invisiblethreat

Bypassing Synology's 32K NFS Block Size Limit with systemd

Wed, 18 Mar 2026 00:00:00 +0000

The Synology DSM GUI caps NFS read/write packet size at 32K. For a fileserver doing large sequential transfers — media files, backups, VM disk images — that’s leaving throughput on the table. The kernel supports up to 1MB block sizes, and the GUI limit is purely artificial.

This post documents how to push past it on DSM 7, which uses systemd under the hood.

What the setting actually controls

The NFS block size (rsize/wsize) determines how much data the client and server exchange in a single NFS operation. Larger blocks mean fewer round trips for the same transfer, which matters most for large sequential reads and writes over a local network.

The server-side maximum is controlled by a kernel procfs entry:

/proc/fs/nfsd/max_block_size

The DSM GUI writes a value into this at boot, but caps it at 32768 (32K). The kernel itself supports 1048576 (1MB).

Why you can’t just echo a value at boot

The obvious approach — write 1048576 to max_block_size at startup — hits two problems:

Problem 1: Once nfsd threads are running, the file is locked:

# echo 1048576 > /proc/fs/nfsd/max_block_size
-ash: echo: write error: Device or resource busy

Problem 2: Even if you write before nfsd starts, DSM’s NFS service resets the value during its own initialization. The kernel calculates a default block size based on available RAM when rpc.nfsd starts, and that write clobbers yours.

The window you need is: after /proc/fs/nfsd is mounted, but before nfsd threads spawn.

How DSM 7 starts NFS

DSM 7 uses systemd. The NFS startup sequence involves three units:

proc-fs-nfsd.service   →   [your hook goes here]   →   nfs-server.service

proc-fs-nfsd.service mounts the nfsd filesystem at /proc/fs/nfsd
nfs-server.service calls /usr/syno/lib/systemd/scripts/nfsd.sh start, which runs rpc.nfsd and spawns the kernel threads

Once nfs-server.service runs, max_block_size is locked. You need to write your value between these two units.

The fix

Create a systemd drop-in unit that slots between proc-fs-nfsd.service and nfs-server.service:

cat > /etc/systemd/system/nfs-blocksize.service << 'EOF'
[Unit]
Description=Set nfsd max_block_size before NFS server starts
After=proc-fs-nfsd.service
Before=nfs-server.service
Requires=proc-fs-nfsd.service

[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo 1048576 > /proc/fs/nfsd/max_block_size'
RemainAfterExit=yes

[Install]
WantedBy=nfs-server.service
EOF

Enable it:

systemctl enable nfs-blocksize.service
systemctl daemon-reload

Verify the ordering was picked up:

systemctl show nfs-server.service | grep -i after

You should see nfs-blocksize.service in the After= chain for nfs-server.service.

Reboot, then confirm:

cat /proc/fs/nfsd/max_block_size
# 1048576

Client side

The server-side change only sets the ceiling. Clients still need to request larger block sizes at mount time. On Linux clients, update /etc/fstab:

nas:/volume1/share  /mnt/nas  nfs  rsize=1048576,wsize=1048576,vers=4  0  0

Or test before making it permanent:

mount -t nfs -o rsize=1048576,wsize=1048576,vers=4 nas:/volume1/share /mnt/nas

Verify what was negotiated after mounting:

nfsstat -m | grep rsize

Notes

This survives reboots. The systemd unit is persistent.
DSM updates may overwrite files in /usr/lib/systemd/system/ but should leave /etc/systemd/system/ alone. If an update breaks it, just re-run systemctl enable nfs-blocksize.service && systemctl daemon-reload.
If you’re using NFSv4 exclusively (likely on a modern Linux-only homelab), you only need port 2049/tcp open in your firewall. The additional ports required by NFSv3 (mountd, statd, lockd) are not needed.
The DS918+ ships with 4GB of RAM. The kernel’s default block size calculation targets 1MB on machines with that much memory, but DSM’s NFS init script overrides it. This fix restores what the kernel would have chosen anyway.

Something big/small/other is happening.

Wed, 18 Feb 2026 00:00:00 +0000

What’s coming?

There’s a back and forth in technology on whether the current AI cycle is all hype, or a true revolution that is just at the bottom of an exponential curve. It seems that, like in so many things, a nuanced position is not a popular one. I think that more than “back and forth” there are are actually three camps that compose the current balance of the tech world: AI maximalists, AI doomers, and AI doubters.

The Perspectives at Play

Maximalist view: Something Big is Happening
Doubter view: Better Offline: No, Something Big Isn’t Coming, Ed Zitron of “Where’s Your Ed At”
Doomer view: The AI Doomers Are Getting Doomier
It’s cool to hate on AI view: Something Small is Happening

The AI Maximalists

This is going to change everything forever.

The “maxi” is all in, all of the time. Maybe they were early, maybe not. Maybe they missed out on other trends and want to be here first. They are true believers in what the technology can do and won’t shut up about it.

The AI Doomers

I hope they put us in the nice part of the human zoo.

A negative-biased version of the “maxi” that believes in the potential, but sees the outcomes in an almost exclusively negative light. It’s not clear to me if this group thinks a lack of safety is the issue, or that it’s simply inevitable.

The AI Doubters

It’s all hype just like the dot-com crash.

I will admit to finding this group the most frustrating and least informed. They seem to relish mathematical tasks like counting the letter “r” in “strawberry” and getting to a “look how stupid this thing is!” as quickly as possible.

The AI Hater (Bonus!)

I went offline before it was cool.

Basically a snotty vegan barista that judges you harshly for your life choices, but for AI. This is something that I’m trying to engage less with(and be less of a part of) as I age. I acknowledge that it exists as a perspective, but I just don’t find it interesting and won’t devote time to it.

Where I’m At(for now)

Presuming that my opinion is worth the bits to get it to your screen, here’s what I’m thinking about the personas:

The maximalists are overselling, but not by large degree. Sure, Matt Shumer is talking exclusively in a way that benefits himself, but that doesn’t make him wrong. The failure to acknowledge the externalities is aggravating. Timelines are up for debate, but given my last several weeks, I think that I’m, reluctantly, in this camp.
The doomers love a good spiral. See the panic over Moltbook and the failure how easy it was to manufacture a story out of the content there.
The doubters are judging fish on their ability to climb trees. I think that they have largely formed opinions on older models, if they’ve tried them at all. Some of the most ardent critics seem to have adopted “AI Luddite” personas when models exponentially improving. I’m not sure what is to be gained by being closed minded to the fact that every lab is trying to improve all of the time.

Things I’m Keeping in Mind

The models today are the worst they will ever be barring some training that goes wrong. Expect improvements on an ongoing basis.
From my experience, using AI to get to discrete values is their best use.
Replit, as a business, has been replaced by models improving, and projects like Spec Kit in a matter of months. Maybe I’m just late to this?
SaaS is in for a world of hurt- especially offerings full of bloat and distractions. These are going to see the cost on a per seat basis drop. Buyers are going to have huge amounts of leverage over pricing when they only use 1/3 of the features offered
Tired: putting AI in your product. Wired: enabling AI to interact with your product. The value isn’t in summaries of your data within the platform it’s housed in, but rather, combining it with disparate data easily. Trying to lock folks in to a platform will only encourage them to attempt to exit more quickly.

What I’ve Built

In the last week, the things I’ve managed to build with minimal effort:

App to ingest backup reports that were previously emails(and mostly ignored)
App to replace Google’s BigQuery console.
App to map, pivot, and merge data from vastly different systems of record
App to speed read. Based on Rapid Serial Visual Presentation(RSVP). Currently attaining 800 WPM on a consistent basis
App for home maintenance that can leverage check-ins triggered by NFC tags

Going Forward

I mostly agree with Shumer that pure coding is solved. Knowing the application of techniques and understanding the problems that you’re trying to solve really well is the most value you can have in the day-to-day. Reducing yourself to a “spec engineer” feels like the best way to be replaced.

POSSE Note

I own my own content. I subscribe to POSSE: Publish on Own Site, Syndicate Everywhere. The original location of this content is invisiblethreat.ca.

Per-domain resolvers in macOS

Sat, 12 Apr 2025 00:00:00 +0000

macOS, DNS, and you

First things first: I don’t fully understand the DNS resolution scheme that Apple has dreamed up in macOS. Furthermore, I don’t really want to- I just want things to work in a manner that let’s me get on with my life.

The Problem

I run a fairly extensive home lab, with lots of projects and resources. I also run the private DNS suffix .lan to access all of these resources. I make regular use of these resources for work. This comes into direct conflict with our access control system for work. If I have the ACL software active, my resolver address is replaced and I’m unable to access my lab via hostnames.

However, this isn’t an outright block, I can still resolve things if I specify the nameserver that I want to use. With this knowledge, I set out to fix access to my internal hosts. It did not go well. Multiple calls with our ACL provider, and lots of tampering with things in /etc/resolv.conf I was no further ahead. Deploying dnsmasq via brew for conditional upstream DNS resolution suffered from the same issues of being run over when the ACL software was active.

I eventually stumbled across this article from 2019 about this same thing. I’m not a huge fan of Medium, and the paywall model, so here’s the gist of the solution and a handy script to help you out!

The solution

The solution is available via /etc/resolver/<Private Namespace>. In my case, my internal DNS is using the suffix .lan. Edit: this works for any arbitrary domain or subdomain. You could employ the same solution for foo.bar.com or bar.com and all requests that match the namespace will be routed to that resolver.

sudo mkdir -p /etc/resolver/lan

# 172.18.0.2 is my internal pihole instance, which has an upstream rule that
# points to my authoritative internal DNS server. There are some shell nuances
# about redirection that mean you need to actually either be root, or fully wrap
# the `echo` call in a subshell call to sudo.

echo "nameserver 172.18.0.2" >> /etc/resolver/lan

To verify that you now have a private namespace resolver, use the following command:

scutil --dns

# ... many other results ...

resolver #10
  domain   : lan
  nameserver[0] : 172.18.0.2
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

As an aside dig/host are using /etc/resolv.conf which makes troubleshooting difficult. Make sure that you’re using dscacheutil -q host -a name instead.

# will use /etc/reslov.conf, which is contains the ACL resolver address
dig pihole.lan +short

# using the resolution chain from scutil --dns
dscacheutil -q host -a name pihole.lan
name: pihole.lan
ip_address: 172.18.0.2

That’s it! It’s done!

A script

This script is the quickest path to a resolution(!). Enjoy!

#!/bin/bash

RES_PATH=/etc/resolver
ZONE=$1
NS=$2

if [[ -z $1 || -z $2 ]]; then
  echo "Usage: $0 <zone> <nameserver IP address>"
  exit 1
fi
# Don't clobber an existing configuration
if [ -e "$RES_PATH/$1" ]; then
  RESOLVER=$(cat $RES_PATH/$1| awk '{print $2}')
  echo "$1 already has a custom resolver at $RES_PATH/$1 using $RESOLVER"
  exit 1
fi

# I forget if this exists in a clean install, so make sure it exists
if [ ! -d "$RES_PATH" ]; then
  sudo mkdir -p $RES_PATH
fi

# make the file
sudo touch $RES_PATH/$1

# this needs to be encapsulated because redirection is a shell function of the
# current UID
sudo bash -c "echo \"nameserver $2\" > $RES_PATH/$1"

# verify that things have worked
RESOLVER=$(cat $RES_PATH/$1| awk '{print $2}')
echo "$1 now has a custom resolver at $RES_PATH/$1 using $RESOLVER"
scutil --dns |grep -B1 -A3 $1

Exim, ZDI, and the casualties

Tue, 02 Jan 2024 00:00:00 +0000

Three months later- a reflection

I didn’t want to immediately post about the mess that was the “Exim VS ZDI” to give myself some time to see if I still felt the same way given the initial mess that was created. I still do feel the same way:

Everybody lost.

ZDI Lost

ZDI is supposed to be a professional disclosure organization. Nothing in the mailing list logs shows professionalism. There are most likely private communications that will never see the light of day, but again, this is their business. They are owned, now, by TrendMicro, and most likely have competing interests of being a disclosure organization, and providing value of some sort to Trend.

Security People Lost

A late week disclosure on vulnerabilities with incomplete information is a terrible place to exist. Many questions and few answers just sets people’s time on fire. Thanks for nothing, ZDI. Given the extremely protracted timelines, would it have killed ZDI to hold this until the following Monday or Tuesday? All it does is raise questions around their motivations and the desired end results of “helping” VS “getting press”.

The Exim Project Lost

I feel like the Exim project, and their users, were the biggest losers out of all parties. The project was cavalier with the userbase’s trust in the project and ability to interact with ZDI. They failed to find a way to move forward with ZDI, at the expense of the reputation of the project’s reputation and the trust from the users. In reality, if cPanel was not distributing Exim, there would be far less fanfare around this software.

AI Regulation

Tue, 02 Jan 2024 00:00:00 +0000

AI Regulation

All of the advancements in generative AI has led to somewhat of a natural consequence: governments want to get involved. Yay. Of these, the US government is the one that is able to exert the most influence due to the concentration of tech giants within its sphere of influence.

Of note, Sam Altman at OpenAI seems to be in favour of this regulation. My feeling is that he is attempting be a participant in creating a regulatory moat for keeping new entrants out of the market by creating barriers for any would-be competitors.

The coziness between the largest AI companies and the US government feels very wrong to me in multiple ways:

influence and pressure flowing from government to companies
internal safeties and biases propagating forward within companies creates a feedback loop of priors that will diminish future probabilistic outcomes.
combining the above two items can create paternalistic outcomes that don’t serve citizens, but rather the interests of those in power

Americanterism and a failure to understand the internet

In hearing all of the talks of regulation from the US government, it really makes me wonder if anyone within it understands how AI models are trained, distributed or otherwise used. During that last sentence, I downloaded a model with 7 billion parameters that runs on my laptop. It’s mine now, forever.

I’m Canadian, and who is the US government to tell me how act or what to do with this technology? If I was to build something, would I have to submit to the US government to do business in the US? Will US-based companies flee to less restrictive locales? Will this stifle new entrants to the market, with eventual lessening of competition, and ultimately, innovation?

Chaotic actors

Did you know that information classified as “top secret” by the US government that’s leaked to the public creates a real problem for people that hold clearances? Even though the information is “public” they’ve never been cleared to view it and it can jeopardize their clearance renewal if they do so.

Let’s now apply a similar treatment to AI in the US, and any regulatory framework that companies must reside within. If a foreign entity(company, country, whatever…) trains or gives a way a vastly superior model that companies in the US are forbidden from using, what then? Do they get left behind? Do they leave the US? Does the government abandon their policies and tactics(I think we know that this is a non-starter)?

I can understand with the interest in being seen to be doing something, but at the same time, I really don’t know how this doesn’t promote incentives around being headquartered in an innovation-friendly country.

Information wants to be free

I’m not sure if this is the answer, but I feel that it’s at least something: as many open source models as possible. A ubiquity of technology that becomes anti-fragile to the whims of any one regulator and the ability to easily switch out models and carry on as you were. Don’t code to a company’s or model’s API, use an abstraction framework that allows flexibility. This allow for flexibility and the ability to protect your work, and in the case of paid products, prevent a hostage situation.

The pace of innovation is often at odds with regulation, and in the case of AI, the lack of consideration of second and third order consequences will have an impact of some magnitude. The current pandering to hysteria around AI is short-sighted and will lead to outcomes, some predictable, and some not, that could be avoided.

Infinity hurts my head

Sat, 19 Nov 2022 00:00:00 +0000

Infinity makes me question precision and measurement

There is something deeply unsettling to be about the concept of infinity. I’ll just talk about it in the concept of numbers, not in terms of space, because that’s its own thing, even if it’s related.

When conducting interviews for junior candidates, I often give a Body Mass Index(BMI) challenge. It’s not a particularly hard thing to program, nor is BMI that great of a measure health for various reasons, but sometimes it leads into an interesting place.

The BMI Range

The BMI range is as follows:

less than 18.5 is underweight
18.5 to 25 is ideal
greater than 25 and less than 30 is overweight
30 and over is overweight … mostly. You see, in most of the scales, the values published use tenths of a number, and they have gaps. For instance, this is what the CDC publishes:
less than 18.5 is underweight
18.5 to 24.9 is ideal
25 to 29.9 is overweight
30 and over is obese This looks harmless and reasonable, right? Let me now mess with you.

The gaps

So, here it is, while you can say that the distance between 24.9 and 25 is one tenth numerically, in terms of the values that can take place between those two points is infinite. There is infinite precision to be measured between these points, even if we lack the instruments to make the measurements. If you have 24.9, with the 9s repeating millions of times, there’s still an infinite range or precision between that last 9 and the next whole number of 25.

That’s it. In the physical world, it seems that everything is an approximation, because actually being able to measure to infinite precision is impossible.

2021- The year in review

Sun, 26 Dec 2021 00:00:00 +0000

Another year in the books…

There are a few things that I was able to accomplish in 2021 that I’d like to talk about, and probably a few others that should be mentioned. The things that I’ll choose to omit are most likely gross failures to even get a project started, so it may get kicked ahead to 2022. Maybe.

My Internal Conflict

There are not enough hours in the day for me to learn all the things that are interesting to me. I also find that as a specialize more and more at work, the more that I want to branch out into other technical realms in order to be more well rounded. It serves two purposes: I love learning, and I also love to be self-sufficient. During the year I did find a few places where I could align some of my technical learning goals with work goals, which was nice. Some of the things that I wasn’t able to justify for work-purposes are getting rolled over to 2022, but I haven’t decided on an approach just yet.

My biggest challenge to learning new technical skills outside of work is the allocation of time. Spending extra hours in front of a computer after I’m done work for the day is done can sometimes be a real drain, and I don’t feel like I’m unplugging. It also interferes with other things that are just as important to me, like jiu jitsu and mountain biking. I don’t know how to balance it all. I’ve also found that if I attempt to do technical learning first thing in the morning, that it quickly leads to me starting work early, which has yet to result in me walking away from the computer any earlier at the end of the day. Maybe I have boundary issues? Working on a distributed team that has a -5h to +4h spread means that there’s always something going on, or someone to chat with about something that we can improve. Maybe time management should be at the top of my list for 2022.

Start, Stop, Continue, but in a different order.

I find the “start, stop, continue” feedback process the most actionable sort of way to think about moving forward, but I’ve never applied it to personal development, so here we go.

Stop

Using R. I started using R in 2017 when I needed programmatic graphs and it fit the bill. ggplot2 can make some beautiful graphs. My main issue is that the I find the language completely arcane. Between the tidyverse, CRAN, and the standard language itself, there’s just too much variety. Too many calling conventions, arbitrary naming and syntax conventions , and and general lack of uniformity. RStudio is nice, but I find a lot of the tooling weak, and the error messages terse enough that I’d never attempt to code without access to the internet.
Complaining about JavaScript(on the front-end). I haven’t denied the utility of JS on the front-end, but I have willfully ignored it as something that I’m not willing to spend time learning. I maintain that NodeJS, while enormously popular, is a mistake.
Saying “yes” to all requests. The ability to be versatile doesn’t always mean that you should actually be versatile. The more things that you take on, the more obligations and interruptions you accumulate. This can become antithetical to deep work and learning.
Arguing on technical solutions. If I’m not the person doing the work, all I can do is offer my perspective and supporting evidence. If I’m not the one implementing, this needs to get to “disagree on the implementation, but agree that it’s the path forward”.

Continue

Improving at vim, more specifically nvim. I overhauled my .vimrc to be an init.vim in the last few months as part of the exercise and have really enjoyed taking the time to attempt to master some of the core features. I’ve been using vim for 15 years, and was still using arrows, and many other rookie methods. Leaning motions has been great, and I’m finally starting to really unlock the power of the “editing first” principles. I’ve been doing Python development for smaller projects exclusively in vim and I hope to move my Go development into vim as well.
Learning/relearning Python. I dabbled in Python 2.5ish days and it really felt like a more structured version of shell(this is an oversimplification, but that was my impression at the time). Watching the train-wreck of the 2 to 3 migration(and the Perl 5 to 6… um, whatever that has turned in to) let me put it on the shelf as a “I’ll get back to this at some point” item. I knew that web frameworks had popped up, and that the push to Python 3 had picked up steam. In coming back in the last year, thing like type checking, and overall tooling seem to have really come along. The potential removal of GIL is also an exciting possibility moving forward.
Learning more abstractions in Go. I’ve spent a bit of time learning interface{}, however, I don’t really find myself using it in projects. Generics landing in Go 1.18 mean that there will be more abstractions showing up in code bases, and knowing what’s going on will be very useful.
Improving SQL. The last year has had me write some queries that went beyond my initial comfort, and some were certainly killed by the DB engine for being abusive. Refining queries, and really understanding sub-queries and making results sets smaller earlier via constraints seems like an easy win. I’ve also had to translate queries to other engines that don’t support all of the features that I’m used to which has been interesting. Knowing when something is specific to an engine will also be important going forward.
Knowledge synthesis. I started very deliberate leaning for vim and the results have been quite good. I plan to expand the technique into other technical realms.

Start

Learn some JavaScript. This is only for front-end work(see above comments for thoughts on Node). It seems that Next.js is quite popular, and when I ask front end devs what framework they’d pick if they were able to start over today, and Next.js is almost always the answer. I’ve been doing all sorts of work from data generation/collection, to APIs to expose the information, but I’ve never done a modern front end to display the results. My last serious front end used PHP and tables for layout.
Get comfortable with pointers in C. I understand C just fine until folks break out multiple levels of indirection with pointers. It’s no wonder that dangling pointers and “use after free” bugs are a thing. Sadly it’s outside of my current skills to be effective in that area. Also, it’s a good bridge to being able to better understand assembly languages and other outputs from reverse engineering.

Onward

Taking the time to reflect on my technical goals for the upcoming year should help me direct my focus. It also gives me a reference for what I thought was important to me if these things fail to materialize. Capturing information is the first step, reviewing and reflecting on it at a later date may actually be the much more powerful part of the equation.

VSCode, GOOS, and you.

Tue, 21 Sep 2021 22:47:19 +0000

Update: 2021-12-26

After being off on a Python adventure for a few months, I had to refactor some Go code. All of the issues came back. I was incensed. I deleted everything related to VSCode. Rather than use any of my old configuration, I started from scratch. I installed all my plugins by hand, and reconfigured settings.json by hand. It seems that there were incompatible settings in my settings.json that caused go pls and the Go plugin in VSCode to spiral out of control. I haven’t had time to fully debug the exact issue, but everything now works as expected. I generally dislike “scorched earth” debugging, as it often stops when things “work” without getting all the way to root cause analysis. In this case, “working” is good enough and I’ve moved on with my life.

VSCode & `gopls`: friends or foes?

I’ve had issues with VSCode and gopls on macOS since it’s been a thing. I was really excited about it at first, and then the problems started coming:

unresponsiveness
no imports
no code hints
no IntelliSense

This generally made the language server not worth using to me, and I reverted to goimports and friends. I had the feeling of always knowing that a day would come when the language server would be foisted upon me and I’d have limited options of what to do about it.

When leaving my last job I took the time to drag my settings.json along with me, just in case, but I tried a fresh install. Things just worked and life was great. I didn’t give another thought to it, because I had no need to. This all changed when I found out that I’d be targeting Windows on a project- everything went sideways.

The error was opaque and I was back to the above list of issues, minus the unresponsiveness because most things just weren’t loading. Even the smallest thing, like not knowing how many return values a function had ground my coding to a halt. I then truly realized how heavily I depended on the Go toolchain to help me get to workable code.

Does this scream “I have a cross-compile issue when starting the language server?”. It sure didn’t to me.

That message didn’t return useful search results, so the debugging continued. On a whim I tried GOOS=windows code . and everything was magical. Things just worked.

So it seems when dealing with build constrained packages, there needs to be something that happens when the above situation occurs.

I ended up testing workspace settings and all was revealed. It feels like there should be a much more friendly way of getting to this solution through some sort of detection, but I ended up scripting a solution instead.

#!/bin/bash
if [ -d .vscode ]; then
  echo ".vscode directory exists- refusing to overwrite."
  exit 1
fi

mkdir .vscode

cat << EOT > .vscode/settings.json
{
    "go.toolsEnvVars": {
        "GOOS": "windows"
    }
}
EOT

Limitless Book review

Mon, 31 May 2021 22:47:19 +0000

tl;dr 9/10

If you pick up a single skill from the book it will improve your learning forever. The return on investment is hard ignore.

Overview

Limitless is a book on learning by Jim Kwik. It breaks down the components of learning, and the different modes and strategies of the components. Since learning is multi-faceted, it makes sense that there are improvements in several areas that can be leveraged in concert to show fairly large(multiplicative) result.

My initial interest was around being able to enhance my reading abilities, as I seem to have accumulated a rather large backlog of books around my home- each now lingering in various states of completion, some with, shamefully, spines the still creak and crack when opened. This had turned into guilt. I’ve been building a list of new books that I want to read(ending of the gold standard, physical performance, data science), but the unread pile has been haunting me. Reading a book that would help me to learn, retain, and potentially help me read faster seemed like the right investment before tackling the backlog.

Some notes on Notes

Note-taking is covered in this book, but I think it(and lots of other folks) somewhat miss something that I feel is really foundational to non-fiction/learning note-taking: take your notes on a sheet of paper. This has several benefits in my opinion:

Brevity. You write what matters and can refer to the text if you need to expand.
Underlining/highlighting goes away. I remember seeing textbooks in university that looks like someone had soaked them with a glow stick. It also reduces “capture fatigue” of deciding when to start and stop. It also is influenced by/influences brevity
Your words. This allows for context that matters to you. It also allows for ideation on concepts that matter to you, and the takeaway of a sheet of paper.
Easy review. You now have a single sheet of paper that makes for quick review. I use giant graph paper folded into four to give me a pamphlet, which I also use as a bookmark.
A place to do exercises if needed. There were some reading speed exercises in Limitless that are now incorporated into my notes.
Simple review! All of your notes in one place- you don’t have to scan the book for your underlines/notes/etc.
Portable. A single sheet/pamphlet/whatever VS an entire book.
Loan the book, keep your notes. You also don’t bias another reader with what you think is important. Also, for some reason, writing in books feels wrong to me, like a desecration. Maybe it’s from the years of public school and knowing that books often needed to last decades?

Review

The book has autobiographical components, which are used to illustrate how learning skills are not fixed and can be improved. This is a powerful message, however I feel that the story gets repeated/tagged too many times for the purpose of the book. Other than this relatively minor complaint, I found the book to be very valuable. For me the most valuable sections were on all in Part 4:

Focus
Study
Memory
Speed reading
Thinking(if you haven’t read other books on mental models, this is a good introduction, but I’d recommend The Great Mental Models: General Thinking Concepts as a much more complete introduction)

Focus

‘Focus’ is something we’re told to do, but not taught to do. At the most basic form it is targeted meditation for the task at hand. It’s about noting/pushing out interfering thoughts and staying on task.

Study

‘Study’ is another thing that we’re told to do, but not taught to do. This section was a bit more involved that I initially expected. There are things that are incorporated that I wasn’t expecting either: posture, scents, and baroque music. Some of the more traditional parts are: spaced repetition and active recall.

Memory

There were exercises in this section that really demonstrated the value in imagery as it impacts recall. Building vivid stories around things that you need to remember had me immediately improve my score from a 5/10 to a 10/10. I was also able to very easily obtain a 10/10 reversing the order as things weren’t strictly placed, but were in a form that I found much more accessible. To this day I still struggle slightly with alphabetization, and often find myself running trough the list in my head to do comparisons, and always in the forward order. I often think of the comedy sketch where someone is pulled over for a roadside sobriety test and are asked to recite the alphabet backwards. The payoff to the sketch is “I couldn’t do that even if I was sober”. It gives me irrational anxiety as I know that I couldn’t recite the alphabet in reverse. Furthermore, I know that it’s a waste of time to learn it in reverse, yet the irrational anxiety persists!

The concepts of ‘primacy’ and ‘recency’ are covered as the points that most often facilitate recall. A time block of about 25 minutes is recommended. If this sounds like a Pomodoro interval to you, that’s because it is.

Speed Reading

There’s a lot of information in this space, and lots of conflict. Personally I found this very valuable, and this is the main reason the book bubbled to the top of my list. If I can consume faster and retain the same(or more), then the book becomes a very high leverage item for all future reading and learning.

I have known since grade school that I read faster than the general population, but had no real concept of what the general rates are, or where I was in relation to those numbers. There was an exercise in the book to baseline, some techniques presented, and then a retest. For me, it gave the following results:

My initial words-per-minute(WPM) was 378. Population average is 150-200.
Post exercises and retesting was 726 WPM. With a little rounding up, that’s 2x, 1.92x if you want to be pedantic about things.

I find it hard to ignore this gain, in a matter of minutes, with relatively little practice. Committing to regimented practice seems like it had the potential to push things even further. Almost all of my gains came from using a visual leader in the form of my finger. The other concept that I feel that will take time to develop is widening of peripheral vision to chunk words. The example given in the book is ‘report card’. ‘Report’ has a meaning, as does ‘card’, and when combined, there’s a different meaning- if you’re not chunking ‘report card’ as a single item, there’s processing overhead of pattern recognition, and the time to access the meaning.

Conclusion

Get the book, take the notes, do the exercises. Improve the skills that improve all other knowledge acquisition pursuits

Post Script (Update 2021-06-01)

The construction of my books was pretty shoddy. The spine was twisted and seemed partially delaminated. I’m not sure if this was due to, or the cause of, the covers bowing away from the pages. Maybe it was just this run, or maybe it was the company that did the binding.

.lan Docker Setup

Thu, 16 Apr 2020 12:47:19 +0000

`.lan` Docker Setup

Docker is a great way to isolate processes. It also enables shipping things that are almost fully configured and only require a few variables to be set along the way

Tools

Docker, duh.
Ansible, because of automation
Python and pip for environment management for Ansible
make. Sorry.
Git, so you can version all of your Ansible configurations

Networking Design

When depolying Docker at a network gateway, you get routing for the Docker networks for free.

The Docker Network

By default, on Linux, Docker creates the 172.17.0.0/16 network. The addresses in this space are non-deterministic, which is a non-issue when you’re exposing ports, as it’s the host that will weld things together via docker-proxy. This is not desireable for my uses. My goal is to avoid binding ports on the gateway host if at all possible.

The solution is to make another network that is not the default. I use 172.18.0.0/16. This allows for static assignment, which enables DNS and general sanity to prevail.

Ansible YAML for creating Docker network

- name: Create lan-bridge
  docker_network:
    name: lan-bridge
    ipam_options:
      subnet: 172.18.0.0/16

Management

To keep things portable virtualenv is used in conjunction with a Makefile. This permits provisioning of the environment on a new host in short order, with a few safeguards for secrets.

Both init and end are sourced, rather than invoked as scripts, to retain environments after running.

`init` sets things up

KEY="auth/ansible-mgmt.key"
make

VAULTID=""

if [ ! -z $VAULTFILE ]; then
  VAULTID="--vault-password-file=$VAULTFILE"
fi

source .ansible/bin/activate

grep -q "BEGIN OPENSSH PRIVATE KEY" $KEY

if [ "$?" -eq "0"  ]; then
  echo "auth/ansible.key is unencrypted. Ready to run playbooks"
else
  echo "auth/ansible.key needs to be decrypted to run playbooks. Running ansible-vault."
  ansible-vault decrypt $VAULTID $KEY
fi

# vim:ft=sh

`Makefile` bootstraps your environment

VIRTUALENV_VERSION=16.3.0
SHELL=/bin/bash
CACHE_DIR=./.cache

# fixes implicit rule converting *.sh to *
.SUFFIXES:

all: .ansible

.PHONY: all clean

.ansible: requirements.txt | $(CACHE_DIR)/virtualenv-$(VIRTUALENV_VERSION)/virtualenv.py
        rm -rf $@
        $(word 1,$|) --no-site-packages $@
        source ./$@/bin/activate; python ./$@/bin/pip install -r $<
        source .ansible/bin/activate

lint: .ansible
        .ansible/bin/python .ansible/bin/ansible-lint plays/compliance/*.yml plays/jobs/*/*.yml
        .ansible/bin/yamllint --strict .
        .ansible/bin/pycodestyle roles resources

$(CACHE_DIR):
        mkdir -p $@

$(CACHE_DIR)/virtualenv-$(VIRTUALENV_VERSION)/virtualenv.py: $(CACHE_DIR)/virtualenv-$(VIRTUALENV_VERSION).tar.gz
        tar -xzf $< -C $(<D)
        touch $@ # this ensures this target doesn't get continually re-run

$(CACHE_DIR)/virtualenv-$(VIRTUALENV_VERSION).tar.gz: $(CACHE_DIR)
        curl -o $@ -L https://pypi.io/packages/source/v/virtualenv/virtualenv-$(VIRTUALENV_VERSION).tar.gz

clean:
        rm -rf .ansible

`end` protects us from ourselves

# This is the file that will be used to run vault. If it is not set, vault
# will prompt for a password. It is controlled in this manner due to the
# syntax that an assignement string as an argument.
VAULTID=""

# Look for the export of
if [ ! -z $VAULTFILE ]; then
  echo "Using $VAULTFILE for vault commands"
  VAULTID="--vault-password-file=$VAULTFILE"
else
  echo "\$VAULTFILE not set- will prompt for vault password"
fi

# These files should never be committed unencrypted
files=(auth/ansible-mgmt.key roles/docker/wiki/vars/main.yml roles/docker/pihole/vars/main.yml)

for file in ${files[@]}
do
    # Check to see if the file has the vault header
    grep -q "ANSIBLE_VAULT" $file

    if [ "$?" -eq "1"  ]; then
      echo "$file is unencrypted. It needs to be encrypted before you're done."
      ansible-vault encrypt $VAULTID $file
    else
      echo "$file is encrypted."
    fi
done

# Get out of the virtualenv
deactivate

# Disable the zsh "no matches found" option. We will have to now redirect
# STDERR for the 'ls' comannd
setopt +o nomatch

# Cleanup stray 'retry' files from runs that have partially failed
for i in $(ls plays/*.retry 2>/dev/null)
do
  echo -n "Removing $i... "
  rm -rf $i
  echo "Done."
done

# Re-enable nomatch
setopt -o nomatch
# vim:ft=sh

Example Service: PiHole

pihole
├── README.md
├── tasks
│   └── main.yml
└── vars
    └── main.yml

`tasks/main.yml`

- name: "Pull {{ ctname }} Image"
  docker_image:
    name: "{{ ctname }}/{{ ctname }}"
    tag: latest
    pull: yes

- name: Include Common Runtime Variables
  include_vars:
    dir: ../../vars/

- name: "Run {{ ctname }}"
  docker_container:
    name: "{{ ctname }}"
    hostname: "{{ ctname }}"
    image: "{{ ctname }}/{{ ctname }}"
    pull: yes
    state: started
    restart: yes
    restart_policy: always
    capabilities:
      - NET_ADMIN
    dns_servers:
      - 127.0.0.1
      - 8.8.8.8
    purge_networks: yes
    networks:
      - name: "{{ bridge }}"
        ipv4_address: "{{ ipaddr }}"
    env:
      ServerIP: "{{ ipaddr }}"
      PUID: "{{ media.uid }}"
      PGID: "{{ media.gid }}"
      TZ: "{{ tz.local }}"
      WEBPASSWORD: "{{ piholepass }}"
    volumes:
      - "{{ media.container }}/{{ ctname }}:/etc/{{ ctname }}:rw"
      - "{{ media.container }}/{{ ctname }}/dnsmasq.d/:/etc/dnsmasq.d:rw"
      - "/etc/localtime:/etc/localtime:ro"
      - "/dev/rtc:/dev/rtc:ro"

Note: DNS servers are important. 127.0.0.1 ensures that Pihole works, and 8.8.8.8 ensures that the container has fallback to the real internet if something goes wrong

`vars/main.yml`

ctname: pihole
ipaddr: 172.18.0.2

`../../vars/` Common variables to all containers

bridge: lan-bridge
media:
  home: /home/media
  container: /home/media/container
  uid: 1001
  gid: 1002
tz:
  local: "America/Halifax"
env:
  PUID: "media"
  PGID: "media"
volumes:
  - "/etc/localtime:/etc/localtime:ro"
  - "/dev/rtc:/dev/rtc:ro"

invisiblethreat

Bypassing Synology's 32K NFS Block Size Limit with systemd

What the setting actually controls

Why you can’t just echo a value at boot

How DSM 7 starts NFS

The fix

Client side

Notes

Something big/small/other is happening.

What’s coming?

The Perspectives at Play

The AI Maximalists

The AI Doomers

The AI Doubters

The AI Hater (Bonus!)

Where I’m At(for now)

Things I’m Keeping in Mind

What I’ve Built

Going Forward

POSSE Note

Per-domain resolvers in macOS

macOS, DNS, and you

The Problem

The solution

A script

Exim, ZDI, and the casualties

Three months later- a reflection

ZDI Lost

Security People Lost

The Exim Project Lost

AI Regulation

AI Regulation

Americanterism and a failure to understand the internet

Chaotic actors

Information wants to be free

Infinity hurts my head

Infinity makes me question precision and measurement

The BMI Range

The gaps

2021- The year in review

Another year in the books…

My Internal Conflict

Start, Stop, Continue, but in a different order.

Stop

Continue

Start

Onward

VSCode, GOOS, and you.

Update: 2021-12-26

VSCode & gopls: friends or foes?

Limitless Book review

tl;dr 9/10

Overview

Some notes on Notes

Review

Focus

Study

Memory

Speed Reading

Conclusion

Post Script (Update 2021-06-01)

.lan Docker Setup

.lan Docker Setup

Tools

Networking Design

The Docker Network

Ansible YAML for creating Docker network

Management

init sets things up

Makefile bootstraps your environment

end protects us from ourselves

Example Service: PiHole

tasks/main.yml

vars/main.yml

../../vars/ Common variables to all containers

VSCode & `gopls`: friends or foes?

`.lan` Docker Setup

`init` sets things up

`Makefile` bootstraps your environment

`end` protects us from ourselves

`tasks/main.yml`

`vars/main.yml`

`../../vars/` Common variables to all containers