Sophia Grace

Curriculum VitaeGithub

Search

SearchSearch

2024-06-03

Jun 03, 20242 min read

  • Add Nginx or some other reverse proxy to listen on the correct port.

    • This was fixed using iptables:
    $ iptables -A INPUT -i enp8s0 -p tcp --dport 80 -j ACCEPT
$ iptables -A INPUT -i enp8s0 -p tcp --dport 6939 -j ACCEPT
$ iptables -A PREROUTING -t nat -i enp8s0 -p tcp --dport 80 -j REDIRECT --to-port 6939

  • Figure out how to force the right plz version.

    • I’ve added an entry to $PATH for ~/.please that will use an updated version if one exists, and that has forced the right version.

@panoption///bin/cleanup

  • Fix the timer output so it works with systemd.

  • Delete scans older than 1 month.

  • Delete endpoints, domains, and certs where no scans exist.

@panopticon///bin/web

  • Give the cert data a min-width.

@panopticon///lib/data

  • Figure out why creating new domains/endpoints isn’t working.

    • This was a little complicated to figure out but I ended up adding pg_advisory_xact_lock() to the beginning of a task so that we can serialize access to shared data structures.

  • Add @panopticon///lib/instrument tracing.

@panopticon///lib/instrument

  • Decide on support for pre-aggregated metrics.

    • The primary issue I can see is the huge cardinality that arises from how I handle context tags. That being said, there’s definitely a useful idea in “hey let me keep track of some count that I know is important that is not necessarily an event”.

    • After some thinking, I’m going to defer on pre-aggregated metrics. There are some interesting use cases for system metrics, like CPU utilization and the like, but I don’t have a concrete sense of how I want those collected/emitted at the moment. I might end up with them formatted like Heroku Postgres does, with a log line every few seconds with all of the known metrics present.

    • Either way I know I can’t do the contextual tags for these - the cardinality would be WAY too high to allow in any sink I might configure.

  • Buffer logs inside of spans for console output?

    • I’m also going to defer on this- there are some interesting concerns with parallel tasks and log output, but I think I need more experience with those issues before I come up with a solution for it.

@panopticon///bin/worker/task

  • Add code to handle the existing HSTS failure modes.

  • Instrument the worker with spans.