2009-12-31: |
Why free things are so attractive in universities
Look at your pull-based system for things that push
|
2009-12-30: |
Real world support periods are shorter than they look
|
2009-12-29: |
Solaris is not open source
|
2009-12-28: |
The annoying timing of future SSL certificate renewals
|
2009-12-27: |
Some OpenSSL and SSL certificate basics
|
2009-12-26: |
Things that limit the performance of hardware acceleration
|
2009-12-25: |
Linux's non-strict overcommit is the right default
|
2009-12-24: |
The advantages of open source software RAID
|
2009-12-23: |
Another demonstration of SSL Certification Authority (in)competence
|
2009-12-22: |
How not to set up your DNS (part 20)
Do you have a network layout diagram?
Using OpenID for local web application authentication
|
2009-12-20: |
Some things about getting useful output from time
Some thoughts on intercepting https traffic
|
2009-12-19: |
Local CAs and an interesting consequence of the SSL security model
|
2009-12-18: |
Secure or useful: pick one
|
2009-12-17: |
The good and bad of SQL
|
2009-12-16: |
How Linux software RAID is making me grumpy right now
|
2009-12-15: |
The high costs of true security paranoia in the face of compromises
|
2009-12-13: |
Sysadmin versus developer uses of version control systems
Mercurial versus git for sysadmins, or why we picked Mercurial
|
2009-12-12: |
You should always be able to get a program's version and basic usage
|
2009-12-11: |
A wish for KVM virtualization: simple bridged networking
|
2009-12-10: |
How not to copy a file to standard output in Python
|
2009-12-09: |
My views on inheritance versus interface
|
2009-12-08: |
Why I am not enthused about etckeeper and similar systems
|
2009-12-07: |
Why whitelists (and blacklists) are long-term poison for online systems
|
2009-12-05: |
Overcoming the drawbacks of preforking accept() servers
What version of Python is included in various current OSes
|
2009-12-04: |
Learning from Unicorn: the accept() thundering herd non-problem
|
2009-12-02: |
The problem with the OpenSolaris source repository
The mixed directory/unrelated files VCS problem
|
2009-11-30: |
Using content hashing to avoid the double post problem
Poking around the OpenSolaris codebase (for sysadmins)
|
2009-11-29: |
In security, you need to stop the root mistake
|
2009-11-28: |
'Conditional restart' in init.d scripts can be dangerous
|
2009-11-27: |
Modern version control systems change your directory layouts
|
2009-11-26: |
Some notes for myself on git bisect
|
2009-11-25: |
Why I love Unix, number N (for some N)
|
2009-11-24: |
An important lesson for me on Fedora upgrades
|
2009-11-23: |
Converting a directory from RCS to Mercurial
My current unhappy thoughts on Fedora 12
|
2009-11-22: |
RCS versus modern version control systems
|
2009-11-21: |
An update on faulted ZFS spares
|
2009-11-20: |
Spam and the attraction of reach
|
2009-11-19: |
The corollary for effective anti-spam heuristics
|
2009-11-18: |
Universities are open environments
|
2009-11-17: |
Finally understanding the appeal of 'Interfaces'
|
2009-11-16: |
'Is-a' versus 'is-a-descendant-of'
|
2009-11-15: |
A limitation of Python types from C extension modules
|
2009-11-14: |
How to defer things in Exim
|
2009-11-13: |
(Ab)using Exim routers for their full power
|
2009-11-12: |
What makes Exim work as a mailer construction kit
|
2009-11-11: |
For universities, the Internet world has fundamentally changed
|
2009-11-10: |
HTML5 may end up giving us real, working XHTML
|
2009-11-08: |
My problem with the obvious solution to my unexposed types problem
|
2009-11-07: |
Solving unexposed types and the limits of duck typing
A gotcha with Bash on Ubuntu 8.04
|
2009-11-06: |
A shell script thing that I have learned the hard way
|
2009-11-05: |
Why the NFS client is at fault in the multi-filesystem NFS problem
|
2009-11-04: |
The cause of the multi-filesystem NFS export problem
|
2009-11-02: |
Are security bugs always code bugs?
XHTML vs HTML5
|
2009-10-31: |
My thoughts on why invented standards succeed or fail
The risk continuum for standardization success
|
2009-10-30: |
Understanding hash length extension attacks
|
2009-10-29: |
Why per-process (or per-user) memory resource limits are hard
|
2009-10-28: |
Python modules should make visible their (fundamental) types
|
2009-10-27: |
A personal experience of web browsers making bad text editors
|
2009-10-26: |
What I think I understand about how standards get created
|
2009-10-25: |
Some thoughts on a 'modern' university email system
|
2009-10-24: |
Something I have realized about university services
|
2009-10-22: |
The limits of some anti-spam precautions
How to waste lots of CPU time checking for module updates
|
2009-10-21: |
Why you should be able to get a list of your local email addresses
|
2009-10-20: |
Simple mailing lists: an illustration of Exim's flexibility
|
2009-10-19: |
The case against backup MXes
|
2009-10-18: |
Backup MXes versus redundant MXes
|
2009-10-17: |
Automated web software should never fill in the Referer header
|
2009-10-16: |
A tale of network horror, or at least excitement
|
2009-10-15: |
One complexity of buffered IO on Unix
|
2009-10-14: |
Why 'invite-your-friends' features are spam from you, not your users
|
2009-10-13: |
There are two different uses of conditional GETs
|
2009-10-12: |
ZFS GUIDs vs device names
|
2009-10-11: |
Why security bugs aren't bugs
|
2009-10-10: |
You should delete obsolete data files
|
2009-10-09: |
A fun bug I once ran across
|
2009-10-08: |
What is going on with faulted ZFS spares
|
2009-10-07: |
A brief introduction to ZFS (disk) GUIDs
|
2009-10-06: |
The danger of software suspend on servers
|
2009-10-05: |
The problem with security bugs is that they aren't bugs
|
2009-10-04: |
Why Unix filesystems precreate lost+found directories
|
2009-10-03: |
One thing that top-posting is good for
|
2009-10-01: |
The rules for combining things with Bourne shell 'here documents'
|
2009-09-30: |
A little habit: cat >/dev/null
On (not) putting IP addresses in registration email
|
2009-09-28: |
Two ends of hardware acceleration
What I think about why graphics cards keep being successful
|
2009-09-27: |
Some suggestions for registration confirmation emails
Why you can no longer have an 'invite-your-friends' feature
|
2009-09-26: |
How our 'plug in and go' laptop network DHCP portal works
|
2009-09-25: |
How our DHCP registration portal redirections work
|
2009-09-24: |
SSL certificates require proper domain names
|
2009-09-23: |
A brief overview of the Solaris 10 nvpair library
|
2009-09-22: |
Some trivia about Python frame objects
|
2009-09-21: |
Exploring the frame object f_builtins member
|
2009-09-20: |
Why kernel packaging is so bad in Debian and Ubuntu
|
2009-09-19: |
Why I am not a fan of hardware acceleration
|
2009-09-18: |
Are you sure it's a C string?
|
2009-09-17: |
A trick to testing https setups on test machines
|
2009-09-16: |
Some kernel lockd NFS error messages explained
|
2009-09-14: |
Listing file locks on Solaris 10
Forwarding emails without false positives
|
2009-09-13: |
How modern CPUs are like (modern) disks
|
2009-09-12: |
My opinions on when you should let ZFS handle RAID stuff
|
2009-09-11: |
Why you should let ZFS handle the RAID stuff
|
2009-09-10: |
What I know about how ZFS actually handles spare disks
|
2009-09-09: |
Postfix versus Exim
|
2009-09-08: |
Some ways to avoid needing a public ticketing system
|
2009-09-07: |
A use for ticketing systems as your primary support method
|
2009-09-06: |
What typing ^D really does on Unix
|
2009-09-05: |
Why the Unix EINTR semantics (probably) exist
|
2009-09-03: |
An interesting issue with doing NFS over TCP (apparently)
Programming blindness and security
|
2009-09-02: |
Environment variables make bad switches
|
2009-08-31: |
How to deprecate bits of your program
The IO scheduler improvements I saw
|
2009-08-30: |
Some more thinking about requirements in specifications
|
2009-08-29: |
MUST versus SHOULD in your specifications
|
2009-08-28: |
ZFS changes filesystem device numbers on reboot
|
2009-08-26: |
What packages SystemTap requires on Ubuntu 8.04 (and others)
A frame object's f_locals isn't always the locals
|
2009-08-24: |
The problem with the CFQ IO scheduler and our iSCSI targets
Anti-spam content scanning systems need to scan more
|
2009-08-23: |
You should not use HTTP request parameters as filenames
|
2009-08-22: |
A gotcha with Python's new signal.siginterrupt()
|
2009-08-21: |
The danger of powerful generality, illustrated
|
2009-08-20: |
Python modules should not reinvent OSError
|
2009-08-19: |
Link: Using colour well in data visualization
Python, signal handlers, and EINTR
|
2009-08-18: |
Why user programs mapping page zero is so bad news on x86 hardware
|
2009-08-17: |
More accidental BitTorrent on our network
|
2009-08-16: |
Testing versus extensibility
|
2009-08-15: |
SSDs and the RAID resync problem
|
2009-08-14: |
Sorting out what 'passive ftp' is
|
2009-08-12: |
Undo is sometimes not good enough
One thing your mail-sending system should do
|
2009-08-11: |
The somewhat apocryphal history of comments in the Bourne shell
|
2009-08-10: |
The difference in the Bourne shell between : and #
|
2009-08-09: |
Building true ssh opportunistic connection sharing
|
2009-08-08: |
How I use ssh's connection sharing feature
|
2009-08-07: |
The basics of ssh's connection sharing feature
|
2009-08-06: |
A rule for Internet software
|
2009-08-05: |
A feature that I wish Linux package managers had
|
2009-08-04: |
A downside to syndication feed readers respecting permanent HTTP redirects
|
2009-08-02: |
Limitations on custom NFS mount authorization on Solaris
What you can't do before you drop setuid permissions
|
2009-07-31: |
Using SystemTap to trace the system calls of setuid programs on Linux
How fast various ssh ciphers are
|
2009-07-30: |
How we do custom NFS mount authorization on Solaris 10
|
2009-07-29: |
The shift-selection trick in X terminal programs
|
2009-07-28: |
Spammers are quite dedicated in their address scraping
|
2009-07-27: |
Why you should do code reviews for sysadmin scripts
|
2009-07-26: |
The anatomy of a hack to get around try: /finally: and generators
|
2009-07-25: |
When code in generators runs
|
2009-07-24: |
The usefulness of a syndication feed of your blog's comments
|
2009-07-22: |
Thinking like a security paranoid: an example
A peculiar change in Linux flock() and fcntl() behavior
|
2009-07-21: |
Packages should not contain both tools and policies
|
2009-07-20: |
Minimalistic spam, another annoyance to worry about
|
2009-07-19: |
The importance of making an issue visible
|
2009-07-18: |
Why NFS filehandles fail as access capabilities
|
2009-07-17: |
The hard problem of live major release upgrades
|
2009-07-16: |
Another reason to safely update files that are looked at over NFS
|
2009-07-15: |
A Bourne shell gotcha with ( ... ) command grouping
|
2009-07-13: |
Some stuff on NFS access restrictions
Shell scripts should not use absolute paths for programs
|
2009-07-12: |
A brief history of NFS server access restrictions
|
2009-07-11: |
What can go wrong in making NFS mounts
|
2009-07-10: |
An unpleasant surprise about ZFS scrubbing in Solaris 10 U6
|
2009-07-09: |
The high-level version of how mounting NFS filesystems works
|
2009-07-08: |
Fedora and workstations (on Linux distributions for desktops)
|
2009-07-07: |
Why and why not Fedora
|
2009-07-06: |
How you could do a shared root directory with NFS
|
2009-07-05: |
The coming Internet identity problem
|
2009-07-04: |
A side note on the cost of operations
|
2009-07-03: |
How software makes reverse proxying hard
|
2009-07-02: |
Finding out when a command in a pipeline fails
|
2009-06-30: |
A Unix irritation: pipeline status
More on why users keep mailing specific people
|
2009-06-29: |
A theory on why users keep mailing specific people
|
2009-06-28: |
How we solve the multiuser PHP problem
|
2009-06-27: |
Possible limits on our port multiplied ESATA performance
|
2009-06-26: |
How not to set up your DNS (part 19)
An advantage for hardware RAID over software RAID
|
2009-06-25: |
Patching systems versus patching appliances
|
2009-06-24: |
Another source of stickyness for social web sites
|
2009-06-22: |
Solaris 10 NFS server parameters that we change and why
Why GNU tools are sometimes not my favorite programs
|
2009-06-21: |
Email is intrusive, and why
|
2009-06-20: |
Using GRUB to figure out the mapping of BIOS drive numbers
|
2009-06-19: |
Fedora desperately needs a better upgrade system
|
2009-06-18: |
A kernel NFS error message explained
|
2009-06-17: |
The NFS 'reserved ports' option and why you care
|
2009-06-16: |
Maybe understanding blogrolls
|
2009-06-15: |
try:/finally: and generators
|
2009-06-14: |
How to set up your vacation messages to get thrown off mailing lists
|
2009-06-13: |
One of the reasons good alerting is tough
|
2009-06-12: |
What I know about Solaris 10 NFS server file lock limits
|
2009-06-11: |
There are two different purposes of monitoring systems
|
2009-06-10: |
Users are lazy
|
2009-06-08: |
Another way that generators are not lists: modifying them
Monitoring systems should be always be usefully informative
|
2009-06-07: |
It's important to get the real costs right
|
2009-06-06: |
User perceptions (and expectations) of backups
|
2009-06-05: |
How we're planning our backup storage capacity needs
|
2009-06-04: |
Another irritation with Gnome's gconf settings system
|
2009-06-03: |
The costs of development versus the costs of operation
|
2009-06-02: |
Sometimes brute force is the answer (on Unix)
|
2009-05-31: |
A thought on giving custom redundant storage systems some history
The better way to install Sun's Java
|
2009-05-30: |
The program energy efficiency optimist's view
|
2009-05-29: |
The cost of program energy efficiency
|
2009-05-28: |
Encapsulation may be in the eye of the beholder
|
2009-05-27: |
Hosted servers, cloud computing, and backups
|
2009-05-25: |
Backups versus redundancy
|
2009-05-24: |
An interesting bit of ssh and sshd behavior
What modern email is good for
|
2009-05-23: |
The drawback of using a language with a good interface to the OS
|
2009-05-22: |
How CPython handles (and delays) Unix signals
|
2009-05-21: |
Solving the Python SIGCHLD problem
|
2009-05-20: |
Why directory URLs have to have trailing slashes
|
2009-05-19: |
Some notes on rewrites in Apache .htaccess files
|
2009-05-17: |
One reason for Unix's permission checking timing
The crucial difference between online and offline backups
|
2009-05-16: |
Autoresponders in the modern email world
|
2009-05-15: |
Why df on an NFS-mounted ZFS filesystem can give odd results
|
2009-05-14: |
Fixing your system after hitting the RAID growth gotcha
|
2009-05-13: |
Booting a Linux system without a root mirror
|
2009-05-12: |
A serious gotcha with growing software RAID devices
|
2009-05-10: |
What affects how fast you can restore backups
Another advantage of disk-based backup systems
|
2009-05-09: |
Our disk-based backup system
|
2009-05-08: |
The problem with tapes (for backup)
|
2009-05-07: |
How to set up your xorg.conf for RandR-based dual-headed systems
|
2009-05-06: |
An irritation with Linux's 'mount -t nfs ' output
|
2009-05-05: |
How we periodically scrub our ZFS pools
|
2009-05-03: |
An inexplicable omission in bash's sourcing of .bashrc
|
2009-05-02: |
Why version control systems should support 'rewriting history'
Convenient ssh in Gnome, or 'my sshmenu wish comes true'
|
2009-04-30: |
My standard Gnome customizations
Why I would still like MC/S in Linux
|
2009-04-29: |
Pragmatic issues with hash verifiers for email messages
|
2009-04-27: |
One of my TDD weaknesses: mock objects for complex objects
The problems of over-documenting things
|
2009-04-26: |
A Bourne shell irritation: piping just stderr
Lighttpd, CGIs, and standard error
|
2009-04-25: |
On digital signatures and client security issues
|
2009-04-24: |
The difference between Web 1.0 and Web 2.0
|
2009-04-23: |
A Gnome irritation
|
2009-04-21: |
Why your ticketing system should not be accessible to users
|
2009-04-20: |
Some ways to add versioning to pickled objects
Why pickle is not a good way to save your data
|
2009-04-19: |
Sometimes you don't want behavior with your data
|
2009-04-18: |
What users see as benefits from sysadmins
|
2009-04-17: |
Git and 'rewriting history'
|
2009-04-16: |
What causes the ZFS file deletion problem with snapshots
|
2009-04-15: |
The problem with Solaris 10 update 6's ZFS failmode setting
|
2009-04-13: |
How I went wrong in thinking about /boot mirroring
Your ticketing system should be optional
|
2009-04-12: |
A hairshirt too far: on always avoiding CSS
|
2009-04-11: |
The advantage of having an (XML) sitemap
|
2009-04-10: |
Why 'sender stores message' is easier for spammers than real mail servers
|
2009-04-09: |
Why ssh needs to verify host keys
|
2009-04-07: |
Handling ssh to generic hostnames
The technical problems with 'sender stores messages' schemes
|
2009-04-06: |
An interesting hardware mystery
|
2009-04-05: |
Why I don't expect ARM-based netbooks to be a success
|
2009-04-03: |
The (or a) problem with Unix manpages
How to use Vixie cron to schedule at regular odd times
|
2009-04-02: |
System status announcements and where your users are
|
2009-03-31: |
The SSD boom and the theoretical multicore revolution
A sysadmin use for Twitter
|
2009-03-30: |
There are three entry states for feed readers
|
2009-03-29: |
Why I wrote my own bulk IO performance measurement tool
|
2009-03-28: |
Make your web application's interface elements obvious
|
2009-03-27: |
The theoretical advantage of a separate /boot filesystem
|
2009-03-26: |
An important difference
The git version control system as a creation of the modern age
|
2009-03-24: |
Using fully mirrored system disks on Linux
How not to improve your CD player application
Frustration for a sysadmin (well, for me)
|
2009-03-23: |
How libraries should handle internal warning messages
|
2009-03-22: |
An outline of a possibly easier IPv4 to IPv6 transition
|
2009-03-21: |
Why the ideal IPv4 to IPv6 transition is impossible
|
2009-03-19: |
Why 'sender stores message' schemes won't cure phish spams
|
2009-03-18: |
An obvious thing about dealing with web spider misbehavior
Principles of email in the modern age
|
2009-03-16: |
An important gotcha with iSCSI multipathing in Solaris 10
Complex data structures and the two sorts of languages
|
2009-03-15: |
A realization: planet aggregators have a natural size limit
|
2009-03-14: |
Why I don't trust seteuid() and friends
|
2009-03-12: |
The problem with /var today
The not so secret history of /var
|
2009-03-11: |
Checklists versus procedures
|
2009-03-10: |
Why checklists work
|
2009-03-09: |
What list methods don't make sense for heterogeneous lists
|
2009-03-08: |
Python's theoretically missing core data type
|
2009-03-07: |
What past problems of mine the collections module solves
|
2009-03-06: |
What can keep a ZFS pool busy and prevent it from exporting
|
2009-03-05: |
What seems to use power on a Dell Mini 12
|
2009-03-04: |
The ASUS Eee PC versus the Dell Mini 12
|
2009-03-03: |
Rollbacks versus downgrades
|
2009-03-02: |
Some gotchas with ZFS in Solaris 10 update 6
|
2009-02-28: |
What it would take for me to use Fedora Rawhide
The potential problems with distribution downgrades
|
2009-02-27: |
The peculiar case of the conference spammers
|
2009-02-26: |
What I learned from Google Mail's recent outage
|
2009-02-25: |
Don't log usernames for bad logins
|
2009-02-24: |
A core principle of error and warning messages
|
2009-02-23: |
A problem with microtransactions
|
2009-02-22: |
Internet scale security: the impact of cheapness
|
2009-02-21: |
How to turn off gnome-terminal 's cursor blinking
|
2009-02-20: |
An attraction of planet-style blog aggregators as your feed reader
|
2009-02-19: |
Appearances are deceptive in the (anti-)spam world
|
2009-02-18: |
My theory on why people wind up using common passwords
|
2009-02-17: |
Design versus construction
|
2009-02-16: |
My approach to website passwords (and why it is the right one)
|
2009-02-15: |
How CPython optimizes allocations for some built-in types
|
2009-02-14: |
Some of my assumptions about Python object allocation
|
2009-02-13: |
The accumulator mini-pattern and .setdefault()
|
2009-02-12: |
Recognizing non-interactive shells and 'shell levels'
|
2009-02-11: |
True point in time restores may be hard
|
2009-02-09: |
Backups and archives
I hate flaky systems, Fedora 10 and/or hardware edition
|
2009-02-08: |
When bash sources your .bashrc
|
2009-02-07: |
An illustration of one reason that documentation is hard
|
2009-02-06: |
Our SunFire X2100 nVidia Ethernet experiences
|
2009-02-04: |
An alarming ZFS status message and what is usually going on with it
Why btrfs was inevitable: a corollary to (not) getting ZFS in Linux
|
2009-02-02: |
A grumpy remark about Solaris's scalability
|
2009-02-01: |
Understanding ZFS cachefiles in Solaris 10 update 6
|
2009-01-31: |
Why social mudding works
When can you assume UTF-8 filenames?
|
2009-01-30: |
A surprising lack on Linux: browsers for camera RAW photos
|
2009-01-29: |
An RPM packaging utter FAIL
|
2009-01-28: |
The (or an) attraction of Twitter
|
2009-01-27: |
My wishes for Sun's online documentation
|
2009-01-26: |
My reaction to Solaris 10 update 6's ZFS changes
How LiveJournal is sticky
|
2009-01-25: |
Thinking about what you do with undo
|
2009-01-24: |
Towards a better undo
|
2009-01-23: |
The HTML tax (in Python, and in general)
|
2009-01-22: |
The NFS re-export problem
|
2009-01-20: |
Why high availability NFS requires shared storage
The inner life of NFS filehandles
|
2009-01-19: |
Using iptables to get around the policy based routing limitation
|
2009-01-18: |
The basic implementation of relatively high-availability NFS
|
2009-01-17: |
Practical issues with getting ZFS on Linux
|
2009-01-16: |
A lament about modern NFS development
|
2009-01-15: |
Why templating systems are the wrong answer for simple HTML generation
|
2009-01-14: |
Documenting the kernel.sem sysctl
|
2009-01-12: |
A surprising lack in Python's standard library
What I want out of NFS security, at least at the moment
|
2009-01-11: |
The problems I see with multi-signed SSL in practice
|
2009-01-10: |
You cannot ask users to manage their own security
|
2009-01-09: |
A Unix shell glob trick
|
2009-01-08: |
The ufsdump block size doesn't seem to matter much
|
2009-01-07: |
Two suggestions for improving Fedora's PreUpgrade experience
|
2009-01-06: |
The problem of forcing users to make choices (in security)
|
2009-01-05: |
Why 'email marketing' winds up as spam
|
2009-01-04: |
'Email marketing' versus outright email spam
|
2009-01-03: |
How to help programmers (parts 2 and 3): os.environ and sys.argv
|
2009-01-02: |
Why SSL needs certificate authorities, or at least trust roots
|
2009-01-01: |
Flaws in the 'web of trust' approach to trust issues
|