Leahs Gedanken

Ich lese viel über KI, viel mehr, als mir lieb ist, bei einem Thema, vor dem ich am liebsten die Augen verschließen und einfach nichts hören möchte. Trotzdem lese ich sie und dabei fällt mir einiges auf, was mich stört. Insbesondere wenn KI als ein Werkzeug wie jedes andere dargestellt wird. … »

AI fells like a hand full mosquitos in my bedroom right after I turned of the lights. It’s absolutely annoying, they are everywhere. I can’t come to rest because they always trigger my attention. I can try to find and kill them but most of the time I will miss one. And the one I missed will give me shit and I will have this itching somewhere the next day. And the next time I go to bed I will check, and check again. And then right after I turned of the bed there is this buzzing again…

With the internet and social media, we created tools that enabled the destructive, ruthless, and non-empathetic individuals in our societies to share harmful ideas, to connect themselves with others, and to spread their hate. In the past the lack of connection protected us but also made it hard for marginalized groups. But it was harder for those bad actors to spread like in a well-vaccinated society. With AI and AI agents, we now give those few people another tool to amplify their destructiveness. … »

A few, or a few more, years ago you heard the warnings about social media only showing the best of the lives of their inhabitants everywhere. And this is maybe still true, but it’s also true that today, given the fucked-up state of the world, we share much more about all the bad things that happen. And that’s okay if you just have to deal with it yourself or are touched by it. … »

Occasionally I ask myself why the fascists are so obsessed with trans people and especially trans women. One theory: Most of them seem to have a mindset that men are superior and maybe even purer. They are perfect, and women are… less. But if some “man” “decide” that they are a woman this is the first crack in this mindset because if they say and really are the thing that is of less value this conflicts with the superiority and being perfect. … »

Today I published our new podcast at my employer Uberspace. For publishing, we decided to use a selfhosted Castopod instance. Sadly, I found an information-leaking bug shortly after doing so. Because this bug is out there and leaking information that is considered and expected to be private, I will publish this information shortly after informing the maintainers today (Fri, 11 Jul 2025 15:11:19 CEST) via mail to their security contact. The Bug The bug is rather simple. If you answer to a message published via Castopod for example from a mastodon instance and set the visibility to “Specific people” only, which is the equivalent and especialy expected to be a private message, this message is world readable on the castopod instance website, not only to logged in users. You can see such a message here or in the screenshot below: … »

You spin my head right round, right round When you go down, when you go down, down The last few days I built a new NAS (Network Attached Storage) to store my backups and ever-increasing image collection. To reduce the power footprint, I want to spin down the HDDs¹ whenever I don’t use the storage. And, like for cars, this is the case most of the time. To prevent any comments on how this is maybe not so healthy for the HDDs, they are rated for 600.000 load cycles; this is more than enough for the lifetime I expect to see from them. … »

Today at work, I investigated some problems with our firewall management software called Heimdal. After adding more instrumentation and finding another bug, I noticed that the number of active rules decreased much faster than they should. If everything was correct, all lines should always match the violet line at the top of the graph above. After looking at the original values and further debugging, I was able to pin it down to the replay function. This function is needed to replay the firewall rules with the remaining block time after a router reboot. This is needed because address list entries with a timeout value are not reboot-safe on our Mikrotik hardware. To calculate the remaining time, I used this line of code: … »

Long story short, currently we see some strange, aggressive ICMPv6 scanning originating from multiple IP addresses inside the Amazon network at my employer Uberspace. The targets are not only used addresses but also internal and non-existent ones. The latter is an issue as it generates a significant amount of neighbor discovery traffic, resulting in increased resource usage. Since we have some other strange issues with our routers, I decided to block and monitor this unwanted traffic, just in case. Therefore, I added some firewall rules like this: … »

Today I learned that SQLite is a little bit ARRRRGHHHH 🤬 if it comes to foreign key constraints. They just don’t work or apply by default. This means, for example, if you have a table called “users” with a user id and another table referencing this user id as a foreign key you can happily crate entries in the second table referencing a user id from the “users” table that doesn’t exist there. I have no clue why someone wants this behavior as a default but the SQLite documentation states so.

As of SQLite version 3.6.19, the default setting for foreign key enforcement is OFF.

I stumbled over this while writing a tool for work using SQLAlchemy. If you use it too you can search for hours why this doesn’t work and you can’t find a single mention of it. This should be a big RED warning in the ForeignKey() documentation. But finally I found the part of the docs mentioning this problem: https://docs.sqlalchemy.org/en/20/dialects/sqlite.html#foreign-key-support

There is also a code example that sets the needed PRAGMA foreign_keys=ON on every new connection. With this everything works. Thanks for nothing!

Today I learned how the logging on Mikrotik RouterOS really works. Sadly, this isn’t mentioned in the Mikrotik docs. In many examples, it looks like you just add all the topics you like to receive. So you end up with something like this:

/system/logging
add action=remote disabled=no prefix="" topics=interface,route,ssh,stp,system,dns,event,firewall,manager,radvd,timer,vrrp,watchdog

But this wouldn’t work, and you won’t see any logs of the topics at all. This is because, with the line above, you need a log message to be tagged with all these topics, which is not going to happen because they are from very distinct parts of the system. The topics you define on a config line are combined by a logical and. So if you want to follow all the topics above, you need to add them as standalone lines. But you can also filter them, for example, all interface messages but only error messages. Or DNS logs, but not packet logs. Here are a few examples:

/system/logging
add action=remote topics=interface # logs everything with the topic/label interface
add action=remote topics=interface, debug # logs only debug messages for the topic interface
add action=remote topics=interface,!debug # logs everything but debug messages for the topic interface

Today I learned that the VRRP documentation for Mikrotik routerOS is somehow misleading. For the examples used for IPv4 and IPv6 VRRP they use the same VRRP interface name, but this doesn’t work if you configure both IPv4 and IPv6 addresses to the same interface. You need to add separate interfaces, for example, downlink-vrrp-v4 and downlink-vrrp-v6, with separate router IDs and with the correct v3 protocol to get it working. Also, they show the non-active IP addresses as invalid if you print the IPs; this is normal but looks like a problem with duplicate address detection.

Here is a working example from a config export:

/interface vrrp
add interface=downlink-bond name=downlink-vrrp-v4 priority=100
add interface=downlink-bond name=downlink-vrrp-v6 priority=100 v3-protocol=ipv6 vrid=2

A short and funny story about some problems I debugged the last few days for chaos.social. For 10 days, I could observe a massively increased load on the chaos.social frontend VM, but only on this VM. This issue made chaos.social sometimes very slow to use. And I have to admit that today I was a bit desperate because, despite a lot of debugging, I couldn’t find the issue. … »

Sometimes you have a bug in your config and than you have to delete some false fuzzy hashes. This is possible with the following command and the hashes shown in the rspamd log. It is not possible for the short hashes in the symbols.

rspamc -f 11 fuzzy_delhash fd8e4df1dac169526aa92d96dac9f2f149bf3e0c3d8801bd25948af4909a47690a96d41a61c81943f143b2de16498eb52bbc588b2f3ab7cd51f2caced11c94e5