To quiet down Firefox’s network activity at the application level:

Set global (about:policies) policies in /etc/firefox/policies/policies.json

Block untrusted connections with proxy.pac [?] in policies.json. Enable the PAC file URL in (about:settings) network settings.

Additionally user.js is configurable (mine). Firefox derivatives do similar pre-configurations. Chromium derivatives have policy settings too.

There’s a quick way to test the offline behaviour of programs on Linux.

unshare -c -n bash

$ ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

List network namespaces with lsns.

$ lsns -t net
NS  TYPE NPROCS PID   USER  NETNSID    COMMAND
999 net  2      111   user  3          systemd
888 net  1      222   user  unassigned └─bash

In UNIX everything is a file. A file is a file and a directory is a special kind of file…

I saw something peculiar the other day. Hallucination? The microsoft.com domain was serving up 192.168.1.0 and 192.168.1.1 as A records in a 7 address round robin.

That’s a spooky reminder to check your rebinding setup — that is, if you’re playing with fire (DNS).

For example, unbound with private-address and private-domain. Then test if DNS rebinding is possible.

Are the caches warmed up? vmtouch and fincore are two useful programs.

What do they do? Basically, one can peek at what’s been cached into memory. I somehow ended up re–looking into this today. The Linux kernel is intelligent.

Many fortnights ago, I foolishly thought writing a GTK3 theme from scratch would be easy. It was mostly CSS unlike GTK2. About 40 minutes in came a horrifying realization: there’s fundamentally (and definitively) no way to write a consistent theme that works reliably with every application. The minor upside was a working (and somewhat accessible) wireframe theme and a basic understanding of debugging. The end.

GTK_DEBUG=interactive firefox

An actual but where did my Linux memory go command;
This program (repositories) came in handy while helping someone resolve an oom problem. Want to see memory usage and shared memory, perhaps sorted by swap?

smem -s swap -kta
smem --sort swap --abbreviate --totals --autosize

swap     (amount of swap space consumed ignoring sharing)
command  (process command line)
maps     (total mappings count)
name     (process name)
pid      (process id #)
user     (process owner)
pss      (proportional set size including sharing)
rss      (resident set size ignoring sharing)
uss      (unique set size)
vss      (virtual set size; total virtual memory mapped)

df -h | grep tmpfs
df --human-readable | grep tmpfs

Incus is worth a look. It’s the fork of LXD, a container and vm orchestration/hypervisor program for cluster setups and infra models. Incus sits on top of the lower level LXC (Linux Containers).

• Incus Documentation: https://linuxcontainers.org/incus/docs/main/
• Incus Package Files: https://github.com/zabbly/incus#readme
• Incus Repository: https://github.com/lxc/incus#readme
• Incus Demo: https://linuxcontainers.org/incus/try-it/

Some nix language gotchas I’ve experienced while using NixOS personally:

1. Avoid with expressions unless with the inherit keyword for identifying hidden attributes in scope.
2. Avoid the rec keyword unless there’s tracking/control of infinite set recursion (self naming/references).
3. Avoid importing more than 1 instance of <nixpkgs> for any evaluation chain unless there’s magic compute and “infinite” memory.

Tricky is numero three, but crucial for fast feedback regardless of the current thing? I don’t poke around as much to know anymore but; legacy, flakes, community, and possibly others.

Ho, some of us think alike. I stumbled onto this site while looking up related unshare namespace configuration. I do something similar.