Planet Grep

Planet'ing Belgian FLOSS people

Planet Grep is maintained by Wouter Verhelst. All times are in UTC.

August 28, 2025

 I had an 'apt hold' on Thunderbird for several years. The new versions had too much whitespace everywhere, and given that I had like 80 subfolders in my mailbox made it unusable for me. All 80 could not fit on my 4K screen, even with the tiniest font settings, because 90 percent was whitespace.

Previous versions of Thunderbird had a much more compact look.

This picture (from over two years ago) compares two versions of Thunderbird, the newer one on the right.

I find whitespace a waste of space.

Yet, sticking with an ancient version is probably not the best idea, so since Trixie I decided to 'suffer thru it' and install the newest Thunderbird.

With the new Thunderbird comes another annoyance... the old version always offered me the choice between opening a picture in gimp or ristretto. The new version has this:


Who designs these things? When it is a good idea to choose between two identical options?

Later today I may find time to file a proper bug report.

August 27, 2025

Have you ever fired up a Vagrant VM, provisioned a project, pulled some Docker images, ran a build
 and ran out of disk space halfway through? Welcome to my world. Apparently, the default disk size in Vagrant is tiny—and while you can specify a bigger virtual disk, Ubuntu won’t magically use the extra space. You need to resize the partition, the physical volume, the logical volume, and the filesystem. Every. Single. Time.

Enough of that nonsense.

🛠 The setup

Here’s the relevant part of my Vagrantfile:

Vagrant.configure(2) do |config|
  config.vm.box = 'boxen/ubuntu-24.04'
  config.vm.disk :disk, size: '20GB', primary: true

  config.vm.provision 'shell', path: 'resize_disk.sh'
end

This makes sure the disk is large enough and automatically resized by the resize_disk.sh script at first boot.

✹ The script

#!/bin/bash
set -euo pipefail
LOGFILE="/var/log/resize_disk.log"
exec > >(tee -a "$LOGFILE") 2>&1
echo "[$(date)] Starting disk resize process..."

REQUIRED_TOOLS=("parted" "pvresize" "lvresize" "lvdisplay" "grep" "awk")
for tool in "${REQUIRED_TOOLS[@]}"; do
  if ! command -v "$tool" &>/dev/null; then
    echo "[$(date)] ERROR: Required tool '$tool' is missing. Exiting."
    exit 1
  fi
done

# Read current and total partition size (in sectors)
parted_output=$(parted --script /dev/sda unit s print || true)
read -r PARTITION_SIZE TOTAL_SIZE < <(echo "$parted_output" | awk '
  / 3 / {part = $4}
  /^Disk \/dev\/sda:/ {total = $3}
  END {print part, total}
')

# Trim 's' suffix
PARTITION_SIZE_NUM="${PARTITION_SIZE%s}"
TOTAL_SIZE_NUM="${TOTAL_SIZE%s}"

if [[ "$PARTITION_SIZE_NUM" -lt "$TOTAL_SIZE_NUM" ]]; then
  echo "[$(date)] Resizing partition /dev/sda3..."
  parted --fix --script /dev/sda resizepart 3 100%
else
  echo "[$(date)] Partition /dev/sda3 is already at full size. Skipping."
fi

if [[ "$(pvresize --test /dev/sda3 2>&1)" != *"successfully resized"* ]]; then
  echo "[$(date)] Resizing physical volume..."
  pvresize /dev/sda3
else
  echo "[$(date)] Physical volume is already resized. Skipping."
fi

LV_SIZE=$(lvdisplay --units M /dev/ubuntu-vg/ubuntu-lv | grep "LV Size" | awk '{print $3}' | tr -d 'MiB')
PE_SIZE=$(vgdisplay --units M /dev/ubuntu-vg | grep "PE Size" | awk '{print $3}' | tr -d 'MiB')
CURRENT_LE=$(lvdisplay /dev/ubuntu-vg/ubuntu-lv | grep "Current LE" | awk '{print $3}')

USED_SPACE=$(echo "$CURRENT_LE * $PE_SIZE" | bc)
FREE_SPACE=$(echo "$LV_SIZE - $USED_SPACE" | bc)

if (($(echo "$FREE_SPACE > 0" | bc -l))); then
  echo "[$(date)] Resizing logical volume..."
  lvresize -rl +100%FREE /dev/ubuntu-vg/ubuntu-lv
else
  echo "[$(date)] Logical volume is already fully extended. Skipping."
fi

💡 Highlights

  • ✅ Uses parted with --script to avoid prompts.
  • ✅ Automatically fixes GPT mismatch warnings with --fix.
  • ✅ Calculates exact available space using lvdisplay and vgdisplay, with bc for floating point math.
  • ✅ Extends the partition, PV, and LV only when needed.
  • ✅ Logs everything to /var/log/resize_disk.log.

🚹 Gotchas

  • Your disk must already use LVM. This script assumes you’re resizing /dev/ubuntu-vg/ubuntu-lv, the default for Ubuntu server installs.
  • You must use a Vagrant box that supports VirtualBox’s disk resizing—thankfully, boxen/ubuntu-24.04 does.
  • If your LVM setup is different, you’ll need to adapt device paths.

🔁 Automation FTW

Calling this script as a provisioner means I never have to think about disk space again during development. One less yak to shave.

Feel free to steal this setup, adapt it to your team, or improve it and send me a patch. Or better yet—don’t wait until your filesystem runs out of space at 3 AM.

So my PC, installed with Buster, upgraded to Bullseye, upgraded to Bookworm, is now upgraded to Trixie. The previous upgrades were smooth, Trixie has some annoyances.

 

last, lastb, lastlog are unavailable?

I liked these utils! They were removed because they are not Year 2038 compliant. I do feel honored for being mentioned on the Debian mailing list about this issue:

"Yes, the people who are likely to care are admins with cobwebby
homebrew cronjobs that regularly generate painstakingly formatted
security reports and send them to the fax machine, or whatever."


So yes, only a minor annoyance. There are new tools, but I still live in 1984. :)



each paused mpv uses 2-3 percent CPU???

Starting mpv four times, and pausing the four videos, gives me this:

PID USER    PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
 244578 pol     20   0 6614584 378620 239952 S   2.7   0.6   0:03.07 mpv
 244641 pol     20   0 6628548 404728 250220 S   2.3   0.6   0:02.99 mpv
 244706 pol     20   0 6690264 525200 307212 S   2.3   0.8   0:02.49 mpv
 244768 pol     20   0 6723580 513508 342240 S   2.3   0.8   0:02.48 mpv


This is not good! I often have several of these open, up to ten. Can't do that anymore :(


PC is hotter all the time???

k10temp-c3 and nvme-100 are notably hotter all the time. Even after closing all programs, except a terminal (and the XFCE4 desktop), these temps do not go below 34 and 38. Before the upgrade k10temp-c3 often dropped to 26. (Yes the PC is clean of dust.)



right-click context menu requires scroll?

I have a 4K screen and yet some richt-click-context-menus require scrolling? Why? The display can stack at least five of these on top of each other and still have room to spare. Who decided this was a good idea?






xfce4-panel refuses to start (including panel-settings)

When the upgrade to Trixie is finished, you do a reboot. And most annoyingly my xfce4-panel did not show. It flickers four times in less than a second and then disappears forever. Same for the panel settings. I tried removing all of the xfce directories in my home folder, but that does not help.

I ended up creating a new user account, at least that works. I made a bug report, but have little hope for this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110743

I vaguely remember adding some 'hacks' to the panel in 2020, for example it always showed the number of seconds since my birth. Bullseye and Bookworm had no problem with it...

No worries, Debian is still the best!


August 26, 2025

Pas de médaille pour les résistants

Si vous voulez changer le monde, il faut entrer en rĂ©sistance. Il faut accepter d’agir et de se taire. Il faut accepter de perdre du confort, des opportunitĂ©s, des relations. Et il ne faut espĂ©rer aucune rĂ©compense, aucune reconnaissance.

Un espionnage pire que tout ce que vous imaginez

Prenez notre dĂ©pendance envers quelques monopoles technologiques. Je pense qu’on ne se rend pas compte de l’espionnage permanent que nous imposent les smartphones. Et que ces donnĂ©es ne sont pas simplement stockĂ©es « chez Google ».

Tim Sh a dĂ©cidĂ© d’investiguer. Il a ajoutĂ© un simple jeu gratuit sur un iPhone vierge dont tous les services de localisation Ă©taient dĂ©sactivĂ©s. Cela semble raisonnable, non ?

En analysant les paquets, il a dĂ©couvert la quantitĂ© incroyable d’information qui Ă©tait envoyĂ©e par le moteur du jeu Unity. Cela signifie que le concepteur du jeu lui-mĂȘme ne sait sans doute pas que son jeu vous espionne.

Mais Tim Sh a fait mieux : il a traquĂ© ces donnĂ©es et dĂ©couvertes oĂč elles Ă©taient revendues. Ce sont des entreprises ayant pignon sur rue qui revendent, en temps rĂ©els, les donnĂ©es utilisateurs : position, historique et instantanĂ©e, niveau de la batterie et luminositĂ©, connexion internet utilisĂ©e, opĂ©rateur tĂ©lĂ©phonique, espace libre disponible sur le tĂ©lĂ©phone.

Le tout est accessible en temps rĂ©el pour des millions d’utilisateurs. Y compris des utilisateurs persuadĂ©s de protĂ©ger leur vie privĂ©e en dĂ©sactivant les permissions de localisation, en faisant attention voire mĂȘme en utilisant des containers GrapheneOS : il n’y a en effet aucune malice, aucun piratage, aucune illĂ©galitĂ©. Si l’application fonctionne, c’est qu’elle envoie ses donnĂ©es, point Ă  la ligne.

À noter Ă©galement : les donnĂ©es concernant les EuropĂ©ens sont plus chĂšres. En effet, le RGPD les rend plus difficiles Ă  obtenir. Ce qui est la preuve que la rĂ©gulation politique fonctionne. Le RGPD est trĂšs loin d’ĂȘtre suffisant. Sa seule utilitĂ© rĂ©elle est de dĂ©montrer que le pouvoir politique peut agir.

Nous avons tendance Ă  nous moquer de la petitesse de l’Europe, car nous la mesurons en utilisant les mĂ©triques amĂ©ricaines. Nos politiciens rĂȘvent de « licornes » et de monopoles europĂ©ens. C’est une erreur, la force europĂ©enne est opposĂ©e Ă  ces valeurs.

Comme le souligne Marcel Sel : malgrĂ© tous ses dĂ©fauts, l’Europe est trĂšs imparfaite, mais, peut-ĂȘtre, la structure dans le monde la plus progressiste et qui protĂšge le mieux ses citoyens.

La saturation de l’indignation

Face Ă  ce constat, nous observons deux rĂ©actions. Le « jemenfoutisme » et l’indignation violente. Mais, contrairement Ă  ce qu’on pourrait croire, la seconde n’a pas plus d’impact que la premiĂšre.

Olivier Ertzscheid parle de la saturation de l’indignation. Une indignation permanente qui nous fait perdre toute capacitĂ© d’agir.

Je vois beaucoup d’indignation concernant le gĂ©nocide qu’IsraĂ«l commet Ă  Gaza. Mais peu ou prou d’actions. Pourtant, une action simple est de supprimer ses comptes Whatsapp. Il est presque certain que les donnĂ©es Whatsapp servent pour cibler des frappes. Supprimer son compte, c’est donc une action rĂ©elle. Moins il y aura de comptes Whatsapp, moins les Gazaouis trouveront l’app indispensable, moins il y aura de donnĂ©es pour IsraĂ«l.

Au lieu de s’indigner, entrez en rĂ©sistance active. Coupez autant que vous pouvez les cordons. Vous allez perdre des opportunitĂ©s ? Des contacts ? Vous allez rater des informations ?

C’est le but ! C’est l’objectif ! C’est la rĂ©sistance, le nouveau maquis. Oui, mais "machin", il est sur Facebook. Quand on entre sa rĂ©sistance, on y va pas en pantoufle avec toute la famille. C’est le principe mĂȘme de la rĂ©sistance : de prendre des risques, d’accomplir des actions que tout le monde ne comprend ou n’approuve pas avec l’espoir de faire changer les choses durablement.

C’est difficile et on ne vous donnera pas une mĂ©daille pour cela. Si vous cherchez la facilitĂ©, le confort ou si vous voulez de la reconnaissance ou des fĂ©licitations officielles, ce n’est pas en rĂ©sistance que vous devez entrer.

S’arrĂȘter pour penser

Oui, les entreprises sont des poules sans tĂȘte qui courent dans tous les sens. Mes annĂ©es dans l’industrie informatique m’ont permis d’observer que l’immense majoritĂ© des employĂ©s ne fait strictement rien d’utile. Tout ce que nous faisons, c’est prĂ©tendre. Lorsqu’impact il y a, ce qui est extrĂȘmement rare, c’est de permettre Ă  un client de faire « mieux semblant ».

J’ai arrĂȘtĂ© de le crier partout, car il est impossible de faire comprendre quelque chose Ă  quelqu’un si son salaire dĂ©pend du fait qu’il ne le comprenne pas. Mais force est de constater que tous ceux qui s’arrĂȘtent pour penser arrivent Ă  cette mĂȘme conclusion.

La merdification des entreprises peut vous toucher de maniĂšre la plus imprĂ©vue sur un produit que vous apprĂ©ciez tout particuliĂšrement. C’est mon cas avec Komoot, un outil que j’utilise en permanence pour planifier mes longs trajets Ă  vĂ©lo et que j’utilise parfois "on the road", quand je suis un peu paumĂ© et que je veux un itinĂ©raire sĂ»r, mais rapide pour arriver rapidement Ă  destination.

Pour celleux qui ne comprennent pas l’intĂ©rĂȘt d’un GPS Ă  vĂ©lo, Thierry Crouzet a justement pondu un billet dĂ©taillant comment cet accessoire change la pratique du cyclisme.

Mais voilĂ , Komoot, startup allemande qui se prĂ©sentait comme un champion de la promotion des voyages Ă  vĂ©lo, avec des fondateurs qui promettaient de ne jamais vendre leur bĂ©bĂ© a Ă©tĂ© vendu Ă  un fond d’investissement rĂ©putĂ© pour merdifier tout ce qu’il rachĂšte.

Je n’en veux pas aux fondateurs. Je sais bien qu’à partir d’une certaine somme, on remet tous en question nos promesses. Les fondateurs de Whatsapp souhaitaient, Ă  la base, fortement protĂ©ger la vie privĂ©e de leurs utilisateurs. Ils ont nĂ©anmoins vendu leur application Ă  Facebook, car, de leurs propres aveux, on accepte certains compromis Ă  partir d’une certaine somme.

Heureusement, des solutions libres se profilent comme l’excellent Cartes.app qui a pris le problùme à bras le corps.

Il manque encore la possibilitĂ© d’envoyer facilement un itinĂ©raire vers mon GPS de vĂ©lo pour que ce soit utilisable au quotidien, mais le symbole est clair : la dĂ©pendance envers des produits merdifiĂ©s n’est pas une fatalité !

De la nécessité du logiciel libre

Comme le démontre Gee, les ajouts de fonctionnalités non indispensables ne sont pas neutres. Elles accroissent considérablement le risque de panne et de problÚme.

Cette simplification ne peut, par essence, que passer par le logiciel libre qui force Ă  la modularitĂ©. Liorel donne un exemple trĂšs parlant : Ă  cause de sa complexitĂ©, Microsoft Excell utilisera pour toujours le calendrier julien. Contrairement Ă  LibreOffice, qui utilise l’actuel calendrier grĂ©gorien.

Simplification, libertĂ©, ralentissement, dĂ©croissance de notre consommation ne sont que les faces d’une mĂȘme forme de rĂ©sistance, d’une mĂȘme conscientisation de la vie dans sa globalitĂ©.

Ralentir et prendre du recul. C’est d’ailleurs ce que m’a violemment offert Chris Brannons, avec son dernier post sur sa capsule Gemini. Et quand je dis le dernier


Barring unforeseen circumstances or unexpected changes, my last day on earth will be June 13th, 2025.

Chris avait 46 ans et il a pris le temps d’écrire le comment et le pourquoi de sa procĂ©dure d’euthanasie. AprĂšs ce post, il a pris le temps de rĂ©pondre Ă  mes emails alors que je l’encourageais Ă  ne pas le faire.

Le symbole du vélo

On ne peut pas s’en foutre. On ne peut pas s’indigner. Il faut alors, avec les quelques millions de secondes qui nous reste Ă  vivre, agir. Agir en faisant ce que l’on pense ĂȘtre le mieux pour soi-mĂȘme, le mieux pour nos enfants, le mieux pour l’humanitĂ©.

Comme rouler Ă  vĂ©lo !

Et tant pis si ça ne change rien. Et tant pis si ça nous fait paraĂźtre Ă©trange aux yeux de certains. Et tant pis si ça a certains dĂ©savantages. Faire du vĂ©lo, c’est entrer en rĂ©sistance !

Symbole de libertĂ©, de simplification, d’indĂ©pendance et pourtant extrĂȘmement technologique, le vĂ©lo n’a jamais Ă©tĂ© aussi politique. Comme le souligne Klaus-Gerd Giesen, le Bikepunk est philosophique et politique !

Cela m’amuse d’ailleurs beaucoup quand on prĂ©sente l’univers de Bikepunk comme un monde d’oĂč a disparu la technologie. Parce que le vĂ©lo ce n’est pas de la technologie peut-ĂȘtre ?

D’ailleurs, si vous n’avez pas encore le bouquin, il ne vous reste qu’à courir faire coucou Ă  votre libraire prĂ©fĂ©ré·e et entrer en rĂ©sistance !

La photo d’illustration m’a Ă©tĂ© envoyĂ©e par Julien Ursini et est sous CC-By. PlongĂ© dans la lecture de Bikepunk, il a Ă©tĂ© saisi de dĂ©couvrir ce cadre de vĂ©lo rouillĂ©, debout dans le lit de la riviĂšre BlĂ©one, comme un acte de rĂ©sistance symbolique. Je ne pouvais rĂȘver meilleure illustration pour ce billet.

Je suis Ploum et je viens de publier Bikepunk, une fable Ă©colo-cycliste entiĂšrement tapĂ©e sur une machine Ă  Ă©crire mĂ©canique. Pour me soutenir, achetez mes livres (si possible chez votre libraire) !

Recevez directement par mail mes écrits en français et en anglais. Votre adresse ne sera jamais partagée. Vous pouvez également utiliser mon flux RSS francophone ou le flux RSS complet.

August 20, 2025

Or: Why you should stop worrying and love the LTS releases.

TL;DR: Stick to MediaWiki 1.43 LTS, avoid MediaWiki 1.44.

There are two major MediaWiki releases every year, and every fourth such release gets Long Term Support (LTS). Two consistent approaches to upgrading MediaWiki are to upgrade every major release or to upgrade every LTS version. Let’s compare the pros and cons.

Which Upgrade Strategy Is Best

I used to upgrade my wikis for every MediaWiki release, or even run the master (development) branch. Having become more serious about MediaWiki operations by hosting wikis for many customers at Professional Wiki, I now believe sticking to LTS versions is the better trade-off for most people.

Benefits and drawbacks of upgrading every major MediaWiki version (compared to upgrading every LTS version):

  • Pro: You get access to all the latest features
  • Pro: You might be able to run more modern PHP or operating system versions
  • Con: You have to spend effort on upgrades four times as often (twice a year instead of once every two years)
  • Con: You have to deal with breaking changes four times as often
  • Con: You have to deal with extension compatibility issues four times as often
  • Con: You run versions with shorter support windows. Regular major releases are supported for 1 year, while LTS releases receive support for 3 years

What about the latest features? MediaWiki is mature software. Its features evolve slowly, and most innovation happens in the extension ecosystem. Most releases only contain a handful of notable changes, and there is a good chance none of them matter for your use cases. If there is something you would benefit from in a more recent non-LTS major release, then that’s an argument for not sticking to that LTS version, and it’s up to you to determine if that benefit outweighs all the cons. I think it rarely does, with the comparison not even being close.

The Case Of MediaWiki 1.44

MediaWiki 1.44 is the first major MediaWiki release after MediaWiki 1.43 LTS, and at the time of writing this post, it is also the most recent major release.

As with many releases, MediaWiki 1.44 brings several breaking changes to its internal APIs. This means that MediaWiki extensions that work with the previous versions might no longer work with MediaWiki 1.44. This version brings a high number of these breaking changes, including some particularly nasty ones that prevent extensions from easily supporting both MediaWiki 1.43 LTS and MediaWiki 1.44. That means if you upgrade now, you will run into various compatibility problems with extensions.

Examples of the type of errors you will encounter:

PHP Fatal error: Uncaught Error: Class “Html” not found

PHP Fatal error: Uncaught Error: Class “WikiMap” not found

PHP Fatal error: Uncaught Error: Class “Title” not found

Given that most wikis use dozens of MediaWiki extensions, this makes the “You have to deal with extension compatibility issues” con particularly noteworthy for MediaWiki 1.44.

Unless you have specific reasons to upgrade to MediaWiki 1.44, just stick to MediaWiki 1.43 LTS and wait for MediaWiki 1.47 LTS, which will be released around December 2026.

See also: When To Upgrade MediaWiki (And Understanding MediaWiki versions)

 

The post Why You Should Skip MediaWiki 1.44 appeared first on Entropy Wins.

After nearly two decades and over 1,600 blog posts written in raw HTML, I've made a change that feels long overdue: I've switched to Markdown.

Don't worry, I'm not moving away from Drupal. I'm just moving from a "HTML text format" to a "Markdown format". My last five posts have all been written in Markdown.

I've actually written in Markdown for years. I started with Bear for note-taking, and for the past four years Obsidian has been my go-to tool. Until recently, though, I've always published my blog posts in HTML.

For almost 20 years, I wrote every blog post in raw HTML, typing out every tag by hand. For longer posts, it could take me 45 minutes wrapping everything in <p> tags, adding links, and closing HTML tags like it was still 2001. It was tedious, but also a little meditative. I stuck with it, partly out of pride and partly out of habit.

Getting Markdown working in Drupal

So when I decided to make the switch, I had to figure out how to get Markdown working in Drupal. Drupal has multiple great Markdown modules to choose from but I picked Markdown Easy because it's lightweight, fully tested, and built on the popular CommonMark library.

I documented my installation and upgrade steps in a public note titled Installing and configuring Markdown Easy for Drupal.

I ran into one problem: the module's security-first approach stripped all HTML tags from my posts. This was an issue because I mostly write in Markdown but occasionally mix in HTML for things Markdown doesn't support, like custom styling. One example is creating pull quotes with a custom CSS class:

After 20 years of writing in HTML, I switched to *Markdown*.

<p class="pullquote">HTML for 20 years. Markdown from now on.</p>

Now I can publish faster while still using [Drupal](https://drupal.org).

HTML in Markdown by design

Markdown was always meant to work hand in hand with HTML, and Markdown parsers are supposed to leave HTML tags untouched. John Gruber, the creator of Markdown, makes this clear in the original Markdown specification:

HTML is a publishing format; Markdown is a writing format. Thus, Markdown's formatting syntax only addresses issues that can be conveyed in plain text. [...] For any markup that is not covered by Markdown's syntax, you simply use HTML itself. There is no need to preface it or delimit it to indicate that you're switching from Markdown to HTML; you just use the tags.

In Markdown Easy 1.x, allowing HTML tags required writing a custom Drupal module with a specific "hook" implementation. This felt like too much work for something that should be a simple configuration option. I've never enjoyed writing and maintaining custom Drupal modules for cases like this.

I reached out to Mike Anello, the maintainer of Markdown Easy, to discuss a simpler way to mix HTML and Markdown.

I suggested making it a configuration option and helped test and review the necessary changes. I was happy when that became part of the built-in settings in version 2.0. A few weeks later, Markdown Easy 2.0 was released, and this capability is now available out of the box.

Now that everything is working, I am considering converting my 1,600+ existing posts from HTML to Markdown. Part of me wants everything to be consistent, but another part hesitates to overwrite hundreds of hours of carefully crafted HTML. The obsessive in me debates the archivist. We'll see who wins.

The migration itself would be a fun technical challenge. Plenty of tools exist to convert HTML to Markdown so no need to reinvent the wheel. Maybe I'll test a few converters on some posts to see which handles my particular setup best.

Extending Markdown with tokens

Like Deane Barker, I often mix HTML and Markdown with custom "tokens". In my case, they aren't official web components, but they serve a similar purpose.

For example, here is a snippet that combines standard Markdown with a token that embeds an image:

Nothing beats starting the day with [coffee](https://dri.es/tag/coffee) and this view:

[​image beach-sunrise.jpg lazy=true schema=true caption=false]

These tokens get processed by my custom Drupal module and transformed into full HTML. That basic image token? It becomes a responsive picture element complete with lazy loading, alt-text from my database, Schema.org support, and optional caption. I use similar tokens for videos and other dynamic content.

The real power of tokens is future proofing. When responsive images became a web standard, I could update my image token processor once and instantly upgrade all my blog posts. No need to edit old content. Same when lazy loading became standard, or when new image formats arrive. One code change updates all 10,000 images or so that I've ever posted.

My tokens has evolved over 15 years and deserves its own blog post. Down the road, I might turn some of them into web components like Deane describes.

Closing thoughts

In the end, this was not a syntax decision: it was a workflow decision. I want less friction between an idea and publishing it. Five Markdown posts in, publishing is faster, cleaner, and more enjoyable, while still giving me the flexibility I need.

Those 45 minutes I used to spend on HTML tags? I now spend on things that matter more, or on writing another blog post.

Let’s talk about environment variables in GitHub Actions — those little gremlins that either make your CI/CD run silky smooth or throw a wrench in your perfectly crafted YAML.

If you’ve ever squinted at your pipeline and wondered, “Where the heck should I declare this ANSIBLE_CONFIG thing so it doesn’t vanish into the void between steps?”, you’re not alone. I’ve been there. I’ve screamed at $GITHUB_ENV. I’ve misused export. I’ve over-engineered echo. But fear not, dear reader — I’ve distilled it down so you don’t have to.

In this post, we’ll look at the right ways (and a few less right ways) to set environment variables — and more importantly, when to use static vs dynamic approaches.


🧊 Static Variables: Set It and Forget It

Got a variable like ANSIBLE_STDOUT_CALLBACK=yaml that’s the same every time? Congratulations, you’ve got yourself a static variable! These are the boring, predictable, low-maintenance types that make your CI life a dream.

✅ Best Practice: Job-Level env

If your variable is static and used across multiple steps, this is the cleanest, classiest, and least shouty way to do it:

jobs:
  my-job:
    runs-on: ubuntu-latest
    env:
      ANSIBLE_CONFIG: ansible.cfg
      ANSIBLE_STDOUT_CALLBACK: yaml
    steps:
      - name: Use env vars
        run: echo "ANSIBLE_CONFIG is $ANSIBLE_CONFIG"

Why it rocks:

  • 👀 Super readable
  • 📩 Available in every step of the job
  • đŸ§Œ Keeps your YAML clean — no extra echo commands, no nonsense

Unless you have a very specific reason not to, this should be your default.


đŸŽ© Dynamic Variables: Born to Be Wild

Now what if your variables aren’t so chill? Maybe you calculate something in one step and need to pass it to another — a file path, a version number, an API token from a secret backend ritual…

That’s when you reach for the slightly more
 creative option:

🔧 $GITHUB_ENV to the rescue

- name: Set dynamic environment vars
  run: |
    echo "BUILD_DATE=$(date +%F)" >> $GITHUB_ENV
    echo "RELEASE_TAG=v1.$(date +%s)" >> $GITHUB_ENV

- name: Use them later
  run: echo "Tag: $RELEASE_TAG built on $BUILD_DATE"

What it does:

  • Persists the variables across steps
  • Works well when values are calculated during the run
  • Makes you feel powerful

đŸȘ„ Fancy Bonus: Heredoc Style

If you like your YAML with a side of Bash wizardry:

- name: Set vars with heredoc
  run: |
    cat <<EOF >> $GITHUB_ENV
    FOO=bar
    BAZ=qux
    EOF

Because sometimes, you just want to feel fancy.


đŸ˜”â€đŸ’« What Not to Do (Unless You Really Mean It)

- name: Set env with export
  run: |
    export FOO=bar
    echo "FOO is $FOO"

This only works within that step. The minute your pipeline moves on, FOO is gone. Poof. Into the void. If that’s what you want, fine. If not, don’t say I didn’t warn you.


🧠 TL;DR – The Cheat Sheet

ScenarioBest Method
Static variable used in all stepsenv at the job level ✅
Static variable used in one stepenv at the step level
Dynamic value needed across steps$GITHUB_ENV ✅
Dynamic value only needed in one stepexport (but don’t overdo it)
Need to show off with Bash skillscat <<EOF >> $GITHUB_ENV 😎

đŸ§Ș My Use Case: Ansible FTW

In my setup, I wanted to use:

ANSIBLE_CONFIG=ansible.cfg
ANSIBLE_STDOUT_CALLBACK=yaml

These are rock-solid, boringly consistent values. So instead of writing this in every step:

- name: Set env
  run: |
    echo "ANSIBLE_CONFIG=ansible.cfg" >> $GITHUB_ENV

I now do this:

jobs:
  deploy:
    runs-on: ubuntu-latest
    env:
      ANSIBLE_CONFIG: ansible.cfg
      ANSIBLE_STDOUT_CALLBACK: yaml
    steps:
      ...

Cleaner. Simpler. One less thing to trip over when I’m debugging at 2am.


💬 Final Thoughts

Environment variables in GitHub Actions aren’t hard — once you know the rules of the game. Use env for the boring stuff. Use $GITHUB_ENV when you need a little dynamism. And remember: if you’re writing export in step after step, something probably smells.

Got questions? Did I miss a clever trick? Want to tell me my heredoc formatting is ugly? Hit me up in the comments or toot at me on Mastodon.


✍ Posted by Amedee, who loves YAML almost as much as dancing polskas.
đŸ’„ Because good CI is like a good dance: smooth, elegant, and nobody falls flat on their face.
đŸŽ» Scheduled to go live on 20 August — just as Boombalfestival kicks off. Because why not celebrate great workflows and great dances at the same time?

I recently installed Markdown Easy for Drupal and then upgraded from version 1.0 to 2.0.

I decided to document my steps in a public note in case they help others.

On my local machine, I run Drupal with DDEV. It sets up pre-configured Docker containers for the web server, database, and other required Drupal services. DDEV also installs Composer and Drush, which we will use in the steps below.

First, I installed version 2.0 of Markdown Easy using Composer:

ddev composer require drupal/markdown_easy

If you are upgrading from version 1.0, you will need to run the database updates so Drupal can apply any changes required by the new version. You can do this using Drush:

ddev drush updatedb

As explained in Switching to Markdown after 20 years of HTML, I want to use HTML and Markdown interchangeably. By default, Markdown Easy strips all HTML. This default approach is the safest option for most sites, but it also means you can't freely mix HTML tags and Markdown.

To change that behavior, I needed to adjust two configuration settings. These settings are not exposed anywhere in Drupal's admin interface, which is intentional. Markdown Easy keeps its configuration surface small to stay true to its "easy" name, and it leads with a secure-by-default philosophy. If you choose to relax those defaults, you can do so using Drush.

ddev drush config:set markdown_easy.settings skip_html_input_stripping 1

ddev drush config:set markdown_easy.settings skip_filter_enforcement 1

The skip_html_input_stripping setting turns off input stripping in the CommonMark Markdown parser, which means your HTML tags remain untouched while Markdown is processed.

The skip_filter_enforcement setting lets you turn off input stripping in Drupal itself. It allows you to disable the "Limit allowed HTML tags" filter without warnings from Markdown Easy.

You can enable just the first setting if you want Markdown to allow HTML but still let Drupal filter certain tags using the "Limit allowed HTML tags" filter. Or you can enable both if you want full control over your HTML with no stripping at either stage.

Just know that disabling HTML input stripping and disabling HTML filter enforcement can have security implications. Only disable these features if you trust your content creators and understand the risks.

Next, I verified my settings:

ddev drush config:get markdown_easy.settings

You should see:

skip_html_input_stripping: true
skip_filter_enforcement: true

Finally, clear the cache:

ddev drush cache-rebuild

Next, I updated my existing Markdown text format. I went to /admin/config/content/formats/ and made the following changes:

  • Set the Markdown flavor to Smorgasbord.
  • Disabled the "Limit allowed HTML tags and correct faulty HTML" filter.
  • Disabled the "Convert line breaks into HTML" filter.

That's it!

August 19, 2025

Today we are announcing that Chris Tranquill has been appointed CEO of Acquia, succeeding Steve Reny. Steve will be stepping down after nearly seven years with Acquia, including almost three as CEO.

I feel a mix of emotions. Sadness, because Steve has been a valued leader and colleague. Gratitude, for everything he has done for Acquia and our community. Optimism, because he is leaving Acquia in a strong position. And happiness, knowing he has been looking forward to spending more time with his family and dedicating himself to giving back after an incredible 40-year career.

Steve worked incredibly hard, cared deeply about customers, and built genuine relationships with so many people across the company. Under his leadership, Acquia became more efficient, launched new products, strengthened its Open Source commitment, and grew with financial discipline. He created a strong foundation for our future, and I want to sincerely thank him for his leadership.

Steve Reny shakes hands with a partner on stage at Acquia Engage London. Steve Reny congratulating a partner at Acquia Engage.

At the same time, I am very excited to welcome Chris Tranquill as our new CEO. Chris brings more than 25 years of experience in enterprise software and customer experience. Most recently he was CEO of Khoros, and before that he co-founded Topbox, which was later acquired by Khoros.

In our conversations, I was impressed by how quickly Chris understood our business, the thoughtful questions he asked, and his enthusiasm for our innovation roadmap. I also appreciate that he has been a founder and brings that perspective. Most importantly, he recognized right away how essential Drupal is to Acquia's success.

Some in the Drupal community may wonder what this leadership change means for Acquia's commitment to Drupal and Open Source. The answer is simple: our commitment remains unchanged. One of the reasons we chose Chris is because he understands that Drupal's success is essential to Acquia's success.

Today, Acquia is investing more in Drupal than at any time in our 18-year history, with record numbers of contributors and active involvement in many of Drupal's most important initiatives. We are proud to contribute alongside the community. Supporting Drupal is core to who we are, and that will not change.

I am grateful for Steve's leadership, and I look forward to working with Chris!

August 18, 2025

On July 22nd, 2025, we released MySQL 9.4, the latest Innovation Release. As usual, we released bug fixes for 8.0 and 8.4 LTS, but this post focuses on the newest release. In this release, we can notice several contributions related to NDB and the Connectors. Connectors MySQL Server – Replication InnoDB Optimizer C API (client [
]

August 13, 2025

When using Ansible to automate tasks, the command module is your bread and butter for executing system commands. But did you know that there’s a safer, cleaner, and more predictable way to pass arguments? Meet argv—an alternative to writing commands as strings.

In this post, I’ll explore the pros and cons of using argv, and I’ll walk through several real-world examples tailored to web servers and mail servers.


Why Use argv Instead of a Command String?

✅ Pros

  • Avoids Shell Parsing Issues: Each argument is passed exactly as intended, with no surprises from quoting or spaces.
  • More Secure: No shell = no risk of shell injection.
  • Clearer Syntax: Every argument is explicitly defined, improving readability.
  • Predictable: Behavior is consistent across different platforms and setups.

❌ Cons

  • No Shell Features: You can’t use pipes (|), redirection (>), or environment variables like $HOME.
  • More Verbose: Every argument must be a separate list item. It’s explicit, but more to type.
  • Not for Shell Built-ins: Commands like cd, export, or echo with redirection won’t work.

Real-World Examples

Let’s apply this to actual use cases.

🔧 Restarting Nginx with argv

- name: Restart Nginx using argv
  hosts: amedee.be
  become: yes
  tasks:
    - name: Restart Nginx
      ansible.builtin.command:
        argv:
          - systemctl
          - restart
          - nginx

📬 Check Mail Queue on a Mail-in-a-Box Server

- name: Check Postfix mail queue using argv
  hosts: box.vangasse.eu
  become: yes
  tasks:
    - name: Get mail queue status
      ansible.builtin.command:
        argv:
          - mailq
      register: mail_queue

    - name: Show queue
      ansible.builtin.debug:
        msg: "{{ mail_queue.stdout_lines }}"

đŸ—ƒïž Back Up WordPress Database

- name: Backup WordPress database using argv
  hosts: amedee.be
  become: yes
  vars:
    db_user: wordpress_user
    db_password: wordpress_password
    db_name: wordpress_db
  tasks:
    - name: Dump database
      ansible.builtin.command:
        argv:
          - mysqldump
          - -u
          - "{{ db_user }}"
          - -p{{ db_password }}
          - "{{ db_name }}"
          - --result-file=/root/wordpress_backup.sql

⚠ Avoid exposing credentials directly—use Ansible Vault instead.


Using argv with Interpolation

Ansible lets you use Jinja2-style variables ({{ }}) inside argv items.

🔄 Restart a Dynamic Service

- name: Restart a service using argv and variable
  hosts: localhost
  become: yes
  vars:
    service_name: nginx
  tasks:
    - name: Restart
      ansible.builtin.command:
        argv:
          - systemctl
          - restart
          - "{{ service_name }}"

🕒 Timestamped Backups

- name: Timestamped DB backup
  hosts: localhost
  become: yes
  vars:
    db_user: wordpress_user
    db_password: wordpress_password
    db_name: wordpress_db
  tasks:
    - name: Dump with timestamp
      ansible.builtin.command:
        argv:
          - mysqldump
          - -u
          - "{{ db_user }}"
          - -p{{ db_password }}
          - "{{ db_name }}"
          - --result-file=/root/wordpress_backup_{{ ansible_date_time.iso8601 }}.sql

đŸ§© Dynamic Argument Lists

Avoid join(' '), which collapses the list into a single string.

❌ Wrong:

argv:
  - ls
  - "{{ args_list | join(' ') }}"  # BAD: becomes one long string

✅ Correct:

argv: ["ls"] + args_list

Or if the length is known:

argv:
  - ls
  - "{{ args_list[0] }}"
  - "{{ args_list[1] }}"

📣 Interpolation Inside Strings

- name: Greet with hostname
  hosts: localhost
  tasks:
    - name: Print message
      ansible.builtin.command:
        argv:
          - echo
          - "Hello, {{ ansible_facts['hostname'] }}!"


When to Use argv

✅ Commands with complex quoting or multiple arguments
✅ Tasks requiring safety and predictability
✅ Scripts or binaries that take arguments, but not full shell expressions

When to Avoid argv

❌ When you need pipes, redirection, or shell expansion
❌ When you’re calling shell built-ins


Final Thoughts

Using argv in Ansible may feel a bit verbose, but it offers precision and security that traditional string commands lack. When you need reliable, cross-platform automation that avoids the quirks of shell parsing, argv is the better choice.

Prefer safety? Choose argv.
Need shell magic? Use the shell module.

Have a favorite argv trick or horror story? Drop it in the comments below.

An illustration of a small wedge propping up a massive block, symbolizing how a small group of contributors supports critical infrastructure.

Fifteen years ago, I laid out a theory about the future of Open Source. In The Commercialization of a Volunteer-Driven Open Source Project, I argued that if Open Source was going to thrive, people had to get paid to work on it. At the time, the idea was controversial. Many feared money would corrupt the spirit of volunteerism and change the nature of Open Source contribution.

In that same post, I actually went beyond discussing the case for commercial sponsorship and outlined a broader pattern I believed Open Source would follow. I suggested it would develop in three stages: (1) starting with volunteers, then (2) expanding to include commercial involvement and sponsorship, and finally (3) gaining government support.

I based this on how other public goods and public infrastructure have evolved. Trade routes, for example, began as volunteer-built paths, were improved for commerce by private companies, and later became government-run. The same pattern shaped schools, national defense, and many other public services. What begins as a volunteer effort often ends up being maintained by governments for the benefit of society. I suggested that Open Source would and should follow the same three-phase path.

Over the past fifteen years, paying people to maintain Open Source has shifted from controversial to widely accepted. Platforms like Open Collective, an organization I invested in as an angel investor in 2015, have helped make this possible by giving Open Source communities an easy way to receive and manage funding transparently.

Today, Open Source runs much of the world's critical infrastructure. It powers government services, supports national security, and enables everything from public health systems to elections. This reliance means the third and final step in its evolution is here: governments must help fund Open Source.

Public funding would complement the role of volunteers and commercial sponsors, not replace them. This is not charity or a waste of tax money. It is an investment in the software that runs our essential services. Without it, we leave critical infrastructure fragile at the moment the world needs it most.

The $8.8 trillion dependency

A 2024 Harvard Business School study, The Value of Open Source Software, estimates that replacing the most widely used Open Source software would cost the world $8.8 trillion. If Open Source suddenly disappeared, organizations would have to spend 3.5 times more on software than they do today. Even more striking: 96% of that $8.8 trillion depends on just 5% of contributors.

This concentration creates fragility. Most of our digital infrastructure depends on a small group of maintainers who often lack stable funding or long-term support. When they burn out or step away, critical systems can be at risk.

Maintaining Open Source is not free. It takes developers to fix bugs, maintainers to coordinate releases, security teams to patch vulnerabilities, and usability experts to keep the software accessible. Without reliable funding, these essential tasks are difficult to sustain, leaving the foundations of our digital society exposed to risk.

Addressing this risk means rethinking not just funding, but also governance, succession planning, and how we support the people and projects that keep our society running.

When digital sovereignty becomes survival

Recent geopolitical tensions and policy unpredictability have made governments more aware of the risks of relying on foreign-controlled, proprietary software. Around the world, there is growing recognition that they cannot afford to lose control over their digital infrastructure.

Denmark recently announced a national plan to reduce their dependency on proprietary software by adopting Open Source tools across its public sector.

This reflects a simple reality: when critical public services depend on foreign-controlled software, governments lose the ability to guarantee continuity and security to their citizens. They become vulnerable to policy changes and geopolitical pressures beyond their control.

As Denmark's Ministry for Digitalisation explained, this shift is about control, accountability, and resilience, not just cost savings. Other European cities and countries are developing similar strategies. This is no longer just an IT decision, but a strategic necessity for protecting national security and guaranteeing the continuity of essential public services.

From Open Source consumption to contribution

Most government institutions rely heavily on Open Source but contribute little in return. Sponsorship usually flows through vendor contracts, and while some vendors contribute upstream, the overall level of support is small compared to how much these institutions depend on said projects.

Procurement practices often make the problem worse. Contracts are typically awarded to the lowest bidder or to large, well-known IT vendors rather than those with deep Open Source expertise and a track record of contributing back. Companies that help maintain Open Source projects are often undercut by firms that give nothing in return. This creates a race to the bottom that ultimately weakens the Open Source projects governments rely on.

As I discussed in Balancing makers and takers to scale and sustain Open Source, sustainable Open Source requires addressing the fundamental mismatch between use and contribution.

Governments need to shift from Open Source consumption to Open Source contribution. The digital infrastructure that powers government services demands the same investment commitment as the roads and bridges that connect our communities.

Drupal tells the story

I have helped lead Drupal for almost 25 years, and in that time I have seen how deeply governments depend on Open Source.

The European Commission runs more than a hundred Drupal sites, France operates over a thousand Drupal sites, and Australia's government has standardized on Drupal as its national digital platform. Yet despite this widespread use, most of these institutions contribute little back to Drupal's development or maintenance.

This is not just a Drupal problem, and it is entirely within the rights of Open Source users. There is no requirement to contribute. But in many projects, a small group of maintainers and a few companies carry the burden for infrastructure that millions rely on. Without broader support, this imbalance risks the stability of the very systems governments depend on.

Many public institutions use Open Source without contributing to its upkeep. While this is legal, it shifts all maintenance costs onto a small group of contributors. Over time, that risks the services those institutions depend on. Better procurement and policy choices could help turn more public institutions into active contributors.

The rise of government stewardship

I am certainly not the only one calling for government involvement in Open Source infrastructure. In recent years, national governments and intergovernmental bodies, including the United Nations, have begun increasing investment in Open Source.

In 2020, the UN Secretary General's Roadmap for Digital Cooperation called for global investment in "digital public goods" such as Open Source software to help achieve the Sustainable Development Goals. Five years later, the UN introduced the UN Open Source Principles, encouraging practices like "open by default" and "contributing back".

At the European level, the EU's Cyber Resilience Act recognizes Open Source software stewards as "economic actors", acknowledging their role in keeping infrastructure secure and reliable. In Germany, the Sovereign Tech Agency has invested €26 million in more than 60 Open Source projects that support critical digital infrastructure.

Governments and public institutions are also creating Open Source Program Offices (OSPOs) to coordinate policy, encourage contributions, and ensure long-term sustainability. In Europe, the European Commission's EC OSPO operates the code.europa.eu platform for cross-border collaboration. In the United States, agencies such as the Centers for Medicare & Medicaid Services, the United States Digital Service, the Cybersecurity and Infrastructure Security Agency, and the U.S. Digital Corps play similar roles. In Latin America, Brazil's Free Software Portal supports collaboration across governments.

These efforts signal a shift from simply using Open Source to actively stewarding and investing in it at the institutional level.

The math borders on absurd

If the top 100 countries each contributed $200,000 a year to an Open Source project, the project would have a twenty million dollar annual budget. That is about what it costs to maintain less than ten miles of highway.

In my home country, Belgium, which has just over ten million people, more than one billion euros is spent each year maintaining roads. A small fraction of that could help secure the future of Open Source software like Drupal, which supports public services for millions of Belgians.

For the cost of maintaining 10 miles of highway, we could secure the future of several critical Open Source projects that power essential public services. The math borders on absurd.

How governments can help

Just as governments maintain roads, bridges and utilities that society depends on, they should also help sustain the Open Source projects that power essential services, digitally and otherwise. The scale of investment needed is modest compared to other public infrastructure.

Governments could implement this through several approaches:

  • Track the health of critical Open Source projects. Just like we have safety ratings for bridges, governments should regularly check the health of the Open Source projects they rely on. This means setting clear targets, such as addressing security issues within x days, having y active maintainers, keeping all third-party software components up to date, and more. When a project falls behind, governments should step in and help with targeted support. This could include direct funding, employing contributors, or working with partners to stabilize the project.

  • Commit to long-term funding with stable timelines. Just as governments plan highway maintenance years in advance, we'd benefit from multi-year funding commitments and planning for critical digital infrastructure. Long-term funding allows projects to address technical debt, plan major updates, and recruit talent without the constant uncertainty of short-term fundraising.

  • Encourage contribution in government contracts. Governments can use procurement to strengthen the Open Source projects they depend on. Vendor contribution should be a key factor in awarding contracts, alongside price, quality, and other criteria. Agencies or vendors can be required or encouraged to give back through coding, documentation, security reviews, design work, or direct funding. This ensures governments work with true experts while helping keep critical Open Source projects healthy and sustainable.

  • Adopt "Public Money, Public Code" policies. When taxpayer money funds software for public use, that software should be released as Open Source. This avoids duplicate spending and builds shared digital infrastructure that anyone can reuse, improve, and help secure. The principle of "Public Money? Public Code!" offers a clear framework: code paid for by the people should be available to the people. Switzerland recently embraced this approach at the federal level with its EMBAG law, which requires government-developed software to be published as Open Source unless third-party rights or security concerns prevent it.

  • Scale successful direct funding models. The Sovereign Tech Agency has shown how government programs can directly fund the maintenance and security of critical Open Source software. Other nations should follow and expand this model. Replacing widely used Open Source software could cost an estimated 8.8 trillion dollars. Public investment should match that importance, with sustained global funding in the billions of dollars across countries and projects.

  • Teach Open Source in public schools and universities. Instead of relying solely on proprietary vendors like Microsoft, governments should integrate Open Source tools, practices, and values into school and university curricula, along with related areas such as open standards and open data. This prepares students to participate fully in Open Source, builds a talent pipeline that understands Open Source, and strengthens digital self-reliance.

Keeping the core strong

Concerns about political interference or loss of independence are valid. That is why we need systems that allow all stakeholders to coexist without undermining each other.

Government funding should reinforce the ecosystem that makes Open Source thrive, not replace it or control it. Companies and volunteers are strong drivers of innovation, pushing forward new features, experiments, and rapid improvements. Governments are better suited to a different but equally vital role: ensuring stability, security, and long-term reliability.

The most critical tasks in Open Source are often the least glamorous. Fixing bugs, patching vulnerabilities, updating third-party dependencies, improving accessibility, and maintaining documentation rarely make headlines, but without them, innovation cannot stand on a stable base. These tasks are also the most likely to be underfunded because they do not directly generate revenue for companies, require sustained effort, and are less appealing for volunteers.

Governments already maintain roads, bridges, and utilities, infrastructure that is essential but not always profitable or exciting for the private sector. Digital infrastructure deserves the same treatment. Public investment can keep these core systems healthy, while innovation and feature direction remain in the hands of the communities and companies that know the technology best.

Conclusion

Fifteen years ago, I argued that Open Source needed commercial sponsorship to thrive. Now we face the next challenge: governments must shift from consuming Open Source to sustaining it.

Today, some Open Source has become public infrastructure. Leaving critical infrastructure dependent on too few maintainers is a risk no society should accept.

The solution requires coordinated policy reforms: dedicated funding mechanisms, procurement that rewards upstream contributions, and long-term investment frameworks.

Special thanks to Baddy Sonja Breidert, Tim Doyle, Tiffany Farriss, Mike Gifford, Owen Lansbury and Nick Veenhof for their review and contributions to this blog post.

August 06, 2025

Not every day do I get an email from a very serious security researcher, clearly a man on a mission to save the internet — one vague, copy-pasted email at a time.

Here’s the message I received:

From: Peter Hooks <peterhooks007@gmail.com>
Subject: Security Vulnerability Disclosure

Hi Team,

I’ve identified security vulnerabilities in your app that may put users at risk. I’d like to report these responsibly and help ensure they are resolved quickly.

Please advise on your disclosure protocol, or share details if you have a Bug Bounty program in place.

Looking forward to your reply.

Best regards,
Peter Hooks

Right. Let’s unpack this.


🧯”Your App” — What App?

I’m not a company. I’m not a startup. I’m not even a garage-based stealth tech bro.
I run a personal WordPress blog. That’s it.

There is no “app.” There are no “users at risk” (unless you count me, and I̷̜̓’̷̠̋mÌŽÌ“ÌȘ ̎́Ìča̞̜͙lÌ”ÌżÌŁr̞̜͇e͖̔̈a̶͖̋d͓̔̇y̎̂̌ ̖̎͂b̶̠̋é̶̻y͇̎̈́oÌžÌ’ÌŁń̞̊d̟̎̆ ̶͉͒s̶̀ͅaÌ¶Í—ÌĄvÌŽÍŠÍ™i͖̔̊n͖̔̆gÌžÌ”ÌĄ).


đŸ•”ïžâ€â™‚ïž The Anatomy of a Beg Bounty Email

This little email ticks all the classic marks of what the security community affectionately calls a beg bounty — someone scanning random domains, finding trivial or non-issues, and fishing for a payout.

Want to see how common this is? Check out:


📼 My (Admittedly Snarky) Reply

I couldn’t resist. Here’s the reply I sent:

Hi Peter,

Thanks for your email and your keen interest in my “app” — spoiler alert: there isn’t one. Just a humble personal blog here.

Your message hits all the classic marks of a beg bounty reconnaissance email:

  • ✅ Generic “Hi Team” greeting — because who needs names?
  • ✅ Vague claims of “security vulnerabilities” with zero specifics
  • ✅ Polite inquiry about a bug bounty program (spoiler: none here, James)
  • ✅ No proof, no details, just good old-fashioned mystery
  • ✅ Friendly tone crafted to reel in easy targets
  • ✅ Email address proudly featuring “007” — very covert ops of you

Bravo. You almost had me convinced.

I’ll be featuring this charming little interaction in a blog post soon — starring you, of course. If you ever feel like upgrading from vague templates to actual evidence, I’m all ears. Until then, happy fishing!

Cheers,
Amedee


😱 No Reply

Sadly, Peter didn’t write back.

No scathing rebuttal.
No actual vulnerabilities.
No awkward attempt at pivoting.
Just… silence.

#sadface
#crying
#missionfailed


🛡 A Note for Fellow Nerds

If you’ve got a domain name, no matter how small, there’s a good chance you’ll get emails like this.

Here’s how to handle them:

  • Stay calm — most of these are low-effort probes.
  • Don’t pay — you owe nothing to random strangers on the internet.
  • Don’t panic — vague threats are just that: vague.
  • Do check your stuff occasionally for actual issues.
  • Bonus: write a blog post about it and enjoy the catharsis.

For more context on this phenomenon, don’t miss:


đŸ§” tl;dr

If your “security researcher”:

  • doesn’t say what they found,
  • doesn’t mention your actual domain or service,
  • asks for a bug bounty up front,
  • signs with a Gmail address ending in 007


it’s probably not the start of a beautiful friendship.


Got a similar email? Want help crafting a reply that’s equally professional and petty?
Feel free to drop a comment or reach out — I’ll even throw in a checklist.

Until then: stay patched, stay skeptical, and stay snarky. 😎

August 05, 2025

Rethinking DOM from first principles

Cover Image

Browsers are in a very weird place. While WebAssembly has succeeded, even on the server, the client still feels largely the same as it did 10 years ago.

Enthusiasts will tell you that accessing native web APIs via WASM is a solved problem, with some minimal JS glue.

But the question not asked is why you would want to access the DOM. It's just the only option. So I'd like to explain why it really is time to send the DOM and its assorted APIs off to a farm somewhere, with some ideas on how.

I won't pretend to know everything about browsers. Nobody knows everything anymore, and that's the problem.

Netscape or something

The 'Document' Model

Few know how bad the DOM really is. In Chrome, document.body now has 350+ keys, grouped roughly like this:

document.body properties

This doesn't include the CSS properties in document.body.style of which there are... 660.

The boundary between properties and methods is very vague. Many are just facades with an invisible setter behind them. Some getters may trigger a just-in-time re-layout. There's ancient legacy stuff, like all the onevent properties nobody uses anymore.

The DOM is not lean and continues to get fatter. Whether you notice this largely depends on whether you are making web pages or web applications.

Most devs now avoid working with the DOM directly, though occasionally some purist will praise pure DOM as being superior to the various JS component/templating frameworks. What little declarative facilities the DOM has, like innerHTML, do not resemble modern UI patterns at all. The DOM has too many ways to do the same thing, none of them nice.

connectedCallback() {
  const
    shadow = this.attachShadow({ mode: 'closed' }),
    template = document.getElementById('hello-world')
      .content.cloneNode(true),
    hwMsg = `Hello ${ this.name }`;

  Array.from(template.querySelectorAll('.hw-text'))
    .forEach(n => n.textContent = hwMsg);

  shadow.append(template);
}

Web Components deserve a mention, being the web-native equivalent of JS component libraries. But they came too late and are unpopular. The API seems clunky, with its Shadow DOM introducing new nesting and scoping layers. Proponents kinda read like apologetics.

The achilles heel is the DOM's SGML/XML heritage, making everything stringly typed. React-likes do not have this problem, their syntax only looks like XML. Devs have learned not to keep state in the document, because it's inadequate for it.

W3C logo
WHATWG logo

For HTML itself, there isn't much to critique because nothing has changed in 10-15 years. Only ARIA (accessibility) is notable, and only because this was what Semantic HTML was supposed to do and didn't.

Semantic HTML never quite reached its goal. Despite dating from around 2011, there is e.g. no <thread> or <comment> tag, when those were well-established idioms. Instead, an article inside an article is probably a comment. The guidelines are... weird.

There's this feeling that HTML always had paper-envy, and couldn't quite embrace or fully define its hypertext nature, and did not trust its users to follow clear rules.

Stewardship of HTML has since firmly passed to WHATWG, really the browser vendors, who have not been able to define anything more concrete as a vision, and have instead just added epicycles at the margins.

Along the way even CSS has grown expressions, because every templating language wants to become a programming language.

netscape composer

Editability of HTML remains a sad footnote. While technically supported via contentEditable, actually wrangling this feature into something usable for applications is a dark art. I'm sure the Google Docs and Notion people have horror stories.

Nobody really believes in the old gods of progressive enhancement and separating markup from style anymore, not if they make apps.

Most of the applications you see nowadays will kitbash HTML/CSS/SVG into a pretty enough shape. But this comes with immense overhead, and is looking more and more like the opposite of a decent UI toolkit.

slack input editor

The Slack input box

layout hack

Off-screen clipboard hacks

Lists and tables must be virtualized by hand, taking over for layout, resizing, dragging, and so on. Making a chat window's scrollbar stick to the bottom is somebody's TODO, every single time. And the more you virtualize, the more you have to reinvent find-in-page, right-click menus, etc.

The web blurred the distinction between UI and fluid content, which was novel at the time. But it makes less and less sense, because the UI part is a decade obsolete, and the content has largely homogenized.

'css is awesome' mug, truncated layout

CSS is inside-out

CSS doesn't have a stellar reputation either, but few can put their finger on exactly why.

Where most people go wrong is to start with the wrong mental model, approaching it like a constraint solver. This is easy to show with e.g.:

<div>
  <div style="height: 50%">...</div>
  <div style="height: 50%">...</div>
</div>
<div>
  <div style="height: 100%">...</div>
  <div style="height: 100%">...</div>
</div>

The first might seem reasonable: divide the parent into two halves vertically. But what about the second?

Viewed as a set of constraints, it's contradictory, because the parent div is twice as tall as... itself. What will happen instead in both cases is the height is ignored. The parent height is unknown and CSS doesn't backtrack or iterate here. It just shrink-wraps the contents.

If you set e.g. height: 300px on the parent, then it works, but the latter case will still just spill out.

Outside-in vs inside-out layout

Outside-in and inside-out layout modes

Instead, your mental model of CSS should be applying two passes of constraints, first going outside-in, and then inside-out.

When you make an application frame, this is outside-in: the available space is divided, and the content inside does not affect sizing of panels.

When paragraphs stack on a page, this is inside-out: the text stretches out its containing parent. This is what HTML wants to do naturally.

By being structured this way, CSS layouts are computationally pretty simple. You can propagate the parent constraints down to the children, and then gather up the children's sizes in the other direction. This is attractive and allows webpages to scale well in terms of elements and text content.

CSS is always inside-out by default, reflecting its document-oriented nature. The outside-in is not obvious, because it's up to you to pass all the constraints down, starting with body { height: 100%; }. This is why they always say vertical alignment in CSS is hard.

Flex grow/shrink

Use flex grow and shrink for spill-free auto-layouts with completely reasonable gaps

The scenario above is better handled with a CSS3 flex box (display: flex), which provides explicit control over how space is divided.

Unfortunately flexing muddles the simple CSS model. To auto-flex, the layout algorithm must measure the "natural size" of every child. This means laying it out twice: first speculatively, as if floating in aether, and then again after growing or shrinking to fit:

Flex speculative layout

This sounds reasonable but can come with hidden surprises, because it's recursive. Doing speculative layout of a parent often requires full layout of unsized children. e.g. to know how text will wrap. If you nest it right, it could in theory cause an exponential blow up, though I've never heard of it being an issue.

Instead you will only discover this when someone drops some large content in somewhere, and suddenly everything gets stretched out of whack. It's the opposite of the problem on the mug.

To avoid the recursive dependency, you need to isolate the children's contents from the outside, thus making speculative layout trivial. This can be done with contain: size, or by manually setting the flex-basis size.

CSS has gained a few constructs like contain or will-change, which work directly with the layout system, and drop the pretense of one big happy layout. It reveals some of the layer-oriented nature underneath, and is a substitute for e.g. using position: absolute wrappers to do the same.

What these do is strip off some of the semantics, and break the flow of DOM-wide constraints. These are overly broad by default and too document-oriented for the simpler cases.

This is really a metaphor for all DOM APIs.

CSS props
CSS props

The Good Parts?

That said, flex box is pretty decent if you understand these caveats. Building layouts out of nested rows and columns with gaps is intuitive, and adapts well to varying sizes. There is a "CSS: The Good Parts" here, which you can make ergonomic with sufficient love. CSS grids also work similarly, they're just very painfully... CSSy in their syntax.

But if you designed CSS layout from scratch, you wouldn't do it this way. You wouldn't have a subtractive API, with additional extra containment barrier hints. You would instead break the behavior down into its component facets, and use them Ă  la carte. Outside-in and inside-out would both be legible as different kinds of containers and placement models.

The inline-block and inline-flex display models illustrate this: it's a block or flex on the inside, but an inline element on the outside. These are two (mostly) orthogonal aspects of a box in a box model.

Text and font styles are in fact the odd ones out, in hypertext. Properties like font size inherit from parent to child, so that formatting tags like <b> can work. But most of those 660 CSS properties do not do that. Setting a border on an element does not apply the same border to all its children recursively, that would be silly.

It shows that CSS is at least two different things mashed together: a system for styling rich text based on inheritance... and a layout system for block and inline elements, nested recursively but without inheritance, only containment. They use the same syntax and APIs, but don't really cascade the same way. Combining this under one style-umbrella was a mistake.

Worth pointing out: early ideas of relative em scaling have largely become irrelevant. We now think of logical vs device pixels instead, which is a far more sane solution, and closer to what users actually expect.

Tiger SVG

SVG is natively integrated as well. Having SVGs in the DOM instead of just as <img> tags is useful to dynamically generate shapes and adjust icon styles.

But while SVG is powerful, it's neither a subset nor superset of CSS. Even when it overlaps, there are subtle differences, like the affine transform. It has its own warts, like serializing all coordinates to strings.

CSS has also gained the ability to round corners, draw gradients, and apply arbitrary clipping masks: it clearly has SVG-envy, but falls very short. SVG can e.g. do polygonal hit-testing for mouse events, which CSS cannot, and SVG has its own set of graphical layer effects.

Whether you use HTML/CSS or SVG to render any particular element is based on specific annoying trade-offs, even if they're all scalable vectors on the back-end.

In either case, there are also some roadblocks. I'll just mention three:

  • text-ellipsis can only be used to truncate unwrapped text, not entire paragraphs. Detecting truncated text is even harder, as is just measuring text: the APIs are inadequate. Everyone just counts letters instead.
  • position: sticky lets elements stay in place while scrolling with zero jank. While tailor-made for this purpose, it's subtly broken. Having elements remain unconditionally sticky requires an absurd nesting hack, when it should be trivial.
  • The z-index property determines layering by absolute index. This inevitably leads to a z-index-war.css where everyone is putting in a new number +1 or -1 to make things layer correctly. There is no concept of relative Z positioning.

For each of these features, we got stuck with v1 of whatever they could get working, instead of providing the right primitives.

Getting this right isn't easy, it's the hard part of API design. You can only iterate on it, by building real stuff with it before finalizing it, and looking for the holes.

Oil on Canvas

So, DOM is bad, CSS is single-digit X% good, and SVG is ugly but necessary... and nobody is in a position to fix it?

Well no. The diagnosis is that the middle layers don't suit anyone particularly well anymore. Just an HTML6 that finally removes things could be a good start.

But most of what needs to happen is to liberate the functionality that is there already. This can be done in good or bad ways. Ideally you design your system so the "escape hatch" for custom use is the same API you built the user-space stuff with. That's what dogfooding is, and also how you get good kernels.

A recent proposal here is HTML in Canvas, to draw HTML content into a <canvas>, with full control over the visual output. It's not very good.

While it might seem useful, the only reason the API has the shape that it does is because it's shoehorned into the DOM: elements must be descendants of <canvas> to fully participate in layout and styling, and to make accessibility work. There are also "technical concerns" with using it off-screen.

One example is this spinny cube:

html-in-canvas spinny cube thing

To make it interactive, you attach hit-testing rectangles and respond to paint events. This is a new kind of hit-testing API. But it only works in 2D... so it seems 3D-use is only cosmetic? I have many questions.

Again, if you designed it from scratch, you wouldn't do it this way! In particular, it's absurd that you'd have to take over all interaction responsibilities for an element and its descendants just to be able to customize how it looks i.e. renders. Especially in a browser that has projective CSS 3D transforms.

The use cases not covered by that, e.g. curved re-projection, will also need more complicated hit-testing than rectangles. Did they think this through? What happens when you put a dropdown in there?

To me it seems like they couldn't really figure out how to unify CSS and SVG filters, or how to add shaders to CSS. Passing it thru canvas is the only viable option left. "At least it's programmable." Is it really? Screenshotting DOM content is 1 good use-case, but not what this is sold as at all.

The whole reason to do "complex UIs on canvas" is to do all the things the DOM doesn't do, like virtualizing content, just-in-time layout and styling, visual effects, custom gestures and hit-testing, and so on. It's all nuts and bolts stuff. Having to pre-stage all the DOM content you want to draw sounds... very counterproductive.

From a reactivity point-of-view it's also a bad idea to route this stuff back through the same document tree, because it sets up potential cycles with observers. A canvas that's rendering DOM content isn't really a document element anymore, it's doing something else entirely.

sheet-happens

Canvas-based spreadsheet that skips the DOM entirely

The actual achilles heel of canvas is that you don't have any real access to system fonts, text layout APIs, or UI utilities. It's quite absurd how basic it is. You have to implement everything from scratch, including Unicode word splitting, just to get wrapped text.

The proposal is "just use the DOM as a black box for content." But we already know that you can't do anything except more CSS/SVG kitbashing this way. text-ellipsis and friends will still be broken, and you will still need to implement UIs circa 1990 from scratch to fix it.

It's all-or-nothing when you actually want something right in the middle. That's why the lower level needs to be opened up.

Where To Go From Here

The goals of "HTML in Canvas" do strike a chord, with chunks of HTML used as free-floating fragments, a notion that has always existed under the hood. It's a composite value type you can handle. But it should not drag 20 years of useless baggage along, while not enabling anything truly novel.

The kitbashing of the web has also resulted in enormous stagnation, and a loss of general UI finesse. When UI behaviors have to be mined out of divs, it limits the kinds of solutions you can even consider. Fixing this within DOM/HTML seems unwise, because there's just too much mess inside. Instead, new surfaces should be opened up outside of it.

use-gpu-layout use-gpu-layout

WebGPU-based box model

My schtick here has become to point awkwardly at Use.GPU's HTML-like renderer, which does a full X/Y flex model in a fraction of the complexity or code. I don't mean my stuff is super great, no, it's pretty bare-bones and kinda niche... and yet definitely nicer. Vertical centering is easy. Positioning makes sense.

There is no semantic HTML or CSS cascade, just first-class layout. You don't need 61 different accessors for border* either. You can just attach shaders to divs. Like, that's what people wanted right? Here's a blueprint, it's mostly just SDFs.

Font and markup concerns only appear at the leaves of the tree, where the text sits. It's striking how you can do like 90% of what the DOM does here, without the tangle of HTML/CSS/SVG, if you just reinvent that wheel. Done by 1 guy. And yes, I know about the second 90% too.

The classic data model here is of a view tree and a render tree. What should the view tree actually look like? And what can it be lowered into? What is it being lowered into right now, by a giant pile of legacy crud?

servo ladybird

Alt-browser projects like Servo or Ladybird are in a position to make good proposals here. They have the freshest implementations, and are targeting the most essential features first. The big browser vendors could also do it, but well, taste matters. Good big systems grow from good small ones, not bad big ones. Maybe if Mozilla hadn't imploded... but alas.

Platform-native UI toolkits are still playing catch up with declarative and reactive UI, so that's that. Native Electron-alternatives like Tauri could be helpful, but they don't treat origin isolation as a design constraint, which makes security teams antsy.

There's a feasible carrot to dangle for them though, namely in the form of better process isolation. Because of CPU exploits like Spectre, multi-threading via SharedArrayBuffer and Web Workers is kinda dead on arrival anyway, and that affects all WASM. The details are boring but right now it's an impossible sell when websites have to have things like OAuth and Zendesk integrated into them.

Reinventing the DOM to ditch all legacy baggage could coincide with redesigning it for a more multi-threaded, multi-origin, and async web. The browser engines are already multi-process... what did they learn? A lot has happened since Netscape, with advances in structured concurrency, ownership semantics, FP effects... all could come in handy here.

* * *

Step 1 should just be a data model that doesn't have 350+ properties per node tho.

Don't be under the mistaken impression that this isn't entirely fixable.

netscape wheel

August 04, 2025

 Tot zover de nieuwe hobby. Venuskes zijn niet de gemakkelijkste om gelukkig te maken.







 Enkele van de Sarracenia zoals ze nu buiten staan. Die eten veel insecten, vooral wespen.







Nieuwe hobby sinds 2021; vleesetende plantjes kweken.

Hier vijf bekertjes die Nepenthes mij geven.







August 03, 2025

lookat 2.1.0rc1

Lookat 2.1.0rc2 is the second release candicate of release of Lookat/Bekijk 2.1.0, a user-friendly Unix file browser/viewer that supports colored man pages.

The focus of the 2.1.0 release is to add ANSI Color support.


 

News

3 Aug 2025 Lookat 2.1.0rc2 Released

Lookat 2.1.0rc2 is the second release candicate of Lookat 2.1.0

ChangeLog

Lookat / Bekijk 2.1.0rc2
  • Corrected italic color
  • Don’t reset the search offset when cursor mode is enabled
  • Renamed strsize to charsize ( ansi_strsize -> ansi_charsize, utf8_strsize -> utf8_charsize) to be less confusing
  • Support for multiple ansi streams in ansi_utf8_strlen()
  • Update default color theme to green for this release
  • Update manpages & documentation
  • Reorganized contrib directory
    • Moved ci/cd related file from contrib/* to contrib/cicd
    • Moved debian dir to contrib/dist
    • Moved support script to contrib/scripts

Lookat 2.1.0rc2 is available at:

Have fun!

August 01, 2025

Net Orange via eSim geactiveerd op mijn Fairphone 6 en voor ik het door had werden “App Center”, “Phone” (beiden van Orange group) maar ook … TikTok geïnstalleerd. Ik was daar niet blij mee. App Center kan ik zelfs niet de-installeren, alleen desactiveren. Fuckers!

Source

July 30, 2025

Fantastische cover van Jamie Woons “Night Air” door Lady Lynn. Die contrabas en die stem, magisch! Watch this video on YouTube. …

Source

An astronaut explores a surreal landscape beneath rainbow-colored planetary rings, symbolizing the journey into AI&#039;s transformative potential for Drupal.

In my previous post, The great digital agency unbundling, I explored how AI is transforming the work of digital agencies. As AI automates more technical tasks, agencies will be shifting their focus toward orchestration, strategic thinking, and accountability. This shift also changes what they need from their tools.

Content management systems like Drupal must evolve with them. This is not just about adding AI features. It is about becoming a platform that strengthens the new agency model. Because as agencies take on new roles, they will adopt the tools that help them succeed.

As I wrote then:

"As the Project Lead of Drupal, I think about how Drupal, the product, and its ecosystem of digital agencies can evolve together. They need to move in step to navigate change and help shape what comes next"

The good news is that the Drupal community is embracing AI in a coordinated and purposeful way. Today, Drupal CMS already ships with 22 AI agents, and through the Drupal AI Initiative, we are building additional infrastructure and tooling to bring more AI capabilities to Drupal.

In this post, I want to share why I believe Drupal is not just ready to evolve, but uniquely positioned to thrive in the AI era.

Drupal is built for AI

Imagine an AI agent that plans, executes, and measures complex marketing campaigns across your CMS, CRM, email platform, and analytics tools without requiring manual handoff at every step.

To support that level of orchestration, a platform must expose its content models, configuration data, state, user roles and permissions, and business logic in a structured, machine-readable way. That means making things like entity types, field definitions, relationships, and workflows available through APIs that AI systems can discover, inspect, and act on safely.

Most platforms were not designed with this kind of structured access in mind. Drupal has been moving in that direction for more than a decade.

Since Drupal 7, the community has invested deeply in modernizing the platform. We introduced a unified Entity API, adopted a service container with dependency injection, and expanded support for REST, JSON:API, and GraphQL. We also built a robust configuration management system, improved testability, and added more powerful workflows with granular revisioning and strong rollback support. Drupal also has excellent API documentation.

These changes made Drupal not only more programmable but also more introspectable. AI agents can query Drupal's structure, understand relationships between entities, and make informed decisions based on both content and configuration. This enables AI to take meaningful action inside the system rather than just operating at the surface. And because Drupal's APIs are open and well-documented, these capabilities are easier for developers and AI systems to discover and build on.

Making these architectural improvements was not easy. Upgrading from Drupal 7 was painful for many, and at the time, the benefits of Drupal 8's redesign were not obvious. We were not thinking about AI at the time, but in hindsight, we built exactly the kind of modern, flexible foundation that makes deep AI integration possible today. As is often the case, there is pain before the payoff.

AI makes Drupal's power more accessible

I think this is exciting because AI can help make Drupal's flexibility more accessible. Drupal is one of the most flexible content management systems available. It powers everything from small websites to large, complex digital platforms. That flexibility is a strength, but it also introduces complexity.

For newcomers, Drupal's flexibility can be overwhelming. Building a Drupal site requires understanding how to select and configure contributed modules, creating content types and relationships, defining roles and permissions, building Views, developing a custom theme, and more. The learning curve is steep and often prevents people from experiencing Drupal's power and flexibility.

AI has the potential to change that. In the future, you might describe your needs by saying something like, "I need a multi-language news site with editorial workflows and social media integration". An AI assistant could ask a few follow-up questions, then generate a working starting point.

I've demonstrated early prototypes of this vision in recent DriesNotes, including DrupalCon Barcelona 2024 and DrupalCon Atlanta 2025. Much of that code has been productized in the Drupal AI modules.

In my Barcelona keynote, I said that "AI is the new UI". AI helps lower the barrier to entry by turning complex setup tasks into simple prompts and conversations. With the right design, it can guide new users while still giving experts full control.

In my last post, The great digital agency unbundling, I shared a similar perspective:

"Some of the hardest challenges the Drupal community has faced, such as improving usability or maintaining documentation, may finally become more manageable. I see ways AI can support Drupal's mission, lower barriers to online publishing, make Drupal more accessible, and help build a stronger, more inclusive Open Web. The future is both exciting and uncertain."

Of course, AI comes with both promise and risk. It raises ethical questions and often fails to meet expectations. But ignoring AI is not a strategy. AI is already changing how digital work gets done. If we want Drupal to stay relevant, we need to explore its potential. That means experimenting thoughtfully, sharing what we learn, and helping shape how these tools are built and used.

Drupal's AI roadmap helps agencies

AI is changing how digital work gets done. Some platforms can now generate full websites, marketing campaigns, or content strategies in minutes. For simple use cases, that may be enough.

But many client needs are more complex. As requirements grow and automations become more sophisticated, agencies continue to play a critical role. They bring context, strategy, and accountability to challenges that off-the-shelf tools cannot solve.

That is the future we want Drupal to support. We are not building AI to replace digital agencies, but to strengthen them. Through the Drupal AI Initiative, Drupal agencies are actively helping shape the tools they want to use in an AI-driven world.

As agencies evolve in response to AI, they will need tools that evolve with them. Drupal is not only keeping pace but helping lead the way. By investing in AI in collaboration with the agencies who rely on it, we are making Drupal stronger, more capable, and more relevant.

Now is the moment to move

The shift toward AI-powered digital work is inevitable. Platforms will succeed or fail based on how well they adapt to this reality.

Drupal's investments in modern architecture, open development, and community collaboration has created something unique: a platform that doesn't just add AI features but fundamentally supports AI-driven workflows. While other systems scramble to retrofit AI capabilities, Drupal's foundation makes deep integration possible.

The question isn't whether AI will change digital agencies and content management. It already has. The question is which platforms will help agencies and developers thrive in that new reality. Drupal is positioning itself to be one of them.

Ever wondered what it’s like to unleash 10 000 tiny little data beasts on your hard drive? No? Well, buckle up anyway — because today, we’re diving into the curious world of random file generation, and then nerding out by calculating their size distribution. Spoiler alert: it’s less fun than it sounds. 😏

Step 1: Let’s Make Some Files… Lots of Them

Our goal? Generate 10 000 files filled with random data. But not just any random sizes — we want a mean file size of roughly 68 KB and a median of about 2 KB. Sounds like a math puzzle? That’s because it kind of is.

If you just pick file sizes uniformly at random, you’ll end up with a median close to the mean — which is boring. We want a skewed distribution, where most files are small, but some are big enough to bring that average up.

The Magic Trick: Log-normal Distribution đŸŽ©âœš

Enter the log-normal distribution, a nifty way to generate lots of small numbers and a few big ones — just like real life. Using Python’s NumPy library, we generate these sizes and feed them to good old /dev/urandom to fill our files with pure randomness.

Here’s the Bash script that does the heavy lifting:

#!/bin/bash

# Directory to store the random files
output_dir="random_files"
mkdir -p "$output_dir"

# Total number of files to create
file_count=10000

# Log-normal distribution parameters
mean_log=9.0  # Adjusted for ~68KB mean
stddev_log=1.5  # Adjusted for ~2KB median

# Function to generate random numbers based on log-normal distribution
generate_random_size() {
    python3 -c "import numpy as np; print(int(np.random.lognormal($mean_log, $stddev_log)))"
}

# Create files with random data
for i in $(seq 1 $file_count); do
    file_size=$(generate_random_size)
    file_path="$output_dir/file_$i.bin"
    head -c "$file_size" /dev/urandom > "$file_path"
    echo "Generated file $i with size $file_size bytes."
done

echo "Done. Files saved in $output_dir."

Easy enough, right? This creates a directory random_files and fills it with 10 000 files of sizes mostly small but occasionally wildly bigger. Don’t blame me if your disk space takes a little hit! đŸ’„

Step 2: Crunching Numbers — The File Size Distribution 📊

Okay, you’ve got the files. Now, what can we learn from their sizes? Let’s find out the:

  • Mean size: The average size across all files.
  • Median size: The middle value when sizes are sorted — because averages can lie.
  • Distribution breakdown: How many tiny files vs. giant files.

Here’s a handy Bash script that reads file sizes and spits out these stats with a bit of flair:

#!/bin/bash

# Input directory (default to "random_files" if not provided)
directory="${1:-random_files}"

# Check if directory exists
if [ ! -d "$directory" ]; then
    echo "Directory $directory does not exist."
    exit 1
fi

# Array to store file sizes
file_sizes=($(find "$directory" -type f -exec stat -c%s {} \;))

# Check if there are files in the directory
if [ ${#file_sizes[@]} -eq 0 ]; then
    echo "No files found in the directory $directory."
    exit 1
fi

# Calculate mean
total_size=0
for size in "${file_sizes[@]}"; do
    total_size=$((total_size + size))
done
mean=$((total_size / ${#file_sizes[@]}))

# Calculate median
sorted_sizes=($(printf '%s\n' "${file_sizes[@]}" | sort -n))
mid=$(( ${#sorted_sizes[@]} / 2 ))
if (( ${#sorted_sizes[@]} % 2 == 0 )); then
    median=$(( (sorted_sizes[mid-1] + sorted_sizes[mid]) / 2 ))
else
    median=${sorted_sizes[mid]}
fi

# Display file size distribution
echo "File size distribution in directory $directory:"
echo "---------------------------------------------"
echo "Number of files: ${#file_sizes[@]}"
echo "Mean size: $mean bytes"
echo "Median size: $median bytes"

# Display detailed size distribution (optional)
echo
echo "Detailed distribution (size ranges):"
awk '{
    if ($1 < 1024) bins["< 1 KB"]++;
    else if ($1 < 10240) bins["1 KB - 10 KB"]++;
    else if ($1 < 102400) bins["10 KB - 100 KB"]++;
    else bins[">= 100 KB"]++;
} END {
    for (range in bins) printf "%-15s: %d\n", range, bins[range];
}' <(printf '%s\n' "${file_sizes[@]}")

Run it, and voilà — instant nerd satisfaction.

Example Output:

File size distribution in directory random_files:
---------------------------------------------
Number of files: 10000
Mean size: 68987 bytes
Median size: 2048 bytes

Detailed distribution (size ranges):
&lt; 1 KB         : 1234
1 KB - 10 KB   : 5678
10 KB - 100 KB : 2890
>= 100 KB      : 198

Why Should You Care? đŸ€·â€â™€ïž

Besides the obvious geek cred, generating files like this can help:

  • Test backup systems — can they handle weird file size distributions?
  • Stress-test storage or network performance with real-world-like data.
  • Understand your data patterns if you’re building apps that deal with files.

Wrapping Up: Big Files, Small Files, and the Chaos In Between

So there you have it. Ten thousand random files later, and we’ve peeked behind the curtain to understand their size story. It’s a bit like hosting a party and then figuring out who ate how many snacks. 🍿

Try this yourself! Tweak the distribution parameters, generate files, crunch the numbers — and impress your friends with your mad scripting skills. Or at least have a fun weekend project that makes you sound way smarter than you actually are.

Happy hacking! đŸ”„

July 29, 2025

Have you already tried to upgrade the MySQL version of your MySQL HeatWave instance in OCI that is deployed with Terraform? When you tried, you realized, I hope you didn’t turn off backups, that the instance is destroyed and recreated new! This is our current MySQL HeatWave DB System deployed using Terrafrom: And this is [
]

July 28, 2025

The MySQL REST Service is a next-generation JSON Document Store solution, enabling fast and secure HTTPS access to data stored in MySQL, HeatWave, InnoDB Cluster, InnoDB ClusterSet, and InnoDB ReplicaSet. The MySQL REST Service was first released on https://labs.mysql.com in 2023 using MySQL Router. During spring 2025, it was released on MySQL HeatWave and standard [
]

July 27, 2025

Deze ochtend op dagelijkse wandel in het “Mechels Bos” met onze iets grotere hond (Maya, Roemeense adoptiehond met naar we vermoeden wat collie en wat berghond genen, ze is idd groter dan Mamita onze quasi-chihuahua) hoorde ik een vreemd geluid. Luister hieronder even (geen bewegend beeld, maar foto van hier in de buurt); het beest bleef een hele tijd stil en het is niet heel luid…

Source

July 26, 2025

Ik heb vandaag de (groene) Fairphone 6 besteld om mijn Nokia X20 te vervangen, na lang twijfelen toch met Google Android ipv e/OS want itsme/ bank apps. Als het ooit “veilig” is kan ik nog altijd naar e/OS flashen eh Redenen; 5 jaar garantie, 7 jaar updates, een resem aan vervangbare onderdelen…

Source

July 23, 2025

Two small figures watch a massive vessel launch, symbolizing digital agencies witnessing the AI transformation of their industry.

"To misuse a woodworking metaphor, I think we're experiencing a shift from hand tools to power tools. You still need someone who understands the basics to get good results from the tools, but they're not chiseling fine furniture by hand anymore. They're throwing heaps of wood through the tablesaw instead. More productive, but more likely to lose a finger if you're not careful." – mrmincent, Hacker News comment on Claude Code, via Simon Willison

If, like me, you work in web development, design, or digital strategy, this quote might hit close to home. But it may not go far enough. We are not just moving from chisels to table saws. We are about to hand out warehouse-sized CNC machines and robotic arms.

This is not just an upgrade in tools. The Industrial Revolution didn't just replace handcraft with machines. It upended entire industries.

History does not repeat itself, but it often rhymes. For over two centuries, new tools have changed not just how work gets done, but what we can accomplish.

AI is changing how websites are built and how people find information online. Individual developers are already using AI tools today, but broader organizational adoption will unfold over the years ahead.

It's clear that AI will have a deep impact on the web industry. Over time, this shift will affect those of us who have built our careers in web development, marketing, design, and digital strategy. I am one of them. Most of my career has been rooted in Drupal, which makes this both personal and difficult to write.

But this shift is bigger than any one person or platform. There are tens of thousands of digital agencies around the world, employing millions of people who design, build, and maintain the digital experiences we all rely on. Behind those numbers are teams, individuals, and livelihoods built over decades. Our foundation is shifting. It touches all of us, and we all need to adapt.

If you are feeling uncertain about where this is heading, you are not alone.

Why I am writing this

I am not writing this to be an alarmist. I actually feel a mix of emotions. I am excited about the possibilities AI offers, but also concerned about the risks and uneasy about the speed and scale of change.

As the project lead of Drupal, I ask myself: "How can I best guide our community of contributors, agencies, and end users through these changes?".

Like many of you, I am trying to understand what the rise of AI means for our users, teams, partners, contributors, products, and values. I want to help however I can.

I don't claim to have all the answers, but I hope this post sparks discussion, encourages deeper thinking, and helps us move forward together. This is not a roadmap, just a reflection of where my thinking is today.

I do feel confident that we need to keep moving forward, stay open-minded, and engage with the changes AI brings head-on.

Even with all that uncertainty, I feel energized. Some of the hardest challenges the Drupal community has faced, such as improving usability or maintaining documentation, may finally become more manageable. I see ways AI can support Drupal's mission, lower barriers to online publishing, make Drupal more accessible, and help build a stronger, more inclusive Open Web. The future is both exciting and uncertain.

But this post isn't just for the Drupal community. It's for anyone working in or around a digital agency who is asking: "What does AI mean for my team, my clients, and my future?". I will focus more directly on Drupal in my next blog post, so feel free to subscribe.

If you are thinking about how AI is affecting your work, whether in the Drupal ecosystem or elsewhere, I would love to hear from you. The more we share ideas, concerns, and experiments, the better prepared we will all be to shape this next chapter together.

The current downturn is real, but will pass

Before diving into AI, I'd be remiss not to acknowledge the current economic situation. Agencies across all platforms, not just those working with Drupal, are experiencing challenging market conditions, especially in the US and parts of Europe.

While much of the industry is focused on AI, the immediate pain many agencies are feeling is not caused by it. High interest rates, inflation, and global instability have made client organizations more cautious with spending. Budgets are tighter, sales cycles are longer, competition is fiercer, and more work is staying in-house.

As difficult as this is, it is not new. Economic cycles and political uncertainty have always come and gone. What makes this moment different is not the current downturn, but what comes next.

AI will transform the industry at an accelerating pace

AI has not yet reshaped agency work in a meaningful way, but that change is knocking at the door. At the current pace of progress, web development and digital agency work are on the verge of the most significant disruption since the rise of the internet.

One of the most visible areas of change has been content creation. AI generates drafts blog posts, landing pages, social media posts, email campaigns, and more. This speeds up production but also changes the workflow. Human input shifts toward editing, strategy, and brand alignment rather than starting from a blank page.

Code generation tools are also handling more implementation tasks. Senior developers can move faster, while junior developers are taking on responsibilities that once required more experience. As a result, developers are spending more time reviewing and refining AI-generated code than writing everything from scratch.

Traditional user interfaces are becoming less important as AI shifts user interactions toward natural language, voice, and more predictive or adaptive experiences. These still require thoughtful design, but the nature of UI work is changing. AI can now turn visual mockups into functional components and, in some cases, generate complete interfaces with minimal or no human input.

These shifts also challenge the way agencies bill for their work. When AI can do in minutes what once took hours or days, hourly billing becomes harder to justify. If an agency charges $150 an hour for something clients know AI can do faster, those clients will look elsewhere. To stay competitive, agencies will need to focus less on time spent and more on outcomes, expertise, and impact.

AI is also changing how people find and interact with information online. As users turn to AI assistants for answers, the role of the website as a central destination is being disrupted. This shift changes how clients think about content, traffic, and performance, which are core areas of agency work. Traditional strategies like SEO become less effective when users get what they need without ever visiting a site.

Through all of this, human expertise will remain essential. People are needed to set direction, guide priorities, review AI output, and take responsibility for quality and business outcomes. We still rely on individuals who know what to build, why it matters, and how to ensure the results are accurate, reliable, and aligned with real-world needs. When AI gets it wrong, it is still people who are accountable. Someone must own the decisions and stand behind the results.

But taken together, these changes will reshape how agencies operate and compete. To stay viable, agencies need to evolve their service offerings and rethink how they create and deliver value. That shift will also require changes to team structures, pricing models, and delivery methods. This is not just about adopting new tools. It is about reimagining what an agency does and how it works.

The hardest part may not be the technology. It is the human cost. Some people will see their roles change faster than they can adapt. Others may lose their jobs or face pressure to use tools that conflict with their values or standards.

Adding to the challenge, adopting AI requires investment at a moment when many agencies around the world are focused on survival. For teams already stretched thin, transformation may feel out of reach. The good news is that AI's full impact will take years to unfold, giving agencies time to adapt.

Still, moments like this can create major opportunities. In past downturns, technology shifts made room for new players and helped established firms reinvent themselves. The key is recognizing that this is not just about learning new tools. It is about positioning yourself where human judgment, relationships, and accountability for outcomes remain essential, even as AI takes on more of the execution.

The diminishing value of platform expertise alone

For years, CMS-focused agencies have built their businesses on deep platform expertise. Clients relied on them for custom development, performance tuning, security, and infrastructure. This specialized knowledge commanded a premium.

In effect, AI increases the supply of skilled work without a matching rise in demand. By automating tasks that once required significant expertise, it makes technical expertise abundant and much cheaper to produce. And according to the principles of supply and demand, when supply rises and demand stays the same, prices fall.

This is not a new pattern. SaaS website builders already commoditized basic site building, reducing the perceived value of simple implementations and pushing agencies toward more complex, higher-value projects.

Now, AI is accelerating that shift. It is extending the same kind of disruption into complex and enterprise-level work, bringing speed and automation to tasks that once required expensive and experienced teams.

In other words, AI erodes the commercial value of platform expertise by making many technical tasks less scarce. Agencies responded to earlier waves of commoditization by moving up the stack, toward work that was more strategic, more customized, and harder to automate.

AI is raising the bar again. Once more, agencies need to move further up the stack. And they need to do it faster than before.

The pattern of professional survival

This is not the first time professionals have faced a major shift. Throughout history, every significant technological change has required people to adapt.

Today, skilled radiologists interpret complex scans with help from AI systems. Financial analysts use algorithmic tools to process data while focusing on high-level strategy. The professionals who understand their domain deeply find ways to work with new technology instead of competing against it.

Still, not every role survives. Elevator operators disappeared when elevators became automatic. Switchboard operators faded as direct dialing became standard.

At the same time, these shifts unlocked growth. The number of elevators increased, making tall buildings more practical. The telephone became a household staple. As routine work was automated away, new industries and careers emerged.

The same will happen with AI. Some roles will go away. Others will change. Entirely new opportunities will emerge, many in areas we have not yet imagined.

I have lived through multiple waves of technological change. I witnessed the rise of the web, which created entirely new industries and upended existing ones. I experienced the shift from hand-coding to content management systems, which helped build today's thriving agency ecosystem. I saw mobile reshape how people access information, opening up new business models.

Each transition brought real uncertainty. In the moment, the risks felt immediate and the disruption felt personal. But over time, these shifts consistently led to new forms of prosperity, new kinds of work, and new ways to create value.

The great agency unbundling

AI can help agencies streamline how they work today, but when major technology shifts happen, success rarely comes from becoming more efficient at yesterday's model.

The bigger opportunity lies in recognizing when the entire system is being restructured. The real question is not just "How do we use AI to become a more efficient agency?" but "How will the concept of an agency be redefined?".

Most agencies today bundle together strategy, design, development, project management, and ongoing maintenance. This bundle made economic sense when coordination was costly and technical skills were scarce enough to command premium rates.

AI is now unbundling that model. It separates work based on what can be automated, what clients can bring in-house, and what still requires deep expertise.

At the same time, it is rebundling services around different principles, such as speed, specialization, measurable outcomes, accountability, and the value of human judgment.

The accountability gap

As AI automates routine tasks, execution becomes commoditized. But human expertise takes on new dimensions. Strategic vision, domain expertise, and cross-industry insights remain difficult to automate.

More critically, trust and accountability stay fundamentally human. When AI hallucinates or produces unexpected results, organizations need people who can take responsibility and navigate the consequences.

We see this pattern everywhere: airline pilots remain responsible for their passengers despite autopilot handling most of the journey, insurance companies use advanced software to generate quotes but remain liable for the policies they issue, and drivers are accountable for accidents even when following GPS directions.

The tools may be automated, but responsibility for mistakes and results remains human. For agencies, this means that while AI can generate campaigns, write code, and design interfaces, clients still need someone accountable for strategy, quality, and outcomes.

This accountability gap between what AI can produce and what organizations will accept liability for creates lasting space for human expertise.

The rise of orchestration platforms

Beyond human judgment, a new architectural pattern is emerging. Traditional Digital Experience Platforms (DXPs) excel at managing complex content, workflows, and integrations within a unified system. But achieving sophisticated automation often requires significant custom development, long implementation cycles, and deep platform expertise.

Now, visual workflow builders, API orchestration platforms, and the Model Context Protocol are enabling a different approach. Instead of building custom integrations or waiting for platform vendors to add features, teams can wire together AI models, automation tools, CRMs, content systems, and analytics platforms through drag-and-drop interfaces. What once required months of development can often be prototyped in days.

But moving from prototype to production requires deep expertise. It involves architecting event-driven systems, managing state across distributed workflows, implementing proper error handling for AI failures, and ensuring compliance across automated decisions. The tools may be visual, but making them work reliably at scale, maintaining security, ensuring governance, and building systems that can evolve with changing business needs demands sophisticated technical knowledge.

This orchestration capability represents a new technical high ground. Agencies that master this expanded stack can deliver solutions faster while maintaining the reliability and scalability that enterprises require.

Six strategies for how agencies could evolve

Agencies need two types of strategies: ways to compete better in today's model and ways to position for the restructured system that's emerging.

The strategies that follow are not mutually exclusive. Many agencies will combine elements from several based on their strengths, clients, and markets.

Competing in today's market

1. Become AI-augmented, not AI-resistant. To stay competitive, agencies should explore how AI can improve efficiency across their entire operation. Developers should experiment with code assistants, project managers should use AI to draft updates and reports, and sales teams should apply it to lead qualification or proposal writing. The goal is not to replace people, but to become more effective at handling fast-paced, low-cost work while creating more space for strategic, value-added thinking.

2. Focus on outcomes, not effort. As AI reduces delivery time, billing for hours makes less sense. Agencies can shift toward pricing based on value created rather than time spent. Instead of selling a redesign, offer to improve conversion rates. This approach aligns better with client goals and helps justify pricing even as technical work becomes faster.

3. Sell through consultation, not execution. As technology changes faster than most clients can keep up with, agencies have a chance to step into a more consultative role. Instead of just delivering projects, they can help clients understand their problems and shape the right solutions. Agencies that combine technical know-how with business insight can become trusted partners, especially as clients look for clarity and results.

Positioning for what comes next

4. Become the layer between AI and clients. Don't just use AI tools to build websites faster. Position yourself as the essential layer that connects AI capabilities with real client needs. This means building quality control systems that review AI-generated code before deployment and becoming the trusted partner that translates AI possibilities into measurable results. Train your team to become "AI translators" who can explain technical capabilities in business terms and help clients understand what's worth automating versus what requires human judgment.

5. Package repeatable solutions. When custom work becomes commoditized, agencies need ways to stand out. Turn internal knowledge into named, repeatable offerings. This might look like a "membership toolkit for nonprofits" or a "lead gen system for B2B SaaS". These templated solutions are easier to explain, sell, and scale. AI lowers the cost of building and maintaining them, making this model more realistic than it was in the past. This gives agencies a way to differentiate based on expertise and value, not just technical execution.

6. Build systems that manage complex digital workflows. Stop thinking in terms of one-off websites. Start building systems that manage complex, ongoing digital workflows. Agencies should focus on orchestrating tools, data, and AI agents in real time to solve business problems and drive automation.

For example, a website might automatically generate social media posts from new blog content, update landing pages based on campaign performance, or adjust calls to action during a product launch. All of this can happen with minimal human involvement, but these systems are still non-trivial to build and require oversight and accountability.

This opportunity feels significant. As marketing stacks grow more complex and AI capabilities expand, someone needs to coordinate how these systems work together in a structured and intelligent way. This is not just about connecting APIs. It is about designing responsive, event-driven systems using low-code orchestration tools, automation platforms, and AI agents.

Open Source needs agencies, proprietary platforms don't

Every AI feature a technology platform adds potentially takes work off the agency's plate. Whether the platform is open source or proprietary, each new capability reduces the need for custom development.

But open source and proprietary platforms are driven by very different incentives.

Proprietary platforms sell directly to end clients. For them, replacing agency services is a growth strategy. The more they automate, the more revenue they keep.

This is already happening. Squarespace builds entire websites from prompts. Shopify Magic writes product descriptions and designs storefronts.

Open source platforms are adding AI features as well, but operate under different incentives. Drupal doesn't monetize end users. Drupal's success depends on a healthy ecosystem where agencies contribute improvements that keep the platform competitive. Replacing agencies doesn't help Drupal; it weakens the very ecosystem that sustains it.

As the Project Lead of Drupal, I think about how Drupal the product and its ecosystem of digital agencies can evolve together. They need to move in step to navigate change and help shape what comes next.

This creates a fundamental difference in how platforms may evolve. Proprietary platforms are incentivized to automate and sell directly. Open source platforms thrive by leaving meaningful work for agencies, who in turn strengthen the platform through contributions and market presence.

For digital agencies, one key question stands out: do you want to work with platforms that grow by replacing you, or with platforms that grow by supporting you?

Looking ahead

Digital agencies face a challenging but exciting transition. While some platform expertise is becoming commoditized, entirely new categories of value are emerging.

The long-term opportunity isn't just about getting better at being an agency using AI tools. It's about positioning yourself to capture value as digital experiences evolve around intelligent systems.

Agencies that wait for perfect tools, continue billing by the hour for custom development, try to serve all industries, or rely on platform knowledge will be fighting yesterday's battles. They're likely to struggle.

But agencies that move early, experiment with purpose, and position themselves as the essential layer between AI capabilities and real client needs are building tomorrow's competitive advantages.

Success comes from recognizing that this transition creates the biggest opportunity for differentiation that agencies have seen in years.

For those working with Drupal, the open source foundation creates a fundamental advantage. Unlike agencies dependent on proprietary platforms that might eventually compete with them, Drupal agencies can help shape the platform's AI evolution to support their success rather than replace them.

We are shifting from hand tools to power tools. The craft remains, but both how we work and what we work on are changing. We are not just upgrading our tools; we are entering a world of CNC machines and robotic arms that automate tasks once done by hand. Those who learn to use these new capabilities, combining the efficiency of automation with human judgment, will create things that were not possible before.

In the next post, I'll share why I believe Drupal is especially well positioned to lead in this new era of AI-powered digital experience.

I've rewritten this blog post at least three times. Throughout the process, I received valuable feedback from several Drupal agency leaders and contributors, whose insights helped shape the final version. In alphabetical order by last name: Jamie Abrahams, Christoph Breidert, Seth Brown, Dominique De Cooman, George DeMet, Alex Dergachev, Justin Emond, John Faber, Seth Gregory, and Michael Meyers.

If you’re running Mail-in-a-Box like me, you might rely on Duplicity to handle backups quietly in the background. It’s a great tool — until it isn’t. Recently, I ran into some frustrating issues caused by buggy Duplicity versions. Here’s the story, a useful discussion from the Mail-in-a-Box forums, and a neat trick I use to keep fallback versions handy. Spoiler: it involves an APT hook and some smart file copying! 🚀


The Problem with Duplicity Versions

Duplicity 3.0.1 and 3.0.5 have been reported to cause backup failures — a real headache when you depend on them to protect your data. The Mail-in-a-Box forum post “Something is wrong with the backup” dives into these issues with great detail. Users reported mysterious backup failures and eventually traced it back to specific Duplicity releases causing the problem.

Here’s the catch: those problematic versions sometimes sneak in during automatic updates. By the time you realize something’s wrong, you might already have upgraded to a buggy release. đŸ˜©


Pinning Problematic Versions with APT Preferences

One way to stop apt from installing those broken versions is to use APT pinning. Here’s an example file I created in /etc/apt/preferences/pin_duplicity.pref:

Explanation: Duplicity version 3.0.1* has a bug and should not be installed
Package: duplicity
Pin: version 3.0.1*
Pin-Priority: -1

Explanation: Duplicity version 3.0.5* has a bug and should not be installed
Package: duplicity
Pin: version 3.0.5*
Pin-Priority: -1

This tells apt to refuse to install these specific buggy versions. Sounds great, right? Except — it often comes too late. You could already have updated to a broken version before adding the pin.

Also, since Duplicity is installed from a PPA, older versions vanish quickly as new releases push them out. This makes rolling back to a known good version a pain. đŸ˜€


My Solution: Backing Up Known Good Duplicity .deb Files Automatically

To fix this, I created an APT hook that runs after every package operation involving Duplicity. It automatically copies the .deb package files of Duplicity from apt’s archive cache — and even from my local folder if I’m installing manually — into a safe backup folder.

Here’s the script, saved as /usr/local/bin/apt-backup-duplicity.sh:

#!/bin/bash
set -x

mkdir -p /var/backups/debs/duplicity

cp -vn /var/cache/apt/archives/duplicity_*.deb /var/backups/debs/duplicity/ 2>/dev/null || true
cp -vn /root/duplicity_*.deb /var/backups/debs/duplicity/ 2>/dev/null || true

And here’s the APT hook configuration I put in /etc/apt/apt.conf.d/99backup-duplicity-debs to run this script automatically after DPKG operations:

DPkg::Post-Invoke { "/usr/local/bin/apt-backup-duplicity.sh"; };

Use apt-mark hold to Lock a Working Duplicity Version 🔒

Even with pinning and local .deb backups, there’s one more layer of protection I recommend: freezing a known-good version with apt-mark hold.

Once you’ve confirmed that your current version of Duplicity works reliably, run:

sudo apt-mark hold duplicity

This tells apt not to upgrade Duplicity, even if a newer version becomes available. It’s a great way to avoid accidentally replacing your working setup with something buggy during routine updates.

🧠 Pro Tip: I only unhold and upgrade Duplicity manually after checking the Mail-in-a-Box forum for reports that a newer version is safe.

When you’re ready to upgrade, do this:

sudo apt-mark unhold duplicity
sudo apt update
sudo apt install duplicity

If everything still works fine, you can apt-mark hold it again to freeze the new version.


How to Use Your Backup Versions to Roll Back

If a new Duplicity version breaks your backups, you can easily reinstall a known-good .deb file from your backup folder:

sudo apt install --reinstall /var/backups/debs/duplicity/duplicity_<version>.deb

Replace <version> with the actual filename you want to roll back to. Because you saved the .deb files right after each update, you always have access to older stable versions — even if the PPA has moved on.


Final Thoughts

While pinning bad versions helps, having a local stash of known-good packages is a game changer. Add apt-mark hold on top of that, and you have a rock-solid defense against regressions. đŸȘšâœš

It’s a small extra step but pays off hugely when things go sideways. Plus, it’s totally automated with the APT hook, so you don’t have to remember to save anything manually. 🎉

If you run Mail-in-a-Box or rely on Duplicity in any critical backup workflow, I highly recommend setting up this safety net.

Stay safe and backed up! 🛡✹

20 years of Linux on the Desktop (part 4)

Previously in "20 years of Linux on the Deskop": After contributing to the launch of Ubuntu as the "perfect Linux desktop", Ploum realises that Ubuntu is drifting away from both Debian and GNOME. In the meantime, mobile computing threatens to make the desktop irrelevant.

The big desktop schism

The fragmentation of the Ubuntu/GNOME communities became all too apparent when, in 2010, Mark Shuttleworth announced during the Ubuntu-summit that Ubuntu would drop GNOME in favour of its own in-house and secretly developed desktop: Unity.

I was in the audience. I remember shaking my head in disbelief while Mark was talking on stage, just a few metres from me.

Working at the time in the automotive industry, I had heard rumours that Canonical was secretly talking with BMW to put Ubuntu in their cars and that there was a need for a new touchscreen interface in Ubuntu. Mark hoped to make an interface that would be the same on computers and touchscreens. Hence the name: "Unity". It made sense but I was not happy.

The GNOME community was, at the time, in great agitation about the future. Some thought that GNOME was looking boring. That there was no clear sense of direction except minor improvements. In 2006, the German Linux Company SUSE had signed a patent agreement with Microsoft covering patents related to many Windows 95 concepts like the taskbar, the tray, the startmenu. SUSE was the biggest contributor to KDE and the agreement was covering the project. But Red Hat and GNOME refused to sign that agreement, meaning that Microsoft suing the GNOME project was now plausible.

An experiment of an alternative desktop breaking all Windows 95 concepts was done in JavaScript: GNOME-shell.

A JavaScript desktop? Seriously? Yeah, it was cool for screenshots but it was slow and barely usable. It was an experiment, nothing else. But there’s a rule in the software world: nobody will ever end an experiment. An experiment will always grow until it becomes too big to cancel and becomes its own project.

Providing the GNOME desktop to millions of users, Mark Shuttleworth was rightly concerned about the future of GNOME. Instead of trying to fix GNOME, he decided to abandon it. That was the end of Ubuntu as Debian+GNOME.

What concerned me was that Ubuntu was using more and more closed products. Products that were either proprietary, developed behind closed doors or, at the very least, were totally controlled by Canonical people.

In 2006, I had submitted a Summer of Code project to build a GTK interface to Ubuntu’s new bug tracker: Launchpad. Launchpad was an in-house project which looked like it was based on the Python CMS Plone and I had some experience with it. During that summer, I realised that Launchpad was, in fact, proprietary and had no API. To my surprise, there was no way I could get the source code of Launchpad. Naively, I had thought that everything Ubuntu was doing would be free software. Asking the dev team, I was promised Launchpad would become free "later". I could not understand why Canonical people were not building it in the open.

I still managed to build "Conseil" by doing web scraping but it broke with every single change done internally by the Launchpad team.

As a side note, the name "Conseil" was inspired by the book "20.000 leagues under the sea", by Jules Vernes, a book I had downloaded from the Gutenberg project and that I was reading on my Nokia 770. The device was my first e-reader and I’ve read tenths of public domain books on it. This was made possible thanks to the power of opensource: FBreader, a very good epub reading software, had been easily ported to the N770 and was easily installable.

I tried to maintain Conseil for a few months before giving up. It was my first realisation that Canonical was not 100% open source. Even technically free software was developed behind closed doors or, at the very least, with tight control over the community. This included Launchpad, Bzr, Upstard, Unity and later Mir. The worse offender would later be Snap.

To Mark Shuttleworth’s credit, it should be noted that, most of the time, they were really trying to fix core issues with Linux’s ecosystem. In retrospective, it looks easy to see those moves as "bad". But, in reality, Canonical had a strong vision and keeping control was easier than to do everything in the open. Bzr was launched before git existed (by a few days). Upstard was created before Systemd. Those decisions made sense at the time.

Even the move to Unity would later prove to be very strategical as, in 2012, GNOME would suddenly depend on Systemd, which was explicitly developed as a competitor to Upstart. Ubuntu would concede defeat in 2015 by replacing Upstart with Systemd and in 2018 by reinstating GNOME as the default desktop. But those were not a given in 2010.

But even with the benefit of doubt, Canonical would sometimes cross huge red lines, like that time where Unity came bundled with some Amazon advertisement, tracking you on your own desktop. This was, of course, not really well received.

The end of Maemo: when incompetence is not enough, be malevolent

At the same time in the nascent mobile world, Nokia was not the only one suffering from the growing Apple/Google duopoly. Microsoft was going nowhere with its own mobile operating system, WindowsCE and running like a headless chicken. The director of the "Business division" of Microsoft, a guy named Stephen Elop, signed a contract with Nokia to develop some Microsoft Office feature on Symbian. This looked like an anecdotical side business until, a few months after that contract, in September 2010, Elop leaves Microsoft to become
 CEO of Nokia.

This was important news to me because, at 2010’s GUADEC (GNOME’s annual conference) in Den Haag, I had met a small tribe of free software hackers called Lanedo. After a few nice conversations, I was excited to be offered a position in the team.

In my mind at the time, I would work on GNOME technologies full-time while being less and less active in the Ubuntu world! I had chosen my side: I would be a GNOME guy.

I was myself more and more invested in GNOME, selling GNOME t-shirts at FOSDEM and developing "Getting Things GNOME!", a software that would later become quite popular.

Joining Lanedo without managing to land a job at Canonical (despite several tries) was the confirmation that my love affair with Ubuntu had to be ended.

In 2010, Lanedo biggest customer was, by far, Nokia. I had been hired to work on Maemo (or maybe Meego? This was unclear). We were not thrilled to see an ex-Microsoft executive take the reins of Nokia.

As we feared, one of Elop’s first actions as CEO of Nokia was to kill Maemo in an infamous "burning platform" memo. Elop is a Microsoft man and hates anything that looks like free software. In fact, like a good manager, he hates everything technical. It is all the fault of the developers which are not "bringing their innovation to the market fast enough". Sadly, nobody highlighted the paradox that "bringing to the market" had never been the job of the developers. Elop’s impact on the Nokia company is huge and nearly immediate: the stock is in free fall.

One Nokia developer posted on Twitter: "Developers are blamed because they did what management asked them to do". But, sometimes, management even undid the work of the developers.

The Meego team at Nokia was planning a party for the release of their first mass-produced phone, the N8. While popping Champaign during the public announcement of the N8 release, the whole team learned that the phone had eventually been shipped with
 Symbian. Nobody had informed the team. Elop had been CEO for less than a week and Nokia was in total chaos.

But Stephen Elop is your typical "successful CEO". "Successful" like in inheriting one of the biggest and most successful mobile phone makers and, in a couple of years, turning it into ashes. You can’t invent such "success".

During Elop's tenure, Nokia's stock price dropped 62%, their mobile phone market share was halved, their smartphone market share fell from 33% to 3%, and the company suffered a cumulative €4.9 billion loss

It should be noted that, against all odds, the Meego powered Nokia N9, which succeeded to the N8, was a success and was giving true hope of Meego competing with Android/iOS. N9 was considered a "flagship" and it showed. At Lanedo, we had discussed having an N9 bought by the company for each employee so we could "eat our own dog food" (something which was done at Collabora). But Elop announcement was clearly underderstood as the killing of Meego/Maemo and Symbian to leave room to
 Windows Phone!

The Nokia N9 was available in multiple colours (picture by Bytearray render on Wikimedia) The Nokia N9 was available in multiple colours (picture by Bytearray render on Wikimedia)

Well, Elop promised that, despite moving to Windows Phone, Nokia would release one Meego phone every year. I don’t remember if anyone bought that lie. We could not really believe that all those years of work would be killed just when the success of the N9 proved that we did it right. But that was it. The N9 was the first and the last of its kind.

Ironically, the very first Windows Phone, the Lumia 800, will basically be the N9 with Windows Phone replacing Meego. And it would receive worse reviews that the N9.

At that moment, one question is on everybody's lips: is Stephen Elop such a bad CEO or is he destroying Nokia on purpose? Is it typical management incompetence or malevolence? Or both?

The answer comes when Microsoft, Elop’s previous employer, bought Nokia for a fraction of the price it would have paid if Elop hasn’t been CEO. It’s hard to argue that this was not premeditated: Elop managed to discredit and kill every software-related project Nokia had ever done. That way, Nokia could be sold as a pure hardware maker to Microsoft, without being encumbered by a software culture which was too distant from Microsoft. And Elop goes back to his old employer as a richer man, receiving a huge bonus for having tanked a company. But remember dear MBA students, he’s a "very successful manager", you should aspire to become like him.

Les voies du capitalisme sont impénétrables.

As foolish as it sounds, this is what the situation was: the biggest historical phone maker in the world merged with the biggest historical software maker. Vic Gundotra, head of the Google+ social network, posted: "Two turkeys don’t make an eagle." But one thing was clear: Microsoft was entering the mobile computing market because everything else was suddenly irrelevant.

Every business eyes were pointed towards mobile computing where, ironically, Debian+GNOME had been a precursor.

Just when it looked like Ubuntu managed to make Linux relevant on the desktop, nobody cared about the desktop anymore. How could Mark Shuttleworth makes Ubuntu relevant in that new world?

(to be continued)

Subscribe by email or by rss to get the next episodes of "20 years of Linux on the Desktop".

I’m currently turning this story into a book. I’m looking for an agent or a publisher interested to work with me on this book and on an English translation of "Bikepunk", my new post-apocalyptic-cyclist typewritten novel which sold out in three weeks in France and Belgium.

I’m Ploum, a writer and an engineer. I like to explore how technology impacts society. You can subscribe by email or by rss. I value privacy and never share your adress.

I write science-fiction novels in French. For Bikepunk, my new post-apocalyptic-cyclist book, my publisher is looking for contacts in other countries to distribute it in languages other than French. If you can help, contact me!

July 17, 2025

We all know MySQL InnoDB ClusterSet, a solution that links multiple InnoDB Clusters and Read Replicas asynchronously to easily generate complex MySQL architectures and manage them without burdensome commands. All this thanks to the MySQL Shell’s AdminAPI. This is an example of MySQL InnoDB ClusterSet using two data centers: Let’s explore how we can automate [
]

July 16, 2025

We just got back from a family vacation exploring the Grand Canyon, Zion, and Bryce Canyon. As usual, I planned to write about our travels, but Vanessa, my wife, beat me to it.

She doesn't have a blog, but something about this trip inspired her to put pen to paper. When she shared her writing with me, I knew right away her words captured our vacation better than anything I could write.

Instead of starting from scratch, I asked if I could share her writing here. She agreed. I made light edits for publication, but the story and voice are hers. The photos and captions, however, are mine.


We just wrapped up our summer vacation with the boys, and this year felt like a real milestone. Axl graduated high school, so we let him have input on our destination. His request? To see some of the U.S. National Parks. His first pick was Yosemite, but traveling to California in July felt like gambling with wildfires. So we adjusted course, still heading west, but this time to the Grand Canyon, Zion and Bryce.

As it turned out, we didn't fully avoid the fire season. When we arrived at the Grand Canyon, we learned that wildfires had already been burning near Bryce for weeks. And by the time we were leaving Bryce, the Grand Canyon itself was under evacuation orders in certain areas due to its own active fires. We slipped through a safe window without disruption.

We kicked things off with a couple of nights in Las Vegas. The boys had never been, and it felt like a rite of passage. But after two days of blinking lights, slot machines, and entertainment, we were ready for something quieter. The highlight was seeing O by Cirque du Soleil at the Bellagio. The production had us wondering how many crew members it takes to make synchronized underwater acrobatics look effortless.

A large concrete dam spanning a deep canyon. When the Hoover Dam was built, they used an enormous amount of concrete. If they had poured it all at once, it would have taken over a century to cool and harden. Instead, they poured it in blocks and used cooling pipes to manage the heat. Even today, the concrete is still hardening through a process called hydration, so the dam keeps getting stronger over time.

On the Fourth of July, we picked up our rental car and headed to the Hoover Dam for a guided tour. We learned it wasn't originally built to generate electricity, but rather to prevent downstream flooding from the Colorado River. Built in the 1930s, it's still doing its job. And fun fact: the concrete is still curing after nearly a century. It takes about 100 years to fully cure.

While we were at the Hoover Dam, we got the news that Axl was admitted to study civil engineering. A proud moment in a special place centered on engineering and ambition.

From there, we drove to the South Rim of the Grand Canyon and checked into El Tovar. When we say the hotel sits on the rim, we mean right on the rim. Built in 1905, it has hosted an eclectic list of notable guests, including multiple U.S. presidents, Albert Einstein, Liz Taylor, and Paul McCartney. Standing on the edge overlooking the canyon, we couldn't help but imagine them taking in the same view, the same golden light, the same vast silence. That sense of shared wonder, stretched across generations, made the moment special. No fireworks in the desert this Independence Day, but the sunset over the canyon was its own kind of magic.

The next morning, we hiked the Bright Angel Trail to the 3-mile resthouse. Rangers, staff, and even Google warned us to start early. But with teenage boys and jet lag, our definition of "early" meant hitting the trail by 8:30am. By 10am, a ranger reminded us that hiking after that hour is not advised. We pressed on carefully, staying hydrated and dunking our hats and shirts at every water source. Going down was warm. Coming up? Brutal. But we made it, sweaty and proud. Our reward: showers, naps, and well-earned ice cream.

Next up: Zion. We stopped at Horseshoe Bend on the way, a worthy detour with dramatic views of the Colorado River. By the time we entered Zion National Park, we were in total disbelief. The landscape was so perfectly sculpted it didn't look real. Towering red cliffs, hanging gardens, and narrow slot canyons surrounded us. I told Dries, "It's like we're driving through Disneyland", and I meant that in the best way.

A view of a wide, U-shaped bend in the Colorado River surrounded by steep red rock cliffs. We visited Horseshoe Bend, a dramatic curve in the Colorado River near the Grand Canyon. A quiet reminder of what time and a patient river can carve out together.

After a long drive, we jumped in the shared pool at our rental house and met other first-time visitors who were equally blown away. That night, we celebrated our six year wedding anniversary with tacos and cocktails at a cantina inside a converted gas station. Nothing fancy, but a good memory.

One thing that stood out in Zion was the deer. They roamed freely through the neighborhoods and seemed unbothered by our presence. Every evening, a small group would quietly wander through our yard, grazing on grass and garden beds like they owned the place.

The next morning, we hiked The Narrows, wading through the Virgin River in full gear. Our guide shared stories and trail history, and most importantly, brought a charcuterie board. We hike for snacks, after all. Learning how indigenous communities thrived in these canyons for thousands of years gave us a deeper connection to the land, especially for me, as someone with Native heritage.

A small group walking through water into the Narrows, a narrow canyon with glowing rock walls in Zion National Park. We hiked 7.5 miles through the Narrows in Zion National Park. Most of the hike is actually in the river itself, with towering canyon walls rising all around you. One of my favorite hikes ever.
A person standing on a rock in the Narrows at Zion National Park, looking up at the tall canyon walls. Taking a moment to look up and take it all in.
Three people walking up the river with their boots in the water in the Narrows at Zion National Park. Wading forward together through the Narrows in Zion.

The following day was for rappelling, scrambling, and hiking. The boys were hyped, memories of rappelling in Spain had them convinced there would be waterfalls. Spoiler: there weren't. It hadn't rained in Zion for months. But dry riverbeds didn't dull the excitement. We even found shell fossils embedded in the sandstone. Proof the area was once underwater.

Two young adults reaching down to help a parent climb up a steep sandstone wall in Zion National Park. Time has a way of flipping the roles.
A woman wearing a helmet and sunglasses, smiling while rappelling in Zion National Park. Getting ready to rappel in Zion, and enjoying every moment of it.
A person carefully walking along a narrow sandstone slot canyon in Zion National Park. Making our way through the narrow slots in Zion.

From Zion, we headed to Bryce Canyon. The forecast promised cooler temperatures, and we couldn't wait. We stayed at Under Canvas, a glamping site set in open range cattle territory. Canvas tents with beds and private bathrooms, but no electricity or WiFi. Cue the family debate: "Is this camping or hoteling?" Dries, Axl and Stan voted for "hoteling". I stood alone on "team camping". (Spoiler: it is camping when there are no outlets.) Without our usual creature comforts, we slowed down. We read. We played board games. We played cornhole. We watched sunsets and made s'mores.

A family sits around a fire pit at a campsite in the high desert outside Bryce, Utah. Glamping in the high desert outside Bryce, Utah. Even in summer, the high elevation brings cool evenings, and the fire felt perfect after a day on the trail.

The next day, we hiked the Fairyland Loop, eight miles along the rim with panoramic views into Bryce's otherworldly amphitheater of hoodoos. The towering spires and sculpted rock formations gave the park an almost storybook quality, as if the landscape had been carved by imagination rather than erosion. Though the temperature was cooler, the sun still packed a punch, so we were glad to finish before the midday heat. At night, the temperature dropped quickly once the sun went down. We woke up to 45°F (about 7°C) mornings, layering with whatever warm clothes we had packed, which, given we planned for desert heat, wasn't much.

One of our most memorable mornings came with a 4:30 am wake-up call to watch the sunrise at Sunrise Point. We had done something similar with the boys at Acadia in 2018. It's a tough sell at that hour, but always worth it. As the sun broke over the canyon, the hoodoos lit up in shades of orange and gold unlike anything we'd seen the day before. Afterward, we hiked Navajo Loop and Queen's Garden and were ready for a big breakfast at the lodge.

A young adult wearing a hoodie overlooking the hoodoos at sunrise in Bryce Canyon National Park. Up before sunrise to watch the hoodoos glow at Bryce Canyon in Utah. Cold and early, but unforgettable.
A woman with trekking poles hiking down a switchback trail among tall orange hoodoos in Bryce Canyon National Park. Vanessa making her way down through the hoodoos on the Navajo Loop in Bryce Canyon.

Later that day, we visited Mossy Cave Trail. We followed the stream, poked around the waterfall, and hunted for fossils. Axl and I were on a mission, cracking open sandstone rocks in hopes of finding hidden treasures. Mostly, we just made a mess (of ourselves). I did stumble upon a tiny sliver of geode ... nature's way of rewarding persistence, I suppose.

Before heading to Salt Lake City for laundry (yes, that's a thing after hiking in the desert for a week), we squeezed in one more thrill: whitewater rafting on the Sevier River. Our guide, Ryan, was part comedian, part chaos agent. His goal was to get the boys drenched! The Class II and III rapids were mellow but still a blast, especially since the river was higher than expected for July. We all stayed in the raft, mostly wet, mostly laughing.

Incredibly, throughout the trip, none of us got sunburned, despite hiking in triple digit heat, rappelling down canyon walls, and rafting under a cloudless sky. We each drank about 4 to 6 liters of water a day, and no one passed out, so we're calling it a win.

On our final evening, during dinner, I pulled out a vacation questionnaire I had created without telling anyone. Since the boys aren't always quick to share what they loved, I figured it was a better way to ask everyone to rate their experience. What did they love? What would they skip next time? What do they want more of, less of, or never again? It was a simple way to capture the moment, create conversation, reflect on what stood out, and maybe even help shape the next trip. Turns out, teens do have opinions, especially when sunrises and physical exertion are involved.

This trip was special. When I was a kid, I thought hiking and parks were boring. Now, it's what Dries and I seek out. We felt grateful we could hike, rappel, raft, and laugh alongside the boys. We created memories we hope they'll carry with them, long after this summer fades. We're proud of the young men they're becoming, and we can't wait for the next chapter in our family adventures.

File deduplication isn’t just for massive storage arrays or backup systems—it can be a practical tool for personal or server setups too. In this post, I’ll explain how I use hardlinking to reduce disk usage on my Linux system, which directories are safe (and unsafe) to link, why I’m OK with the trade-offs, and how I automated it with a simple monthly cron job using a neat tool called hadori.


🔗 What Is Hardlinking?

In a traditional filesystem, every file has an inode, which is essentially its real identity—the data on disk. A hard link is a different filename that points to the same inode. That means:

  • The file appears to exist in multiple places.
  • But there’s only one actual copy of the data.
  • Deleting one link doesn’t delete the content, unless it’s the last one.

Compare this to a symlink, which is just a pointer to a path. A hardlink is a pointer to the data.

So if you have 10 identical files scattered across the system, you can replace them with hardlinks, and boom—nine of them stop taking up extra space.


đŸ€” Why Use Hardlinking?

My servers run a fairly standard Ubuntu install, and like most Linux machines, the root filesystem accumulates a lot of identical binaries and libraries—especially across /bin, /lib, /usr, and /opt.

That’s not a problem
 until you’re tight on disk space, or you’re just a curious nerd who enjoys squeezing every last byte.

In my case, I wanted to reduce disk usage safely, without weird side effects.

Hardlinking is a one-time cost with ongoing benefits. It’s not compression. It’s not archival. But it’s efficient and non-invasive.


📁 Which Directories Are Safe to Hardlink?

Hardlinking only works within the same filesystem, and not all directories are good candidates.

✅ Safe directories:

  • /bin, /sbin – system binaries
  • /lib, /lib64 – shared libraries
  • /usr, /usr/bin, /usr/lib, /usr/share, /usr/local – user-space binaries, docs, etc.
  • /opt – optional manually installed software

These contain mostly static files: compiled binaries, libraries, man pages
 not something that changes often.

⚠ Unsafe or risky directories:

  • /etc – configuration files, might change frequently
  • /var, /tmp – logs, spools, caches, session data
  • /home – user files, temporary edits, live data
  • /dev, /proc, /sys – virtual filesystems, do not touch

If a file is modified after being hardlinked, it breaks the deduplication (the OS creates a copy-on-write scenario), and you’re back where you started—or worse, sharing data you didn’t mean to.

That’s why I avoid any folders with volatile, user-specific, or auto-generated files.


🧹 Risks and Limitations

Hardlinking is not magic. It comes with sharp edges:

  • One inode, multiple names: All links are equal. Editing one changes the data for all.
  • Backups: Some backup tools don’t preserve hardlinks or treat them inefficiently.
    ➀ Duplicity, which I use, does not preserve hardlinks. It backs up each linked file as a full copy, so hardlinking won’t reduce backup size.
  • Security: Linking files with different permissions or owners can have unexpected results.
  • Limited scope: Only works within the same filesystem (e.g., can’t link / and /mnt if they’re on separate partitions).

In my setup, I accept those risks because:

  • I’m only linking read-only system files.
  • I never link config or user data.
  • I don’t rely on hardlink preservation in backups.
  • I test changes before deploying.

In short: I know what I’m linking, and why.


🔍 What the Critics Say About Hardlinking

Not everyone loves hardlinks—and for good reasons. Two thoughtful critiques are:

The core arguments:

  • Hardlinks violate expectations about file ownership and identity.
  • They can break assumptions in software that tracks files by name or path.
  • They complicate file deletion logic—deleting one name doesn’t delete the content.
  • They confuse file monitoring and logging tools, since it’s hard to tell if a file is “new” or just another name.
  • They increase the risk of data corruption if accidentally modified in-place by a script that assumes it owns the file.

Why I’m still OK with it:

These concerns are valid—but mostly apply to:

  • Mutable files (e.g., logs, configs, user data)
  • Systems with untrusted users or dynamic scripts
  • Software that relies on inode isolation or path integrity

In contrast, my approach is intentionally narrow and safe:

  • I only deduplicate read-only system files in /bin, /sbin, /lib, /lib64, /usr, and /opt.
  • These are owned by root, and only changed during package updates.
  • I don’t hardlink anything under /home, /etc, /var, or /tmp.
  • I know exactly when the cron job runs and what it targets.

So yes, hardlinks can be dangerous—but only if you use them in the wrong places. In this case, I believe I’m using them correctly and conservatively.


⚡ Does Hardlinking Impact System Performance?

Good news: hardlinks have virtually no impact on system performance in everyday use.

Hardlinks are a native feature of Linux filesystems like ext4 or xfs. The OS treats a hardlinked file just like a normal file:

  • Reading and writing hardlinked files is just as fast as normal files.
  • Permissions, ownership, and access behave identically.
  • Common tools (ls, cat, cp) don’t care whether a file is hardlinked or not.
  • Filesystem caches and memory management work exactly the same.

The only difference is that multiple filenames point to the exact same data.

Things to keep in mind:

  • If you edit a hardlinked file, all links see that change because there’s really just one file.
  • Some tools (backup, disk usage) might treat hardlinked files differently.
  • Debugging or auditing files can be slightly trickier since multiple paths share one inode.

But from a performance standpoint? Your system won’t even notice the difference.


🛠 Tools for Hardlinking

There are a few tools out there:

  • fdupes – finds duplicates and optionally replaces with hardlinks
  • rdfind – more sophisticated detection
  • hardlink – simple but limited
  • jdupes – high-performance fork of fdupes

📌 About Hadori

From the Debian package description:

This might look like yet another hardlinking tool, but it is the only one which only memorizes one filename per inode. That results in less memory consumption and faster execution compared to its alternatives. Therefore (and because all the other names are already taken) it’s called “Hardlinking DOne RIght”.

Advantages over other tools:

  • Predictability: arguments are scanned in order, each first version is kept
  • Much lower CPU and memory consumption compared to alternatives

This makes hadori especially suited for system-wide deduplication where efficiency and reliability matter.


⏱ How I Use Hadori

I run hadori once per month with a cron job. Here’s the actual command:

/usr/bin/hadori --verbose /bin /sbin /lib /lib64 /usr /opt

This scans those directories, finds duplicate files, and replaces them with hardlinks when safe.

And here’s the crontab entry I installed in the file /etc/cron.d/hadori:

@monthly root /usr/bin/hadori --verbose /bin /sbin /lib /lib64 /usr /opt

📉 What Are the Results?

After the first run, I saw a noticeable reduction in used disk space, especially in /usr/lib and /usr/share. On my modest VPS, that translated to about 300–500 MB saved—not huge, but non-trivial for a small root partition.

While this doesn’t reduce my backup size (Duplicity doesn’t support hardlinks), it still helps with local disk usage and keeps things a little tidier.

And because the job only runs monthly, it’s not intrusive or performance-heavy.


đŸ§Œ Final Thoughts

Hardlinking isn’t something most people need to think about. And frankly, most people probably shouldn’t use it.

But if you:

  • Know what you’re linking
  • Limit it to static, read-only system files
  • Automate it safely and sparingly


then it can be a smart little optimization.

With a tool like hadori, it’s safe, fast, and efficient. I’ve read the horror stories—and decided that in my case, they don’t apply.


✉ This post was brought to you by a monthly cron job and the letters i-n-o-d-e.

July 09, 2025

A few weeks ago, I was knee-deep in CSV files. Not the fun kind. These were automatically generated reports from Cisco IronPort, and they weren’t exactly what I’d call analysis-friendly. Think: dozens of columns wide, thousands of rows, with summary data buried in awkward corners.

I was trying to make sense of incoming mail categories—Spam, Clean, Malware—and the numbers that went with them. Naturally, I opened the file in Excel, intending to wrangle the data manually like I usually do. You know: transpose the table, delete some columns, rename a few headers, calculate percentages
 the usual grunt work.

But something was different this time. I noticed the “Get & Transform” section in Excel’s Data ribbon. I had clicked it before, but this time I gave it a real shot. I selected “From Text/CSV”, and suddenly I was in a whole new environment: Power Query Editor.


đŸ€Ż Wait, What Is Power Query?

For those who haven’t met it yet, Power Query is a powerful tool in Excel (and also in Power BI) that lets you import, clean, transform, and reshape data before it even hits your spreadsheet. It uses a language called M, but you don’t really have to write code—although I quickly did, of course, because I can’t help myself.

In the editor, every transformation step is recorded. You can rename columns, remove rows, change data types, calculate new columns—all through a clean interface. And once you’re done, you just load the result into Excel. Even better: you can refresh it with one click when the source file updates.


đŸ§Ș From Curiosity to Control

Back to my IronPort report. I used Power Query to:

  • Transpose the data (turn columns into rows),
  • Remove columns I didn’t need,
  • Rename columns to something meaningful,
  • Convert text values to numbers,
  • Calculate the percentage of each message category relative to the total.

All without touching a single cell in Excel manually. What would have taken 15+ minutes and been error-prone became a repeatable, refreshable process. I even added a “Percent” column that showed something like 53.4%—formatted just the way I wanted.


đŸ€“ The Geeky Bit (Optional)

I quickly opened the Advanced Editor to look at the underlying M code. It was readable! With a bit of trial and error, I started customizing my steps, renaming variables for clarity, and turning a throwaway transformation into a well-documented process.

This was the moment it clicked: Power Query is not just a tool; it’s a pipeline.


💡 Lessons Learned

  • Sometimes it pays to explore what’s already in the software you use every day.
  • Excel is much more powerful than most people realize.
  • Power Query turns tedious cleanup work into something maintainable and even elegant.
  • If you do something in Excel more than once, Power Query is probably the better way.

🎯 What’s Next?

I’m already thinking about integrating this into more of my work. Whether it’s cleaning exported logs, combining reports, or prepping data for dashboards, Power Query is now part of my toolkit.

If you’ve never used it, give it a try. You might accidentally discover your next favorite tool—just like I did.


Have you used Power Query before? Let me know your tips or war stories in the comments!

July 02, 2025

Lately, I’ve noticed something strange happening in online discussions: the humble em dash (—) is getting side-eyed as a telltale sign that a text was written with a so-called “AI.” I prefer the more accurate term: LLM (Large Language Model), because “artificial intelligence” is a bit of a stretch — we’re really just dealing with very complicated statistics đŸ€–đŸ“Š.

Now, I get it — people are on high alert, trying to spot generated content. But I’d like to take a moment to defend this elegant punctuation mark, because I use it often — and deliberately. Not because a machine told me to, but because it helps me think 🧠.

A Typographic Tool, Not a Trend 🖋

The em dash has been around for a long time — longer than most people realize. The oldest printed examples I’ve found are in early 17th-century editions of Shakespeare’s plays, published by the printer Okes in the 1620s. That’s not just a random dash on a page — that’s four hundred years of literary service 📜. If Shakespeare’s typesetters were using em dashes before indoor plumbing was common, I think it’s safe to say they’re not a 21st-century LLM quirk.

The Tragedy of Othello, the Moor of Venice, with long dashes (typeset here with 3 dashes)

A Dash for Thoughts 💭

In Dutch, the em dash is called a gedachtestreepje — literally, a thought dash. And honestly? I think that’s beautiful. It captures exactly what the em dash does: it opens a little mental window in your sentence. It lets you slip in a side note, a clarification, an emotion, or even a complete detour — just like a sudden thought that needs to be spoken before it disappears. For someone like me, who often thinks in tangents, it’s the perfect punctuation.

Why I Use the Em Dash (And Other Punctuation Marks)

I’m autistic, and that means a few things for how I write. I tend to overshare and infodump — not to dominate the conversation, but to make sure everything is clear. I don’t like ambiguity. I don’t want anyone to walk away confused. So I reach for whatever punctuation tools help me shape my thoughts as precisely as possible:

  • Colons help me present information in a tidy list — like this one.
  • Brackets let me add little clarifications (without disrupting the main sentence).
  • And em dashes — ah, the em dash — they let me open a window mid-sentence to give you extra context, a bit of tone, or a change in pace.

They’re not random. They’re intentional. They reflect how my brain works — and how I try to bridge the gap between thoughts and words 🌉.

It’s Not Just a Line — It’s a Rhythm đŸŽ”

There’s also something typographically beautiful about the em dash. It’s not a hyphen (-), and it’s not a middling en dash (–). It’s long and confident. It creates space for your eyes and your thoughts. Used well, it gives writing a rhythm that mimics natural speech, especially the kind of speech where someone is passionate about a topic and wants to take you on a detour — just for a moment — before coming back to the main road đŸ›€.

I’m that someone.

Don’t Let the Bots Scare You

Yes, LLMs tend to use em dashes. So do thoughtful human beings. Let’s not throw centuries of stylistic nuance out the window because a few bots learned how to mimic good writing. Instead of scanning for suspicious punctuation, maybe we should pay more attention to what’s being said — and how intentionally 💬.

So if you see an em dash in my writing, don’t assume it came from a machine. It came from me — my mind, my style, my history with language. And I’m not going to stop using it just because an algorithm picked up the habit 💛.

July 01, 2025

An astronaut (Cloudflare) facing giant glowing structures (crawlers) drawing energy in an alien sunset landscape.

AI is rewriting the rules of how we work and create. Expert developers can now build faster, non-developers can build software, research is accelerating, and human communication is improving. In the next 10 years, we'll probably see a 1,000x increase in AI demand. That is why Drupal is investing heavily in AI.

But at the same time, AI companies are breaking the web's fundamental economic model. This problem demands our attention.

The AI extraction problem

For 25 years, we built the Open Web on an implicit agreement: search engines could index our content because they sent users back to our websites. That model helped sustain blogs, news sites, and even open source projects.

AI companies broke that model. They train on our work and answer questions directly in their own interfaces, cutting creators out entirely. Anthropic's crawler reportedly makes 70,000 website requests for every single visitor it sends back. That is extraction, not exchange.

This is the Makers and Takers problem all over again.

The damage is real:

  • Chegg, an online learning platform, filed an antitrust lawsuit against Google, claiming that AI-powered search answers have crushed their website traffic and revenue.
  • Stack Overflow has seen a significant drop in daily active users and new questions (about 25-50%), as more developers turn to ChatGPT for faster answers.
  • I recently spoke with a recipe blogger who is a solo entrepreneur. With fewer visitors, they're earning less from advertising. They poured their heart, craft, and sweat into creating a high-quality recipe website, but now they believe their small business won't survive.

None of this should surprise us. According to Similarweb, since Google launched "AI Overviews", the number of searches that result in no click-throughs has increased from 56% in May 2024 to 69% in May 2025, meaning users get their answers directly on the results page.

This "zero-click" phenomenon reinforces the shift I described in my 2015 post, "The Big Reverse of the Web". Ten years ago, I argued that the web was moving away from sending visitors out to independent sites and instead keeping them on centralized platforms, all in the name of providing a faster and more seamless user experience.

However, the picture isn't entirely negative. Some companies find that visitors from AI tools, while small in volume, convert at much higher rates. At Acquia, the company I co-founded, traffic from AI chatbots makes up less than 1 percent of total visitors but converts at over 6 percent, compared to typical rates of 2 to 3 percent. We are still relatively early in the AI adoption cycle, so time will tell how this trend evolves, how marketers adapt, and what new opportunities it might create.

Finding a new equilibrium

There is a reason this trend has taken hold: users love it. AI-generated answers provide instant, direct information without extra clicks. It makes traditional search engines look complicated by comparison.

But this improved user experience comes at a long-term cost. When value is extracted without supporting the websites and authors behind it, it threatens the sustainability of the content we all rely on.

I fully support improving the user experience. That should always come first. But it also needs to be balanced with fair support for creators and the Open Web.

We should design systems that share value more fairly among users, AI companies, and creators. We need a new equilibrium that sustains creative work, preserves the Open Web, and still delivers the seamless experiences users expect.

Some might worry it is already too late, since large AI companies have massive scraped datasets and can generate synthetic data to fill gaps. But I'm not so sure. The web will keep evolving for decades, and no model can stay truly relevant without fresh, high-quality content.

From voluntary rules to enforcement

We have robots.txt, a simple text file that tells crawlers which parts of a website they can access. But it's purely voluntary. Creative Commons launched CC Signals last week, allowing content creators to signal how AI can reuse their work. But both robots.txt and CC Signals are "social contracts" that are hard to enforce.

Today, Cloudflare announced they will default to blocking AI crawlers from accessing content. This change lets website owners decide whether to allow access and whether to negotiate compensation. Cloudflare handles 20% of all web traffic. When an AI crawler tries to access a website protected by Cloudflare, it must pass through Cloudflare's servers first. This allows Cloudflare to detect crawlers that ignore robots.txt directives and block them.

This marks a shift from purely voluntary signals to actual technical enforcement. Large sites could already afford their own infrastructure to detect and block crawlers or negotiate licensing deals directly. For example, Reddit signed a $60 million annual deal with Google to license its content for AI training.

However, most content creators, like you and I, can do neither.

Cloudflare's actions establish a crucial principle: AI training data has a price, and creators deserve to share in the value AI generates from their work.

The missing piece: content licensing marketplaces

Accessible enforcement infrastructure is step one, and Cloudflare now provides that. Step two would be a content licensing marketplace that helps broker deals between AI companies and content creators at any scale. This would move us from simply blocking to creating a fair economic exchange.

To the best of my knowledge, such marketplaces do not exist yet, but the building blocks are starting to emerge. Matthew Prince, CEO of Cloudflare, has hinted that Cloudflare may be working on building such a marketplace, and I think it is a great idea.

I don't know what that will look like, but I imagine something like Shutterstock for AI training data, combined with programmatic pricing like Google Ads. On Shutterstock, photographers upload images, set licensing terms, and earn money when companies license their photos. Google Ads automatically prices and places millions of ads without manual negotiations. A future content licensing marketplace could work in a similar way: creators would set licensing terms (like they do on Shutterstock), while automated systems manage pricing and transactions (as Google Ads does).

Today, only large platforms like Reddit can negotiate direct licensing deals with AI companies. A marketplace with programmatic pricing would make licensing accessible to creators of all sizes. Instead of relying on manual negotiations or being scraped for free, creators could opt into fair, programmatic licensing programs.

This would transform the dynamic from adversarial blocking to collaborative value creation. Creators get compensated. AI companies get legal, high-quality training data. Users benefit from better AI tools built on ethically sourced content.

Making the Open Web sustainable

We built the Open Web to democratize access to knowledge and online publishing. AI advances this mission of democratizing knowledge. But we also need to ensure the people who write, record, code, and share that knowledge aren't left behind.

The issue is not that AI exists. The problem is that we have not built economic systems to support the people and organizations that AI relies on. This affects independent bloggers, large media companies, and open source maintainers whose code and documentation train coding assistants.

Call me naive, but I believe AI companies want to work with content creators to solve this. Their challenge is that no scalable system exists to identify, contact, and pay millions of content creators.

Content creators lack tools to manage and monetize their rights. AI companies lack systems to discover and license content at scale. Cloudflare's move is a first step. The next step is building content licensing marketplaces that connect creators directly with AI companies.

The Open Web needs economic systems that sustain the people who create its content. There is a unique opportunity here: if content creators and AI companies build these systems together, we could create a stronger, more fair, and more resilient Web than we have had in 25 years. The jury is out on that, but one can dream.

Disclaimer: Acquia, my company, has a commercial relationship with Cloudflare, but this perspective reflects my long-standing views on sustainable web economics, not any recent briefings or partnerships.

June 25, 2025

Soms zit het mee, soms nĂ©t niet. Het herenhuis waar we helemaal verliefd op waren, is helaas aan iemand anders verhuurd. Jammer, maar we blijven niet bij de pakken zitten. We zoeken verder — en hopelijk kan jij ons daarbij helpen!

Wij zijn drie mensen die samen een huis willen delen in Gent. We vormen een warme, bewuste en respectvolle woongroep, en we dromen van een plek waar we rust, verbinding en creativiteit kunnen combineren.

Wie zijn wij?

đŸ‘€ Amedee (48): IT’er, balfolkdanser, amateurmuzikant, houdt van gezelschapsspelletjes en wandelen, auti en sociaal geĂ«ngageerd
đŸ‘© ChloĂ« (bijna 52): Kunstenares, ex-Waldorfleerkracht en permacultuurontwerpster, houdt van creativiteit, koken en natuur
🎹 Kathleen (54): Doodle-artiest met sociaal-culturele achtergrond, houdt van gezelligheid, buiten zijn en schrijft graag

We willen samen een huis vormen waar communicatie, zorgzaamheid en vrijheid centraal staan. Een plek waar je je thuis voelt, en waar ruimte is voor kleine activiteiten zoals een spelavond, een workshop, een creatieve sessie of gewoon rustig samen zijn.

Wat zoeken we?

🏡 Een huis (géén appartement) in Gent, op max. 15 minuten fietsen van station Gent-Sint-Pieters
🌿 Energiezuinig: EPC B of beter
🛏 Minstens 3 ruime slaapkamers van ±20mÂČ
đŸ’¶ Huurprijs:

  • tot €1650/maand voor 3 slaapkamers
  • tot €2200/maand voor 4 slaapkamers

Extra ruimtes zoals een zolder, logeerkamer, atelier, bureau of hobbyruimte zijn heel welkom. We houden van luchtige, multifunctionele plekken die mee kunnen groeien met onze noden.

📅 Beschikbaar: vanaf nu, ten laatste oktober

💬 Heeft het huis 4 slaapkamers? Dan verwelkomen we graag een vierde huisgenoot die onze waarden deelt. Maar meer dan 4 bewoners willen we bewust vermijden — kleinschalig wonen werkt voor ons het best.

Ken jij iets? Laat van je horen!

Ken je een huis dat past in dit plaatje?
We staan open voor tips via immokantoren, vrienden, buren, collega’s of andere netwerken — alles helpt!

đŸ“© Contact: amedee@vangasse.eu

Dankjewel om mee uit te kijken — en delen mag altijd 💜

June 24, 2025

A glowing light bulb hanging in an underground tunnel.

In my post about digital gardening and public notes, I shared a principle I follow: "If a note can be public, it should be". I also mentioned using Obsidian for note-taking. Since then, various people have asked about my Obsidian setup.

I use Obsidian to collect ideas over time rather than to manage daily tasks or journal. My setup works like a Commonplace book, where you save quotes, thoughts, and notes to return to later. It is also similar to a Zettelkasten, where small, linked notes build deeper understanding.

What makes such note-taking systems valuable is how they help ideas grow and connect. When notes accumulate over time, connections start to emerge. Ideas compound slowly. What starts as scattered thoughts or quotes becomes the foundation for blog posts or projects.

Why plain text matters

One of the things I appreciate most about Obsidian is that it stores notes as plain text Markdown files on my local filesystem.

Plain text files give you full control. I sync them with iCloud, back them up myself, and track changes using Git. You can search them with command-line tools, write scripts to process them outside of Obsidian, or edit them in other applications. Your notes stay portable and usable any way you want.

Plus, plain text files have long-term benefits. Note-taking apps come and go, companies fold, subscription models shift. But plain text files remain accessible. If you want your notes to last for decades, they need to be in a format that stays readable, editable, and portable as technology changes. A Markdown file you write today will open just fine in 2050.

All this follows what Obsidian CEO Steph Ango calls the "files over apps" philosophy: your files should outlast the tools that create them. Don't lock your thinking into formats you might not be able to access later.

My tools

Before I dive into how I use Obsidian, it is worth mentioning that I use different tools for different types of thinking. Some people use Obsidian for everything – task management, journaling, notes – but I prefer to separate those.

For daily task management and meeting notes, I rely on my reMarkable Pro. A study titled The Pen Is Mightier Than the Keyboard by Mueller and Oppenheimer found that students who took handwritten notes retained concepts better than those who typed them. Handwriting meeting notes engages deeper cognitive processing than typing, which can improve understanding and memory.

For daily journaling and event tracking, I use a custom iOS app I built myself. I might share more about that another time.

Obsidian is where I grow long-term ideas. It is for collecting insights, connecting thoughts, and building a knowledge base that compounds over time.

How I capture ideas

In Obsidian, I organize my notes around topic pages. Examples are "Coordination challenges in Open Source", "Solar-powered websites", "Open Source startup lessons", or "How to be a good dad".

I have hundreds of these topic pages. I create a new one whenever an idea feels worth tracking.

Each topic page grows slowly over time. I add short summaries, interesting links, relevant quotes, and my own thoughts whenever something relevant comes up. The idea is to build a thoughtful collection of notes that deepens and matures over time.

Some notes stay short and focused. Others grow rich with quotes, links, and personal reflections. As notes evolve, I sometimes split them into more specific topics or consolidate overlapping ones.

I do not schedule formal reviews. Instead, notes come back to me when I search, clip a new idea, or revisit a related topic. A recent thought often leads me to something I saved months or years ago, and may prompt me to reorganize related notes.

Obsidian's core features help these connections deepen. I use tags, backlinks and graph view, to connect notes and reveal patterns between notes.

How I use notes

The biggest challenge with note-taking is not capturing ideas, but actually using them. Most notes get saved and then forgotten.

Some of my blog posts grow directly from these accumulated notes. Makers and Takers, one of my most-read blog posts, pre-dates Obsidian and did not come from this system. But if I write a follow-up, it will. I have a "Makers and Takers" note where relevant quotes and ideas are slowly accumulating.

As my collection of notes grows, certain notes keep bubbling up while others fade into the background. The ones that resurface again and again often signal ideas worth writing about or projects worth pursuing.

What I like about this process is that it turns note-taking into more than just storage. As I've said many times, writing is how I think. Writing pushes me to think, and it is the process I rely on to flesh out ideas. I do not treat my notes as final conclusions, but as ongoing conversations with myself. Sometimes two notes written months apart suddenly connect in a way I had not noticed before.

My plugin setup

Obsidian has a large plugin ecosystem that reminds me of Drupal's. I mostly stick with core plugins, but use the following community ones:

  • Dataview – Think of it as SQL queries for your notes. I use it to generate dynamic lists like TABLE FROM #chess AND #opening AND #black to see all my notes on chess openings for Black. It turns your notes into a queryable database.

  • Kanban – Visual project boards for tracking progress on long-term ideas. I maintain Kanban boards for Acquia, Drupal, improvements to dri.es, and more. Unlike daily task management, these boards capture ideas that evolve over months or years.

  • Linter – Automatically formats my notes: standardizes headings, cleans up spacing, and more. It runs on save, keeping my Markdown clean.

  • Encrypt – Encrypts specific notes with password protection. Useful for sensitive information that I want in my knowledge base but need to keep secure.

  • Pandoc – Exports notes to Word documents, PDFs, HTML, and other formats using Pandoc.

  • Copilot – I'm still testing this, but the idea of chatting with your own knowledge base is compelling. You can also ask AI to help organize notes more effectively.

The Obsidian Web Clipper

The tool I'd actually recommend most isn't a traditional Obsidian plugin: it's the official Obsidian Web Clipper browser extension. I have it installed on my desktop and phone.

When I find something interesting online, I highlight it and clip it directly into Obsidian. This removes friction from the process.

I usually save just a quote or a short section of an article, not the whole article. Some days I save several clips. Other days, I save none at all.

Why this works

For me, Obsidian is not just a note-taking tool. It is a thinking environment. It gives me a place to collect ideas, let them mature, and return to them when the time is right. I do not aim for perfect organization. I aim for a system that feels natural and helps me notice connections I would otherwise miss.

June 22, 2025

OpenTofu

OpenTofu

Terraform or OpenTofu (the open-source fork supported by the Linux Foundation) is a nice tool to setup the infrastructure on different cloud environments. There is also a provider that supports libvirt.

If you want to get started with OpenTofu there is a free training available from the Linux foundation:

I also joined the talk about OpenTofu and Infrastructure As Code, in general, this year in the Virtualization and Cloud Infrastructure DEV Room at FOSDEM this year:

I’ll not start to explain “Declarative” vs “Imperative” in this blog post, there’re already enough blog posts or websites that’re (trying) to explain this in more detail (the links above are a good start).

The default behaviour of OpenTofu is not to try to update an existing environment. This makes it usable to create disposable environments.

Tails description

Tails

Tails is a nice GNU/Linux distribution to connect to the Tor network.

Personally, I’m less into the “privacy” aspect of the Tor network (although being aware that you’re tracked and followed is important), probably because I’m lucky to live in the “Free world”.

For people who are less lucky (People who live in a country where freedom of speech isn’t valued) or journalists for example, there’re good reasons to use the Tor network and hide their internet traffic.

tails/libvirt Terraform/OpenTofu module

OpenTofu

To make it easier to spin up a virtual machine with the latest tail environment I created a Terraform/OpenTofu module to spin up a virtual machine with the latest Tails version on libvirt.

There’re security considerations when you run tails in a virtual machine. See

for more information.

The source code of the module is available at the git repository:

The module is published on the Terraform Registry and the OpenTofu Registry.

Have fun!

June 18, 2025

Heb jij altijd al willen samenwonen met fijne mensen in een warme, open en respectvolle sfeer? Dan is dit misschien wel iets voor jou.

Samen met twee vrienden ben ik een nieuwe cohousing aan het opstarten in Gent. We hebben een prachtig gerenoveerd herenhuis op het oog, en we zijn op zoek naar een vierde persoon om het huis mee te delen.

Het huis

Het gaat om een ruim en karaktervol herenhuis met energielabel B+. Het beschikt over:

Vier volwaardige slaapkamers van elk 18 Ă  20 mÂČ

Eén extra kamer die we kunnen inrichten als logeerkamer, bureau of hobbyruimte

Twee badkamers

Twee keukens

Een zolder met stevige balken — de creatieve ideeĂ«n borrelen al op!


De ligging is uitstekend: aan de Koning Albertlaan, op amper 5 minuten fietsen van station Gent-Sint-Pieters en 7 minuten van de Korenmarkt. De huurprijs is €2200 in totaal, wat neerkomt op €550 per persoon bij vier bewoners.

Het huis is al beschikbaar vanaf 1 juli 2025.

Wie zoeken we?

We zoeken iemand die zich herkent in een aantal gedeelde waarden en graag deel uitmaakt van een respectvolle, open en bewuste leefomgeving. Concreet betekent dat voor ons:

Je staat open voor diversiteit in al haar vormen

Je bent respectvol, communicatief en houdt rekening met anderen

Je hebt voeling met thema’s zoals inclusie, mentale gezondheid, en samenleven met aandacht voor elkaar

Je hebt een rustig karakter en draagt graag bij aan een veilige, harmonieuze sfeer in huis

Leeftijd is niet doorslaggevend, maar omdat we zelf allemaal 40+ zijn, zoeken we eerder iemand die zich in die levensfase herkent


Iets voor jou?

Voel je een klik met dit verhaal? Of heb je vragen en wil je ons beter leren kennen? Aarzel dan niet om contact op te nemen via amedee@vangasse.eu.

Is dit niets voor jou, maar ken je iemand die perfect zou passen in dit plaatje? Deel dan zeker deze oproep — dank je wel!

Samen kunnen we van dit huis een warme thuis maken.

A few years ago, I quietly adopted a small principle that has changed how I think about publishing on my website. It's a principle I've been practicing for a while now, though I don't think I've ever written about it publicly.

The principle is: If a note can be public, it should be.

It sounds simple, but this idea has quietly shaped how I treat my personal website.

I was inspired by three overlapping ideas: digital gardens, personal memexes, and "Today I Learned" entries.

Writers like Tom Critchlow, Maggie Appleton, and Andy Matuschak maintain what they call digital gardens. They showed me that a personal website does not have to be a collection of polished blog posts. It can be a living space where ideas can grow and evolve. Think of it more as an ever-evolving notebook than a finished publication, constantly edited and updated over time.

I also learned from Simon Willison, who publishes small, focused Today I Learned (TIL) entries. They are quick, practical notes that capture a moment of learning. They don't aim to be comprehensive; they simply aim to be useful.

And then there is Cory Doctorow. In 2021, he explained his writing and publishing workflow, which he describes as a kind of personal memex. A memex is a way to record your knowledge and ideas over time. While his memex is not public, I found his approach inspiring.

I try to take a lot of notes. For the past four years, my tool of choice has been Obsidian. It is where I jot things down, think things through, and keep track of what I am learning.

In Obsidian, I maintain a Zettelkasten system. It is a method for connecting ideas and building a network of linked thoughts. It is not just about storing information but about helping ideas grow over time.

At some point, I realized that many of my notes don't contain anything private. If they're useful to me, there is a good chance they might be useful to someone else too. That is when I adopted the principle: If a note can be public, it should be.

So a few years ago, I began publishing these kinds of notes on my site. You might have seen examples like Principles for life, PHPUnit tests for Drupal, Brewing coffee with a moka pot when camping or Setting up password-free SSH logins.

These pages on my website are not blog posts. They are living notes. I update them as I learn more or come back to the topic. To make that clear, each note begins with a short disclaimer that says what it is. Think of it as a digital notebook entry rather than a polished essay.

Now, I do my best to follow my principle, but I fall short more than I care to admit. I have plenty of notes in Obsidian that could have made it to my website but never did.

Often, it's simply inertia. Moving a note from Obsidian to my Drupal site involves a few steps. While not difficult, these steps consume time I don't always have. I tell myself I'll do it later, and then 'later' often never arrives.

Other times, I hold back because I feel insecure. I am often most excited to write when I am learning something new, but that is also when I know the least. What if I misunderstood something? The voice of doubt can be loud enough to keep a note trapped in Obsidian, never making it to my website.

But I keep pushing myself to share in public. I have been learning in the open and sharing in the open for 25 years, and some of the best things in my life have come from that. So I try to remember: if notes can be public, they should be.

June 11, 2025

I am excited to share some wonderful news—Sibelga and Passwerk have recently published a testimonial about my work, and it has been shared across LinkedIn, Sibelga’s website, and even on YouTube!


What Is This All About?

Passwerk is an organisation that matches talented individuals on the autism spectrum with roles in IT and software testing, creating opportunities based on strengths and precision. I have been working with them as a consultant, currently placed at Sibelga, Brussels’ electricity and gas distribution network operator.

The article and video highlight how being “different” does not have to be a limitation—in fact, it can be a real asset in the right context. It means a lot to me to be seen and appreciated for who I am and the quality of my work.


Why This Matters

For many neurodivergent people, the professional world can be full of challenges that go beyond the work itself. Finding the right environment—one that values accuracy, focus, and dedication—can be transformative.

I am proud to be part of a story that shows what is possible when companies look beyond stereotypes and embrace neurodiversity as a strength.


Thank you to Sibelga, Passwerk, and everyone who contributed to this recognition. It is an honour to be featured, and I hope this story inspires more organisations to open up to diverse talents.

👉 Want to know more? Check out the article or watch the video!

June 08, 2025

lookat 2.1.0rc1

Lookat 2.1.0rc1 is the latest development release of Lookat/Bekijk, a user-friendly Unix file browser/viewer that supports colored man pages.

The focus of the 2.1.0 release is to add ANSI Color support.


 

News

8 Jun 2025 Lookat 2.1.0rc1 Released

Lookat 2.1.0rc1 is the first release candicate of Lookat 2.1.0

ChangeLog

Lookat / Bekijk 2.1.0rc1
  • ANSI Color support

Lookat 2.1.0rc1 is available at:

Have fun!

June 04, 2025

A few weeks ago, I set off for Balilas, a balfolk festival in Janzé (near Rennes), Brittany (France). I had never been before, but as long as you have dance shoes, a tent, and good company, what more do you need?

Bananas for scale

From Ghent to Brittany
 with Two Dutch Strangers

My journey began in Ghent, where I was picked up by Sterre and Michelle, two dancers from the Netherlands. I did not know them too well beforehand, but in the balfolk world, that is hardly unusual — de balfolkcommunity is één grote familie — one big family.

We took turns driving, chatting, laughing, and singing along. Google Maps logged our total drive time at 7 hours and 39 minutes.

Google knows everything PĂ©age – one of the many

Along the way, we had the perfect soundtrack:
đŸŽ¶ French Road Trip đŸ‡«đŸ‡·đŸ„– — 7 hours and 49 minutes of French and Francophone tubes.

https://open.spotify.com/playlist/3jRMHCl6qVmVIqXrASAAmZ?si=746a7f78ca30488a

🍕 A Tasty Stop in PrĂ©-en-Pail-Saint-Samson

Somewhere around dinner time, we stopped at La Sosta, a cozy Italian restaurant in PrĂ©-en-Pail-Saint-Samson (2300 inhabitants). I had a pizza normande — base tomate, andouille, pomme, mozzarella, crĂšme, persil . A delicious and unexpected regional twist — definitely worth remembering!

pizza normande

The pizzas wereexcellent, but also generously sized — too big to finish in one sitting. Heureusement, ils nous ont proposĂ© d’emballer le reste Ă  emporter. That was a nice touch — and much appreciated after a long day on the road.

Just to much to eat it all

â›ș Arrival Just Before Dark

We arrived at the Balilas festival site five minutes after sunset, with just enough light left to set up our tents before nightfall. Trugarez d’an heol — thank you, sun, for holding out a little longer.

There were two other cars filled with people coming from the Netherlands, but they had booked a B&B. We chose to camp on-site to soak in the full festival atmosphere.

Enjoy the view! Banana pancakes!

Balilas itself was magical: days and nights filled with live music, joyful dancing, friendly faces, and the kind of warm atmosphere that defines balfolk festivals.

Photo: Poppy Lens

More info and photos:
🌐 balilas.lesviesdansent.bzh
📾 @balilas.balfolk on Instagram


Balfolk is more than just dancing. It is about trust, openness, and sharing small adventures with people you barely know—who somehow feel like old friends by the end of the journey.

Tot de volgende — à la prochaine — betek ar blez a zeu!
đŸ•ș💃

Thank you MaĂŻ for proofreading the Breton expressions. ❀

May 28, 2025

In the world of DevOps and continuous integration, automation is essential. One fascinating way to visualize the evolution of a codebase is with Gource, a tool that creates animated tree diagrams of project histories.

Recently, I implemented a GitHub Actions workflow in my ansible-servers repository to automatically generate and deploy Gource visualizations. In this post, I will walk you through how the workflow is set up and what it does.

But first, let us take a quick look back



🕰 Back in 2013: Visualizing Repos with Bash and XVFB

More than a decade ago, I published a blog post about Gource (in Dutch) where I described a manual workflow using Bash scripts. At that time, I ran Gource headlessly using xvfb-run, piped its output through pv, and passed it to ffmpeg to create a video.

It looked something like this:

#!/bin/bash -ex
 
xvfb-run -a -s "-screen 0 1280x720x24" \
  gource \
    --seconds-per-day 1 \
    --auto-skip-seconds 1 \
    --file-idle-time 0 \
    --max-file-lag 1 \
    --key -1280x720 \
    -r 30 \
    -o - \
  | pv -cW \
  | ffmpeg \
    -loglevel warning \
    -y \
    -b:v 3000K \
    -r 30 \
    -f image2pipe \
    -vcodec ppm \
    -i - \
    -vcodec libx264 \
    -preset ultrafast \
    -pix_fmt yuv420p \
    -crf 1 \
    -threads 0 \
    -bf 0 \
    ../gource.mp4

This setup worked well for its time and could even be automated via cron or a Git hook. However, it required a graphical environment workaround and quite a bit of shell-fu.


🧬 From Shell Scripts to GitHub Actions

Fast forward to today, and things are much more elegant. The modern Gource workflow lives in .github/workflows/gource.yml and is:

  • 🔁 Reusable through workflow_call
  • 🔘 Manually triggerable via workflow_dispatch
  • 📩 Integrated into a larger CI/CD pipeline (pipeline.yml)
  • ☁ Cloud-native, with video output stored on S3

Instead of bash scripts and virtual framebuffers, I now use a well-structured GitHub Actions workflow with clear job separation, artifact management, and summary reporting.


🚀 What the New Workflow Does

The GitHub Actions workflow handles everything automatically:

  1. ⏱ Decides if a new Gource video should be generated, based on time since the last successful run.
  2. đŸ“œ Generates a Gource animation and a looping thumbnail GIF.
  3. ☁ Uploads the files to an AWS S3 bucket.
  4. 📝 Posts a clean summary with links, preview, and commit info.

It supports two triggers:

  • workflow_dispatch (manual run from the GitHub UI)
  • workflow_call (invoked from other workflows like pipeline.yml)

You can specify how frequently it should run with the skip_interval_hours input (default is every 24 hours).


🔍 Smart Checks Before Running

To avoid unnecessary work, the workflow first checks:

  • If the workflow file itself was changed.
  • When the last successful run occurred.
  • Whether the defined interval has passed.

Only if those conditions are met does it proceed to the generation step.


🛠 Building the Visualization

đŸ§Ÿ Step-by-step:

  1. Checkout the Repo
    Uses actions/checkout with fetch-depth: 0 to ensure full commit history.
  2. Generate Gource Video
    Uses nbprojekt/gource-action with configuration for avatars, title, and resolution.
  3. Install FFmpeg
    Uses AnimMouse/setup-ffmpeg to enable video and image processing.
  4. Create a Thumbnail
    Extracts preview frames and assembles a looping GIF for visual summaries.
  5. Upload Artifacts
    Uses actions/upload-artifact to store files for downstream use.

☁ Uploading to AWS S3

In a second job:

  • AWS credentials are securely configured via aws-actions/configure-aws-credentials.
  • Files are uploaded using a commit-specific path.
  • Symlinks (gource-latest.mp4, gource-latest.gif) are updated to always point to the latest version.

📄 A Clean Summary for Humans

At the end, a GitHub Actions summary is generated, which includes:

  • A thumbnail preview
  • A direct link to the full video
  • Video file size
  • Commit metadata

This gives collaborators a quick overview, right in the Actions tab.


🔁 Why This Matters

Compared to the 2013 setup:

2013 Bash Script2025 GitHub Actions Workflow
Manual setup via shellFully automated in CI/CD
Local onlyCloud-native with AWS S3
Xvfb workaround requiredHeadless and clean execution
Script needs maintenanceModular, reusable, and versioned
No summariesMarkdown summary with links and preview

Automation has come a long way — and this workflow is a testament to that progress.


✅ Final Thoughts

This Gource workflow is now a seamless part of my GitHub pipeline. It generates beautiful animations, hosts them reliably, and presents the results with minimal fuss. Whether triggered manually or automatically from a central workflow, it helps tell the story of a repository in a way that is both informative and visually engaging. 📊✹

Would you like help setting this up in your own project? Let me know — I am happy to share.

May 23, 2025

Reducing the digital clutter of chats

I hate modern chats. They presuppose we are always online, always available to chat. They force us to see and think about them each time we get our eyes on one of our devices. Unlike mailboxes, they are never empty. We can’t even easily search through old messages (unlike the chat providers themselves, which use the logs to learn more about us). Chats are the epitome of the business idiot: they make you always busy but prevent you from thinking and achieving anything.

It is quite astonishing to realise that modern chat systems use 100 or 1000 times more resources (in size and computing power) than 30 years ago, that they are less convenient (no custom client, no search) and that they work against us (centralisation, surveillance, ads). But, yay, custom emojis!

Do not get me wrong: chats are useful! When you need an immediate interaction or a quick on-the-go message, chats are the best.

I needed to keep being able to chat while keeping the digital clutter to a minimal and preserving my own sanity. That’s how I came up with the following rules.

Rule 1: One chat to rule them all

One of the biggest problems of centralised chats is that you must be on many of them. I decided to make Signal my main chat and to remove others.

Signal was, for me, a good compromise of respecting my privacy, being open source and without ads while still having enough traction that I could convince others to join it.

Yes, Signal is centralised and has drawbacks like relying on some Google layers (which I worked around by using Molly-FOSS). I simply do not see XMPP, Matrix or SimpleX becoming popular enough in the short term. Wire and Threema had no advantages over Signal. I could not morally justify using Whatsapp nor Telegram.

In 2022, as I decided to use Signal as my main chat, I deleted all accounts but Signal and Whatsapp and disabled every notification from Whatsapp, forcing myself to open it once a week to see if I had missed something important. People who really wanted to reach me quickly understood that it was better to use Signal. This worked so well that I forgot to open Whatsapp for a whole month which was enough for Whatsapp to decide that my account was not active anymore.

Not having Whatsapp is probably the best thing which happened to me regarding chats. Suddenly, I was out of tenths or hundreds of group chats. Yes, I missed lots of stuff. But, most importantly, I stopping fearing missing them. Seriously, I never missed having Whatsapp. Not once. Thanks Meta for removing my account!

While travelling in Europe, it is now standard that taxi and hotels will chat with you using Whatsapp. Not anymore for me. Guess what? It works just fine. In fact, I suspect it works even better because people are forced to either do what we agreed during our call or to call me, which requires more energy and planning.

Rule 2: Mute, mute, mute!

Now that Signal is becoming more popular, some group chats are migrating to it. But I’ve learned the lesson : I’m muting them. This allows me to only see the messages when I really want to look at them. Don’t hesitate to mute vocal group chats and people with whom you don’t need day-to-day interaction.

I’m also leaving group chats which are not essential. Whatsapp deletion told me that nearly no group chat is truly essential.

Many times, I’ve had people sending me emails about what was told on a group chat because they knew I was not there. Had I been on that group, I would probably have missed the messages but nobody would have cared. If you really want to get in touch with me, send me an email!

Rule 3: No read receipts nor typing indicators

I was busy, walking in the street with my phone in hands for directions. A notification popped up with an important message. It was important but not urgent. I could not deal with the message at that moment. I wanted to take the time. One part of my brain told me not to open the message because, if I did, the sender would see a "read receipt". He would see that I had read the message but would not receive any answer.

For him, that would probably translate in "he doesn’t care". I consciously avoided to open Signal until I was back home and could deal with the message.

That’s when I realised how invasive the "read receipt" was. I disabled it and never regretted that move. I’m reading messages on my own watch and replying when I want to. Nobody needs to know if I’ve seen the message. It is wrong in every aspect.

Signal preferences showing read receipts and typing indicator disabled Signal preferences showing read receipts and typing indicator disabled

Rule 4: Temporary discussions only

The artist Bruno Leyval, who did the awesome cover of my novel Bikepunk, is obsessed with deletion and disappearance. He set our Signal chat so that every message is deleted after a day. At first, I didn’t see the point.

Until I understood that this was not only about privacy, it also was about decluttering our mind, our memories.

Since then, I’ve set every chat in Signal to delete messages after one week.

Signal preferences showing disappearing messages set to one week Signal preferences showing disappearing messages set to one week

This might seem like nothing but this changes everything. Suddenly, chats are not a long history of clutter. Suddenly, you see chats as transient and save things you want to keep. Remember that you can’t search in chats? This means that chats are transient anyway. With most chats, your history is not saved and could be lost by simply dropping your phone on the floor. Something important should be kept in a chat? Save it! But it should probably have been an email.

Embracing the transient nature of chat, making it explicit greatly reduce the clutter.

Conclusion

I know that most of you will say that "That’s nice Ploum but I can’t do that because everybody is on XXX" where XXX is most often Whatsapp in my own circles. But this is wrong: you believe everybody is on XXX because you are yourself using XXX as your main chat. When surveying my students this year, I’ve discovered that nearly half of them was not on Whatsapp. Not for some hard reason but because they never saw the need for it. In fact, they were all spread over Messenger, Instagram, Snap, Whatsapp, Telegram, Discord. And they all believed that "everybody is where I am".

In the end, the only real choice to make is between being able to get immediately in touch with a lot of people or having room for your mental space. I choose the latter, you might prefer the former. That’s fine!

I still don’t like chat. I’m well aware that the centralised nature of Signal makes it a short-term solution. But I’m not looking for the best sustainable chat. I just want fewer chats in my life.

If you want to get in touch, send me an email!

I’m Ploum, a writer and an engineer. I like to explore how technology impacts society. You can subscribe by email or by rss. I value privacy and never share your adress.

I write science-fiction novels in French. For Bikepunk, my new post-apocalyptic-cyclist book, my publisher is looking for contacts in other countries to distribute it in languages other than French. If you can help, contact me!

May 21, 2025

During the last MySQL & HeatWave Summit, Wim Coekaerts announced that a new optimizer is available and is already enabled in MySQL HeatWave. Let’s have a quick look at it and how to use it. The first step is to verify that Hypergraph is available: The statement won’t return any error if the Hypergraph Optimizer [
]

This spring was filled with music, learning, and connection. I had the opportunity to participate in three wonderful music courses, each offering something unique—new styles, deeper technique, and a strong sense of community. Here is a look back at these inspiring experiences.


đŸŽ¶ 1. Fiddlers on the Move – Ghent (5–9 March)

Photo: Filip Verpoest

In early March, I joined Fiddlers on the Move in Ghent, a five-day course packed with workshops led by musicians from all over the world. Although I play the nyckelharpa, I deliberately chose workshops that were not nyckelharpa-specific. This gave me the challenge and joy of translating techniques from other string traditions to my instrument.

Here is a glimpse of the week:

  • Wednesday: Fiddle singing with Laura Cortese – singing while playing was new for me, and surprisingly fun.
  • Thursday: Klezmer violin / Fiddlers down the roof with Amit Weisberger – beautiful melodies and ornamentation with plenty of character.
  • Friday: Arabic music with Layth Sidiq – an introduction to maqams and rhythmic patterns that stretched my ears in the best way.
  • Saturday: Swedish violin jamsession classics with Mia Marine – a familiar style, but always a joy with Mia’s energy and musicality.
  • Sunday: Live looping strings with Joris Vanvinckenroye – playful creativity with loops, layering, and rhythm.

Each day brought something different, and I came home with a head full of ideas and melodies to explore further.


đŸȘ— 2. Workshopweekend Stichting Draailier & Doedelzak – Sint-Michielsgestel, NL (18–21 April)

Photo: Arne de Laat

In mid-April, I traveled to Sint-Michielsgestel in the Netherlands for the annual Workshopweekend organized by Stichting Draailier & Doedelzak. This year marked the foundation’s 40th anniversary, and the event was extended to four days, from Friday evening to Monday afternoon, at the beautiful location of De Zonnewende.

I joined the nyckelharpa workshop with Rasmus Brinck. One of the central themes we explored was the connection between playing and dancing polska—a topic close to my heart. I consider myself a dancer first and a musician second, so it was especially meaningful to deepen the musical understanding of how movement and melody shape one another.

The weekend offered a rich variety of other workshops as well, including hurdy-gurdy, bagpipes, diatonic accordion, singing, and ensemble playing. As always, the atmosphere was warm and welcoming. With structured workshops during the day and informal jam sessions, concerts, and bals in the evenings, it was a perfect blend of learning and celebration.


🇾đŸ‡Ș 3. Swedish Music for Strings – Ronse (2–4 May)

At the beginning of May, I took part in a three-day course in Ronse dedicated to Swedish string music. Although we could arrive on 1 May, teaching started the next day. The course was led by David Eriksson and organized by Amate Galli. About 20 musicians participated—two violinists, one cellist, and the rest of us on nyckelharpa.

The focus was on capturing the subtle groove and phrasing that make Swedish folk music so distinctive. It was a joy to be surrounded by such a rich soundscape and to play in harmony with others who share the same passion. The music stayed with me long after the course ended.


✹ Final Thoughts

Each of these courses gave me something different: new musical perspectives, renewed technical focus, and most importantly, the joy of making music with others. I am deeply grateful to all the teachers, organizers, and fellow participants who made these experiences so rewarding. I am already looking forward to the next musical adventure!

May 19, 2025

MySQL Enterprise Monitor, aka MEM, retired in January 2025, after almost 20 years of exemplary service! What’s next? Of course, plenty of alternatives exist, open source, proprietary, and on the cloud. For MySQL customers, we provide two alternatives: This post focuses on the latter, as there is no apparent reason to deploy an Oracle Database [
]

May 16, 2025

Petit manifeste low-tech

Ce samedi 17 mai, je pédalerai vers Massy en compagnie de Tristan Nitot pour parler "low-tech" et dédicacer Bikepunk lors du festival Parlons Vélo.

Attention, ce qui va suivre divulgĂąche une partie de ce que je dirai samedi midi Ă  Massy. Si vous venez, arrĂȘtez de lire ici, on se retrouve demain !

Qu’est-ce que la low-tech ?

Le terme low-tech nous fait intuitivement sentir une opposition contre l’excĂšs technologique (le "high tech") tout en Ă©vitant l’extrĂ©misme technophobique. Un terme qui enthousiasme, mais qu’il me semble important d’expliciter et dont je propose la dĂ©finition suivante.

Une technologie est dite « low-tech » si les personnes interagissant avec cette technologie savent et peuvent en comprendre son fonctionnement.

Savoir comprendre. Pouvoir comprendre. Deux éléments essentiels (et difficiles à distinguer pour le Belge que je suis).

Savoir comprendre

Savoir comprendre une technologie implique d’avoir la possibilitĂ© de construire un modĂšle intellectuel de son fonctionnement interne.

Il est bien Ă©vident que tout le monde n’a pas la capacitĂ© de comprendre toutes les technologies. Mais il est possible de procĂ©der par niveau. La majoritĂ© des automobilistes sait qu’une voiture Ă  essence brĂ»le le carburant qui explose dans un moteur, explosion qui entraine des pistons qui font tourner les roues. Le nom est un indice en soi : un moteur Ă  explosion !

Si je n’en comprends pas plus sur le fonctionnement d’un moteur, j’ai la certitude qu’il existe des personnes qui comprennent mieux, souvent dans mon entourage direct. Au plus la comprĂ©hension est fine, au plus les personnes deviennent rares, mais chacun peut tenter de s’amĂ©liorer.

La technologie est simple sans ĂȘtre simpliste. Cela signifie que sa complexitĂ© peut ĂȘtre apprĂ©hendĂ©e graduellement. Et qu’il existe des experts qui apprĂ©hendent une technologie particuliĂšre dans sa globalitĂ©.

Par opposition, il est aujourd’hui humainement impossible de comprendre un smartphone moderne. Seuls quelques expert·e·s dans le monde maitrisent chacun·e un point particulier de l’objet : du dessin de l’antenne 5G au logiciel retouchant automatiquement les photos en passant par le chargement rapide de la batterie. Et aucun d’entre eux ne maitrise la conception d’un compilateur nĂ©cessaire Ă  faire tourner le tout. MĂȘme un gĂ©nie passant sa vie Ă  dĂ©monter des smartphones serait dans l’incapacitĂ© totale de comprendre ce qui se passe Ă  l’intĂ©rieur d’un engin que nous avons tous en permanence soit dans une poche, soit devant notre nez !

L’immense majoritĂ© des utilisateurs de smartphones n’ont pas le moindre modĂšle mental de son fonctionnement. Je ne parle pas d’un modĂšle erronĂ© ou simpliste : non, il n’y en a pas du tout. L’objet est « magique ». Pourquoi affiche-t-il quelque chose plutĂŽt qu’un autre ? Parce que c’est « magique ». Et comme pour la magie, il ne faut pas chercher Ă  comprendre.

La low-tech peut ĂȘtre extrĂȘmement complexe, mais l’existence mĂȘme de cette complexitĂ© doit ĂȘtre comprĂ©hensible et justifiĂ©e. Une complexitĂ© transparente encourage naturellement les esprits curieux Ă  se poser des questions.

Le temps de comprendre

Comprendre une technologie prend du temps. Cela implique une relation longue, une expĂ©rience qui se crĂ©e tout au long d’une vie, qui se partage, qui se transmet.

Par opposition, la high-tech impose un renouvellement, une mise Ă  jour constante, des changements d’interface et de fonctionnalitĂ© permanents qui renforcent l’aspect « magique » et entraine le dĂ©couragement de celleux qui tentent de se construire un modĂšle mental.

La low-tech doit donc nĂ©cessairement ĂȘtre durable. PĂ©renne. Elle doit s’enseigner et permettre une construction progressive de cet enseignement.

Cela implique parfois des efforts, des difficultĂ©s. Tout ne peut pas toujours ĂȘtre progressif : Ă  un moment, il faut se lancer sur son vĂ©lo pour apprendre Ă  garder l’équilibre.

Pouvoir comprendre

Historiquement, il semble Ă©vident que toute technologie a la possibilitĂ© d’ĂȘtre comprise. Les personnes interagissant avec la technologie Ă©taient forcĂ©es de rĂ©parer, d’adapter et donc de comprendre. Une technologie Ă©tait essentiellement matĂ©rielle, ce qui implique qu’elle pouvait ĂȘtre dĂ©montĂ©e.

Avec le logiciel apparait un nouveau concept : celui de cacher le fonctionnement. Et si, historiquement, tout logiciel est open source, l’invention du logiciel propriĂ©taire rend difficile, voire impossible, de comprendre une technologie.

Le logiciel propriĂ©taire n’a pu ĂȘtre inventĂ© que grĂące Ă  la crĂ©ation d’un concept rĂ©cent, au demeurant absurde, appelĂ© « propriĂ©tĂ© intellectuelle ».

Cette propriĂ©tĂ© intellectuelle ayant permis la privatisation de la connaissance dans le logiciel, elle est ensuite Ă©tendue au monde matĂ©riel. Soudainement, il devient possible d’interdire Ă  une personne de tenter de comprendre la technologie qu’elle utilise au quotidien. GrĂące Ă  la propriĂ©tĂ© intellectuelle, des fermiers se voient soudain interdits d’ouvrir le capot de leur propre tracteur.

La low-tech doit ĂȘtre ouverte. Elle doit pouvoir ĂȘtre rĂ©parĂ©e, modifiĂ©e, amĂ©liorĂ©e et partagĂ©e.

De l’utilisateur au consommateur

GrĂące Ă  la complexification, aux changements incessants et Ă  l’imposition d’un rĂ©gime strict de « propriĂ©tĂ© intellectuelle », les utilisateurs ont Ă©tĂ© transformĂ©s en consommateurs.

Ce n’est pas un hasard. Ce n’est pas une Ă©volution inĂ©luctable de la nature. Il s’agit d’un choix conscient. Toutes les Ă©coles de commerce enseignent aux futurs entrepreneurs Ă  se construire un marchĂ© captif, Ă  priver autant que possible leur client de libertĂ©, Ă  construire ce qu’on appelle dans le jargon une "moat" (douve qui protĂšge un chĂąteau) afin d’augmenter la « rĂ©tention des utilisateurs ».

Les termes eux-mĂȘmes deviennent flous pour renforcer ce sentiment de magie. On ne parle par exemple plus de transfĂ©rer un fichier .jpg vers un ordinateur distant, mais de « sauvegarder ses souvenirs dans le cloud ».

Les marketeux nous ont fait croire qu’en supprimant les mots compliquĂ©s, ils simplifieraient la technologie. C’est Ă©videmment le contraire. L’apparence de simplicitĂ© est une complexitĂ© supplĂ©mentaire qui emprisonne l’utilisateur. Toute technologie nĂ©cessite un apprentissage. Cet apprentissage doit ĂȘtre encouragĂ©.

Pour une approche et une éthique low-tech

L’éthique low-tech consiste Ă  se remettre au service de l’utilisateur en lui facilitant la comprĂ©hension de ses outils.

La high-tech n’est pas de la magie, c’est de la prestidigitation. PlutĂŽt que de cacher les « trucs » sous des artifices, la low-tech cherche Ă  montrer et Ă  crĂ©er une utilisation en conscience de la technologie.

Cela n’implique pas nĂ©cessairement une simplification Ă  outrance.

Prenons l’exemple d’une machine Ă  laver le linge. Nous comprenons tous qu’une machine de base est un tambour qui tourne dans lequel est injectĂ© de l’eau et du savon. C’est trĂšs simple et low-tech.

On pourrait arguer que l’ajout de capteurs et de contrĂŽleurs Ă©lectroniques permet de laver le linge plus efficacement et plus Ă©cologiquement en le pesant et adaptant la vitesse de rotation en fonction du type de linge.

Dans une optique low-tech, un boitier Ă©lectronique est ajoutĂ© Ă  la machine pour faire exactement cela. Si le boitier est retirĂ© ou tombe en panne, la machine continue Ă  fonctionner simplement. L’utilisateur peut choisir de dĂ©brancher le boitier ou de le remplacer. Il en comprend l’utilitĂ© et la justification. Il construit un modĂšle mental dans lequel le boitier ne fait qu’appuyer sur les boutons de rĂ©glage au bon moment. Et, surtout, il ne doit pas envoyer toute la machine Ă  la casse parce que la puce wifi ne fonctionne plus et n’est plus mis Ă  jour ce qui a bloquĂ© le firmware (quoi ? Ma machine Ă  laver dispose d’une puce wifi ?).

Pour une communauté low-tech

Une technologie low-tech encourage et donne l’occasion Ă  l’utilisateur Ă  la comprendre, Ă  se l’approprier. Elle tente de rester stable dans le temps, se standardise. Elle ne cherche pas Ă  cacher la complexitĂ© intrinsĂšque partant du principe que la simplicitĂ© provient de la transparence.

Cette comprĂ©hension, cette appropriation ne peut se faire que dans l’interaction. Une technologie low-tech va donc, par essence, favoriser la crĂ©ation de communautĂ©s et les Ă©changes humains autour de cette mĂȘme technologie.

Pour contribuer Ă  l’humanitĂ© et aux communautĂ©s, une technologie low-tech se doit d’appartenir Ă  tou·te·s, de faire partie des communs.

J’en arrive donc Ă  cette dĂ©finition, complĂ©mentaire et Ă©quivalente Ă  la premiĂšre :

Une technologie est dite « low-tech » si elle expose sa complexitĂ© de maniĂšre simple, ouverte, transparente et durable tout en appartenant aux communs.

Je suis Ploum et je viens de publier Bikepunk, une fable Ă©colo-cycliste entiĂšrement tapĂ©e sur une machine Ă  Ă©crire mĂ©canique. Pour me soutenir, achetez mes livres (si possible chez votre libraire) !

Recevez directement par mail mes écrits en français et en anglais. Votre adresse ne sera jamais partagée. Vous pouvez également utiliser mon flux RSS francophone ou le flux RSS complet.

May 15, 2025

MySQL provides the MySQL Community Edition, the Open-Source version. In addition, there is the Enterprise Edition for our Commercial customers and MySQL HeatWave, our managed database service (DBaaS) on the cloud (OCI, AWS, etc.). But do you know developers can freely use MySQL Enterprise for non-commercial use? The full range of MySQL Enterprise Edition features [
]

May 14, 2025

Maintaining documentation for Ansible roles can be a tedious and easily neglected task. As roles evolve, variable names change, and new tasks are added, it is easy for the README.md files to fall out of sync. To prevent this and keep documentation continuously up to date, I wrote a GitHub Actions workflow that automatically generates and formats documentation for all Ansible roles in my repository. Even better: it writes its own commit messages using AI.

Let me walk you through why I created this workflow, how it works, and what problems it solves.


đŸ€” Why Automate Role Documentation?

Ansible roles are modular, reusable components. Good roles include well-structured documentation—at the very least, variable descriptions, usage examples, and explanations of defaults.

However, writing documentation manually introduces several problems:

  • Inconsistency: Humans forget things. Updates to a role do not always get mirrored in its documentation.
  • Wasted time: Writing boilerplate documentation by hand is inefficient.
  • Error-prone: Manually copying variable names and descriptions invites typos and outdated content.

Enter ansible-doctor: a tool that analyzes roles and generates structured documentation automatically. Once I had that, it made perfect sense to automate its execution using GitHub Actions.


⚙ How the Workflow Works

Here is the high-level overview of what the workflow does:

  1. Triggers:
    • It can be run manually via workflow_dispatch.
    • It is also designed to be reusable in other workflows via workflow_call.
  2. Concurrency and Permissions:
    • Uses concurrency to ensure that only one documentation run per branch is active at a time.
    • Grants minimal permissions needed to write to the repository and generate OIDC tokens.
  3. Steps:
    • ✅ Check out the code.
    • 🐍 Set up Python and install ansible-doctor.
    • 📄 Generate documentation with ansible-doctor --recursive roles.
    • đŸ§Œ Format the resulting Markdown using Prettier to ensure consistency.
    • đŸ€– Configure Git with a bot identity.
    • 🔍 Detect whether any .md files changed.
    • 🧠 Generate a commit message using AI, powered by OpenRouter.ai and a small open-source model (mistralai/devstral-small:free).
    • đŸ’Ÿ Commit and push the changes if there are any.

🧠 AI-Generated Commit Messages

Why use AI for commit messages?

  • I want my commits to be meaningful, concise, and nicely formatted.
  • The AI model is given a diff of the staged Markdown changes (up to 3000 characters) and asked to:
    • Keep it under 72 characters.
    • Start with an emoji.
    • Summarize the nature of the documentation update.

This is a small but elegant example of how LLMs can reduce repetitive work and make commits cleaner and more expressive.

Fallbacks are in place: if the AI fails to generate a message, the workflow defaults to a generic 📝 Update Ansible role documentation.


🌍 A Universal Pattern for Automated Docs

Although this workflow is focused on Ansible, the underlying pattern is not specific to Ansible at all. You can apply the same approach to any programming language or ecosystem that supports documentation generation based on inline annotations, comments, or code structure.

The general steps are:

  1. Write documentation annotations in your code (e.g. JSDoc, Doxygen, Python docstrings, Rust doc comments, etc.).
  2. Run a documentation generator, such as:
  3. Generate a commit message from the diff using an LLM.
  4. Commit and push the updated documentation.

This automation pattern works best in projects where:

  • Documentation is stored in version control.
  • Changes to documentation should be traceable.
  • Developers want to reduce the overhead of writing and committing docs manually.

🔐 A Note on OpenRouter API Keys

The AI step relies on OpenRouter.ai to provide access to language models. To keep your API key secure, it is passed via secrets.OPENROUTER_API_KEY, which is required when calling this workflow. I recommend generating a dedicated, rate-limited key for GitHub Actions use.


đŸ§Ș Try It Yourself

If you are working with Ansible roles—or any codebase with structured documentation—and want to keep your docs fresh and AI-assisted, this workflow might be useful for you too. Feel free to copy and adapt it for your own projects. You can find the full source in my GitHub repository.

Let the robots do the boring work, so you can focus on writing better code.


💬 Feedback?

If you have ideas to improve this workflow or want to share your own automation tricks, feel free to leave a comment or reach out on Mastodon: @amedee@lou.lt.

Happy automating!

Comment l’universitĂ© tue le livre (et les intellectuels)

Il faut sauver la bibliothĂšque de Louvain-la-Neuve

MenacĂ©e d’expulsion par l’universitĂ©, la bibliothĂšque publique de Louvain-la-Neuve risque de disparaĂźtre. Il est urgent de signer la pĂ©tition pour tenter de la sauver.

Mais ce n’est pas un Ă©vĂ©nement isolĂ©, ce n’est pas un accident. Il ne s’agit que d’une escarmouche dans la longue guerre que la ville, l’universitĂ© et la sociĂ©tĂ© de consommation mĂšnent contre les livres et, Ă  travers eux, contre l’intellectualisme.

Le livre, outil indispensable de l’intellectuel

L’une des tĂąches que je demande chaque annĂ©e Ă  mes Ă©tudiants avant l’examen est de lire un livre. Si possible de fiction ou un essai, mais un livre non technique.

Au choix.

Bien sĂ»r, je donne des idĂ©es en rapport avec mon cours. Notamment « Little Brother » de Cory Doctorow qui est facile Ă  lire, prenant, et tout Ă  fait dans le sujet. Mais les Ă©tudiants sont libres.

Chaque annĂ©e, plusieurs Ă©tudiants me glissent lors de l’examen qu’ils n’avaient plus lu un livre depuis l’école secondaire, mais que, en fait, c’était vraiment chouette et que ça fait vraiment rĂ©flĂ©chir. Que sans moi, ils auraient fait toutes leurs Ă©tudes d’ingĂ©nieur sans lire un seul livre autre que des manuels.

Les livres, qui forcent une lecture sur un temps long, qui forcent une immersion, sont l’outil indispensable de l’intellectuel et de l’humaniste. Il est impossible de rĂ©flĂ©chir sans livre. Il est impossible de prendre du recul, de faire de nouveaux liens et d’innover sans ĂȘtre baignĂ© dans la diversitĂ© d’époques, de lieux et d’expĂ©riences humaines que sont les livres. On peut surnager pendant des annĂ©es dans un domaine voire devenir compĂ©tent sans lire. Mais la comprĂ©hension profonde, l’expertise nĂ©cessite des livres.

Ceux qui ne lisent pas de livres sont condamnĂ©s Ă  se satisfaire de superficialitĂ©, Ă  se laisser manipuler, Ă  obĂ©ir aveuglĂ©ment. Et c’est peut-ĂȘtre ça l’objectif.

J’estime que l’universitĂ© ne doit pas former de bons petits consultants obĂ©issants et employables, mais des intellectuels humanistes. La mission premiĂšre de l’universitĂ© passe par la diffusion, la promotion, l’appropriation de la culture intellectuelle du livre.

Entre l’humanisme et le profit immobilier, l’universitĂ© a choisi

Mais, Ă  Louvain-la-Neuve, l’universitĂ© semble se transformer en simple agence immobiliĂšre. La ville qui, en 50 ans, s’est créée autour de l’universitĂ© est en train de se transformer pour n’offrir graduellement plus que deux choses : de la bouffe et des fringues.

En 2021, le bouquiniste de la place des Wallons, prĂ©sent depuis 40 ans grĂące Ă  un bail historique, a vu son propriĂ©taire, l’universitĂ©, lui infliger une augmentation de loyer vertigineuse. Je l’ai vu, les yeux pleins de larmes, mettant en caisse les milliers de bandes dessinĂ©es de son stock afin de laisser la place à
 un vendeur de gauffres !

Ce fut ensuite le tour du second bouquiniste de la ville, une minuscule Ă©choppe aux murs noircis de livres de philosophie oĂč nous nous retrouvions rĂ©guliĂšrement entre habituĂ©s pour nous disputer quelques piĂšces rares. Le couple qui tenait la bouquinerie m’a confiĂ© que, devant le prix du loyer, Ă©galement versĂ© Ă  l’universitĂ©, il Ă©tait plus rentable pour eux de devenir bouquinistes itinĂ©rants. « Ça ne va pas vous plaire ! » m’a confiĂ© la gĂ©rante lorsque j’ai demandĂ© qui reprendrait son espace. Quelques semaines plus tard, en effet, surgissait une vitrine vendant des sacs Ă  mains !

Quant Ă  la librairie principale de la ville, l’historique librairie Agora, elle fut rachetĂ©e par le groupe Furet du Nord dont la section belge a fait faillite. Il faut dire que la librairie occupait un Ă©norme espace appartenant en partie au promoteur immobilier KlĂ©pierre et Ă  l’universitĂ©. D’aprĂšs mes sources, le loyer mensuel s’élevait à
 35.000€ !

De cette faillite, j’ai rĂ©cupĂ©rĂ© plusieurs meubles bibliothĂšques qui Ă©taient Ă  donner. L’ouvrier qui Ă©tait en train de nettoyer le magasin me souffla, avec un air goguenard, que les Ă©tudiants allaient ĂȘtre contents du changement ! Il n’avait pas le droit de me dire ce qui remplacerait la librairie, mais, promis, ils allaient ĂȘtre contents.

En effet, il s’agissait d’un projet de
 Luna Park ! (qui, bien que terminĂ©, n’a pas obtenu l’autorisation d’ouvrir ses portes suite aux craintes des riverains concernant le tapage qu’un tel lieu engendre)

Mais l’universitĂ© ne comptait pas en rester lĂ . DĂ©sireuse de rĂ©cupĂ©rer des locaux pourtant sans aucun potentiel commercial, elle a Ă©galement mis dehors le centre de livres d’occasion Cerfaux Lefort. Une pĂ©tition pour tenter de le sauver a rĂ©coltĂ© 3000 signatures. Sans succĂšs.

Puisque ça fonctionne, enfonçons le clou !

Pendant quelques mois, Louvain-la-Neuve, ville universitaire et intellectuelle, s’est retrouvĂ©e sans librairie ! Consciente que ça faisait dĂ©sordre, l’universitĂ© a offert des conditions correctes Ă  une Ă©quipe motivĂ©e pour crĂ©er la librairie « La Page d’AprĂšs » dans une petite surface. La libraire est petite et, par consĂ©quent, doit faire des choix (la littĂ©rature de genre, mon domaine de prĂ©dilection, occupe moins d’une demi-table).

Je me suis Ă©videmment enthousiasmĂ© pour le projet de la Page d’AprĂšs, dont je suis immĂ©diatement devenu un fidĂšle. Je n’avais pas imaginĂ© l’esprit retors du promoteur immobilier qu’est devenue l’université : le soutien Ă  la Page d’AprĂšs (qui n’est que trĂšs relatif, la surface n’est pas offerte non plus) est devenu l’excuse Ă  la moindre critique !

Car c’est aujourd’hui la bibliothĂšque publique de Louvain-la-Neuve elle-mĂȘme qui est menacĂ©e Ă  trĂšs court terme. La partie ludothĂšque et livres jeunesse est d’ores et dĂ©jĂ  condamnĂ©e pour laisser la place Ă  une extension du restaurant universitaire. Le reste de la bibliothĂšque est sur la sellette. L’universitĂ© estime en effet qu’elle pourrait tirer 100.000€ par an de loyer et qu’elle n’a aucune raison d’offrir 100.000€ Ă  une institution qui ne pourrait Ă©videmment pas payer une telle somme. PrĂ©cisons plutĂŽt que l’universitĂ© ne voit plus d’intĂ©rĂȘt Ă  cette bibliothĂšque qu’elle a pourtant dĂ©sirĂ©e ardemment et qu’elle n’a obtenue que grĂące Ă  une convention signĂ©e en 1988, Ă  l’époque oĂč Louvain-la-Neuve n’était encore qu’un jeune assemblage d’auditoires et de logements Ă©tudiants.

À la remarque « Pouvez-vous imaginer une ville universitaire sans bibliothĂšque ? » posĂ©e par de multiples citoyens, la rĂ©ponse de certains dĂ©cideurs est sans ambiguĂŻté : « Nous avons la Page d’AprĂšs ». Comme si c’était pareil. Comme si c’était suffisant. Mais, comme le glissent parfois Ă  demi-mot certains politiques qui n’ont pas peur d’étaler leur dĂ©ficience intellectuelle : « Le livre, c’est mort, l’avenir c’est l’IA. Et puis, si nĂ©cessaire, il y a Amazon ».

L’universitĂ© propose Ă  la bibliothĂšque de garder une fraction de l’espace actuel Ă  la condition que les travaux d’amĂ©nagement soient pris en charge
 par la bibliothĂšque publique elle-mĂȘme (le rĂ©sultat restant propriĂ©tĂ© de l’universitĂ©). De bibliothĂšque, la section de Louvain-la-Neuve se transformerait en "antenne" avec un stock trĂšs faible et oĂč l’on pourrait se procurer les livres commandĂ©s.

Mais c’est complĂštement se mĂ©prendre sur le rĂŽle d’une bibliothĂšque. Un lieu oĂč l’on peut flĂąner et faire des dĂ©couvertes littĂ©raires improbables, dĂ©couvertes d’ailleurs encouragĂ©es par les initiatives du personnel (mise en Ă©vidence de titres mĂ©connus, tirage alĂ©atoire d’une suggestion de lecture 
). Dans la bibliothĂšque de Louvain-la-Neuve, j’ai croisĂ© des bĂ©nĂ©voles aidant des immigrĂ©s adultes Ă  se choisir des livres pour enfant afin d’apprendre le français. J’ai vu mon fils se mettre Ă  lire spontanĂ©ment les journaux quotidiens offerts Ă  la lecture.

Une bibliothùque n’est pas un point d’enlùvement ou un commerce, une bibliothùque est un lieu de vie !

La bibliothĂšque doit subsister. Il faut la sauver. (et signer la pĂ©tition si ce n’est pas encore fait)

La disparition progressive de tout un secteur

Loin de se faire de la concurrence, les diffĂ©rents acteurs du livre se renforcent, s’entraident. Les meilleurs clients de l’un sont souvent les meilleurs clients de l’autre. Un achat d’un cĂŽtĂ© entraine, par ricochet, un achat de l’autre. La bibliothĂšque publique de Louvain-la-Neuve est le plus gros client du fournisseur de BD Slumberland (ou le second aprĂšs moi, me siffle mon portefeuille). L’universitĂ© pourrait faire le choix de participer Ă  cet Ă©cosystĂšme.

Slumberland, lieu mythique vers lequel se tournent mes cinq priĂšres quotidiennes, occupe un espace KlĂ©pierre. Car, Ă  Louvain-la-Neuve, tout appartient soit Ă  l’universitĂ©, soit au groupe KlĂ©pierre, propriĂ©taire du centre commercial. Le bail de Slumberland arrivant Ă  expiration, ils viennent de se voir notifier une augmentation soudaine de plus de 30% !

15.000€ par mois. En Ă©tant ouvert 60h par semaine (ce qui est Ă©norme pour un magasin), cela signifie plus d’un euro par minute d’ouverture. Rien que pour payer son loyer, Slumberland doit vendre une bande dessinĂ©e toutes les 5 minutes ! À ce tarif-lĂ , mes (nombreux et rĂ©currents) achats ne remboursent mĂȘme pas le temps que je passe Ă  flĂąner dans le magasin !

Ces loyers m’interpellent : comment un magasin de loques criardes produites par des enfants dans des caves en Asie peut-il gagner de quoi payer de telles sommes lĂ  oĂč les meilleurs fournisseurs de livres peinent Ă  joindre les deux bouts ? Comment se fait-il que l’épicerie de mon quartier, prĂ©sente depuis 22 ans, favorisant les produits bio et locaux, remplie tous les jours Ă  ras bord de clients, doive brusquement mettre la clĂ© sous le paillasson ? Comme aux États-Unis, oĂč on ne dit pas « boire un café », mais « prendre un Starbucks », il ne nous restera bientĂŽt que les grandes chaĂźnes.

Face Ă  l’hĂ©gĂ©monie de ces monopoles, je croyais que l’universitĂ© Ă©tait un soutien. Mais force est de constater que le modĂšle est plutĂŽt celui de Monaco : le seul pays du monde qui ne dispose pas d’une seule librairie !

Quelle sociĂ©tĂ© les universitaires sont-ils en train de construire ?

Je vous rassure, Slumberland survivra encore un peu Ă  Louvain-la-Neuve. Le magasin a trouvĂ© une surface moins chĂšre (car moins bien exposĂ©e) et va dĂ©mĂ©nager. Son nouveau propriĂ©taire ? L’universitĂ© bien sĂ»r ! Derniers bastions livresques de la ville qui fĂ»t, un jour, une utopie intellectuelle et humaniste, Slumberland et La Page d’AprĂšs auront le droit de subsister jusqu’au jour oĂč les gestionnaires immobiliers qui se prĂ©tendent intellectuels dĂ©cideront que ce serait plus rentable de vendre un peu plus de gaufres, un peu plus de sacs Ă  main ou d’abrutir un peu plus les Ă©tudiants avec un Luna Park.

L’universitĂ© est devenue un business. Le verdict commercial est sans appel : la production de dĂ©biles formatĂ©s Ă  la consommation instagrammable rapporte plus que la formation d’intellectuels.

Mais ce n’est pas une fatalitĂ©.

L’avenir est ce que nous dĂ©ciderons d’en faire. L’universitĂ© n’est pas forcĂ©e de devenir un simple gestionnaire immobilier. Nous sommes l’universitĂ©, nous pouvons la transformer.

J’invite tous les membres du personnel de l’universitĂ©, les professeur·e·s, les Ă©tudiant·e·s, les lecteurices, les intellectuel·le·s et les humanistes Ă  agir, Ă  parler autour d’eux, Ă  dĂ©fendre les livres en les diffusant, en les prĂȘtant, en encourageant leur lecture, en les conseillant, en diffusant leurs opinions, en ouvrant les dĂ©bats sur la place des intellectuels dans la ville.

Pour prĂ©server le savoir et la culture, pour sauvegarder l’humanisme et l’intelligence de l’absurde marchandisation Ă  court terme, nous avons le devoir de communiquer, de partager sans restriction, de faire entendre notre voix de toutes les maniĂšres imaginables.

Je suis Ploum et je viens de publier Bikepunk, une fable Ă©colo-cycliste entiĂšrement tapĂ©e sur une machine Ă  Ă©crire mĂ©canique. Pour me soutenir, achetez mes livres (si possible chez votre libraire) !

Recevez directement par mail mes écrits en français et en anglais. Votre adresse ne sera jamais partagée. Vous pouvez également utiliser mon flux RSS francophone ou le flux RSS complet.

May 12, 2025

Pour une poignée de bits


Toute l’infrastructure gigantesque d’Internet, tous ces milliers de cĂąbles sous-marins, ces milliards de serveurs clignotants ne servent aux humains qu’à Ă©changer des sĂ©ries de bits.

Nos tĂ©lĂ©phones produisent des bits qui sont envoyĂ©s, dupliquĂ©s, stockĂ©s et, parfois, arrivent sur d’autres tĂ©lĂ©phones. Souvent, ces bits ne sont utiles que pour quelques secondes Ă  peine. Parfois, ils ne le sont pas du tout.

Nous produisons trop de bits pour ĂȘtre capables de les consommer ou pour tout simplement en avoir envie.

Or, toute la promesse de l’IA, c’est d’automatiser cette gĂ©nĂ©ration de bits en faisant deux choses : enregistrer les sĂ©quences de bits existantes pour les analyser puis reproduire des sĂ©quences de bits nouvelles, mais « ressemblantes ».

L’IA, les LLMs, ce ne sont que ça : des gĂ©nĂ©rateurs de bits.

Comme me le souffle trĂšs justement StĂ©phane "Alias" Gallay : la course Ă  l’IA, ce n’est finalement qu’un concours de bits.

Enregistrer les séquences de bits

Tous les producteurs d’IA doivent donc d’abord enregistrer autant de sĂ©quences de bits existantes que possible. Pour cette raison, le Web est en train de subir une attaque massive. Ces fournisseurs de crĂ©ateurs de bits pompent agressivement toutes les donnĂ©es qui passent Ă  leur portĂ©e. En continu. Ce qui met Ă  mal toute l’infrastructure du web.

Mais comment arrivent-ils Ă  faire cela ? Et bien une partie de la solution serait que ce soit votre tĂ©lĂ©phone qui le fasse. La sociĂ©tĂ© Infatica, met en effet Ă  disposition des dĂ©veloppeurs d’app Android et iPhone des morceaux de code Ă  intĂ©grer dans leurs apps contre paiement.

Ce que fait ce code ? Tout simplement, Ă  chaque fois que vous utilisez l’app, il donne l’accĂšs Ă  votre bande passante Ă  des clients. Clients qui peuvent donc faire les requĂȘtes de leur choix comme pomper autant de sites que possible. Cela, sans que l’utilisateur du tĂ©lĂ©phone en soi informĂ© le moins du monde.

Cela rend l’attaque impossible Ă  bloquer efficacement, car les requĂȘtes proviennent de n’importe oĂč, n’importe quand.

Tout comme le spam, l’activitĂ© d’un virus informatique se fait dĂ©sormais Ă  visage dĂ©couvert, avec de vraies sociĂ©tĂ©s qui vendent leurs « services ». Et les geeks sont trop naĂŻfs : ils cherchent des logiciels malveillants qui exploitent des failles de sĂ©curitĂ© compliquĂ©es alors que tout se fait de maniĂšre transparente, Ă  ciel ouvert, mais avec ce qu’on appelle la "plausible deniability" grĂące Ă  des couches de services commerciaux. Il y a mĂȘme des sites avec des reviews et des Ă©toiles pour choisir son meilleur rĂ©seau de botnets pseudolĂ©gal.

Le dĂ©veloppeur de l’app Android dira que « il ne savait pas que son app serait utilisĂ©e pour faire des choses nĂ©fastes ». Les fournisseurs de ce code et revendeurs diront « on voulait surtout aider la recherche scientifique et le dĂ©veloppeur est censĂ© prĂ©venir l’utilisateur ». Le client final, qui lance ces attaques pour entrainer ses gĂ©nĂ©rateurs de bits dira « je n’ai fait qu’utiliser un service commercial ».

En fait, c’est mĂȘme pire que cela : comme je l’ai dĂ©montrĂ© lorsque j’ai dĂ©tectĂ© la prĂ©sence d’un tracker Facebook dans l’application officielle de l’institut royal de mĂ©tĂ©orologie belge, il est probable que le maĂźtre d’Ɠuvre de l’application n’en sache lui-mĂȘme rien, car il aura utilisĂ© un sous-traitant pour dĂ©velopper l’app. Et le sous-traitant aura lui-mĂȘme créé l’app en question sur base d’un modĂšle existant (un template).

GrĂące Ă  ces myriades de couches, personne ne sait rien. Personne n’est responsable de rien. Et le web est en train de s’effondrer. AllĂ©gorie virtuelle du reste de la sociĂ©tĂ©.

Générer des séquences de bits

Une fois qu’on a enregistrĂ© assez de sĂ©quences de bits, on va tenter d’y trouver une logique pour gĂ©nĂ©rer des sĂ©quences nouvelles, mais « ressemblantes ». Techniquement, ce qui est trĂšs impressionnant avec les ChatGPT et consorts, c’est l’échelle Ă  laquelle est fait ce que les chercheurs en informatique font depuis vingt ans.

Mais si ça doit ĂȘtre « ressemblant », ça ne peut pas l’ĂȘtre trop ! En effet, cela fait des dĂ©cennies que l’on nous rabĂąche les oreilles avec le "plagiat", avec le "vol de propriĂ©tĂ© intellectuelle". Houlala, "pirater", c’est mal.

Eh bien non, allez-y ! Piratez mes livres ! D’ailleurs, ils sont faits pour, ils sont sous licence libre. Parce que j’ai envie d’ĂȘtre lu. C’est pour ça que j’écris. Je ne connais aucun artiste qui a augmentĂ© la taille de son public en "protĂ©geant sa propriĂ©tĂ© intellectuelle".

Have you ever considered piracy? Have you ever considered piracy?

Parait que c’est mal de pirater.

Sauf quand ce sont les IA qui le font. Ce que montre trĂšs bien Otakar G. Hubschmann dans une expĂ©rience Ă©difiante. Il demande Ă  ChatGPT de gĂ©nĂ©rer des images de « superhĂ©ros qui utilise des toiles d’araignĂ©es pour se dĂ©placer », d’un « jeune sorcier qui va Ă  l’école avec ses amis » ou un « plombier italien avec une casquette rouge ».

Et l’IA refuse. Parce que ce serait enfreindre un copyright. DĂ©solĂ© donc Ă  tous les plombiers italiens qui voudraient mettre une casquette rouge : vous ĂȘtes la propriĂ©tĂ© intellectuelle de Nintendo.

Mais lĂ  oĂč c’est encore plus hallucinant, c’est lorsqu’il s’éloigne des toutes grandes franchises actuelles. S’il demande « photo d’une femme combattant un alien », il obtient
 une image de Sigourney Weaver. Une image d’un aventurier archĂ©ologue qui porte un chapeau et utilise un fouet ? Il obtient une photo d’Harrisson Ford.

Comme je vous disais : une simple sĂ©rie de bits ressemblant Ă  une autre.

Ce qui nous apprend Ă  quel point les IA n’ont aucune, mais alors lĂ  aucune originalitĂ©. Mais, surtout, que le copyright est vĂ©ritablement un outil de censure qui ne sert que les trĂšs trĂšs grands. GrĂące aux IA, il est dĂ©sormais impossible d’illustrer voire d’imaginer un enfant sorcier allant Ă  l’école parce que c’est du plagiat d’Harry Potter (lui-mĂȘme Ă©tant, selon moi, un plagiat d’un roman d’Anthony Horowitz, mais passons
).

Comme le dit IrĂ©nĂ©e RĂ©gnauld, il s’agit de pousser un usage normatif des technologies Ă  un point trĂšs effrayant.

Mais pour protĂ©ger ces franchises et ce copyright, les mĂȘmes IA n’hĂ©sitent pas Ă  se servir dans les bases de donnĂ©es pirates et Ă  foutre en l’air tous les petits services d’hĂ©bergement.

Les humains derriĂšre les bits

Mais le pire c’est que c’est tellement Ă  la mode de dire qu’on a gĂ©nĂ©rĂ© ses bits automatiquement que, souvent, on le fait faire par des humains camouflĂ©s en gĂ©nĂ©rateurs automatiques. Comme cette app de shopping "AI" qui n’était, en rĂ©alitĂ©, que des travailleurs philippins sous-payĂ©s.

Les luddites l’avaient compris, Charlie Chaplin l’avait illustrĂ© dans « Les temps modernes », Arnold Schwarzeneger a essayĂ© de nous avertir : nous servons les machines que nous croyons avoir conçu pour nous servir. Nous sommes esclaves de gĂ©nĂ©rateurs de bits.

Pour l’amour des bits !

Dans le point presse de ma ville, j’ai dĂ©couvert qu’il n’y avait qu’un magazine en prĂ©sentoir consacrĂ© Ă  Linux, mais pas moins de 5 magazines consacrĂ©s entiĂšrement aux gĂ©nĂ©rateurs de bits. Avec des couvertures du genre « Mieux utiliser ChatGPT ». Comme si on pouvait l’utiliser « mieux ». Et comme si le contenu de ces magazines n’était lui-mĂȘme pas gĂ©nĂ©rĂ©.

C’est tellement fatigant que j’ai pris la rĂ©solution de ne plus lire les articles parlant de ces gĂ©nĂ©rateurs de bits, mĂȘme s’ils ont l’air intĂ©ressants. Je vais essayer de lire moins sur le sujet, d’en parler moins. AprĂšs tout, je pense que j’ai dit tout ce que j’avais Ă  dire dans ces deux billets :

Vous ĂȘtes dĂ©jĂ  assez assaillis par les gĂ©nĂ©rateurs de bits et par les bits qui parlent des gĂ©nĂ©rateurs de bits. Je vais tenter de ne pas trop en rajouter et revenir Ă  mon mĂ©tier d’artisan. Chaque sĂ©rie de bits que je vous offre est entiĂšrement façonnĂ©e Ă  la main, d’un humain vers un autre. C’est plus cher, plus rare, plus long Ă  lire, mais, je l’espĂšre, autrement plus qualitatif.

Vous sentez l’amour de l’art et la passion derriĂšre ces bits dont chacun Ă  une signification profonde et une utilitĂ© rĂ©elle ? C’est pour les transmettre, les partager que je cherche Ă  prĂ©server notre infrastructure et nos cerveaux.

Bonnes lectures et bons Ă©changes entre humains !

Je suis Ploum et je viens de publier Bikepunk, une fable Ă©colo-cycliste entiĂšrement tapĂ©e sur une machine Ă  Ă©crire mĂ©canique. Pour me soutenir, achetez mes livres (si possible chez votre libraire) !

Recevez directement par mail mes écrits en français et en anglais. Votre adresse ne sera jamais partagée. Vous pouvez également utiliser mon flux RSS francophone ou le flux RSS complet.

May 11, 2025

Plushtodon

I decided to leave twitter.
 
Yes, this has something to do with the change of ownership, the name change to x, 

 
There is only 1 X to me, and that’s X.org

Twitter has become a platform that doesn’t value #freedomofspeech anymore.

My account even got flagged as possible spam to “factchecking” #fakenews

The mean reason is that there is a better alternative in the form of the Fediverse #Fediverse is the protocol that Mastodon uses.

It allows for a truly decentralised social media platform.

It allows organizations to set up their own Mastodon instance and take ownership and accountability for their content and accounts.

Mastodon is a nice platform; you probably feel at home there.

People who follow me on twitter can continue to follow me at Mastodon if they want.

https://mastodon.social/@stafwag

I’ll post this message a couple of times to twitter before I close my twitter account, so people can decide if they want to follow me on Mastodon 
or not ;-).

Have fun!

May 09, 2025

Before the MySQL & HeatWave Summit, we released MySQL 9.3, the latest Innovation Release. The event was terrific, and I had the chance to meet some of the MySQL contributors. As usual, we released bug fixes for 8.0 and 8.4 LTS, but I focus on the newest release in this post.We included patches and code [
]

May 07, 2025

After my last blog post about the gloriously pointless /dev/scream, a few people asked:

“Wasn’t /dev/null good enough?”

Fair question—but it misses a key point.

Let me explain: /dev/null and /dev/zero are not interchangeable. In fact, they are opposites in many ways. And to fully appreciate the joke behind /dev/scream, you need to understand where that scream is coming from—not where it ends up.


🌌 Black Holes and White Holes

To understand the difference, let us borrow a metaphor from cosmology.

  • /dev/null is like a black hole: it swallows everything. You can write data to it, but nothing ever comes out. Not even light. Not even your logs.
  • /dev/zero is like a white hole: it constantly emits data. In this case, an infinite stream of zero bytes (0x00). It produces, but does not accept.

So when I run:

dd if=/dev/zero of=/dev/null

I am pulling data out of the white hole, and sending it straight into the black hole. A perfectly balanced operation of cosmic futility.


📩 What Are All These /dev/* Devices?

Let us break down the core players:

DeviceCan You Write To It?Can You Read From It?What You ReadCommonly Used ForNickname / Metaphor
/dev/nullYesYesInstantly empty (EOF)Discard console output of a programBlack hole 🌑
/dev/zeroYesYesEndless zeroes (0x00)Wiping drives, filling files, or allocating memory with known contentsWhite hole 🌕
/dev/randomNoYesRandom bytes from entropy poolSecure wiping drives, generating random dataQuantum noise đŸŽČ
/dev/urandomNoYesPseudo-random bytes (faster, less secure)Generating random dataPseudo-random fountain 🔀
/dev/oneYesYesEndless 0xFF bytesWiping drives, filling files, or allocating memory with known contentsThe dark mirror of /dev/zero ☠
/dev/screamYesYesaHAAhhaHHAAHaAaAAAA…CatharsisEmotional white hole đŸ˜±

Note: /dev/one is not a standard part of Linux—it comes from a community kernel module, much like /dev/scream.


🗣 Back to the Screaming

/dev/scream is a parody of /dev/zero—not /dev/null.

The point of /dev/scream was not to discard data. That is what /dev/null is for.

The point was to generate data, like /dev/zero or /dev/random, but instead of silent zeroes or cryptographic entropy, it gives you something more cathartic: an endless, chaotic scream.

aHAAhhaHHAAHaAaAAAAhhHhhAAaAAAhAaaAAAaHHAHhAaaaaAaHahAaAHaAAHaaHhAHhHaHaAaHAAHaAhhaHaAaAA

So when I wrote:

dd if=/dev/scream of=/dev/null

I was screaming into the void. The scream came from the custom device, and /dev/null politely absorbed it without complaint. Not a single bit screamed back. Like pulling screams out of a white hole and throwing them into a black hole. The ultimate cosmic catharsis.


đŸ§Ș Try Them Yourself

Want to experience the universe of /dev for yourself? Try these commands (press Ctrl+C to stop each):

# Silent, empty. Nothing comes out.
cat /dev/null

# Zero bytes forever. Very chill.
hexdump -C /dev/zero

# Random bytes from real entropy (may block).
hexdump -C /dev/random

# Random bytes, fast but less secure.
hexdump -C /dev/urandom

# If you have the /dev/one module:
hexdump -C /dev/one

# If you installed /dev/scream:
cat /dev/scream

💡 TL;DR

  • /dev/null = Black hole: absorbs, never emits.
  • /dev/zero = White hole: emits zeroes, absorbs nothing.
  • /dev/random / /dev/urandom = Entropy sources: useful for cryptography.
  • /dev/one = Evil twin of /dev/zero: gives endless 0xFF bytes.
  • /dev/scream = Chaotic white hole: emits pure emotional entropy.

So no, /dev/null was not “good enough”—it was not the right tool. The original post was not about where the data goes (of=/dev/null), but where it comes from (if=/dev/scream), just like /dev/zero. And when it comes from /dev/scream, you are tapping into something truly primal.

Because sometimes, in Linux as in life, you just need to scream into the void.

May 04, 2025

Unbound

Unbound is a popular DNS resolver, that has native DNS-over-TLS support.
 

Unbound and Stubby were among the first resolvers to implement DNS-over-TLS.

I wrote a few blog posts on how to use Stubby on GNU/Linux and FreeBSD.

The implementation status of DNS-over-TLS and other DNS privacy options is available at: https://dnsprivacy.org/.

See https://dnsprivacy.org/implementation_status/ for more details.

It’s less known that it can also be used as authoritative DNS server (aka a real DNS server). Since I discovered this feature and Unbound got native DNS-over-TLS support I started to it as my DNS server.

I created a docker container for it a couple of years back to use it as an authoritative DNS server.

I recently updated the container, the latest version (2.1.0) is available at: https://github.com/stafwag/docker-stafwag-unbound

ChangeLog

Version 2.1.0

Upgrade to debian:bookworm

  • Updated BASE_IMAGE to debian:bookworm
  • Add ARG DEBIAN_FRONTEND=noninteractive
  • Run unbound-control-setup to generate the default certificate
  • Documentation updated


 

docker-stafwag-unbound

Dockerfile to run unbound inside a docker container. The unbound daemon will run as the unbound user. The uid/gid is mapped to 5000153.

Installation

clone the git repo

$ git clone https://github.com/stafwag/docker-stafwag-unbound.git
$ cd docker-stafwag-unbound

Configuration

Port

The default DNS port is set to 5353 this port is mapped with the docker command to the default port 53 (see below). If you want to use another port, you can edit etc/unbound/unbound.conf.d/interface.conf.

scripts/create_zone_config.sh helper script

The create_zone_config.sh helper script, can help you to create the zones.conf configuration file. It’s executed during the container build and creates the zones.conf from the datafiles in etc/unbound/zones.

If you want to use a docker volume or configmaps/persistent volumes on Kubernetes. You can use this script to generate the zones.conf a zones data directory.

create_zone_config.sh has following arguments:

  • -f Default: /etc/unbound/unbound.conf.d/zones.conf The zones.conf file to create
  • -d Default: /etc/unbound/zones/ The zones data source files
  • -p Default: the realpath of zone files
  • -s Skip chown/chmod

Use unbound as an authoritative DNS server

To use unbound as an authoritative authoritive DNS server - a DNS server that hosts DNS zones - add your zones file etc/unbound/zones/.

During the creation of the image scripts/create_zone_config.sh is executed to create the zones configuration file.

Alternatively, you can also use a docker volume to mount /etc/unbound/zones/ to your zone files. And a volume mount for the zones.conf configuration file.

You can use subdirectories. The zone file needs to have $ORIGIN set to our zone origin.

Use DNS-over-TLS

The default configuration uses quad9 to forward the DNS queries over TLS. If you want to use another vendor or you want to use the root DNS servers director you can remove this file.

Build the image

$ docker build -t stafwag/unbound . 

To use a different BASE_IMAGE, you can use the –build-arg BASE_IMAGE=your_base_image.

$ docker build --build-arg BASE_IMAGE=stafwag/debian:bookworm -t stafwag/unbound .

Run

Recursive DNS server with DNS-over-TLS

Run

$ docker run -d --rm --name myunbound -p 127.0.0.1:53:5353 -p 127.0.0.1:53:5353/udp stafwag/unbound

Test

$ dig @127.0.0.1 www.wagemakers.be

Authoritative dns server.

If you want to use unbound as an authoritative dns server you can use the steps below.

Create a directory with your zone files:

[staf@vicky ~]$ mkdir -p ~/docker/volumes/unbound/zones/stafnet
[staf@vicky ~]$ 
[staf@vicky stafnet]$ cd ~/docker/volumes/unbound/zones/stafnet
[staf@vicky ~]$ 

Create the zone files

Zone files

stafnet.zone:

$TTL  86400 ; 24 hours
$ORIGIN stafnet.local.
@  1D  IN  SOA @  root (
            20200322001 ; serial
            3H ; refresh
            15 ; retry
            1w ; expire
            3h ; minimum
           )
@  1D  IN  NS @ 

stafmail IN A 10.10.10.10

stafnet-rev.zone:

$TTL    86400 ;
$ORIGIN 10.10.10.IN-ADDR.ARPA.
@       IN      SOA     stafnet.local. root.localhost.  (
                        20200322001; Serial
                        3h      ; Refresh
                        15      ; Retry
                        1w      ; Expire
                        3h )    ; Minimum
        IN      NS      localhost.
10      IN      PTR     stafmail.

Make sure that the volume directoy and zone files have the correct permissions.

$ sudo chmod 750 ~/docker/volumes/unbound/zones/stafnet/
$ sudo chmod 640 ~/docker/volumes/unbound/zones/stafnet/*
$ sudo chown -R root:5000153 ~/docker/volumes/unbound/

Create the zones.conf configuration file.

[staf@vicky stafnet]$ cd ~/github/stafwag/docker-stafwag-unbound/
[staf@vicky docker-stafwag-unbound]$ 

The script will execute a chown and chmod on the generated zones.conf file and is excute with sudo for this reason.

[staf@vicky docker-stafwag-unbound]$ sudo scripts/create_zone_config.sh -f ~/docker/volumes/unbound/zones.conf -d ~/docker/volumes/unbound/zones/stafnet -p /etc/unbound/zones
Processing: /home/staf/docker/volumes/unbound/zones/stafnet/stafnet.zone
origin=stafnet.local
Processing: /home/staf/docker/volumes/unbound/zones/stafnet/stafnet-rev.zone
origin=1.168.192.IN-ADDR.ARPA
[staf@vicky docker-stafwag-unbound]$ 

Verify the generated zones.conf

[staf@vicky docker-stafwag-unbound]$ sudo cat ~/docker/volumes/unbound/zones.conf
auth-zone:
  name: stafnet.local
  zonefile: /etc/unbound/zones/stafnet.zone

auth-zone:
  name: 1.168.192.IN-ADDR.ARPA
  zonefile: /etc/unbound/zones/stafnet-rev.zone

[staf@vicky docker-stafwag-unbound]$ 

run the container

$ docker run --rm --name myunbound -v ~/docker/volumes/unbound/zones/stafnet:/etc//unbound/zones/ -v ~/docker/volumes/unbound/zones.conf:/etc/unbound/unbound.conf.d/zones.conf -p 127.0.0.1:53:5353 -p 127.0.0.1:53:5353/udp stafwag/unbound

Test

[staf@vicky ~]$ dig @127.0.0.1 soa stafnet.local

; <<>> DiG 9.16.1 <<>> @127.0.0.1 soa stafnet.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37184
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stafnet.local.     IN  SOA

;; ANSWER SECTION:
stafnet.local.    86400 IN  SOA stafnet.local. root.stafnet.local. 3020452817 10800 15 604800 10800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 22 19:41:09 CET 2020
;; MSG SIZE  rcvd: 83

[staf@vicky ~]$ 

Test reverse lookup.

[staf@vicky ~]$ dig -x 10.10.10.10 @127.0.0.1

; <<>> DiG 9.16.21 <<>> -x 10.10.10.10 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36250
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;10.10.10.10.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
10.10.10.10.in-addr.arpa. 86400	IN	PTR	stafmail.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 19 19:51:47 CEST 2021
;; MSG SIZE  rcvd: 75

[staf@vicky ~]$ 

Have fun!

April 30, 2025

If you are part of the Fediverse—on Mastodon, Pleroma, or any other ActivityPub-compatible platform—you can now follow this blog directly from your favorite platform.

Thanks to the excellent ActivityPub plugin for WordPress, each blog post I publish on amedee.be is now automatically shared in a way that federated social platforms can understand and display.

Follow me from Mastodon

If you are on Mastodon, you can follow this blog just like you would follow another person:

Search for: @amedee.be@amedee.be

Or click this link if your Mastodon instance supports it:
https://amedee.be/@amedee.be

New blog posts will appear in your timeline, and you can even reply to them from Mastodon. Your comments will appear as replies on the blog post page—Fediverse and WordPress users interacting seamlessly!

Why I enabled ActivityPub

I have been active on Mastodon for a while as @amedee@lou.lt, and I really enjoy the decentralized, open nature of the Fediverse. It is a refreshing change from the algorithm-driven social media platforms.

Adding ActivityPub support to my blog aligns perfectly with those values: open standards, decentralization, and full control over my own content.

This change was as simple as adding the activitypub plugin to my blog’s Ansible configuration on GitHub:

 blog_wp_plugins_install:
+  - activitypub
   - akismet
   - google-site-kit
   - health-check

Once deployed, GitHub Actions and Ansible took care of the rest.

What this means for you

If you already follow me on Mastodon (@amedee@lou.lt), nothing changes—you will still see the occasional personal post, boost, or comment.

But if you are more interested in my blog content—technical articles, tutorials, and occasional personal reflections—you might prefer following @amedee.be@amedee.be. It is an automated account that only shares blog posts.

This setup lets me keep content separate and organized, while still engaging with the broader Fediverse community.

Want to do the same for your blog?

Setting this up is easy:

  1. Make sure you are running WordPress version 6.4 or later.
  2. Install and activate the ActivityPub plugin.
  3. After activation, your author profile (and optionally, your blog itself) becomes followable via the Fediverse.
  4. Start publishing—and federate your writing with the world!

April 27, 2025

2025

While the code ( if you call YAML “code” ) is already more than 5 years old. I finally took the take the make a proper release of my test “hello” OCI container.

I use this container to demo a container build and how to deploy it with helm on a Kubernetes cluster. Some test tools (ping, DNS, curl, wget) are included to execute some tests on the deployed pod.

It also includes a Makefile to build the container and deploy it on a Red Hat OpenShift Local (formerly Red Hat CodeReady Containers) cluster.

To deploy the container with the included helm charts to OpenShift local (Code Ready Containers), execute make crc_deploy.

This will:

  1. Build the container image
  2. Login to the internal OpenShift registry
  3. Push the image to the internal OpenShift register
  4. Deploy the helm chart in the tsthelm namespace, the helm chart will also create a route for the application.

I might include support for other Kubernetes in the future when I find the time.

docker-stafwag-hello_nginx v1.0.0 is available at:

https://github.com/stafwag/docker-stafwag-hello_nginx

ChangeLog

v1.0.0 Initial stable release

  • Included dns utilities and documentation update by @stafwag in #3
  • Updated Run section by @stafwag in #4

Have fun!

April 25, 2025

Performance hack seen on a customer site; fix the bad LCP (due to an animation in revslider) by loading an inline (base64’ed) png image which according to FF is broken and later in the rendering process hiding & removing it. Even though that image is not *really* used, tools such as Google Pagespeed Insights pick it up as the LCP image and the score is “in the green”. Not sure this is really…

Source