tzeejay icon




Being A Good Citizen on the Internet

I must admit that I am severely impressed. Whenever I think of Backblaze at this point I think of a size-able company, maintaining EXABYTES (that number makes no sense whatsoever) of data from individuals as well as massive corporations. They run two physical locations with lots of staff and develop their own hardware & software to make all of this happen while being entirely independent of the few big “cloud” providers that have cornered the market.
This mentality is something I have always looked up to and am actively pursuing with my work at Guardian, which is now part of DNSFilter. If you want it to be done correctly you either resort to buying the most expensive option, which you probably can’t afford and is not guaranteed to solve your problem, or do it yourself. For a lot of problems those are the two options if you want to avoid mediocre, middle-of-the-road crap. Backblaze has mostly chosen to do the latter, which is something that I can really respect.
Given their responsibilities and reputation I was quite impressed to see a seemingly real human being reach out to me via E-Mail, kindly asking me to update an older link on my tiny website to their B2 product. I was going to write back telling them that I would do that but that they should ensure that they have forwards setup for the old links, but as I tested that I quickly noticed that they were already way ahead of me.

This is how you do PR work correctly for a company of any size! No ego & no weird lawyerly phrasing, just a regular message from somebody reaching out kindly asking to avoid a redirect for anybody clicking the link on my website. Backblaze has once again proven that the organization as a whole has not fallen into the

“big corporation that is required to increase shareholder value by any means”

trap and is aware that they’re just a citizen of the internet like any of us. And they’re making an effort trying to be a good internet citizen, too! I am still dearly missing a few (basic-ish) features which I would expect from their product to further integrate it into Guardian itself, but this interaction has once again proven that Backblaze is a great company to be a customer of and has really re-assured my trust in them with regards to everything that they do. I would love to one day be able to tour one of their facilities, given that I have followed their lead with building backup servers out of cheap components and being successful at it.
None of this was related to their technical strategy, past decisions or current offering, but solely on a normal human interaction.

Funny how effective a little bit of politeness & self-awareness is in this anonymized, digital world…


A Blog Series: ¿What does Tzeejay Listen To?

The majority of my working time is accompanied by music. Usually long running live electronic sets but I throw other stuff in there as well on the regular. The majority of it plays through Youtube, simply because Apple Music makes my blood boil in anger and Spotify is not an alternative to me for many reasons. Them seeking to completely ruin Podcasts & their stance on tracking and privacy are just the start of it all. I pay for Youtube Premium (yeah I know it’s rich reading this given the last sentence, but there is no alternative to Youtube that is actually being used or has relevant anything on it) since I watch a lot of car related videos at night so being able to enjoy some good music without any ads is the most obvious choice to me, even though I am not crazy about streaming everything all the time. And neither am all in on anything Google owned apart from Youtube.

This series is an attempt to give myself something simple to blog about and get into a habit of throwing things that are a little longer onto my own website and actually use it. So far it had been a little sad on here.
Expect short little posts describing the music I am linking to and why you may like it as well.

Maz Live @ Warung Tour Porto Alegre

Blog link
Youtube link


¿What does Tzeejay Listen To? Maz Live @ Warung Tour Puerto Alegre

I had actually never heard of this artist before stumbling onto this video but from the first beat it kinda took me for a ride and was perfect to work to. 2 hours might be a little long to some, but you can skip to almost any section in the video and get into the rhythm of the beats right away.

There is also an interesting mix of Afro House in there at the end with (I believe) Portuguese lyrics. All around great set

Youtube link


WWDC 2022

If you have been following me on Twitter for a little longer you are aware that I am quite outspoken about things like App Store policies, Apple’s seemingly great service revenue and their interaction and treatment of developers. If things are right they should be praised and if things are wrong they should be critiqued. Nothing good is created or can exist in a vacuum without feedback.

Over the past 3 years relations between developers and Apple have gone from indifferent at best to outright hostile. WWDC always moves the general sentiment to being more favorable and friendly, this year however has built on top of the very good remote WWDC we got to enjoy last year. I have not participated in digital lounges or other events due to various reasons but have heard from many that they have really enjoyed it.
With various people that I know of, listen to Podcasts to or know personally being in person at WWDC in Cupertino has really made me wish to be able to be there as well. It filled me with an enormous amount of envy. Envy to be there and experience the energy in the “room”, envy to make new friends, envy to share ideas, envy to learn & envy to see existing friends.

The cool kids got to fly to Cupertino. I wish I was part of the group of cool kids.

Thank you Apple for a great WWDC 2022. It feels like you have figured out what you want this to be going forward and I am excited to keep being involved in developing software for these platforms.


Check PostgreSQL TLS Certificates in Pure Go

TLS certificate expirations are quite embarrassing but still happen somewhat regularly to various services of all sizes. The core system at Guardian Firewall that I maintain have had such outages as well and I was just as embarrassed. The second was not my fault but rather a bug in an automated tool that we use to obtain a Let’s Encrypt certificate for our servers, still though these are things that I should have caught and should not have happened. Not my fault does not mean not my problem.

To prevent these scenarios I built a system that checks a manually defined list of servers once every 24 hours and alarms us in a special Slack channel if the expiration date for the server has crossed a certain threshold. If the threshold dips below 7 days it even @ mentions a group of people which leads to a push notification on all logged in devices for all members of the group. Somebody responsible will be hearing about this problem.

Doing this to HTTP connections in Go is straightforward as everything is very openly exposed by the Go stdlib but we also run PostgreSQL as our core database engine and we wanted to make sure to include it in these routine checks as well. Connections to the DB never hit the public internet in my setup or are always properly encrypted through a local port forward of a SSH session, but sprinkling some TLS 1.3 on top shouldn’t hurt anybody. Having a valid & trusted certificate is easy to come by these days and will remove some friction while using the system.
It’s free real estate operational insurance.
When I initially built this system I was struggling to understand how the TLS connection to PostgreSQL is established as tls.Dial("tcp", "postgres-ip:5432", &tls.Config{}) will try to do the right thing but ultimately fails and leads to an obscure error in the PostgreSQL log:

2022-06-07 12:25:38.754 UTC [7325] [unknown]@[unknown] LOG: invalid length of startup packet

That right there should have been enough of a hint for me to figure this out, as I am a little familiar at the very least with STARTTLS from my adventures into running-your-own-email-server land. The connection is initiated unencrypted, you pass a (not so) secret “phrase” to it, it responds with a (not so) secret “phrase” back and you can finally upgrade the connection to being encrypted by initiating the TLS handshake.
It is very easy to type out in hindsight as this all makes sense to me now, but I was really struggling to wrap my head around it not even 24 hours ago.
Thankfully though I have amazing colleagues, who are quite a bit smarter than me. This explanation made me understand the process immediately and I hope that it will help somebody else as well.

15:14 Uhr
It's a custom protocol.
15:15 Uhr
So you want to send this 00 00 00 08 04 D2 16 2F.
15:16 Uhr
Read the first byte.
15:17 Uhr
It should be character S.
15:17 Uhr
Then write/read the SSL handshake start.
15:18 Uhr
The TLS session only starts after that first byte.
15:19 Uhr
So a normal TLS socket will fail because it will receive that first byte which doesn't really make any sense because it's part of the binary PG protocol.
15:21 Uhr
openssl s_client -starttls postgres basically does that, it sends the PG magic to start the TLS connection.
15:21 Uhr
You can't do it the "normal" way.

The protocol as published by the PostreSQL authors can be found here.

She graciously published her little POC Golang program for me so that I can include it on here as well.

Mirror in case Github does something stupid

Building these little early warning systems yourself is not difficult and I would encourage anybody to do so. Save yourself from the “embarrassment” of having your TLS certificate expire in the year 2022 and beyond by having a little computer give you a nudge every once in a while.

If you find yourself struggling as I did with this task I hope this post helps you.


Monodraw Licenses Giveaway

It may come as a surprise to some, but I am doing something good just because I can and it will make me happy to see other people happy.

A little while ago the developer of the wonderful iOS Reddit client Apollo Christian Selig and I had a public exchange on Twitter about ASCII art in one of Apple’s new OSS projects. To my surprise this caught the attention of a few people. Christian & I talked about how fun it would be to launch a little giveaway, not to gain followers or sell anybody anything. Do something fun on the internet with strangers after two absolutely awful years just because I can. I ended up doing exactly that and got into contact with the Monodraw developer hoping I could purchase the licenses in bulk but ended up with ten free ones to give away.

How To Enter The Giveaway

I have decided that I will give away the licenses at random to people on Twitter leading up to Christmas. I don’t care if you follow me or not and it’s not a requirement, I just want to hear what you’re up to or what you’d like to use Monodraw for. There are bonus points if you are a student and if it would help you with class work or in a paper that you have to write, but that is also not a requirement. To enter simply mention @tzeejay on Twitter or send me an E-Mail. I prefer Twitter as I want to publicly share what you’re up to but it’s not a requirement.
If I think you’re doing something cool I will send you one of the licenses. No strings attached!

(If you think the app is cool and end up missing out on the giveaway, just treat yourself to a license. It’s only $10 and well worth the money)

Terms (?)

I was generously given the ten licenses, two of which I will give away every Advent, the first one being tomorrow 2021-11-28, and the remaining ones on Christmas (that is the 24th for y’all Americans).

Whatever holidays or festivities you observe during this time of the year, I hope you catch a break and have some free time to have some fun drawing some ASCII art. We all deserve it.