It’s always data loss, isn’t it? Probably because it’s so painful. I only lost a couple of screenshots once, because I ran `rm *` in `$HOME`. No `-r`, though, so it only picked up those few stray JPGs.

One of the worst moments in the recent past (a few years ago, I think) was probably running `iptables -nvL | less` on all of our client-facing OpenVPN servers at the same time (something like clusterssh).

That command looks totally harmless. What I didn’t know was that `iptables` grabs a file lock (`/run/xtables.lock`), queries rules from the kernel, prints them, and then releases that lock. In that order. If you have a lot of rules, then writing this output to the pipe will eventually block because the pipe buffer is full. Meaning, the lock is still being held, basically until `less` has read until EOF from the pipe.

Now, when a new clients connects, we had OpenVPN create a new set of iptables rules for this client. And this is where the disaster happened: OpenVPN accepts the connection, then runs `iptables -w -A …`, and then waits for this to finish.

In other words, me running `iptables -nvL | less` grabbed the file lock and the next client that connected tried to grab that lock as well, but it blocked due to `-w` and thus it blocked the entire OpenVPN process. Boom, no more traffic for a couple of hundred VPN clients. Including myself.

(We have since introduced a wrapper script `iptables-show` which basically does `iptables -nvL >foo && less foo`.)

(13-11-2020, 03:24 PM)zge Wrote: lost my bookmark collection I had started when I was 4 years old.

Was that a figure of speech or did you really start this young?