2008-12-31: |
Certificate authorities seem to be a real weakness in SSL
One of Python 3's fundamental problems on Unix
|
2008-12-30: |
ZFS and crazy dates
|
2008-12-28: |
Discovering things while researching Unix history
An advantage of doing test driven development
|
2008-12-27: |
Email marketing is pretty much spam
|
2008-12-26: |
The consequences of the Debian OpenSSL compromise
|
2008-12-25: |
My view of Sun and their history
|
2008-12-24: |
A thesis: Sun should be prepared to give up on SPARC
|
2008-12-23: |
You need major advantages to really move issues
|
2008-12-21: |
Part of why managing firewalls is hard
The role of superstition and folklore in system administration
|
2008-12-20: |
The source of spurious .rpmnew files
|
2008-12-19: |
Comments and dialogues
|
2008-12-18: |
Why LVM snapshots should really have hooks into filesystems
|
2008-12-17: |
Some reasons why I like vi
|
2008-12-16: |
Why XHTML is doomed, at least in its strict validation form
|
2008-12-14: |
Feed aggregators should fail gracefully
|
2008-12-13: |
The pragmatic problem with strict XHTML validation
|
2008-12-12: |
Two-step updates: the best solution to the valid XHTML problem
|
2008-12-11: |
Why syndication feed readers (and web browsers) should fail gracefully
Why you should always allow version 1 to be specified
|
2008-12-09: |
What sort of user interfaces the web is good for
How Amanda uses what restore program to use, a correction
|
2008-12-08: |
How I split up my workstation's disk space
|
2008-12-07: |
How to help programmers (part 1): the os.listdir() problem
One of Python's problems with packages
|
2008-12-06: |
On line endings and honesty
|
2008-12-05: |
A little gotcha when implementing shell read
|
2008-12-04: |
The rewriting problem on ZFS and other 'log structured' filesystems
|
2008-12-03: |
Mapping IP addresses to ASNs
|
2008-12-02: |
A thesis: Sun should fork Solaris
|
2008-11-30: |
My view on vi and vim (and nvi et al)
Server problems caused by 'transparent' self-signed SSL certificates
|
2008-11-29: |
Good editors aren't better or worse, just different
|
2008-11-28: |
Why rootkits targeted at Red Hat Enterprise would make me especially nervous
|
2008-11-27: |
The practical insecurity of self-signed SSL certificates on the web
|
2008-11-26: |
One consequence of mathematical security thinking
|
2008-11-25: |
The problem with security alerts, and indeed all alerts
|
2008-11-23: |
My sign of a good graphical interface
|
2008-11-22: |
Why I hate 'security questions'
|
2008-11-21: |
Limiting how much load Exim puts on your system
|
2008-11-20: |
Combining dual identity routing and isolated interfaces revisited
|
2008-11-19: |
A growing realization about tcpdump and reading IP traffic
BitTorrent's file fragmentation problem
|
2008-11-18: |
Where vi runs into its limits
|
2008-11-16: |
Checking systems with RPM verification (part 2)
A hint for email providers
|
2008-11-15: |
Getting Python's encoding and decoding straight
|
2008-11-14: |
How to force a crash dump on Solaris 10 x86
|
2008-11-13: |
What the members of a Unicode conversion error object are
|
2008-11-12: |
Why not doing Unicode is easier than doing Unicode in Python
|
2008-11-11: |
Another attempt to split SSL into encryption and trust
|
2008-11-10: |
Exploiting the Bourne shell to parse configuration files
|
2008-11-09: |
The history of Unix *dump programs
|
2008-11-08: |
Thinking about how your security domains relate to each other
|
2008-11-07: |
What the timestamps in Ubuntu kernel messages mean
|
2008-11-05: |
How many root passwords should you have?
An issue with quotas on ZFS pools
|
2008-11-04: |
Mistakes editors can make that disqualify them as sysadmin editors
|
2008-11-03: |
Why vi has become my sysadmin's editor
|
2008-11-02: |
Why university webmail systems are attractive to spammers
|
2008-10-31: |
Why realistic UDP bandwidth testing is hard
Banging rocks together in Python
|
2008-10-30: |
How Linux initrds used to be a hack
|
2008-10-29: |
Problems I have seen with switch port mirroring
|
2008-10-28: |
One reason why people buy Ethernet taps
|
2008-10-27: |
What we keep track of for ZFS pools
|
2008-10-26: |
Why RAID-1 is the right choice for our new fileservers
|
2008-10-25: |
How we worked out the partition sizes for our SAN
|
2008-10-24: |
A little neat detail of the BitTorrent protocol
|
2008-10-23: |
Another update to the ZFS excessive prefetching situation
|
2008-10-22: |
How Amanda knows what restore program to use
|
2008-10-21: |
Seeing how remarkable V7 Unix was
|
2008-10-19: |
The advantages of iSCSI's MC/S for multipathing
Thesis: reputation based antispam systems are dead
|
2008-10-18: |
More on Firefox 3's handling of self-signed SSL certificates
|
2008-10-17: |
How self-signed certificates are a problem for browsers
|
2008-10-16: |
Why Firefox 3's handling of self-signed SSL certificates is wrong
|
2008-10-15: |
The corporate identity problem
|
2008-10-14: |
Improving initial ramdisks
|
2008-10-13: |
The complexity of not lying to Makefiles
|
2008-10-12: |
An irritating awk limitation: getting a range of fields
|
2008-10-11: |
Forcing sort ordering in Unix shell scripts
|
2008-10-10: |
Some notes about iSCSI multipathing in Solaris
|
2008-10-09: |
We've lost the password battle
|
2008-10-08: |
How we set up our Solaris ZFS-based NFS fileservers
|
2008-10-07: |
How we set up our iSCSI target servers
|
2008-10-06: |
A problem with Python's help()
|
2008-10-05: |
SSL certificate revocation doesn't work (for web browsers)
|
2008-10-04: |
Consider having obvious interfaces too
|
2008-10-03: |
Arranging your SSL websites for very cautious people
|
2008-10-01: |
Another consequence of the Debian OpenSSL security bug
|
2008-09-30: |
The consequences of your SSL certificate getting compromised
Using Python to find out what cipher a SSL server is using
|
2008-09-29: |
SSL/TLS and forward secrecy
|
2008-09-28: |
Why I hate Solaris 10's service facility right now
|
2008-09-27: |
The problem with initial ramdisks
|
2008-09-26: |
The aesthetics of syntactic sugar
|
2008-09-25: |
Why qmail is no longer a suitable Internet MTA
|
2008-09-24: |
How we lie to our Makefiles
|
2008-09-23: |
Some thoughts on improving current thread-based programming
|
2008-09-21: |
Why I wind up writing real parsers for my sysadmin tools
|
2008-09-20: |
A side note to the attraction of file-based blog engines
The attractions of 'file as blog entry' blog engines
|
2008-09-19: |
Gotchas with IET that I have encountered
|
2008-09-18: |
My experiences so far with Linux iSCSI target software
|
2008-09-17: |
How to securely manipulate user files
|
2008-09-16: |
A Unix without a test program
|
2008-09-15: |
Why ZFS's raidz design decision is sensible (or at least rational)
|
2008-09-14: |
A read performance surprise with ZFS's raidz and raidz2
|
2008-09-13: |
999 days is not forever
|
2008-09-12: |
ZFS's helpful attention to detail
Why you want sysadmins, not users, to be providing the computing
|
2008-09-11: |
Why I have the same shell dotfiles everywhere
|
2008-09-10: |
A Unix shell trick
|
2008-09-09: |
The problem with unit testing programs
|
2008-09-08: |
How to get as much of your program byte-compiled as possible
|
2008-09-07: |
Why your main program should be import able
|
2008-09-06: |
Why negative DNS caching is necessary
|
2008-09-05: |
Something to remember when using DTrace on userland programs
|
2008-09-03: |
Why SMTP needs a way of communicating partial success for message delivery
How to reject at SMTP time without enabling dictionary scanning
|
2008-09-01: |
Accept-then-bounce is no longer acceptable in mail systems
|
2008-08-31: |
There is a balance between optimism and paranoia for compromised machines
A realization about the recent Red Hat Enterprise security issue
|
2008-08-29: |
Open source projects and programs versus products
We don't really control user desktop machines
|
2008-08-28: |
Thinking about the importance of cross-implementation portability
|
2008-08-27: |
How I think about how important security updates are
|
2008-08-25: |
Fixing low command error distances
The concept of error distance in sysadmin commands
|
2008-08-24: |
An update to the ZFS excessive prefetching situation
|
2008-08-23: |
Another problem with SSL identities
|
2008-08-22: |
Why noting security fixes in Linux kernel changelogs doesn't really help
|
2008-08-21: |
What you select for when you make something harder
|
2008-08-20: |
An illustration of why syntactic sugar matters
|
2008-08-18: |
The problem with using tuples and lists to hold structures
|
2008-08-17: |
Thinking about the best way to handle command registration
Why your blog comments have less of an audience than new blog entries
Another reason to avoid having comments
|
2008-08-16: |
Why it matters what users like
|
2008-08-15: |
Using a non-standard shell as your login shell
|
2008-08-14: |
A bash irritation: the incompatible exec
|
2008-08-12: |
The first principle of analyzing compromised machines
|
2008-08-11: |
How RPM verification deals with prelinking
|
2008-08-10: |
Anti-spam work is pure overhead
How to tell when your bug reporting system is at its limits
|
2008-08-08: |
How to exploit unsigned repository metadata
A workaround for the Python module search path issue on Unix
|
2008-08-07: |
The pragmatics of language changes
|
2008-08-06: |
More on the funding capture problem
|
2008-08-04: |
SSL does not create trust
Our answer to the ZFS SAN failover problem
|
2008-08-03: |
A performance gotcha with syslogd
First impressions of using DTrace on user-level programs
|
2008-08-02: |
One reason that it is so hard to challenge Google
|
2008-07-31: |
A crude system verification method
SSL's identity problem
|
2008-07-30: |
What is guaranteed in languages in practice
|
2008-07-28: |
What you can (probably) count on for concurrency in Python
Another advantage of Python builtins
|
2008-07-27: |
The yum versionlock problem
|
2008-07-26: |
dict.setdefault() as a concurrency primitive
|
2008-07-24: |
How packaging systems should handle kernel updates
One thing that I dislike about typical debuggers
|
2008-07-23: |
Retracting blog entries in the face of syndication feeds
|
2008-07-22: |
Two different usage patterns
|
2008-07-20: |
Thinking about uses for (system) activity tracers
Why I'm mostly out of the email (anti-)spam game
|
2008-07-18: |
One consequence of Linux's dynamic network device naming
The advantage of blog comments
|
2008-07-17: |
The not so secret origins of /usr/bin and /usr/sbin (and /sbin )
|
2008-07-16: |
The problem with Usenet
|
2008-07-14: |
What some fdisk options actually do
|
2008-07-13: |
How ZFS helps out with the big RAID-5 problem
The problem with big RAID-5 arrays
|
2008-07-12: |
When overlapping windows do (and don't) make sense
|
2008-07-11: |
The case of the mysteriously failing connections
|
2008-07-10: |
Internet software decays and must be actively maintained
|
2008-07-09: |
Detailed usage charges versus simpler charging models
|
2008-07-08: |
How to force Solaris to renumber network devices
|
2008-07-06: |
A (D)VCS feature that I'd really like
A small drawback to Wietse Venema's TCP Wrappers
|
2008-07-05: |
How OOXML is a complete failure, even for Microsoft
|
2008-07-04: |
Phish spammers who make it easy
|
2008-07-03: |
Why system administrators like interpreted languages
|
2008-07-02: |
Why reverse proxies are good for big web applications
|
2008-06-30: |
The many problems with bad security patches
|
2008-06-29: |
Why user exposure matters for Linux distributions, especially on desktops
Why Ubuntu's LTS releases are inferior to Red Hat Enterprise Linux
|
2008-06-28: |
The other reason that shells should be programmable
|
2008-06-27: |
Fault hierarchies and problem reports
|
2008-06-26: |
Virtual desktops versus multiple monitors
|
2008-06-25: |
More on standard interfaces
|
2008-06-23: |
Why I am not really fond of docstrings in Python
More thinking about Python's inheritance model
|
2008-06-22: |
The implicit versus the explicit
|
2008-06-21: |
A bug reporting paradox: don't put in too much detail
|
2008-06-20: |
Accidental bittorrent on our networks
|
2008-06-19: |
A thought about filesystem snapshots
|
2008-06-17: |
A simple request for vendor websites
Sun flubs another SSH patch
|
2008-06-16: |
Why people persist in sending files by email
|
2008-06-15: |
Why DNS blocklists return information as IP addresses
|
2008-06-13: |
The cost of virtualization
|
2008-06-12: |
The problem with ZFS, SANs, and failover
|
2008-06-11: |
Designing a usable DNS Blocklist result format
Tabs versus windows, or why I usually want windows
|
2008-06-09: |
Mirrored system disks should be trivial to set up
|
2008-06-08: |
Thinking about Python's inheritance model
Recovering my Eee PC from a post-update problem
|
2008-06-07: |
Why 'file as blog entry' blog engines have problems
|
2008-06-06: |
Why shells should have small programming languages
|
2008-06-04: |
Some corollaries to the charging problem
|
2008-06-03: |
My problem with ZFS
|
2008-06-02: |
Improving RPM as a packaging system
Why package systems are important
|
2008-05-31: |
What contracts aren't
|
2008-05-30: |
The fun of awk
Users are rational
|
2008-05-29: |
Why web spiders should not crawl syndication feeds
|
2008-05-28: |
What promiscuous mode does on modern networks
|
2008-05-26: |
Shimming modules for testing (and fun)
|
2008-05-25: |
Making a good Unix glue language
The risks of forcing frequent password changes
|
2008-05-24: |
Dear applications: WEP keys are not passwords
|
2008-05-23: |
Frequent password changes as security mythology
|
2008-05-21: |
Combining dual identity routing and isolated interfaces
|
2008-05-20: |
Getting live network bandwidth numbers on Solaris
|
2008-05-19: |
Segregating your outgoing email to get blocked as little as possible
|
2008-05-18: |
The threat model for website logins
Counterproductive password security
|
2008-05-17: |
Why we're interested in many ZFS pools
|
2008-05-15: |
Why it is hard to decommission a DNS blocklist
What protects the strength of a ssh connection's encryption
|
2008-05-13: |
Things I have learned about ZFS (and a Linux iSCSI target)
|
2008-05-12: |
Some thoughts on tradeoffs between storage models
|
2008-05-11: |
The history of readdir()
Another problem with doing your own sysadmin automation
|
2008-05-09: |
An advantage of interpreted languages
|
2008-05-08: |
Getting live network bandwidth numbers on Linux
|
2008-05-07: |
Today's Solaris 10 irritation: the fault manager daemon
|
2008-05-06: |
The Bourne shell is not a programming language
|
2008-05-05: |
The costs of doing your own system administration automation
|
2008-05-04: |
On standard interfaces
|
2008-05-03: |
Why people don't automate sysadmin stuff
|
2008-05-02: |
Automation changes as systems grow
|
2008-05-01: |
What the co_names attribute on Python code objects is
|
2008-04-30: |
Why apt is always going to be faster than yum
Why you can't stop 'abuse' of file sharing services
|
2008-04-28: |
Abusing Python frame and code objects
|
2008-04-27: |
Attribute tracing as a mixin class
|
2008-04-26: |
A thought on trackbacks
|
2008-04-25: |
BitTorrent trackers are not innocent bystanders
|
2008-04-24: |
What Linux's RPC queue dump means, sort of
A brief mention of some tools for debugging Linux NFS client issues
|
2008-04-22: |
The irritation of single-context applications
|
2008-04-21: |
Dear ZFS: please stop having your commands stall
|
2008-04-20: |
Finding the name of your caller in Python
What FAQs are
|
2008-04-18: |
The two (at least) forms of documentation
|
2008-04-17: |
The limits of isolated interfaces
|
2008-04-16: |
My secret mouse fear
The appeal of GNU tools
|
2008-04-15: |
Management interfaces as isolated interfaces
|
2008-04-14: |
A sysadmin's review of the ASUS Eee PC
|
2008-04-13: |
How I use Firefox's remote control
|
2008-04-12: |
Different reasons for having comments
|
2008-04-11: |
The appeal of XML
When I do and don't read a blog's comments
|
2008-04-09: |
Why there's a bunch of spam from university webmail systems right now
|
2008-04-08: |
An alternate take on availability numbers
|
2008-04-07: |
Get statistics
|
2008-04-06: |
The problem with PID files
|
2008-04-05: |
What I needed to make my custom Fedora 8 environment work
Why people are accepting bad uptimes from Internet applications
|
2008-04-03: |
Google Mail has a spam problem
|
2008-04-02: |
ZFS: Reservations versus quotas
|
2008-04-01: |
A simple Python class to trace access to object attributes
|
2008-03-31: |
Keeping secrets as a system administrator
The quote of the time interval, on XML
|
2008-03-30: |
Docstrings versus comments in my code
|
2008-03-29: |
Tradeoffs in where you store volume management metadata
|
2008-03-28: |
The stages of Bittorrent encryption
|
2008-03-27: |
An idea for a browser anti-phish feature
|
2008-03-26: |
Why authenticated email won't stop phish spam
|
2008-03-25: |
The easy way to keep a week's worth of something
|
2008-03-24: |
The two sorts of (programmer) certification
|
2008-03-23: |
Why software engineering certification may not work out the way people want
|
2008-03-22: |
Why NFS writes to ZFS are sometimes (or often) slow
|
2008-03-21: |
Journaling filesystems and the fsync() problem
|
2008-03-20: |
Why you should ratelimit messages that outside things can cause
|
2008-03-19: |
The problem of charging for things (well, one of them)
|
2008-03-18: |
Some things I dislike about the ASUS Eee
|
2008-03-17: |
Why I expect more from Solaris
|
2008-03-16: |
My problem with Lisp
|
2008-03-15: |
Why accurately counting committed address space is hard
|
2008-03-14: |
Why I like definite answers to support issues
|
2008-03-13: |
Another problem with iSCSI on Solaris 10
|
2008-03-12: |
A bash irritation: mutable history
|
2008-03-11: |
The 'Add Comments' problem
|
2008-03-10: |
Why I organize comments on WanderingThoughts the way I do
|
2008-03-09: |
The difference between a SAN and a cluster filesystem
|
2008-03-08: |
What controls Red Hat Enterprise's ethN device names
My problem with Ethernet naming on Red Hat Enterprise 5
|
2008-03-06: |
Software RAID, udev , and failed disks
The difference between operations and system administration
|
2008-03-05: |
How we make Exim discard bounces of spam
|
2008-03-04: |
How we deal with the spam forwarding problem
|
2008-03-03: |
How not to set up your DNS (part 18)
|
2008-03-02: |
How ZFS's version of RAID-5 can be better than normal RAID-5
|
2008-03-01: |
Speed surprises in reimplementing the .find() string method
|
2008-02-29: |
An illustration of the speed advantage of Python builtins
|
2008-02-28: |
My likely Firefox 3 extensions
|
2008-02-27: |
Two sorts of languages
|
2008-02-26: |
Something that I do not understand
|
2008-02-25: |
The best way to shroud IP addresses
|
2008-02-24: |
An idea: only use URL fragments as an implementation detail
|
2008-02-23: |
Where the risk is with virtualization (and iSCSI)
|
2008-02-22: |
Why I am not fond of Ubuntu's management of kernel updates
|
2008-02-21: |
Wireless, machine rooms, and the Asus Eee PC
The irritation of single-instance applications
|
2008-02-20: |
How our automounter replacement works
|
2008-02-18: |
Coding paralysis
ZFS versus SANs: where do you put the RAID?
|
2008-02-16: |
The only way you can stop spam with money
|
2008-02-15: |
A weird routing mystery
|
2008-02-14: |
Why does anyone buy iSCSI TOE network cards?
|
2008-02-13: |
A consequence of Python's 'computer science' nature
|
2008-02-12: |
A small annoyance with HTML
|
2008-02-11: |
Why commercial support needs to solve your customers' problems
|
2008-02-10: |
A basic introduction to prelinking on Linux
|
2008-02-09: |
The other reason certified email won't solve the spam problem
How your fileservers can wind up spreading over your SAN
|
2008-02-08: |
Why /usr/local is now useless (and where it came from)
|
2008-02-06: |
Why ZFS needs a zfsdump
|
2008-02-05: |
Prewiring experimental racks
|
2008-02-04: |
The origins of /usr/share
|
2008-02-03: |
A note to would-be photo editing applications
|
2008-02-02: |
Why certified/authenticated email cannot solve spam
|
2008-02-01: |
Isolating network interfaces on Linux
|
2008-01-31: |
The sysadmin's life (again)
|
2008-01-30: |
Linux's IP forwarding settings summarized
|
2008-01-29: |
An annoyance in Python's attribute access rules
|
2008-01-28: |
One reason I like Python
|
2008-01-27: |
Classic crontab syntax mistakes
|
2008-01-26: |
The funding capture problem
|
2008-01-25: |
A modest suggestion about test accounts
|
2008-01-24: |
Running a 32-bit Firefox on a 64-bit Fedora or Red Hat Enterprise
|
2008-01-23: |
The weird effects of Firefox's remote control on Unix
Linux's umount -f forces IO errors
|
2008-01-21: |
Why I believe that you want Solaris if you want ZFS
|
2008-01-20: |
Layering buffering on top of other buffering is usually a bad idea
|
2008-01-19: |
Why the x86 Linux kernel is part of every process's address space
|
2008-01-18: |
What seems to use power on an Asus Eee PC
|
2008-01-17: |
Lab notebooks are not changelogs
|
2008-01-16: |
Why sysadmins should keep a lab notebook
|
2008-01-15: |
What applications are actually crucial at a university
|
2008-01-14: |
A Python pattern: Mutating Proxies
|
2008-01-13: |
The robot logic of ZFS snapshots and quotas
|
2008-01-12: |
A thought about Amazon's S3 and EC2
|
2008-01-11: |
The importance of killing processes with the right signal
|
2008-01-10: |
What you don't know about other peers in BitTorrent
|
2008-01-09: |
There are two different situations for content-types
|
2008-01-08: |
Why I feel that a missing Debian package is a bad sign
|
2008-01-07: |
Some thoughts on Solaris 10 x86 versus Linux
|
2008-01-06: |
Why the server is the right place to determine web content types
|
2008-01-05: |
Why file extensions in URLs are a hack
|
2008-01-04: |
One problem with the current anti-spam environment
|
2008-01-03: |
Scrolling versus panning
|
2008-01-02: |
The various sorts of backgrounding in Unix
|
2008-01-01: |
An unpleasant thing about system administration
|