Skip to content

Category: Erklärbär

A modest solution to a simple problem: Filter on X-Trigger headers in Gmail

I have a very simple problem. My Gmail is receiving a mail with an X-Trigger header and I need to filter these messages (mark them as Archived, as Read an label them into the “filtered” category).

Here is a sample:

$ cat t
X-Trigger: test
Subject: a test
From: (Kristian Koehntopp)

$ mutt -H t

Now, generating filters in Gmail is very easy for various capabilities, but for some reason filters on arbitray header lines are not possible.


Rolling out patches and changes, often and fast

Fefe had a short pointer to an article Patching is Hard. It is, but you can make it a lot easier by doing a few things right.  I did s small writeup (in German) to explain this, which Fefe posted.

I do have an older talk on this, titled “8 rollouts a day” (more like 30 these days). There are slides and a recording. The Devops talk “Go away or I will replace you with a little shell script” addresses it, too, but from a different angle (slides, recording).

Here is the english version of the writeup:


Handling Wannacrypt – a few words about technical debt

So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs

Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That’s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.

The NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems.

In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.

The NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch.

The result is “the largest cyberattack in the world”.



This blog is running a WordPress, using Ubuntu, Apache and MySQL. So it’s a very basic installation.

I made all this with a tiny Scaleway VM and Ansible. My Goal has been to install this thing without actually having to log into the VM (“Look Mom, no hands!”). Of course, I have been logging into the VM, but that’s mostly for checking things are going well.


Containers 101

It is helpful to remember that containers are just normal Unix processes with two special tricks.

Normal Unix Processes

Unix starts processes by performing a fork() system call to create a new child process. The child process still contains the same program as the parent process, so the parent processes program still has control over the child. It usually performs a number of operations within the context of the new child, preparing the environment for the new program, from within.

PID 17 forks, and creates a new process with PID 18. This process executes a copy of the original program.

Then, after the environment is complete, the parent program within the child processes context replaces itself by calling execve(). This system call unloads the current program in a process and reuses the process to load a new program into it.

Leave a Comment

Load, Load Testing and Benchmarking

(In order to be able to give up the test blog at, I am moving content over)

So you have a new system and want to know what the load limits are. For that you want to run a benchmark.

Basic Benchmarking

The main plan looks like this:

The basic idea: Find a box, offer load, see what happens, learn.

You grab a box and find a method to generate load. Eventually the box will be fully loaded and you will notice this somehow.

Leave a Comment

git Improvements for Monorepos

Microsoft has been doing things to git, they report.

[W]e […] have a handful of teams with repos of unusual size! For example, the Windows codebase has over 3.5 million files and is over 270 GB in size. The Git client was never designed to work with repos with that many files or that much content. You can see that in action when you run “git checkout” and it takes up to 3 hours, or even a simple “git status” takes almost 10 minutes to run. That’s assuming you can get past the “git clone”, which takes 12+ hours.

What Microsoft is doing here is called a Monorepo approach. It not insane, has many advantages and is being discussed at length at Dan Luu, and is also in use with Facebook and Google and in many other places. But git is running into problems handling very large Monoreports, as discussed in an article at Atlassian.

What Microsoft GVFS does, according to their paper, is addressing the issues git has instead of working around them. And that is an awesome thing.

Leave a Comment