I want to try out eBPF tracing in Linux. I really do.<p>Last three times I tried to install bcc/bpftrace on my Debian boxes, I failed to do so. The situation has not changed for over a year. I'm not the only one:<p><a href="https://github.com/iovisor/bcc/issues/678" rel="nofollow">https://github.com/iovisor/bcc/issues/678</a><p><a href="https://github.com/iovisor/bcc/issues/1434" rel="nofollow">https://github.com/iovisor/bcc/issues/1434</a><p><a href="https://github.com/iovisor/bcc/issues/1985" rel="nofollow">https://github.com/iovisor/bcc/issues/1985</a>
From the bpftrace tutorial, I would have expected the one-liner<p><pre><code> bpftrace -e 'tracepoint:syscalls:sys_enter_open { printf("%d %s\n", pid, str(args->filename)); }'
</code></pre>
to show me all open calls as they happen. I would have expected to see an open when I cat a file, for example. But trying the one-liner, I only see a few opens of files in /proc.<p>Can anyone explain what's happening?
There was this talk[0] at 35c3 introducing eBPF tracing. I still have it on my towatch list as I could not attend it.<p>[0] <a href="https://media.ccc.de/v/35c3-9532-kernel_tracing_with_ebpf" rel="nofollow">https://media.ccc.de/v/35c3-9532-kernel_tracing_with_ebpf</a>
I use HTTPS Everywhere plugin for firefox... it's pretty surprising in 2019 how many network-related blogs and articles are on http links and the https equivalent is broken.<p>You can use Let's Encrypt, it's free. It makes me not want to listen to what's supposed to be their wisdom on networking matters if they can't even get that right.