Mattias Geniar on ma.ttias.be

Dealing with concurrent bridge-network creates & host-port races in Docker

mattias@ma.ttias.be (Mattias Geniar) — Mon, 22 Jun 2026 00:00:00 +0000

I’ve been moving our CI off GitHub-hosted runners onto our own arm64 hardware. The plan was straightforward: a pool of ephemeral runners on a dedicated CI box, and each test shard spins up its own MySQL, Redis, and ClickHouse as service containers, all under rootless Docker.

Letting Cloudflare serve Brotli-compressed data with nginx

mattias@ma.ttias.be (Mattias Geniar) — Mon, 15 Jun 2026 00:00:00 +0000

Google PageSpeed flagged a stylesheet on ohdear.app the other day: front.css, the bundle for its public-facing pages. That surprised me, because Cloudflare sits in front of ohdear.app and Cloudflare does Brotli, and a Brotli’d copy of that file is around 40 KB. Browsers were downloading just over 50 KB of gzip instead. So why wasn’t Brotli kicking in?

Linux debugging tools I use daily

mattias@ma.ttias.be (Mattias Geniar) — Fri, 12 Jun 2026 00:00:00 +0000

Every server I run, including the fleet behind Oh Dear ’s uptime checks, has the same set of debugging tools installed before anything goes wrong. Not because the application needs them, but because the one time you reach for strace is at 2am, the box is misbehaving, and apt install is the last thing you want to be doing while you work out what broke.

The backup SSH daemon I run before every do-release-upgrade

mattias@ma.ttias.be (Mattias Geniar) — Wed, 10 Jun 2026 00:00:00 +0000

I spent a chunk of the last few weeks upgrading a fleet of Ubuntu servers in place, one LTS to the next, with do-release-upgrade. Dozens of boxes, mostly stateless, mostly boring once you’ve done the first few.

AI is a confidence booster

mattias@ma.ttias.be (Mattias Geniar) — Tue, 09 Jun 2026 00:00:00 +0000

Alex Hormozi has a solid definition of confidence:

You don’t become confident by shouting affirmations in the mirror, but by having a stack of undeniable proof that you are who you say you are.

Transcribing my old podcast locally with open-source AI

mattias@ma.ttias.be (Mattias Geniar) — Tue, 09 Jun 2026 00:00:00 +0000

Back in 2016 and 2017 I recorded a podcast called Syscast : interviews with people I admired in the Linux, open source and infrastructure world. Matt Holt about Caddy , Daniel Stenberg about curl , Seth Vargo about Vault , and a handful more. Ten episodes, roughly ten hours of audio, and then life got in the way and I put it on pause.

Configuring Varnish on systemd in 2026: drop-in overrides, not varnish.params

mattias@ma.ttias.be (Mattias Geniar) — Mon, 08 Jun 2026 00:00:00 +0000

Back in 2015 I wrote about running Varnish 4.x on systemd , when the RedHat-family packages moved your startup options out of /etc/sysconfig/varnish and into a new /etc/varnish/varnish.params file that the unit sourced.

Debugging cookie stripping in Varnish: client vs backend request in 2026

mattias@ma.ttias.be (Mattias Geniar) — Sun, 07 Jun 2026 00:00:00 +0000

A long time ago I wrote a Varnish tip about seeing which cookies get stripped in your VCL . The idea is still one of the most useful things you can do with varnishlog: compare what the browser sent against what reached your backend, so you can confirm your cookie-stripping rules do what you think.

The ghost domain problem in DNS, and what we're doing about it

mattias@ma.ttias.be (Mattias Geniar) — Sat, 06 Jun 2026 10:00:00 +0000

I wrote a piece over on the Oh Dear blog about a failure mode that most uptime monitoring gets wrong: a domain gets pulled from its registry’s zone, but its authoritative nameservers keep answering, and cached resolvers happily serve the stale delegation for days. Your monitoring says green. The domain is gone.

Reading the Varnish log in 2026: varnishlog -q, -g grouping and the VSL query language

mattias@ma.ttias.be (Mattias Geniar) — Sat, 06 Jun 2026 00:00:00 +0000

Years ago I posted a handful of Varnish 3.0 one-liners for varnishtop and varnishlog . They were all variations on the same idea: pick a log tag like RxURL or TxURL, then grep for what you wanted.

Varnish in 2026: it's called Vinyl Cache now, and the mental model still holds

mattias@ma.ttias.be (Mattias Geniar) — Fri, 05 Jun 2026 00:00:00 +0000

Back in 2016 I gave a talk called Varnish Explained and wrote it up slide by slide. It still gets traffic, which is nice, except the version numbers on those slides are now a decade old and the project doesn’t even go by the same name anymore.

Running HTTP/3 with Caddy in 2026: it just works

mattias@ma.ttias.be (Mattias Geniar) — Thu, 04 Jun 2026 00:00:00 +0000

When I wrote about running HTTP/3 with Caddy in 2020 , it was a ritual. You opted in with an experimental_http3 global option, the protocol was still draft h3-27, and to test it you needed a custom-compiled curl and a browser nightly with the right flags flipped. It worked, but it was clearly the bleeding edge.

Lessons learned: don't mix $timeout attributes and properties on queued Laravel jobs

mattias@ma.ttias.be (Mattias Geniar) — Wed, 03 Jun 2026 00:00:00 +0000

Update: the fix described in this post has since been merged into Laravel and ships in the next 13.x release. From that release on, a child class’s plain $timeout property correctly overrides an attribute inherited from a parent, so the specific footgun below no longer bites. This post stays up as a historical write-up: how the bug behaved, the subtle PHP reflection edge case behind it, and the fix that closed it.

QUIC and HTTP/3 in 2026: from Google experiment to IETF standard

mattias@ma.ttias.be (Mattias Geniar) — Wed, 03 Jun 2026 00:00:00 +0000

Ten years ago I wrote about Google’s QUIC protocol , back when it was an experiment you could realistically only test against Google’s own servers. I was excited about it, and I ended that post hoping the spec would get standardised and show up in other browsers and servers.

Caching get_certificate lookups in Caddy

mattias@ma.ttias.be (Mattias Geniar) — Tue, 02 Jun 2026 00:00:00 +0000

At Oh Dear , our status pages can run on a customer’s own domain, and we’ve always served on-demand ACME certificates for them: someone points their domain at us, and Caddy provisions a Let’s Encrypt certificate for it automatically. We’re now adding a second option, letting customers bring their own certificate. For that, Caddy doesn’t provision anything; it fetches the certificate from an HTTP backend in our app.

Serving HTTP/2 and HTTP/3 with Nginx in 2026

mattias@ma.ttias.be (Mattias Geniar) — Tue, 02 Jun 2026 00:00:00 +0000

Back in 2016 I wrapped nginx in a Docker container just to get HTTP/2 working. Not because I love Docker, but because the server’s OpenSSL was too old to do ALPN, and the cleanest way to borrow a modern OpenSSL was to lift one out of an Alpine container. It worked, but it was a hack, and I knew it at the time.

More time to think

mattias@ma.ttias.be (Mattias Geniar) — Mon, 01 Jun 2026 00:00:00 +0000

I’m finding myself thinking longer about the code I write and the features that get developed, than I did before the agentic coding era.

Finding Dutch audio across streaming services

mattias@ma.ttias.be (Mattias Geniar) — Tue, 28 Apr 2026 00:00:00 +0000

We have 4 streaming services at home: Netflix, Disney+, Prime Video, and Apple TV+. Try finding which films and series are actually available with Dutch audio.

Imposter: a single-phone party game, free and open source

mattias@ma.ttias.be (Mattias Geniar) — Mon, 27 Apr 2026 00:00:00 +0000

Our babysitter recently played a fun game with our kids called “Fake It”. It’s a simple party game, not too complex, and doesn’t require any props. The app store is full of them, but they all hide ads or have a €9.99/week (week!) subscription model, all trying to trick you into buying or paying. But it’s such a simple game. Surely, I can just make my own version, right?

How we implemented a mobile-friendly Oh Dear UI with AI

mattias@ma.ttias.be (Mattias Geniar) — Fri, 06 Mar 2026 00:00:00 +0000

We just shipped a mobile-friendly version of Oh Dear . It touched 226 files, added over 5,000 lines, and modified 160+ Blade templates. The PR took three weeks from first commit to merge.

My interview on Oh Dear on the Seahawk Podcast

mattias@ma.ttias.be (Mattias Geniar) — Wed, 11 Feb 2026 00:00:00 +0000

A few weeks ago, I was invited to the Seahawk Media podcast for a chat about Oh Dear , our origin and where we’re headed as a company in the age of AI and easily-copied SaaS ideas.

Catching SQL performance issues in PHPUnit and Pest, as part of your test infrastructure

mattias@ma.ttias.be (Mattias Geniar) — Mon, 26 Jan 2026 00:00:00 +0000

I’ve been on a bit of a SQL performance kick lately. Over at Oh Dear , I wrote a 3-part series about finding, fixing, and automatically detecting SQL performance issues . The last part of that series covers how we catch regressions before they hit production by running checks in our test suite.

Using AI is no longer optional

mattias@ma.ttias.be (Mattias Geniar) — Fri, 09 Jan 2026 00:00:00 +0000

We’ve gone from generating funny images to AI being a core part of being a developer quite fast, haven’t we?

Web development is fun again

mattias@ma.ttias.be (Mattias Geniar) — Sat, 03 Jan 2026 00:00:00 +0000

I remember when PHP 4 was a thing. jQuery was new and shiny. Sites were built with tables, not divs. Dreamweaver felt like a life hack. Designs were sliced in Photoshop. Databases lived in phpMyAdmin.

A fresh server for this blog

mattias@ma.ttias.be (Mattias Geniar) — Sun, 28 Dec 2025 00:00:00 +0000

It’s been 1,067 days since I last posted something on this blog. And instead of writing the blog post I wanted to write, I did everything else.