Two weeks ago, the VPS that hosts this site moved to a machine that had been patched for the Spectre vulnerabilities. Immediately, I began receiving warnings about high load, and these alerts continued unabated for over a week. I tried moving services to other hosts, and I reduced the resources allocated to nginx and php-fpm, all to no avail.
As I continued to monitor and debug the situation, fail2ban regularly appeared among the top resource consumers, but I didn’t think much of it; fail2ban has always been a voracious resource user, but it’s an indispensable tool, so removing it wasn’t an option.
When using DHCP, most routers allow individual IPv4 addresses to be assigned to specific devices. In my case, I do so for my Raspberry Pis, making Home Assistant accessible at a domain name rather than trying to remember an IP address.
Earlier today, I switched from custom PHP builds to sury.org's PHP 7.2 builds. I've been using his builds on my Photon server for some time now, and I've lost interest in maintaining my own builds, so this seemed like a natural progression.
Previously, I used curl to trigger dyndnsd updates via my Raspberry Pis. This worked well for many months, but lacked IPv6 support as dyndnsd was interpreting my IP from the request. Fortunately, the daemon accepts parameters for IPv4 and IPv6 addresses, so I wrote a Go program to handle regular updates. It still relies on cron, but passes explicit IP values and moves all options to a configuration file.
Yesterday, after moving my GitLab instance, I noticed that the public clone of my Home Assistant configurations was a bit stale, so I decided that it was time to refresh.
In so doing, I also discovered that I was a few releases behind (three, to be exact), and that those intervening releases included several breaking changes. Fortunately, updating my configurations to support Home Assistant 0.57.3 also resolved several longstanding bugs.
After a few successful months of testing Packet.net, I've once again moved git.ethitter.com. The decision was purely financial–my GitLab instance doesn't receive enough traffic to warrant Packet.net's pricing. As far as reliability and value were concerned, Packet.net was excellent. I would've appreciated built-in backups, but otherwise, I have no complaints about the service.
It will likely come as little surprise that git.ethitter.com is back on Linode. Compared to Digital Ocean, Linode is slightly more-generous with its resources, and GitLab wants all the resources it can get.
The migration itself was quite easy, with most of the time was spent preparing the server; GitLab's backup/restore process did most of the hard work. Now I just have to finish the ancillary setup, like monitoring.
Friday was my last day at Automattic. Leaving was one of the more-difficult decisions I’ve ever made, but I was ready for a new challenge; regardless, I never thought this day would come. I will dearly miss my former colleagues, and it will take some time to adjust to not being an Automattician.
Since I made my announcement, the question has been, “What’s next?”
Well, I’m beyond excited to announce that I joined Alley Interactive as a Principal Software Developer. Being a VIP Featured Partner, I’ve reviewed and appreciated Alley’s work from Automattic’s side for some time; I’ve also known several of their staff for a few years, and working with them seemed a natural fit.
Not being one to rest, I started at Alley yesterday. 🎉
My well-documented impatience extends to my mobile device, an unlocked Nexus 6 on Verizon. While I generally received Google’s updates in short order, this was not always the case. To my relief, Google releases the same updates carriers deliver to their subscribers, allowing me to update my device at my convenience. Continue reading Impatiently updating my Nexus 6
With 40 domains–plus a half dozen certificates–to track, I added the DomainMOD tool to my repertoire. Its API integrations, in particular, made it an appealing choice, as I had little desire to manually enter so many details. After three months, I’m quite pleased with my decision.
Installation was as straightforward as a git checkout, creation of a MySQL table, and the addition of a server block to my nginx configuration. With DomainMOD successfully running, I configured it to use my mailserver, then got to importing my domains.