the .xinitrc contained:
$FVWM -display $DISPLAY -f $X/.fvwm/fvwm3rc-$me$DISPLAY.0 &
# For the moment (20260112), we only have one display
# $FVWM -display $DISPLAY.1 -f $X/.fvwm/fvwm3rc-$me$DISPLAY.1 &
# $FVWM -display $DISPLAY.2 -f $X/.fvwm/fvwm3rc-$me$DISPLAY.2 &
# $FVWM -display $DISPLAY.3 -f $X/.fvwm/fvwm3rc-$me$DISPLAY.3 &
Removing the first & got it to work, though I still needed to start the other window managers. But how did I ever get it to work? Clearly it's time to find a more robust way to start fvwm3, which really wants to have one instance to control multiple screens. But even after all that, I couldn't start a remote xterm (on eureka). I was able to connect to eureka, but it refused my ssh key. Thus the inability to start the xterm.
And then I discovered that, although I had an Internet link, I couldn't use it. Nothing even tried to go over interface re1. Investigation showed: 121.200.11.253
=== root@hydra (/dev/pts/12) /home/grog 34 -> netstat -rn
Internet:
Destination Gateway Flags Netif Expire
default link#2 US re1
121.200.8.0/22 link#2 U re1
121.200.11.253 link#3 UHS lo0
127.0.0.1 link#3 UH lo0
192.109.197.0/24 link#1 U re0
192.109.197.129 link#3 UHS lo0=== root@hydra (/dev/pts/12) /home/grog 35 -> ifconfig
re0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=60251b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6>
ether 04:7c:16:eb:66:09
inet 192.109.197.129 netmask 0xffffff00 broadcast 192.109.197.255
media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=60251b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6>
ether 40:ed:00:ec:d7:d1
inet 121.200.11.253 netmask 0xfffffc00 broadcast 121.200.11.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Why is the interface address of re1 routed to lo0, the local host interface? Removed that. No improvement. And then I realized that I still hadn't enabled IP forwarding. In the configuration, yes, but I still needed one final step:
=== root@hydra (/dev/pts/12) /home/grog 47 -> sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1
And finally most of my environment was functional.
But what is wrong with ssh on eureka? I've had difficulties before, but this is the worst. Interestingly, I could still connect from other systems, but not from hydra. Running ssh -v was interesting. On tiwi I got:
OpenSSH_8.8p1, OpenSSL 1.1.1q-freebsd 5 Jul 2022
...
debug1: Offering public key: /home/grog/.ssh/id_rsa RSA SHA256:S7sZHLcY4dgw53/rF70vrScdPuGef3enHdJzuYA1WDo agent
debug1: Server accepts key: /home/grog/.ssh/id_rsa RSA SHA256:S7sZHLcY4dgw53/rF70vrScdPuGef3enHdJzuYA1WDo agent
Authenticated to eureka.lemis.com ([192.109.197.137]:22) using "publickey".
But on hydra I got:
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: Fssh_compat_banner: match: OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 pat OpenSSH_6.6.1* compat 0x04000002
...
debug1: Offering public key: /home/grog/.ssh/id_rsa RSA SHA256:S7sZHLcY4dgw53/rF70vrScdPuGef3enHdJzuYA1WDo agent
debug1: send_pubkey_test: no mutual signature algorithm
...
debug1: Next authentication method: keyboard-interactive
(grog@eureka.lemis.com) Password for grog@eureka.lemis.com:
What's that “no mutual signature algorithm”? Google Gemini tells me
Your SSH client is brand new (OpenSSH 8.8 or later), which disables SHA-1 by default, while the remote server is older and only knows how to use SHA-1 for RSA keys.
But that was only part of the story. Yes,tiwi's ssh is older, but still (coincidentally) version 8.8, and the software on hydra hasn't changed. But I've had other issues with eureka, running:
OpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015
And there seem to be key mismatches that make ed25519 fail. Time to look more carefully, also at this ssh-add bug that has bitten me again today, as Warren Toomey informs me: it was on a tuhs.org system.
Other loose ends: could it have been a firewall issue that stopped ACDSee Gemstone 16 from installing yesterday? Maybe they had chosen a protocol that I didn't allow. And then, for reasons that evade me, tiwi:/home/grog/public_html, a symlink to eureka:/home/grog/public_html, just disappeared. Like the initial failure of screen 1, I suppose I will never know.
|
Mushroom season
|
Topic: gardening | Link here |
Seen walking the dogs today:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
What is it? It bears a resemblance to Amanita muscaria, but it doesn't seem to be one. And we have a surprising number of smaller ones coming up in our garden:
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
| Monday, 8 June 2026 | Dereel | Images for 8 June 2026 |
| Top of page | ||
| previous day | ||
| next day | ||
| last day |
|
Fake Udon noodles
|
Topic: food and drink, opinion | Link here |
We ate asparagus over the weekend, leaving the hard ends of the stalks behind. From experience they can be fried and eaten with noodles, with the exception of maybe that last 5 to 10 mm. And I also found some Udon noodles in the fridge:
|
|||||||||||||||||||||||
Where did I get them? They were made in 22 December 2025, so it can't be very long ago. Or at least, that's what I thought. To my surprise, Google translate was able to decipher the dot matrix Chinese script:
|
|||||||||||||||||||||||
“Best before”. OK, they have to do. Asked Google Gemini for a recipe, but it was surprisingly uninteresting: noodles, “protein”, soya sauce, shiitake mushrooms, asparagus. Nothing out of the ordinary for my normal breakfasts.
In the end, I improvised:
| quantity | ingredient | step | ||
| 6 g | Shiitake mushrooms | 1 | ||
| 45 g | beef | 2 | ||
| 12 g | Spring onions | 3 | ||
| 41 g | Asparagus ends | 3 | ||
| 3 g | Dried chili | 3 | ||
| 15 g | Garlic | 3 | ||
| 200 g | Udon noodles | 4 | ||
| 35 g | Miso | 5 | ||
| 21 g | Soya sauce | 5 | ||
| 10 g | Dark soya sauce | 5 | ||
| 10 g | Oyster sauce | 5 |
The result was relatively predictable:
|
|||||||||||||||||||||||
A little salty maybe. Is there salt in the enhanced Miso that I used? And maybe the chili wasn't such a good idea after all. About the only other thing of interest was that the noodles were almost inseparable, and many just broke off. I have something in the back of my head that they should first be heated in a microwave oven. I should try that next time.
|
More tidy-ups
|
Topic: technology | Link here |
Yesterday's catastrophe had long consequences. One of the strangest was that I ended up with a couple of circular symlink loops on eureka: public_html/public_html and public_html/programs/emacs/emacs, each a self-referential entry. How did that happen? eureka wasn't even involved, but I had seen yesterday that tiwi had lost a symlink to eureka. Are there more?
And then I still can't get ssh to behave correctly on eureka. Yes, it's old and out of date, but somehow all the advice doesn't help. It starts with this entry in /etc/ssh/sshd_conf:
# PubkeyAcceptedKeyTypes=+ssh-rsa
Yes, the # indicates that it's commented out. But it's supposed to indicate the default, and the entry didn't even exist at the time! A lot of searching showed that I had added it in September 2025, the last time I tried to solve this problem.
But one thing was clear: I should be using the ed25519 key. Much experimentation resulted in failure. Yes, ssh on hydra presented the key, but sshd on eureka seemed to ignore it, although it was set up to accept it. Why?
Two hours messing around got me no further. Install a new version of ssh? How do I do without upgrading the system, which I really don't want to do?
|
To-do list
|
Topic: technology, history | Link here |
It's clear that I have a lot of things to clear up to get fix my various configurations. Time for a file, with a name like todo.
Oh. It exists. The contents are interesting:
Telstra
Call Dad
Doctor
Aligi
Tandem chapter
Heise subscriptions
Particularly “Call Dad” is strange. He's been dead for over 17 years. And the other items look similarly ancient. But the file is that old:
=== grog@eureka (/dev/pts/2) ~/public_html 18 -> l todo
-rw-r--r-- 1 grog lemis 130 22 Mar 2008 todo
Clearly it didn't help much then, or I would have removed the items. Will it help now?
| Tuesday, 9 June 2026 | Dereel | Images for 9 June 2026 |
| Top of page | ||
| previous day |
|
Still more web site load issues
|
Topic: technology, opinion | Link here |
Whatever it was that was hammering my web sites has gone, either away or into hiding. My two current sites, fra.lemis.com and sin.lemis.com, were almost idle.
In fact, sin was idle. It wasn't logging any requests at all. But it was active: I was able to access it perfectly normally under the name sin, and it was one of the addresses for www. tcpdump showed that it was receiving some traffic on port 80 (http), but they weren't being logged by the server, neither as hits nor as errors. What's going on there? Did I make some subtle change that I didn't notice?
One way to find out: take another snapshot of fra and move it to Paris (cdg.lemis.com) and see what happens. After the eternity to get it running, the same thing happened there: almost no hits. It wasn't the DNS: I had updated my zone file to include cdg in the www list, but it didn't seem to sink in. And the TTL was 1 second, so it should have been almost immediate.
But what about lax? The web server was still running there, though it was no longer on the www list—and it was still getting hits, days after being removed from DNS! It looks as if many clients, notably the ones that I want to throttle, are not paying much attention to DNS updates. Still, at the moment things are relatively calm. I can do some more thinking about how to handle the next overload. One might be a large server to handle the transient load.
|
More symlink pain
|
Topic: technology, opinion | Link here |
I've noticed a number of strangenesses about symlinks: some went away, some tied themselves in knots. And it's not over yet. teevee:/home/grog/Photos was once a symlink to eureka:/Photos/grog, but it was gone. Why is this? Nothing seems to have had anything to do with my problems on hydra.
But definitely the worst was that /Photos had a symlink /Photos/grog/Photos pointing to /grog/Photos. This morning, after 24 hours or so, my nightly photo backup failed:
rsync: readlink_stat("/Photos/grog/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/Photos/20230930/Hugin/e-from-house-9.tiff") failed: Too many levels of symbolic links (62)
By that time it had filled the 16 TB disk with copies—I must find a way to ensure that rsync copies links rather than entire files—and it took me much of the morning to remove them again. I wonder what other dangers lurk.
|
More ssh strangenesses
|
Topic: technology, opinion | Link here |
Yesterday I failed to get sshd working correctly on eureka. All the more surprising that today I saw:
eureka: Warning: Permanently added 'cdg.lemis.com' (ECDSA) to the list of known hosts.
That was connecting from eureka to cdg. But the connection in the other direction still failed. I wish I knew what is going on here.
|
M.Zuiko 150-600?
|
Topic: photography, general, opinion | Link here |
I'm still lusting after an OM System M.Zuiko Digital 150-600 mm lens, one of the longest super-telephoto lenses available, corresponding to 300-1,200 mm on a “full frame” camera. And with a 2x teleconverter it would get a “full frame” equivalent focal length of 2,400 mm.
But do I need it? I already have the Leica Vario-Elmar 100-400 mm lens. Do I really need another one? At the very least I can investigate.
First, how do the lenses compare? Thomas Eisel produced a useful comparison video, comparing the 300 mm prime, the 150-400 mm lens that I tried last year, the 150-600, the 100-400 mm and the 75-300 mm lens, which he put in that order. He didn't mention my Vario-Elmar, though I have heard that it would come behind the 100-400 mm M.Zuiko. Apart from considerably better image quality, it also has considerably better image stabilization, about 4 EV better than the Olympus 100-400, and probably even more than the Vario-Elmar (Panasonic/Leica are too polite to mention the value). So from that point of view, it sounds like a good choice. The question remains: do I need it? Interestingly, it's also useful as a macro, and I've run into issues with close-ups of small, distant things, for which it could be useful.
The other question is: where can I get one cheaply? From time to time I look at things on Buyee, and sure enough, there's one available in good condition for 288,000 ¥, about AUD 2,550. But can I trust them? There are additional prices: Buyee commission (“Proxy Service Fee", about $3 to $5 US), shipping and Australian GST (10%).
How much is the shipping? They don't divulge the exact prices, which depend on size and weight, but they could be reasonable. All in all I should still be under AUD 3,000. And the next cheapest is $2,732 from Japan, a more reliable sum. That corresponds to about $3,005 after GST. Both of these are used. Or I could buy a brand new one for $3,505 in Australia, with Australian warranty.
Which do I choose? Buyee still sounds suspicious to me. The item in question is interesting:
|
|||||||||||||||||||||||
Only listed 40 minutes ago! But I saw it yesterday! Now maybe they automatically renew if they don't sell, but it seems fishy to me.
There's a solution to all this, of course: don't buy anything. But it's interesting to note that I have been quoted $3,689 for the current version of the Vario-Elmar. That's over double the $1,628 that I paid nine years ago.
|
Larissa
|
Topic: animals | Link here |
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Do you have a comment about something I have written? This is a diary, not a “blog”, and there is deliberately no provision for directly adding comments. It's also not a vehicle for third-party content. But I welcome feedback and try to reply to all messages I receive. See the diary overview for more details. If you do send me a message relating to something I have written, please indicate whether you'd prefer me not to mention your name. Otherwise I'll assume that it's OK to do so.
| Top of page | Previous month | Greg's home page | Today's diary entry | Greg's photos | Copyright information |
