Now that's a nice one: blog.nginx.org/blog/native-... . For now only http-01.

#nginx #acme #webpki

./

Not sure if there were other attempts to add something like that, but if they did take place, they were not finalized - pg_dump does not have such option to this day.

#Postgresql

[PATCH] Add --ordered option to pg_dump I needed a way to run diffs on two database dumps to see what data developers put in their local …

#pg_dump outputs data in disk order, so this makes comparing such outputs tricky, e.g. if doing so as a migration verification step.

In 2010 (that was long time ago!) there was an idea to add `--ordered` option, but it didn't gain enough interest: archives.postgresql.org/pgsql-hacker... .

1/

He misspoke - he meant rubberchatting.

Same.

There should be a separate third handle, on the inside, dedicated just for testing. That will fix the problem.

Or a hole for the hand for reaching to the outside handle.

I don't get it why they stopped mid way with such clearly incomplete design.

And same with `-f` and mixing `-c` and `-f`.

You've motivated me to take a closer look into the docs, and turns out there is even more nuance to various usages of `-c`, chained `-c`, or just using stdin I wasn't aware of.

Solid tip. 🐘

./

... like a request for sudo password - if such privilege escalation is requested.

Some more on that here: notes.aflukasz.pl/en/2025/08/0... .

3/

This timeout starts counting down approximately at the same time as the connection timeout does (they more or less overlap, starting when connection is being initiated).

It tracks if we are not waiting too long for the privilege escalation prompt to be generated on the remote system...

ansible/lib/ansible/plugins/connection/ssh.py at v2.19.0 · ansible/ansible Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to clo...

2/

This timeout has a value of the ssh connection timeout (which is configurable and defaults to 10s) extended by adding extra 2 seconds, as seen in github.com/ansible/ansi...:

```
timeout = 2 + self.get_option('timeout')
```

It's not otherwise settable directly.

#Ansible can sometimes fail with "Timeout (12s) waiting for privilege escalation prompt" error.

Somewhat unexpectedly, this 12s value is not directly configurable and the reason for the error may not necessarily have that much to do with privilege escalation itself.

1/

./

Each time I ultimately got this value be creating temporary r2 bucket and extracting id from advertised bucket endpoint url.

@cloudflare.social - I dare you to teach me about my mistakes here.

2/

... on freshly created accounts, because the whole page where this id could be obtained is... replaced with a wizard form of sorts for pages product ("Boost your site's speed and security").

But all i need is id to use with their API. ☹️

Recently I was in this situation a couple of times...

Find account and zone IDs Once you set up a new account and add your domain to Cloudflare, you may need access to your zone and account IDs for API operations.

For some reason #Cloudflare really likes to hide account id value. They even had to document how to find it: developers.cloudflare.com/fundamentals..., which isn't exactly a strong indicator that their web #ui has no need for improvement.

Alas, documented method does not currently work...

1/

./

```
{% if condition %}
setting = {{ val }}
{% else %}
# Skipping setting assignment - condition not met.
{% endif %}
```

Config files typically support comments (right, JSON?). Making else branch explicit that way makes it clear what happened, without a need to consult file generation process.

2/

... and then, when such generated file is read in a different context, outside of a templating process, it's not clear that such decision was actually made or if maybe it was forgotten to be made, never considered when writing the template etc.

Often a better approach would be the following:

When generating config files from a template, it's sometimes easy to end up with something like this (here using jinja2 syntax):

```
{% if condition %}
setting = val
{% endif %}
```

The problem is that if condition is false, there is no trace of a decision of NOT putting this setting in...

1/

./

... occurrences of stdin pointed to as a source, this allows, for example, for merging consecutive lines from a single source:

```
$ echo -e "1\n2\n3\n4" | paste - -
1 2
3 4
```

Some more examples at notes.aflukasz.pl/en/2025/07/1... .

2/n

As per standard (pubs.opengroup.org/onlinepubs/9...): "If '-' is specified for one or more of the files, the standard input shall be used; the standard input shall be read one line at a time, circularly, for each instance of '-'."

So because state (read offset) is shared for all the...

#POSIX standardized `paste` takes a list of files and outputs lines consisting of the sequentially corresponding lines from each of them (examples in bash):

```
$ paste <(echo -e "1\n2") <(echo -e "a\nb")
1 a
2 b
```

And it has interesting extra property when used with stdin...

#shell

1/n

./

... two identical sequences of 8 bytes (one for each column). In this case it's `00 a4 93 d6 00 00 00 00`, which is the number of microseconds between 2000-01-01T00:00:00Z and 2000-01-01T01:00:00Z.

I expand on that some more at notes.aflukasz.pl/en/2025/05/3... .

2/

... insert a sample row like `insert into test (tnotz, ttz) values ('2000-01-01 01:00:00', '2000-01-01 01:00:00' at time zone 'utc')`, and then take a look into the table file on disk, you will find that the contents of this row is represented by...

#Postgresql has two timestamp types - "without time zone" and "with time zone". And none of them directly store any time zone information.

If you create a table `create table test (tnotz timestamp without time zone, ttz timestamp with time zone)` and...

#postgres #timezones #sql

1/

Or just copy paste from “Infinite Jest”, that will do.

Sorry, recent trauma.

./

... the data scheme usage itself, but to the embedding of an empty string. Inlining an actual small "empty" image could maybe improve the effect in some cases. Although, arguably, this starts being close to... just having an actual favicon.

5/

... with #Firefox, #Chromium and #Chrome. On #mobile #Safari I've caught single requests here and there despite the above `link`, so not sure.

Any potential issues coming from the above approach (like browser fetching remote file despite data url) may be related not to...

4/

Here we use data url to inline an empty string:

```
<link rel="icon" href="data:," />
```

In principle this should make supporting browsers to behave as if we served an empty file from remote host. From my short experiments I can see this works fine (meaning: no favicons request)...

3/

... within the page source. #caniuse reports 97% coverage (caniuse.com/datauri ) and MDN marks them in their baseline classification as "Widely available".

The syntax is `data:[<media-type>][;base64],<data>`.

data: URLs - URIs | MDN Data URLs, URLs prefixed with the data: scheme, allow content creators to embed small files inline in documents. They were formerly known as

2/

... nudge browsers towards actually not looking for it? For saving them from making an extra request and for making dev tools and server logs less noisy from all those 404s.

Yes. #Dataurls to the rescue: developer.mozilla.org/en-US/docs/W.... They allow us to inline contents directly...

Web browsers really like #favicons. If your site does not declare one with `<link rel=icon">`, most (all?) of the mainstream ones will issue request to `/favicon.ico` anyway, in a hope of getting one.

Favicons are a whole topic on its own. But what if we don't use one? Can we somehow...

1/

My favourites: usename, datname, rolname.

Remnants of some harsh length limits back in the days?