Homebrew, OpenSSL and PowerShell

On Mac, PowerShell really, really wants to specifically use OpenSSL version 1.0.

Unfortunately, homebrew switched to OpenSSL version 1.1 in v2.2, because OpenSSL 1.0 is end-of-life.

This fixes it (for now at least):

brew uninstall openssl --ignore-dependencies
brew uninstall openssl --ignore-dependencies
brew install


Snippets Uncategorized

nextcloud and Docker and reverse proxies

I have a nextcloud setup like described here (docker-compose, let’s encrypt proxy companion, postgres and nextcloud). And for a while I couldn’t connect any new nextcloud clients to the installation.

This fixed it:

$CONFIG = array (
  # manually added because it's not picked up from
  # the env vars once set ... it seems ...

  # the docker IP range
  'trusted_proxies' => [""],

  # the hostname of the server
  'overwritehost'   => "my.super.secret.server",

  # the ENDUSER->PROXY protocol, NOT the proxy-> nextcloud protocol!
  'overwriteprotocol' => "https",

  # AAAND NOW back to the original config file ...
  # ...

Some notes:


Windows after 13 years – and nothing changed

I have a Windows PC again, after about 13 years of abstinence and never looking back. (Why? Gaming. Once in 13 years is OK I guess).

And nothing changed.

Step 1: Uninstalling crap

Uninstall those things from the Windows menu: Candy Crush, Cooking Fever, and three others I forgot to document. It’s a pristine ISO install, nothing from a vendor – I bought components myself, and I assembled myself. So this is Windows and Windows alone that’s to blame.

And don’t forget all the crap which is in the Windows menu tiles – XBox & co, I mean you. (Removed about 7 super useless things here alone).

Step 2: change mouse wheel direction

Step 2: Change mouse wheel direction (sorry, Mac spoiled me). I can configure anything and everything in Windows – not that. Google helps, and I have to – of course – navigate the registry to find keys that look like this:

... VID_046D&PID_C53D&MI_01&COL01\9&12BDBF6B&0&0000\...
... DeviceParameters\FlipFlopWheel

(Set this to 1, and get the “VID_0…” whatever string from the “Advanced Settings” of the mouse properties dialogue. Brainfuck.

Step 3: Disable cortana

Oh yeah, disabling Cortana is almost easy (set this to 0):

... Windows Search\AllowCortana

Step 4: Remove contacts icon from taskbar

Removing the stupid “Contacts” icon on the task bar is super simple in contrast: Right-click, and uncheck “Show contacts”. Yay!

Step 5: Re-login / Reboot

Where the fuck can I log out?!

Oh right, click the start menu, immediately see the unobtrusive grey junk icon which is supposed to be me in the leftmost area on top of all the other nondescriminate icons, click it, and see the menu pop up which offers to “log out”. How could I miss this.


Well, this is not all. This is just what I did today, after already tuning the system a while ago. In contrast Mac: Unpack, open (Laptops only here), start working. No candy crush removal necessary.


Logstash, clone filter & add_field mysteries

That’s a really great piece of documentation. This does not work:

# let's clone each event, one goes to somewhere, one goes to somewhere else.
# note this was copy-pasted from the docs!
# see here:
filter {
  clone {
    add_field => { "token" => "ABCDEF" }
output {
  if [token] {
    # go somewhere
    tcp { ... }
  } else {
    # go to somewhere else
    s3 { ... }

Why? Because the clone filter will not clone anything. And the documentation is super unclear on this. If you know it, you can read it – if you don’t know this, you’ll … google.

For it to actually clone anything you have to specify the ‘clones => [“one”, …]’ parameter. Then it will clone, and add the token field as expected. Like this:

filter {
  clone {
    clones => ["logz"]     # NOW it will clone.
    add_field => { "token" => "ABCDEF" }

Interestingly the “clones =>” parameter is optional, which just confuses the shit out of me.

The reasoning that I don’t just add the field altogether is that this is the access token for our externally hosted ELK service. This should only be there for the external path, and not be put in S3 in parallel.


Really annoying thread properties

This sucks monkey ass, mainly because I didn’t think of that before. And that’s just one example why multi-threaded (soon to be -processing, probably) applications are hard.

import subprocess as sp
import time
import os
from threading import Thread

class MyThread(Thread):

    def __init__(self, mydir):
        self.mydir = mydir

    def run(self):
        print(&quot;I'm (%s) in directory %s&quot;
              % (str(self), os.getcwd()))

if __name__ == &quot;__main__&quot;:

Result is:

I'm (&lt;MyThread(Thread-1, started 140195858716416)&gt;) in directory /
I'm (&lt;MyThread(Thread-2, started 140195850323712)&gt;) in directory /

Docker, http and TLS

Today seems to be “annoyme-day”.

This error message with docker:

$ docker push
Post http:///var/run/docker.sock/v1.19/images/ \
   /name/image/push?tag=: read unix /var/run/docker.sock: \
   connection reset by peer. Are you trying to connect to \
   a TLS-enabled daemon without TLS?

… does not necessarily mean that we use http:// instead of https://.

It can also mean that the docker service is not running:

$ systemctl status docker.service
 ‚óŹ docker.service - Docker Application Container Engine
   Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Wed 2015-07-15 17:16:48 CEST; 15s ago
  Process: 48587 ExecStart=/usr/bin/docker td -H fd:// $DOCKER_OPTS (code=exited, status=1/FAILURE)
 Main PID: 48587 (code=exited, status=1/FAILURE)

Took me 15 minutes.