Wandering Thoughts archives

2008-12-31: Certificate authorities seem to be a real weakness in SSL
One of Python 3's fundamental problems on Unix
2008-12-30: ZFS and crazy dates
2008-12-28: Discovering things while researching Unix history
An advantage of doing test driven development
2008-12-27: Email marketing is pretty much spam
2008-12-26: The consequences of the Debian OpenSSL compromise
2008-12-25: My view of Sun and their history
2008-12-24: A thesis: Sun should be prepared to give up on SPARC
2008-12-23: You need major advantages to really move issues
2008-12-21: Part of why managing firewalls is hard
The role of superstition and folklore in system administration
2008-12-20: The source of spurious .rpmnew files
2008-12-19: Comments and dialogues
2008-12-18: Why LVM snapshots should really have hooks into filesystems
2008-12-17: Some reasons why I like vi
2008-12-16: Why XHTML is doomed, at least in its strict validation form
2008-12-14: Feed aggregators should fail gracefully
2008-12-13: The pragmatic problem with strict XHTML validation
2008-12-12: Two-step updates: the best solution to the valid XHTML problem
2008-12-11: Why syndication feed readers (and web browsers) should fail gracefully
Why you should always allow version 1 to be specified
2008-12-09: What sort of user interfaces the web is good for
How Amanda uses what restore program to use, a correction
2008-12-08: How I split up my workstation's disk space
2008-12-07: How to help programmers (part 1): the os.listdir() problem
One of Python's problems with packages
2008-12-06: On line endings and honesty
2008-12-05: A little gotcha when implementing shell read
2008-12-04: The rewriting problem on ZFS and other 'log structured' filesystems
2008-12-03: Mapping IP addresses to ASNs
2008-12-02: A thesis: Sun should fork Solaris
2008-11-30: My view on vi and vim (and nvi et al)
Server problems caused by 'transparent' self-signed SSL certificates
2008-11-29: Good editors aren't better or worse, just different
2008-11-28: Why rootkits targeted at Red Hat Enterprise would make me especially nervous
2008-11-27: The practical insecurity of self-signed SSL certificates on the web
2008-11-26: One consequence of mathematical security thinking
2008-11-25: The problem with security alerts, and indeed all alerts
2008-11-23: My sign of a good graphical interface
2008-11-22: Why I hate 'security questions'
2008-11-21: Limiting how much load Exim puts on your system
2008-11-20: Combining dual identity routing and isolated interfaces revisited
2008-11-19: A growing realization about tcpdump and reading IP traffic
BitTorrent's file fragmentation problem
2008-11-18: Where vi runs into its limits
2008-11-16: Checking systems with RPM verification (part 2)
A hint for email providers
2008-11-15: Getting Python's encoding and decoding straight
2008-11-14: How to force a crash dump on Solaris 10 x86
2008-11-13: What the members of a Unicode conversion error object are
2008-11-12: Why not doing Unicode is easier than doing Unicode in Python
2008-11-11: Another attempt to split SSL into encryption and trust
2008-11-10: Exploiting the Bourne shell to parse configuration files
2008-11-09: The history of Unix *dump programs
2008-11-08: Thinking about how your security domains relate to each other
2008-11-07: What the timestamps in Ubuntu kernel messages mean
2008-11-05: How many root passwords should you have?
An issue with quotas on ZFS pools
2008-11-04: Mistakes editors can make that disqualify them as sysadmin editors
2008-11-03: Why vi has become my sysadmin's editor
2008-11-02: Why university webmail systems are attractive to spammers
2008-10-31: Why realistic UDP bandwidth testing is hard
Banging rocks together in Python
2008-10-30: How Linux initrds used to be a hack
2008-10-29: Problems I have seen with switch port mirroring
2008-10-28: One reason why people buy Ethernet taps
2008-10-27: What we keep track of for ZFS pools
2008-10-26: Why RAID-1 is the right choice for our new fileservers
2008-10-25: How we worked out the partition sizes for our SAN
2008-10-24: A little neat detail of the BitTorrent protocol
2008-10-23: Another update to the ZFS excessive prefetching situation
2008-10-22: How Amanda knows what restore program to use
2008-10-21: Seeing how remarkable V7 Unix was
2008-10-19: The advantages of iSCSI's MC/S for multipathing
Thesis: reputation based antispam systems are dead
2008-10-18: More on Firefox 3's handling of self-signed SSL certificates
2008-10-17: How self-signed certificates are a problem for browsers
2008-10-16: Why Firefox 3's handling of self-signed SSL certificates is wrong
2008-10-15: The corporate identity problem
2008-10-14: Improving initial ramdisks
2008-10-13: The complexity of not lying to Makefiles
2008-10-12: An irritating awk limitation: getting a range of fields
2008-10-11: Forcing sort ordering in Unix shell scripts
2008-10-10: Some notes about iSCSI multipathing in Solaris
2008-10-09: We've lost the password battle
2008-10-08: How we set up our Solaris ZFS-based NFS fileservers
2008-10-07: How we set up our iSCSI target servers
2008-10-06: A problem with Python's help()
2008-10-05: SSL certificate revocation doesn't work (for web browsers)
2008-10-04: Consider having obvious interfaces too
2008-10-03: Arranging your SSL websites for very cautious people
2008-10-01: Another consequence of the Debian OpenSSL security bug
2008-09-30: The consequences of your SSL certificate getting compromised
Using Python to find out what cipher a SSL server is using
2008-09-29: SSL/TLS and forward secrecy
2008-09-28: Why I hate Solaris 10's service facility right now
2008-09-27: The problem with initial ramdisks
2008-09-26: The aesthetics of syntactic sugar
2008-09-25: Why qmail is no longer a suitable Internet MTA
2008-09-24: How we lie to our Makefiles
2008-09-23: Some thoughts on improving current thread-based programming
2008-09-21: Why I wind up writing real parsers for my sysadmin tools
2008-09-20: A side note to the attraction of file-based blog engines
The attractions of 'file as blog entry' blog engines
2008-09-19: Gotchas with IET that I have encountered
2008-09-18: My experiences so far with Linux iSCSI target software
2008-09-17: How to securely manipulate user files
2008-09-16: A Unix without a test program
2008-09-15: Why ZFS's raidz design decision is sensible (or at least rational)
2008-09-14: A read performance surprise with ZFS's raidz and raidz2
2008-09-13: 999 days is not forever
2008-09-12: ZFS's helpful attention to detail
Why you want sysadmins, not users, to be providing the computing
2008-09-11: Why I have the same shell dotfiles everywhere
2008-09-10: A Unix shell trick
2008-09-09: The problem with unit testing programs
2008-09-08: How to get as much of your program byte-compiled as possible
2008-09-07: Why your main program should be importable
2008-09-06: Why negative DNS caching is necessary
2008-09-05: Something to remember when using DTrace on userland programs
2008-09-03: Why SMTP needs a way of communicating partial success for message delivery
How to reject at SMTP time without enabling dictionary scanning
2008-09-01: Accept-then-bounce is no longer acceptable in mail systems
2008-08-31: There is a balance between optimism and paranoia for compromised machines
A realization about the recent Red Hat Enterprise security issue
2008-08-29: Open source projects and programs versus products
We don't really control user desktop machines
2008-08-28: Thinking about the importance of cross-implementation portability
2008-08-27: How I think about how important security updates are
2008-08-25: Fixing low command error distances
The concept of error distance in sysadmin commands
2008-08-24: An update to the ZFS excessive prefetching situation
2008-08-23: Another problem with SSL identities
2008-08-22: Why noting security fixes in Linux kernel changelogs doesn't really help
2008-08-21: What you select for when you make something harder
2008-08-20: An illustration of why syntactic sugar matters
2008-08-18: The problem with using tuples and lists to hold structures
2008-08-17: Thinking about the best way to handle command registration
Why your blog comments have less of an audience than new blog entries
Another reason to avoid having comments
2008-08-16: Why it matters what users like
2008-08-15: Using a non-standard shell as your login shell
2008-08-14: A bash irritation: the incompatible exec
2008-08-12: The first principle of analyzing compromised machines
2008-08-11: How RPM verification deals with prelinking
2008-08-10: Anti-spam work is pure overhead
How to tell when your bug reporting system is at its limits
2008-08-08: How to exploit unsigned repository metadata
A workaround for the Python module search path issue on Unix
2008-08-07: The pragmatics of language changes
2008-08-06: More on the funding capture problem
2008-08-04: SSL does not create trust
Our answer to the ZFS SAN failover problem
2008-08-03: A performance gotcha with syslogd
First impressions of using DTrace on user-level programs
2008-08-02: One reason that it is so hard to challenge Google
2008-07-31: A crude system verification method
SSL's identity problem
2008-07-30: What is guaranteed in languages in practice
2008-07-28: What you can (probably) count on for concurrency in Python
Another advantage of Python builtins
2008-07-27: The yum versionlock problem
2008-07-26: dict.setdefault() as a concurrency primitive
2008-07-24: How packaging systems should handle kernel updates
One thing that I dislike about typical debuggers
2008-07-23: Retracting blog entries in the face of syndication feeds
2008-07-22: Two different usage patterns
2008-07-20: Thinking about uses for (system) activity tracers
Why I'm mostly out of the email (anti-)spam game
2008-07-18: One consequence of Linux's dynamic network device naming
The advantage of blog comments
2008-07-17: The not so secret origins of /usr/bin and /usr/sbin (and /sbin)
2008-07-16: The problem with Usenet
2008-07-14: What some fdisk options actually do
2008-07-13: How ZFS helps out with the big RAID-5 problem
The problem with big RAID-5 arrays
2008-07-12: When overlapping windows do (and don't) make sense
2008-07-11: The case of the mysteriously failing connections
2008-07-10: Internet software decays and must be actively maintained
2008-07-09: Detailed usage charges versus simpler charging models
2008-07-08: How to force Solaris to renumber network devices
2008-07-06: A (D)VCS feature that I'd really like
A small drawback to Wietse Venema's TCP Wrappers
2008-07-05: How OOXML is a complete failure, even for Microsoft
2008-07-04: Phish spammers who make it easy
2008-07-03: Why system administrators like interpreted languages
2008-07-02: Why reverse proxies are good for big web applications
2008-06-30: The many problems with bad security patches
2008-06-29: Why user exposure matters for Linux distributions, especially on desktops
Why Ubuntu's LTS releases are inferior to Red Hat Enterprise Linux
2008-06-28: The other reason that shells should be programmable
2008-06-27: Fault hierarchies and problem reports
2008-06-26: Virtual desktops versus multiple monitors
2008-06-25: More on standard interfaces
2008-06-23: Why I am not really fond of docstrings in Python
More thinking about Python's inheritance model
2008-06-22: The implicit versus the explicit
2008-06-21: A bug reporting paradox: don't put in too much detail
2008-06-20: Accidental bittorrent on our networks
2008-06-19: A thought about filesystem snapshots
2008-06-17: A simple request for vendor websites
Sun flubs another SSH patch
2008-06-16: Why people persist in sending files by email
2008-06-15: Why DNS blocklists return information as IP addresses
2008-06-13: The cost of virtualization
2008-06-12: The problem with ZFS, SANs, and failover
2008-06-11: Designing a usable DNS Blocklist result format
Tabs versus windows, or why I usually want windows
2008-06-09: Mirrored system disks should be trivial to set up
2008-06-08: Thinking about Python's inheritance model
Recovering my Eee PC from a post-update problem
2008-06-07: Why 'file as blog entry' blog engines have problems
2008-06-06: Why shells should have small programming languages
2008-06-04: Some corollaries to the charging problem
2008-06-03: My problem with ZFS
2008-06-02: Improving RPM as a packaging system
Why package systems are important
2008-05-31: What contracts aren't
2008-05-30: The fun of awk
Users are rational
2008-05-29: Why web spiders should not crawl syndication feeds
2008-05-28: What promiscuous mode does on modern networks
2008-05-26: Shimming modules for testing (and fun)
2008-05-25: Making a good Unix glue language
The risks of forcing frequent password changes
2008-05-24: Dear applications: WEP keys are not passwords
2008-05-23: Frequent password changes as security mythology
2008-05-21: Combining dual identity routing and isolated interfaces
2008-05-20: Getting live network bandwidth numbers on Solaris
2008-05-19: Segregating your outgoing email to get blocked as little as possible
2008-05-18: The threat model for website logins
Counterproductive password security
2008-05-17: Why we're interested in many ZFS pools
2008-05-15: Why it is hard to decommission a DNS blocklist
What protects the strength of a ssh connection's encryption
2008-05-13: Things I have learned about ZFS (and a Linux iSCSI target)
2008-05-12: Some thoughts on tradeoffs between storage models
2008-05-11: The history of readdir()
Another problem with doing your own sysadmin automation
2008-05-09: An advantage of interpreted languages
2008-05-08: Getting live network bandwidth numbers on Linux
2008-05-07: Today's Solaris 10 irritation: the fault manager daemon
2008-05-06: The Bourne shell is not a programming language
2008-05-05: The costs of doing your own system administration automation
2008-05-04: On standard interfaces
2008-05-03: Why people don't automate sysadmin stuff
2008-05-02: Automation changes as systems grow
2008-05-01: What the co_names attribute on Python code objects is
2008-04-30: Why apt is always going to be faster than yum
Why you can't stop 'abuse' of file sharing services
2008-04-28: Abusing Python frame and code objects
2008-04-27: Attribute tracing as a mixin class
2008-04-26: A thought on trackbacks
2008-04-25: BitTorrent trackers are not innocent bystanders
2008-04-24: What Linux's RPC queue dump means, sort of
A brief mention of some tools for debugging Linux NFS client issues
2008-04-22: The irritation of single-context applications
2008-04-21: Dear ZFS: please stop having your commands stall
2008-04-20: Finding the name of your caller in Python
What FAQs are
2008-04-18: The two (at least) forms of documentation
2008-04-17: The limits of isolated interfaces
2008-04-16: My secret mouse fear
The appeal of GNU tools
2008-04-15: Management interfaces as isolated interfaces
2008-04-14: A sysadmin's review of the ASUS Eee PC
2008-04-13: How I use Firefox's remote control
2008-04-12: Different reasons for having comments
2008-04-11: The appeal of XML
When I do and don't read a blog's comments
2008-04-09: Why there's a bunch of spam from university webmail systems right now
2008-04-08: An alternate take on availability numbers
2008-04-07: Get statistics
2008-04-06: The problem with PID files
2008-04-05: What I needed to make my custom Fedora 8 environment work
Why people are accepting bad uptimes from Internet applications
2008-04-03: Google Mail has a spam problem
2008-04-02: ZFS: Reservations versus quotas
2008-04-01: A simple Python class to trace access to object attributes
2008-03-31: Keeping secrets as a system administrator
The quote of the time interval, on XML
2008-03-30: Docstrings versus comments in my code
2008-03-29: Tradeoffs in where you store volume management metadata
2008-03-28: The stages of Bittorrent encryption
2008-03-27: An idea for a browser anti-phish feature
2008-03-26: Why authenticated email won't stop phish spam
2008-03-25: The easy way to keep a week's worth of something
2008-03-24: The two sorts of (programmer) certification
2008-03-23: Why software engineering certification may not work out the way people want
2008-03-22: Why NFS writes to ZFS are sometimes (or often) slow
2008-03-21: Journaling filesystems and the fsync() problem
2008-03-20: Why you should ratelimit messages that outside things can cause
2008-03-19: The problem of charging for things (well, one of them)
2008-03-18: Some things I dislike about the ASUS Eee
2008-03-17: Why I expect more from Solaris
2008-03-16: My problem with Lisp
2008-03-15: Why accurately counting committed address space is hard
2008-03-14: Why I like definite answers to support issues
2008-03-13: Another problem with iSCSI on Solaris 10
2008-03-12: A bash irritation: mutable history
2008-03-11: The 'Add Comments' problem
2008-03-10: Why I organize comments on WanderingThoughts the way I do
2008-03-09: The difference between a SAN and a cluster filesystem
2008-03-08: What controls Red Hat Enterprise's ethN device names
My problem with Ethernet naming on Red Hat Enterprise 5
2008-03-06: Software RAID, udev, and failed disks
The difference between operations and system administration
2008-03-05: How we make Exim discard bounces of spam
2008-03-04: How we deal with the spam forwarding problem
2008-03-03: How not to set up your DNS (part 18)
2008-03-02: How ZFS's version of RAID-5 can be better than normal RAID-5
2008-03-01: Speed surprises in reimplementing the .find() string method
2008-02-29: An illustration of the speed advantage of Python builtins
2008-02-28: My likely Firefox 3 extensions
2008-02-27: Two sorts of languages
2008-02-26: Something that I do not understand
2008-02-25: The best way to shroud IP addresses
2008-02-24: An idea: only use URL fragments as an implementation detail
2008-02-23: Where the risk is with virtualization (and iSCSI)
2008-02-22: Why I am not fond of Ubuntu's management of kernel updates
2008-02-21: Wireless, machine rooms, and the Asus Eee PC
The irritation of single-instance applications
2008-02-20: How our automounter replacement works
2008-02-18: Coding paralysis
ZFS versus SANs: where do you put the RAID?
2008-02-16: The only way you can stop spam with money
2008-02-15: A weird routing mystery
2008-02-14: Why does anyone buy iSCSI TOE network cards?
2008-02-13: A consequence of Python's 'computer science' nature
2008-02-12: A small annoyance with HTML
2008-02-11: Why commercial support needs to solve your customers' problems
2008-02-10: A basic introduction to prelinking on Linux
2008-02-09: The other reason certified email won't solve the spam problem
How your fileservers can wind up spreading over your SAN
2008-02-08: Why /usr/local is now useless (and where it came from)
2008-02-06: Why ZFS needs a zfsdump
2008-02-05: Prewiring experimental racks
2008-02-04: The origins of /usr/share
2008-02-03: A note to would-be photo editing applications
2008-02-02: Why certified/authenticated email cannot solve spam
2008-02-01: Isolating network interfaces on Linux
2008-01-31: The sysadmin's life (again)
2008-01-30: Linux's IP forwarding settings summarized
2008-01-29: An annoyance in Python's attribute access rules
2008-01-28: One reason I like Python
2008-01-27: Classic crontab syntax mistakes
2008-01-26: The funding capture problem
2008-01-25: A modest suggestion about test accounts
2008-01-24: Running a 32-bit Firefox on a 64-bit Fedora or Red Hat Enterprise
2008-01-23: The weird effects of Firefox's remote control on Unix
Linux's umount -f forces IO errors
2008-01-21: Why I believe that you want Solaris if you want ZFS
2008-01-20: Layering buffering on top of other buffering is usually a bad idea
2008-01-19: Why the x86 Linux kernel is part of every process's address space
2008-01-18: What seems to use power on an Asus Eee PC
2008-01-17: Lab notebooks are not changelogs
2008-01-16: Why sysadmins should keep a lab notebook
2008-01-15: What applications are actually crucial at a university
2008-01-14: A Python pattern: Mutating Proxies
2008-01-13: The robot logic of ZFS snapshots and quotas
2008-01-12: A thought about Amazon's S3 and EC2
2008-01-11: The importance of killing processes with the right signal
2008-01-10: What you don't know about other peers in BitTorrent
2008-01-09: There are two different situations for content-types
2008-01-08: Why I feel that a missing Debian package is a bad sign
2008-01-07: Some thoughts on Solaris 10 x86 versus Linux
2008-01-06: Why the server is the right place to determine web content types
2008-01-05: Why file extensions in URLs are a hack
2008-01-04: One problem with the current anti-spam environment
2008-01-03: Scrolling versus panning
2008-01-02: The various sorts of backgrounding in Unix
2008-01-01: An unpleasant thing about system administration

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.