• Accidentally discovered that EC2 security groups do not terminate an open connection (like SSH) when the security group rules or membership change. New connections will be prevented, but this will not terminate established ones.

    See for yourself:

    • create an EC2 instance and give it a security group
    • add an ingress rule on port 22
    • SSH into it
    • change the security group; remove the instance from that group altogether, or just change ingress rule.
    • Observe how the SSH connection remains open

    Tested this for N hours and SSH connection did not get terminated. So if someone is in your boxen, you can’t kick them out that way.

    Heed the warning and plan accordingly.

    update 2017-11:

    Apparently Azure NSGs have the same flaw. Not even surprised.

  • Sat, Dec 10, 2016

    Recovering my better half’s system drive. Her OWC 480GB SSD was allowed to reach 100% capacity (only 1.5GB remain)… And all hell broke loose. It’s barely readable (takes 10 minutes just to mount on my laptop), and I can’t even delete anything (any attempt to modify the filesystem just returns an invalid argument).

    I’m currently rsync-ing all the things to a network volume, and will attempt to deal with this after the data is safe.

    That machine was long overdue for a refresh anyway.

    Lessons *:

    • When setting up an SSD, make sure to enable TRIM. Windows | macOS (≥10.10.4).
      • OWC seems to discourage the use of TRIM, citing “garbage collection”. I believe those are different things, but more research is needed.
    • Leave unpartitioned space on the SSD. The accepted guideline seems to be ≈10% of total capacity

    * Disclaimer: I take no responsibility whatsoever for any effects, including but not limited to loss of data, caused directly or indirectly by this blog post.

Hosting AWS Docker Microservices Tooling Automation