Setting a Gzip bomb in Nginx without PHP

I was browsing GoAccess to see which 404 errors i was serving. There is more than 18.000 connections to wp-admin.php which is the webadmin of WordPress. There is also many other attempts to different other php things, nothing very legit. It’s a chance i use Hugo which is a static site generator. On this webserver there is no PHP or any other dynamic language. Webpages here are only simple plain text files without any logic, the server just read the files and send them.

My usual routine to update the Linux kernel

Soon we will have a brand new Linux 5.0. It’s not a real major release … it’s just … easier to count from zero again rathen than higher than 20. So each time there is a new release, i quickly (ahem) update it. Here’s my little ritual to upgrade to a new kernel ! Get the source Decompress and update the symlink Configuring the new features Compilation Installing and testing Updating the bootloader Let’s be more verbose !

Some webtools to improve your website / mail / DNS

There is a lot of websites trying to help you improve your website, your mail server or DNS server. They try to promote good practice conterning accessibility, performances, security, SEO, reliability. Most of them will analyze your site (or at least one page) and will give you a score and some advices to improve your score. I like this concept. Gameification to improve yourself. Most of the time it’s free, fast and useful.


Three months ago i talked about my move from Groovebasin to MPD in this article (fr). I already talked about my Frankenscript i used as an mpd client. Since last time, its name changed to TSMPCD which stands for Tiny Shell Music Player Client Daemon. So it’s a bash script (not pure posix sh). It’s basic but has three objectives : It’s in charge to have an infinite playlist which never runs out by adding random songs to the end.

Farther in ZSH : ZMV

Ordinary people like their desktop environment but as a beard holder, i prefer a plain old dark terminal. You probably know the mv command which lets you move a file. Most of the time it’s ok, but sometime you may have a lot of files to rename with some common parts. And now starts hell. You’ll be able to bulk rename many files with some fancy options thanks to our beloved ZMV !

The Geekcode

Here is yet another old stuff ! There was a time where you had to proudly display your business card to exist. As every one knows, a geek can’t really get outside its cave with it’s mighty beard, so he needs a way to show off in the digital world. I raise you the Geekcode which is more or less a resume. Nani ?! Twenty years ago, being a geek wasn’t trendy yet.

500 Miles Mail

Welcome to the new shares section of my blog !

I’ll start with a not-so-famous story about emails. The strange case of the 500 miles mails.

A chairman contacting its sysadmin about mail which can’t reach their destination if it’s more than 500 miles.

I’m not sure this story is genuine but it is very good and well written.

Here is your webpage - local cached version.

Sorry for not translating all my french content but it takes a lot of work to produce such a great frenglish like i do…

Userscripts in Qutebrowser

Qutebrowser is a really nice browser but some points still lack while comparing it to the main browsers. It’s developpment is way slower than Chrome and Firefox because of it’s smaller scale with way less contributors and no paid devs without any commercial entity behind it. But it’s still a good alternative with strong features if you are ready to accept little sacrifices. One of the sacrifice is the lack of extensions.

Using HTTP2 and PUSH in nginx

HTTP2 is a new revision of the famous HTTP wich improves many points from it’s first version. The first feature of HTTP2 is security as most of its implementations only works on top of TLS which was only the case with HTTPS. But on top of that, its performance were greatly increased. HTTP was used for nearly 20 years before the work on its sucessor started which gives enough time to see where things were faulty and how to improves this.

Lock your /etc/resolv.conf in OpenWRT

OpenWRT hate me and I hate it too ! Yes it’s a weird intro but it’s true. Each time i need to edit any setting on their web interface i start cleaning the flat or find something else to do. I’m used to managing classic Linux systems via SSH but I can’t find anything in their system. Even defining you DNS resolver is hard on their system. Ma Internet connection is provided thanks to DHCP which means i get the IP settings AND a DNS resolver.

Qutebrowser per Domain Settings

Starting with version 1.2, Qutebrowser added a really nice feature : Per-domain settings You can now have global settings but on top of this having specific settings on a per-domain basis. The first interesting thing to do is being able to disable globally javascript but enabling it for selected websites. Your web browsing will become nicer. Everything feel faster and snappier, more secure and with better privacy. It’s still not as good as good old uMatrix but still better than before.

Web ≠ Internet

There are some things bothering me. For some it’s the Interpunct (there is a global french crisis about it in France), for others it’s la digitalisation (in France the translation for digital it numérique which comes from numbers (0 and 1) but many use the world digital which in French is an adjective meaning “about fingers” like fingerprints are empreintes (prints) digitales), others despise blockchan leading to disrputions but my Nemesis is using « Web » and « Internet » exchangeably.

AV1 is released !

You may not be waiting for it but it’s coming. AV1 is a brand new video codec. One more but this one is made by AOMedia and that’s what matters. AOMedia : Alliance for Open Media AOMedia is a new consortium quite which aims to provide the world with a royalty-free codec. It may looks strange but nearly every major video codec came from a single actor : the MPEG-LA which specialized in selling licences for all its codecs.

Sisyphus the spam mover

I already talked about my mail stack. Some months ago i added a new antispam to it. Firstç there is Postscreen in frontline (almost in before Postfix) which rejects something like 80% of spam before using any resources. Then I use Rspamd which works after Postfix and before Dovecot which also removes all the remaining spam. Last there is Sisyphus which works after Dovecot, directly on the maildir. Yes, it’s clearly overkill.

GLSA from Gentoo

I realized I never talk about Gentoo on my blog. It’s by far the best Linux distribution. Instead of trolling, Gentoo is good because (but not limited to) you can quickly check if your system is vulnerable to a known security breach. GLSA Gentoo isn’t a giant distro with lots of devs but is still pretty well staffed. There are multiple dev teams with different focus with one dedicated to security.

Reverse proxy, 6 months later

Last september i wrote about setting up an nginx micro-cache in reverse proxy, so here i a little feedback. Since then i didn’t changed the settings excepting the caching duration which i increased to 10 minutes. On the maintenance side, nothing to do. Everything works fine on its own. Sometime I want to clear the cache manually to try some edits without waiting cache expiration. In those case a little rm /var/www/lecache/* and it’s done.

We all depend on registrars and registries

Purism just suffered from a massive dns outage. All their websites were down. What caused this ? It appears their domain name was unreachable. After looking for a bug in their DNS servers, their was nothing to be found. The registrar It came from their registrar. The registrar is the entity from which you rent your domain name (no you don’t buy a domain name). They phoned to the hotline but apparently nothing were wrong on their side.

International Fixed Calendar or CAL13

International Fixed Calendar or CAL13 is a different calendar system than ours. It uses 7 days a week. With 4 weeks a month. So each month last 28 days. And there is 13 months a year. Just add a white day each year as a day off to get your 365 days a year. What does it looks like ? Here is your monthly calendar which works for every months.

Meta-news about the blog

Two months after introducing fast-posts here a small report. Rythm I think i reached a nice regular rythm to publish new articles. It’s not a difficulty anymore. It’s now easier and more natural to write content. It’s a even a real pleasure to write. Creating a distinction between traditionnal posts and fast-posts was a good decision which let me being more spontaneous. Layout I tweaked a bit the site layout.

Multi keyboard layouts in Xorg

I really like keyboards. I often plug multiple keyboards on my computer… at the same time. It’s a bit pointless but I like fiddling with keyboards. My main keyboard is in a slightly tweaked bépo (a dvorak-style french layout) while most of the others are in azerty and even some in qwerty. So I configured Xorg to provide these features : My main board must provide bépo, azerty and qwerty Other keyboards must provide azerty, bépo, qwerty Right Ctrl must be the Compose key Ctrl-Alt-Backspace must kill the Xorg session Left-Shift + Right-Shift must cycle the layouts So all of this can be configured in /etc/X11/xorg.