Leahs Gedanken

Today I learned that SQLite is a little bit ARRRRGHHHH 🤬 if it comes to foreign key constraints. They just don’t work or apply by default. This means, for example, if you have a table called “users” with a user id and another table referencing this user id as a foreign key you can happily crate entries in the second table referencing a user id from the “users” table that doesn’t exist there. I have no clue why someone wants this behavior as a default but the SQLite documentation states so.

As of SQLite version 3.6.19, the default setting for foreign key enforcement is OFF.

I stumbled over this while writing a tool for work using SQLAlchemy. If you use it too you can search for hours why this doesn’t work and you can’t find a single mention of it. This should be a big RED warning in the ForeignKey() documentation. But finally I found the part of the docs mentioning this problem: https://docs.sqlalchemy.org/en/20/dialects/sqlite.html#foreign-key-support

There is also a code example that sets the needed PRAGMA foreign_keys=ON on every new connection. With this everything works. Thanks for nothing!

Today I learned how the logging on Mikrotik RouterOS really works. Sadly, this isn’t mentioned in the Mikrotik docs. In many examples, it looks like you just add all the topics you like to receive. So you end up with something like this:

/system/logging
add action=remote disabled=no prefix="" topics=interface,route,ssh,stp,system,dns,event,firewall,manager,radvd,timer,vrrp,watchdog

But this wouldn’t work, and you won’t see any logs of the topics at all. This is because, with the line above, you need a log message to be tagged with all these topics, which is not going to happen because they are from very distinct parts of the system. The topics you define on a config line are combined by a logical and. So if you want to follow all the topics above, you need to add them as standalone lines. But you can also filter them, for example, all interface messages but only error messages. Or DNS logs, but not packet logs. Here are a few examples:

/system/logging
add action=remote topics=interface # logs everything with the topic/label interface
add action=remote topics=interface, debug # logs only debug messages for the topic interface
add action=remote topics=interface,!debug # logs everything but debug messages for the topic interface

Today I learned that the VRRP documentation for Mikrotik routerOS is somehow misleading. For the examples used for IPv4 and IPv6 VRRP they use the same VRRP interface name, but this doesn’t work if you configure both IPv4 and IPv6 addresses to the same interface. You need to add separate interfaces, for example, downlink-vrrp-v4 and downlink-vrrp-v6, with separate router IDs and with the correct v3 protocol to get it working. Also, they show the non-active IP addresses as invalid if you print the IPs; this is normal but looks like a problem with duplicate address detection.

Here is a working example from a config export:

/interface vrrp
add interface=downlink-bond name=downlink-vrrp-v4 priority=100
add interface=downlink-bond name=downlink-vrrp-v6 priority=100 v3-protocol=ipv6 vrid=2

A short and funny story about some problems I debugged the last few days for chaos.social. For 10 days, I could observe a massively increased load on the chaos.social frontend VM, but only on this VM. This issue made chaos.social sometimes very slow to use. And I have to admit that today I was a bit desperate because, despite a lot of debugging, I couldn’t find the issue. … »

Sometimes you have a bug in your config and than you have to delete some false fuzzy hashes. This is possible with the following command and the hashes shown in the rspamd log. It is not possible for the short hashes in the symbols.

rspamc -f 11 fuzzy_delhash fd8e4df1dac169526aa92d96dac9f2f149bf3e0c3d8801bd25948af4909a47690a96d41a61c81943f143b2de16498eb52bbc588b2f3ab7cd51f2caced11c94e5