Blog on Mysterious Code - Your AWS & DevOps consultants

Mysterious Code at Cloud & AI Infrastructure event – Meet Us at Tech Show London 2025!

Tue, 18 Feb 2025 11:00:00 +0000

We’re excited to announce that Mysterious Code will be part of Cloud & AI Infrastructure event at Tech Show London 2025!

Join us at ExCeL London, Stand CE115, on March 12-13, 2025, where we’ll be diving into all things AWS infrastructure — from cloud-native applications and DevOps automation to security reviews and cost optimization. Whether you’re looking to scale efficiently, strengthen your cloud security, or streamline operations, our team is ready to help.

Let’s connect and explore how AWS can power your business!

📍 Where: ExCeL London, Stand CE115
📅 When: March 12-13, 2025

Want to set up a meeting? Drop us a message

Mysterious Code Ltd is now part of AWS Public Sector Program

Fri, 19 Apr 2024 15:00:00 +0000

As a member of the AWS Public Sector Partner Program, Mysterious Code Ltd will leverage its expertise to empower government, education and nonprofit entities with secure, scalable, and compliant cloud solutions built on AWS infrastructure. By combining AWS’s industry-leading cloud platform with Mysterious Code’s specialized knowledge and experience, public sector customers can expect enhanced capabilities in areas such as data security, compliance, and cost optimization.

Automatically updated docker image for cfn-lint

Thu, 18 Apr 2024 15:00:00 +0000

If you’re using CloudFormation, you probably know about cfn-lint - a linting tool created by the CloudFormation team to validate templates against the schema and best practices. Validating each template before deployment is in itself actually considered a best practice by AWS. However, simply using validate-template in the Console or CLI only validates the basic syntax of the template, not the actual contents and resource specification. That’s where using a linter like cfn-lint can be helpful to make sure you’re not making any obvious mistakes or going against best practices in your resources.

You can use cfn-lint in a number of ways during development, including simply within command-line, using git pre-commit hooks or as a plugin to your IDE. All those options, while helpful in day-to-day work, do not establish code quality standards for your overall codebase. To do that, it’s ideal to include linting as part of CI/CD pipeline and/or pull/merge-requests approval process.

That is where you can come across a hurdle: cfn-lint does not have an official, up-to-date docker image

Deploying AWS GuardDuty with CloudFormation for Master and Member accounts

Tue, 01 May 2018 15:21:00 +0000

AWS GuardDuty analyses various events happening on your AWS account and can notify you when suspicious activity takes place. Right now, GuardDuty is specific to a region and needs to be enabled in each region you want to monitor (though AWS recommends you enable it in all regions to ensure global actions are monitored). Going through GuardDuty console in every AWS region can be a daunting task, and quite time consuming if you have multiple AWS accounts which you’d like to connect into Master-Member setup. Luckily, CloudFormation supports enabling and setting up GuardDuty detectors, so you can use it to make it a little bit less painful.

Don't panic! False-positives from GuardDuty and Network Load Balancer (NLB)

Tue, 20 Mar 2018 09:00:12 +0000

If you’re keeping in touch with new services provided by AWS, you probably heard about new security monitoring tool: GuardDuty. You probably also noticed a whole new family of Elastic Load Balancers (v2), which includes Network Load Balancers (NLB). Deploying those two new services may generate some unexpected results - and here’s why.

Need help with Amazon Web Services (AWS)?

Mon, 19 Mar 2018 00:22:09 +0000

Thinking of moving into the Cloud or already in it, but have some questions? We are happy to help! No question is too big or too small - we can offer help extending, modifying, auditing and optimising costs of your AWS operations. Whether you have a one-off problem, or need ongoing support, get in touch and we’ll find the answer for you.

Examples of problems we’ve already solved for our clients:

Complete code: automated EC2 snapshots and retention management

Sun, 11 Mar 2018 23:22:07 +0000

Creating snapshots from EBS drives attached to your EC2 instances is the most basic way of backing up your data. While you have to be cautious when snapshotting running EC2 instances without restart, doing it regularly is a base of many disaster recovery plans. In the latest update to aws-maintenance repo on GitHub you’ll find a complete code and CloudFormation template that will make this as painless a process as possible.

Cross-region RDS recovery: encryption and Aurora support

Sat, 03 Feb 2018 00:45:22 +0000

After my previous post about a complete code for automated RDS cross-region backup copy, some issues and new feature requests have been raised on GitHub (thanks for that!) - and with your help, support for encrypted RDS instances and Aurora Clusters have now been added!

Complete code: cross-region RDS recovery

Thu, 28 Dec 2017 00:12:46 +0000

After posting the previous post on this topic (Copying RDS snapshot to another region for cross-region recovery) , I noticed a lot of people being interested in using the code I provided as an example. Many were not sure how to make use of it, and after a couple of pull requests it became obvious that a complete, fully-working code and CloudFormation template would be a good idea. So, yesterday, I pushed an update to aws-maintenance repository with a fully working code, which you can easily customize via CloudFormation parameters to match your needs.

Sharing encrypted AMIs between AWS accounts (using Python and boto3)

Thu, 02 Nov 2017 18:00:08 +0000

Each Amazon Machine Image (AMI) holds information of the volumes and snapshots of those volumes that should be attached to instances created from that AMI. To protect the data on those snapshots, you can choose to encrypt them using KMS. Encrypting your data at rest is generally a good idea, though many companies choose to avoid encrypting their snapshots, because sharing such snapshots between different AWS accounts (for example, Test and Production accounts) can be difficult. That’s why I’m sharing details on how to make this as easy as possible (and automated!).

Enabling global API Gateway stage logging using CloudFormation

Tue, 18 Jul 2017 09:42:49 +0000

Enabling logging in API Gateway for your stage is fairly easy. You go into the Console, setup a role for API Gateway to use for logging, find the stage and enable logs. It will enable logging for all methods within that stage. Doing the same configuration using CloudFormation is not completely obvious though, as the stage object’s MethodSettings property seems to allow you to only do that for a specific resource and method.

Using Magical Dictionaries to manage long CloudFormation templates with Troposphere

Wed, 05 Jul 2017 15:09:03 +0000

When deploying infrastructure with CloudFormation, at some point you will reach a moment when your CloudFormation JSON or YAML file is just too big. It will be too long to get a good overview of what’s in it, manage parameters and all dependencies between resources within the template. Nested stacks may be a solution, but if sometimes you can’t/won' t/don’t use them for whatever reason (for example, it will get to complicated to manage tested stacks or their contents are not reusable between other stacks).

Even if you’re using troposphere to generate your templates, you’ll face the same issue - a very long Python file. Luckily, if you are using troposphere, you’re inherently using Python - which means you can take advantage of it.

Want to get in touch? Meet us at events this month!

Fri, 09 Jun 2017 10:00:30 +0000

Fancy getting in touch with us? Have a question or what to know a bit more about our work? June is the month of conferences in London, and we will be attending them! Here are the details where and when to meet us:

Video course: Exploring AWS Instances, Networking, and Databases

Wed, 07 Jun 2017 06:00:28 +0000

Interested in getting a bit more hands-on with AWS? My first video course prepared with Packt Publishing, exploring server-based (more “classic”) AWS components, like EC2 instances, VPC, RDS, ElasticCache, S3 and even ECS and ECR for running docker containers has been published!

The course is meant for people who have used AWS before and have basic familiarly with their services and would like to get their knowledge onto “the next level” (maybe a more practical one!). I tried to include bits of know-how, various tips and tricks and gotchas that I found during my experience with AWS so far.

If you’re interested, check out the course on Packt Publishing website!

Controlling access to AWS ElasticSearch Service clusters with IAM

Mon, 05 Jun 2017 10:00:52 +0000

When using AWS ElasticSearch Service, you have multiple ways of controlling access to your cluster. AWS Console gives you some pre-set policies you can use, but the ways of access can be confusing. Using the IP-based access, you can allow access from your EC2 instances. But what if you want to access your cluster from a Lambda?

S3 bucket permissions: what does "everyone" mean?

Wed, 10 May 2017 20:47:05 +0000

On more than one occasion I have seen S3 bucket policies set for the predefined users groups: “Everyone” and “Any authenticated AWS user”, but rarely has it been done with understanding of what those groups actually mean. So, if you’ve ever set (or thought of setting) permissions for those, please read on.

Comparsion of Ansible and Puppet exams by Red Hat

Fri, 21 Apr 2017 12:26:11 +0000

I had an opportunity to take both exams related to those two most popular automation and configuration management frameworks. Here are some thoughts about the Red Hat’s 405 (Puppet) and 407 (Ansible) exams.

Granting privileges using MAC Framework

Mon, 17 Apr 2017 14:41:00 +0000

FreeBSD’s kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I’ll show how to leverage it to grant access to specific privileges to group of non-root users.

Intrusion detection and prevention with AWS Lambda and DynamoDB streams

Wed, 05 Apr 2017 10:00:07 +0000

Intrusion detection system (IDS) and intrusion prevention system (IPS) tend to be expensive and complicated. In AWS, you can go for much simpler solution - WAF. But that requires you to use Application Load Balancer or CloudFront. But even with WAF, you have to manage a list IP addresses of attackers that should be blocked. Or, if you only ever need to block single IPs for short periods of time, NACLs may be a much easier option! Here’s a walkthrough on how you can implement a terribly simple (yet very powerful) intrusion detection and prevention in AWS with Lambda and DynamoDB Streams for a web application.

Update on the deadline for AWS Specialty Beta exams

Mon, 03 Apr 2017 10:00:07 +0000

If you’re still waiting for the results of the AWS Specialty Beta exams (Security, Big Data or Networking), you are not alone. The results and final versions of the exams were supposed to be released at the end of March. But March came and went, and we only got one small update from AWS.

AWS Certified Solutions Architect vs DevOps exams - my subjective comparison

Mon, 27 Mar 2017 10:00:55 +0000

Last week, I finally had the time to schedule my AWS Certified Solutions Architect - Professional exam, which I passed on Saturday. It’s been a while since I did the other AWS Professional level (DevOps) certificate, but I thought I’d share my take on how the exams compare.

My thoughts on RedHat's EX403 exam

Mon, 20 Mar 2017 10:00:16 +0000

I’ve recently gained the Certificate of Expertise in Enterprise Deployment and Systems Management after passing EX403 . I took the exam in the City of London as an individual session - this time on KOALA - Kiosk On A Laptop. On the RedHat’s site the exam is advertised to take three hours but after starting the exam I found that the clock shows four hours.

Bug in KMS: encryption key that cannot be deleted

Mon, 06 Mar 2017 10:00:24 +0000

Recently, I noticed a weird KMS key on an AWS account - what was weird about it, was the fact that it wasn’t marked as AWS-managed key, but no-one (not even root) could delete or modify the key!

Creating Elasticsearch Domain did not stabilize - can't create AWS Elasticsearch 5.1 with CloudFormation

Fri, 17 Feb 2017 12:19:59 +0000

Recently AWS announced support for Elasticsearch 5.1 in their Elasticsearch Service. Today, I tried to upgrade an existing CloudFormation stack, previously using Elasticsearch 2.3, to the new version and, after a very long wait, CloudFormation rolled back the stack with the following error: “Creating Elasticsearch Domain did not stabilize”. Here’s what I did to solve it.

Sandboxing the hypervisor

Wed, 15 Feb 2017 20:13:41 +0000

I’m pleased to announce that bhyve, the FreeBSD’s hypervisor, is now sandboxed using Capsicum framework.

How to tag Redshift clusters (and others) in one place in AWS Console

Fri, 03 Feb 2017 10:00:18 +0000

Management page of Redshift in AWS Console does not currently allow you to add or modify tags on your clusters. That doesn’t mean that Redshift resources cannot be tagged - almost everything from clusters to parameters groups can be tagged through the Tag Editor.

Magic of dictionaries in Python

Mon, 30 Jan 2017 17:23:59 +0000

Python supports well known data types, like lists and dictionaries that are easy to use. But can you cheat interpreter to use easier semantics to access dict data?

Bypassing CloudTrail and CloudWatch monitoring of AWS API

Mon, 23 Jan 2017 21:13:14 +0000

Since AWS released CloudWatch Logs and allowed for automated streaming of CloudTrail events into CloudWatch, monitoring API usage with CloudWatch metrics and alerts has become increasingly popular. It’s incredibly easy to set up and add custom alerts on almost any API event. But is it actually going to notify you when an unauthorized person gains access?

Simple MAC policy in FreeBSD

Mon, 16 Jan 2017 22:24:05 +0000

Mandatory Access Control (MAC) Framework is one of the less known FreeBSD features. Let’s take a look on how to use it.

Adding more nodes to Redshift cluster doesn't always mean you get more space

Fri, 13 Jan 2017 17:33:03 +0000

AWS Redshift is a big data storage (“data warehousing”) solution for analytics. Based on PostgreSQL 8, it can combine up to 128 largest nodes, giving you 2 petabytes for your data. Well, almost. You don’t get ALL that for your data.

Capsicum helpers

Fri, 06 Jan 2017 20:44:01 +0000

Sandboxing applications using capsicum can sometimes lead to repeating some common patterns and duplicating large amounts of code. Fortunately there is an easy solution.

AWS S3 storage classes pricing is not what you think

Mon, 02 Jan 2017 10:00:45 +0000

Since publishing this post, AWS reached out to us about the RR pricing. See bottom of the post for the update.

When storing data in S3, at some point everyone asks the question about storage classes. At first glance it looks more or less simple - if you’re accessing your data less often, or it’s not very important, you can pay less. Until you look into details, find all the asterisks and compare the actual numbers.

First thoughts after AWS Certified Security - Specialty BETA exam

Mon, 19 Dec 2016 13:31:58 +0000

Last week I made an attempt at passing one of the new AWS Specialty exams - Security.

Why I give to FreeBSD Foundation

Fri, 16 Dec 2016 11:47:12 +0000

When the year comes to and end, it’s the final chance to help your favourite open source project!

DHCP implementation in... PHP

Mon, 12 Dec 2016 09:00:29 +0000

PHP is not usually used to implement network services - and generally for good reasons. Not because it can’t be done, but rather because it’s not what it was meant to be used for. Although, if you think that PHP simply can’t be used for anything other than serving your blog, think again. Because my DHCP implementation in PHP seems to work quite well!

Yet another utility capsicumised!

Fri, 09 Dec 2016 21:49:50 +0000

I’m pleased to announce that the work on sandboxing the dd utility using Capsicum framework has been successfully completed and from today it’s available in FreeBSD-CURRENT.

Using PGP keys from YubiKey as SSH RSA keys on MacOS

Mon, 05 Dec 2016 10:00:14 +0000

Recently, I became a fan of YubiKeys - hardware encryptions keys used for storage of PGP keys, FIDO U2F (two-factor authentication) and more. The PGP keys stored on the device can also be used as RSA keys for SSH authentication. The setup is quite simple on MacOS.

First thoughts on Amazon Lightsail

Fri, 02 Dec 2016 20:22:05 +0000

On the last AWS re:Invent in Las Vegas Amazon introduced several new products. One of them is Lightsail - a simply priced solution dedicated to VPS fans. But is it really Digital Ocean killer?

What you need to know before using Packer's automatic spot instance biding

Mon, 28 Nov 2016 20:37:05 +0000

Packer has the ability to auto-bid on spot instance prices for AWS EC2 but there are two things that you need to understand that may discourage you from using that feature.

Best two-factor authentication (2FA) for Wordpress

Fri, 25 Nov 2016 21:35:13 +0000

When securing your Wordpress installation, there’s an abundance of tasks to be performed. One of them, and a very important one, is enabling two-factor authentication for all users. Most popular way of doing that is by using a plugin that works with smartphone apps, like Google Authenticator - but from what I saw those are either quite poor or require a payment to use for more than one user. Recently, a new player has come to the scene, and they’re making quite a stir.

Deploying API Gateway and Lambda with CloudFormation

Mon, 21 Nov 2016 10:00:32 +0000

Combination of AWS API Gateway and Lambda functions is a flag example of every “serverless infrastructure”. When deploying API Gateway with CloudFormation there are two different ways you can define your API: via Swagger template or by directly defining your methods in CloudFormation template.

NAT, pf & jails

Fri, 18 Nov 2016 16:53:21 +0000

Sometimes you want to use jails on the same hosts that do the NAT. That of course isn’t by any means a complicated task and pf can do that very easily. The problems begin when you want to connect from one jail to a NATed IP (in the example 192.168.122.251) to a port that is redirected to another jail on the same system. Here is one of the solutions.

What's broken when deploying Lambda and API Gateway via CloudFormation

Mon, 14 Nov 2016 19:22:45 +0000

AWS Lambda and API Gateway are becoming synonymous with “serverless infrastructure” and getting more and more popular. To deploy them in repeatable way, one of the tools I recommend is CloudFormation. There are many ways you can define your API and your Lambda, but when connecting the two with CloudFormation there’s usually something that many people miss, and only notice when {"message": "Internal server error"} is thrown from their API Gateway endpoint.

Packer, Ansible, CentOS and requiretty

Fri, 11 Nov 2016 10:00:42 +0000

If you’ve tried running Packer with CentOS on AWS, you probably noticed this:

 sudo: sorry, you must have a tty to run sudo

Protecting against PHP shells

Mon, 07 Nov 2016 10:00:01 +0000

The less known feature of PHP is the option to disable certain functions and classes. It may help securing your application and web server by blocking rarely used, from the perspective of pure web experience, functions.

How to deploy Wordpress in AWS

Fri, 04 Nov 2016 10:00:02 +0000

I’m not talking about launching an EC2 instance, uploading the zip with WordPress and going through the installer. I’m talking about immutable infrastructure, scalable, self-healing setup of WordPress within AWS.

Capsicum and bhyve

Mon, 31 Oct 2016 10:00:53 +0000

Ever wondered how to protect your host from malicious activity in vm guests? How to keep parts of the hypervisor running in userspace from being a source of access to underlying host? One of the layers can be sandboxing the hypervisor itself!

Hi Fitbit, congrats on learning how to use CSRF tokens (almost)!

Fri, 28 Oct 2016 10:00:20 +0000

I got my first Fitbit tracker a couple of years ago and I’ve been a loyal Fitbit user since - I’m currently on my 3rd tracker and my family has them too. Very quickly I became interested in getting a bit more information out of my data, charting it across other health data I have available - so I went on to Fitbit’s website, as I was quite sure they must have an API, right? Yes, they do. And yes, I can use it for free. Because, as Fitibit says, “your data is yours”. Awesome. And then it turned out it’s not as much “my data” as “my totals”. Fitbit’s public API could only give me aggregated data for each day, total number of steps each day, averages, etc. I wanted to get a count of my steps for each 5-minute period, the same as I can see on Fitbit’s dashboard when I log in. It turned out that was not possible, unless I had a commercial application, submit a request to Fitbit, and they decide it’s worth it. Boo. (Please refer to the bottom of this post for a note of the state of the API today)

SELinux, confined users and Systemtap

Mon, 24 Oct 2016 10:00:03 +0000

While we’re waiting for CVE-2016-5195 to be patched, RedHat released a workaround for the most common form of the exploit being run in the wild. It uses systemtap to block access to mem_write function.

I wanted to apply it and started tests, only to find that stap returned EPERM while loading the module! As I’m running with SELinux enabled, I checked the /var/log/audit/audit.log. Surprisingly there was no AVCs with deny! Although most of the calls are audited, you can mark some to be silently dropped by audit. You can disable that filter using semanage dontaudit off. I run stap again and… bingo!

Copying RDS snapshot to another region for cross-region recovery

Fri, 21 Oct 2016 10:00:17 +0000

For an updated ready-to-use CloudFormation template of this code, see newer post: Complete code: cross-region RDS recovery .

Amazon RDS is a great database-as-a-service, which takes care of almost all database-related maintenance tasks for you - everything from automated backups and patching to replication and fail-overs into another availability zones.

Unfortunately all of this fails if the region where your RDS is hosted fails. Region-wide failures are very rare, but they do happen! RDS does not support cross-region replication at the moment, so you cannot simply create a replica of your database in another region (unless you host the database on an EC2 instance and set up the replication yourself). The second-best option, to make sure you can restore your service quickly in another region, is to always have a copy of your latest database backup in that region. In case of RDS, that can mean copying automated snapshots. There is no option for AWS to do it automatically, but it can be easily scripted with AWS Lambda functions.

FreeBSD on Raspberry Pi 3!

Mon, 17 Oct 2016 10:00:03 +0000

On Friday, 14th October, Oleksandr Tymoshenko committed an initial support for RPI3 into FreeBSD. The system is able to boot in multiuser mode with single processor. SMP is being actively worked on. For now, only the on-board Ethernet chip is supported and we will need to wait awhile for a WiFi and Bluetooth support. The port is quite usable, and what’s more interesting - it’s full 64bit!

How I passed Red Hat Certificate of Expertise in Ansible Automation exam (EX407)

Fri, 14 Oct 2016 10:00:38 +0000

I have recently passed Red Hat’s EX407 (Red Hat Certificate of Expertise in Ansible Automation exam) and I wanted to share my experience for anyone else who might be looking into getting that certificate. At the time of my exam, I was only a second (publicly visible) person in the UK who had that certificate. Probably because it was only made available in summer this year.

Capsicum: add some spice to your FreeBSD

Mon, 10 Oct 2016 10:00:08 +0000

Application sandboxes are getting more and more popular. There are multiple schools and implementations. Let’s see how to use the FreeBSD’s Capsicum.

Deployment pipeline, part 3: deployment onto an environment

Fri, 07 Oct 2016 10:00:01 +0000

The purpose of every deployment pipeline is… a deployment. So this final part of the series, will focus on just that. If you missed the intro, check out the video where I describe a typical pipeline here. You can find the other parts of this series, by checking out the tag ci-pipeline-series .

Once we create an AMI that we’d like to deploy, performing a rolling update on existing instances is fairly easy. Usage of Auto scaling groups and CloudFormation makes it even easier - since AWS Auto scaling groups support the rolling updates out of the box.

Or, if your applications requires blue-green deployments, using CloudFormation is almost essential.

Deployment pipeline, part 2: build phase

Mon, 03 Oct 2016 09:00:58 +0000

Welcome to the second part of my series on deployment pipelines. If you missed the intro, check out the video where I describe a typical pipeline here. You can find the other parts of this series, by checking out the tag ci-pipeline-series.

After the test phase of the pipeline, once the quality of the code has been checked, we must build a deployable artefact for this version (commit) of the code. In case of AWS, this would be an AMI (Amazon Machine Image), which can then be deployed as a new instance in our environment.

Deployment pipeline, part 1: test phase

Fri, 30 Sep 2016 10:00:10 +0000

Welcome to the first part of my series on deployment pipelines. If you missed the intro, check out the video where I describe a typical pipeline here.

First step of a deployment pipeline, is usually a series of tests. After a commit is made, the code is checked out from the source code repository and tested. Those are usually code style tests and unit tests.

ELB ProxyProtocol with CloudFormation

Mon, 26 Sep 2016 10:12:42 +0000

When using AWS Elastic Load Balancer with TCP listeners (not HTTP or HTTPS), the biggest problem faced by many people is the lack of client’s IP address. Since it’s TCP which works on a lower layer, the ELB does not add the X-Forwaded-For header (like it does for HTTP and HTTPS). For some time, this meant that if you used those listeners, you had no way of getting the original client’s IP address.

Typical CI deployment pipeline - overview

Fri, 23 Sep 2016 00:02:37 +0000

More details on each deployment phase with examples, will be posted at our blog over the coming weeks, so check back soon.

How to validate CloudFormation template with AWS CLI

Fri, 16 Sep 2016 16:33:36 +0000

Validating your template before uploading it to CloudFormation to create resources is probably the best thing you can do to avoid the dreaded UPDATE_ROLLBACK_IN_PROGRESS status.

This can easily be done without creating the stack, by using the validate-template AWS CLI command.

Using Troposphere to create CloudFormation stack template

Fri, 09 Sep 2016 15:12:49 +0000

If you’ve ever wrote AWS CloudFormation template, you probably know that it can be a daunting task. Luckily, it can be much easier, if you use Python’s library “Troposphere”.

Troposphere lets you create Python objects in place of CloudFormation elements, does some basic validation of your input and generates the JSON template for CloudFormation for you. It is much easier and cleaner to use that writing JSON templates manually.

Automatic bootstrapping of pkg(7) in FreeBSD

Wed, 01 Jan 2014 14:48:21 +0000

Since FreeBSD 10.0 pkgng becomes new default packaging management system. To start using it you need to run /usr/sbin/pkg boostrap command that will fetch and install the whole new packaging system. It will politely ask you if you are sure to proceed. The problem is when you want to automate your install you are hold by that interactive question.

Peer to peer routing in FreeBSD

Thu, 21 Nov 2013 14:42:51 +0000

Some hosting providers started offering IPs or IP aliases with /32 bit mask (for example Hetzner). Virtual interfaces such as gif or tun have built-in ability to act as peer to peer devices and ifconfig utility can use that ability to easily setup of these interfaces, but ethernet devices need some special treatment.

In search of working devfs rules

Mon, 18 Nov 2013 14:33:45 +0000

On 10th Oct 2013 in revision r256256 FreeBSD has changed rc.d script for running jails. The new version uses configuraion from /etc/jail.conf file instead of /etc/rc.conf entries. This change exposed a problem where devfs was not importing default rules anymore - therefore option devfs_ruleset was ignored.

2a0++ misunderstanding

Fri, 08 Nov 2013 11:42:27 +0000

The following eval’ed code was caused a lot of misunderstanding: https://eval.in/61309. The code looks like this:

1
2
3
4
5
6


$a = "2a0";

for($i = 0; $i < 50; $i++) {
 print "$a\n";
 $a++;
}

Node.js: using socket.io with cluster module

Sun, 26 Aug 2012 23:15:27 +0000

I’ve been recently working on a project that uses Node.js with cluster module and socket.io and I noticed that a lot of people that try to use Node.js with socket.io have problems with how to make it work with cluster module.

Accessing Gmail with oAuth authorization in PHP

Sun, 18 Dec 2011 15:00:22 +0000

Recently, I’ve joined a project that required accessing Gmail accounts using oAuth authentication with PHP. It turns out, that’s not such a very simple thing to do, especially with PHP - Zend has a very nice implementation for it, but the wiki page is terribly old and outdated… I’ve lost a few hours looking for a nice and clean solution and found a “handmadeimap” project done by Pete Warder some time ago. Bad thing is, the latest commit was done in 2010. The good thing: not much has changed since then, so the code works perfectly. It’s even better to use that php-imap extension, as you need to use raw IMAP commands, which gives you the chance to use, for example, gmail’s special X-GM-RAW extension to SEARCH command.