Wandering Thoughts archives

2014-12-31: I love Apache (well, like it at least)
A retrospective on my one Django web application
2014-12-30: Somewhat to my surprise, classical viruses by email are still a thing
2014-12-29: How I have partitioning et al set up for ZFS On Linux
2014-12-28: How I think DNSSec will have to be used in the real world
2014-12-27: My ZFS On Linux memory problem: competition from the page cache
2014-12-26: My experience with ZFS on Linux: it's worked pretty well for me
2014-12-25: DNSSec in the real world: my experience with DNSSec
2014-12-24: The security effects of tearing down my GRE tunnel on IPSec failure
2014-12-22: The future of OmniOS here if we can't get 10G-T working on it
Why Go's big virtual size for 64-bit programs makes sense
2014-12-21: A steady change in the source of blog comment spam attempts
2014-12-20: Unsurprisingly, laptops make bad to terrible desktops
2014-12-19: Our likely long road to working 10G-T on OmniOS
2014-12-17: The potential end of public clients at the university?
2014-12-16: Does having a separate daemon manager help system resilience?
2014-12-15: How a Firefox update just damaged practical security
Why your 64-bit Go programs may have a huge virtual size
2014-12-14: How init wound up as Unix's daemon manager
2014-12-13: There are two parts to making your code work with Python 3
2014-12-12: The bad side of systemd: two recent systemd failures
2014-12-10: What good kernel messages should be about and be like
How to delay your fileserver replacement project by six months or so
2014-12-09: Why I do unit tests from inside my modules, not outside them
2014-12-08: Why I don't believe in generic TLS terminator programs
2014-12-07: How we install Ubuntu machines here
2014-12-06: Browser addons can effectively create a new browser
2014-12-05: How security sensitive is information about your network architecture?
2014-12-04: Log retention versus log analysis, or really logs versus log analysis
2014-12-03: Security capabilities and reading process memory
2014-12-02: The unreasonable effectiveness of web crawlers
2014-11-30: You should keep your system logs for longer than you probably are
TLS versions in connections to my spam-catching sinkhole SMTP server
2014-11-29: Sometimes you need to turn things into small, readily solvable problems
2014-11-28: How I made IPSec IKE work for a point to point GRE tunnel on Fedora 20
2014-11-26: Using iptables to block traffic that's not protected by IPSec
Using go get alone is a bad way to keep track of interesting packages
2014-11-25: My Linux IPSec/VPN setup and requirements
2014-11-24: Delays on bad passwords considered harmful, accidental reboot edition
Using the SSH protocol as a secure transport protocol
2014-11-23: I'm happier ignoring the world of spam and anti-spam
2014-11-22: The effects of a moderate Hacker News link to here
2014-11-21: Lisp and data structures: one reason it hasn't attracted me
2014-11-20: Sometimes the way to solve a problem is to rethink the problem
2014-11-18: Finding free numbers in a range, crudely, with Unix tools
2014-11-17: Why I need a browser that's willing to accept bad TLS certificates
2014-11-16: We've started to decommission our Solaris 10 fileservers
States in a state machine aren't your only representation of state
2014-11-15: Our current problems with 10G Intel networking on OmniOS
2014-11-14: Sometimes there are drawbacks to replicating configuration files
2014-11-13: I want opportunistic, identity-less encryption on the Internet
2014-11-12: A wish: setting Python 3 to do no implicit Unicode conversions
2014-11-10: Why I don't have a real profile picture anywhere
What it took to get DWiki running under Python 3
2014-11-09: NFS hard mounts versus soft mounts
2014-11-07: What you're saying when you tell people to send in patches
Porting to Python 3 by updating to modern Python 2
2014-11-05: (Probably) Why Bash imports functions from the environment
The weakness of doing authentication over a side channel
2014-11-03: Hassles with getting our NFS mount authentication working on Linux
What I'm worried about with retina displays on Linux
2014-11-02: A drawback in how DWiki parses its wikitext
2014-10-31: With ZFS, rewriting a file in place might make you run out of space
A drawback to handling errors via exceptions
2014-10-29: Quick notes on the Linux iptables 'ipset' extension
Unnoticed nonportability in Bourne shell code (and elsewhere)
2014-10-28: My current somewhat tangled feelings on operator.attrgetter
2014-10-27: Practical security and automatic updates
2014-10-26: Things that can happen when (and as) your ZFS pool fills up
2014-10-25: The difference in available pool space between zfs list and zpool list
2014-10-24: In Go I've given up and I'm now using standard packages
2014-10-23: The clarity drawback of allowing comparison functions for sorting
2014-10-22: Exim's (log) identifiers are basically unique on a given machine
2014-10-20: Some numbers on our inbound and outbound TLS usage in SMTP
Revisiting Python's string concatenation optimization
2014-10-19: Vegeta, a tool for web server stress testing
2014-10-18: During your crisis, remember to look for anomalies
2014-10-17: My experience doing relatively low level X stuff in Go
2014-10-16: Don't use dd as a quick version of disk mirroring
2014-10-15: Why system administrators hate security researchers every so often
2014-10-14: Bashisms in #!/bin/sh scripts are not necessarily bugs
2014-10-13: System metrics need to be documented, not just to exist
2014-10-12: Phish spammers are apparently exploiting mailing list software
2014-10-11: Thinking about how to create flexible aggregations from causes
2014-10-10: Where your memory can be going with ZFS on Linux
2014-10-09: How /proc/slabinfo is not quite telling you what it looks like
2014-10-08: Simple web application environments and per-request state
2014-10-07: Why blocking writes are a good Unix API (on pipes and elsewhere)
2014-10-06: Why it's sensible for large writes to pipes to block
2014-10-05: Making bug reports is exhausting, frustrating, and stressful
2014-10-03: Why people are almost never going to be reporting bugs upstream
When using Illumos's lockstat, check the cumulative numbers too
2014-10-02: The problem with making bug reports about CentOS bugs
2014-09-30: NetworkManager and network device races
Don't split up error messages in your source code
2014-09-28: Learning a lesson about spam-related logging (again)
2014-09-27: Changing major version numbers does not fix compatibility issues
DWiki, Python 3, Python, and me
2014-09-26: The practical problems with simple web apps that work as HTTP servers
2014-09-25: Why CGI-BIN scripts are an attractive thing for many people
2014-09-24: One thing I've come to dislike about systemd
2014-09-22: Go is mostly easy to cross-compile (with notes)
Another side of my view of Python 3
2014-09-21: One reason why Go can have methods on nil pointers
2014-09-19: My view on using VLANs for security
What I mean by passive versus active init systems
2014-09-18: Ubuntu's packaging failure with mcelog in 14.04
2014-09-17: In praise of Solaris's pfiles command
2014-09-15: My collection of spam and the spread of SMTP TLS
I want my signed email to work a lot like SSH does
2014-09-14: My current hassles with Firefox, Flash, and (HTML5) video
2014-09-13: What can go wrong with polling for writability on blocking sockets
2014-09-12: How not to do IO multiplexing, as illustrated by Amanda
2014-09-10: The cause of our slow Amanda backups and our workaround
Does init actually need to do daemon supervision?
2014-09-08: What an init system needs to do in the abstract
2014-09-07: Systemd's fate will be decided by whether or not it works
The kernel should not generate messages at the behest of the Internet
2014-09-05: A DTrace script to help figure out what process IO is slow
Some uses for SIGSTOP and some cautions
2014-09-04: Some other benefits of using non-HTTP frontend to backend transports
2014-09-03: Why we don't want to do any NAT with IPv6
2014-09-01: An IPv6 dilemma for us: 'sandbox' machine DNS
2014-08-31: We don't believe in DHCP for (our) servers
The downside of expanding your storage through bigger disks
2014-08-30: How to change your dm-cache write mode on the fly in Linux
2014-08-29: A hazard of using synthetic data in tests, illustrated by me
2014-08-27: One reason why we have to do a major storage migration
The difference between Linux and FreeBSD boosters for me
2014-08-26: Why I don't like HTTP as a frontend to backend transport mechanism
2014-08-24: 10G Ethernet is a sea change for my assumptions
My spam is (mostly) boring
2014-08-23: Some notes on Python packaging stuff that wasn't obvious to me
2014-08-22: Where DTrace aggregates are handled for printing et al
2014-08-21: How data flows around on the client during an Amanda backup
2014-08-20: Explicit error checking and the broad exception catching problem
2014-08-18: An example of a subtle over-broad try in Python
The potential issue with Go's strings
2014-08-17: The challenges of diagnosing slow backups
2014-08-15: Caches should be safe by default
A consequence of NFS locking and unlocking not necessarily being fast
2014-08-13: Bind mounts with systemd and non-fstab filesystems
How you create a systemd .mount file for bind mounts
2014-08-11: Copying GPT partition tables from disk to disk
2014-08-10: The problem with self-contained 'application bundle' style packaging
What I want out of a Linux SSD disk cache layer
2014-08-09: Intel has screwed up their DC S3500 SSDs
2014-08-08: Hardware can be weird, Intel 10G-T X540-AT2 edition
2014-08-06: A peculiarity: I'm almost never logged in to websites
2014-08-05: Why LinkedIn's 'you must join to unsubscribe' is evil
Another piece of my environment: running commands on multiple machines
2014-08-04: Why our new SAN environment is separate from our old SAN environment
2014-08-03: Our second generation ZFS fileservers and their setup
2014-08-02: The benchmarking problems with potentially too-smart SSDs
2014-07-31: The temptation to rebuild my office machine with its data in ZFS on Linux
2014-07-30: Why I like ZFS in general
My view on FreeBSD versus Linux, primarily on the desktop
2014-07-28: FreeBSD, cultural bad blood, and me
2014-07-27: Go is still a young language
Save your test scripts and other test materials
2014-07-25: An interesting picky difference between Bourne shells
The OmniOS version of SSH is kind of slow for bulk transfers
2014-07-23: What influences SSH's bulk transfer speeds
One of SELinux's important limits
2014-07-21: What I know about the different types of SSH keys (and some opinions)
2014-07-20: The CBL has a real false positive problem
HTTPS should remain genuinely optional on the web
2014-07-19: Some consequences of widespread use of OCSP for HTTPS
2014-07-18: In practice, 10G-T today can be finicky
2014-07-16: My (somewhat silly) SSD dilemma
2014-07-15: A data point on how rapidly spammers pick up addresses from the web
2014-07-14: Unmounting recoverable stale NFS mounts on Linux
2014-07-13: An obvious reminder: disks can and do die abruptly
Early impressions of CentOS 7
2014-07-11: You want to turn console blanking off on your Linux servers
Some notes on bisecting a modified Firefox source base with Mercurial
2014-07-10: The core security problem of SSL on the web is too much trust
2014-07-09: What the differences are between Python bools and ints
2014-07-08: Exploring a surprise with equality in Python
Some thoughts on SAN long-term storage migration
2014-07-06: Goroutines versus other concurrency handling options in Go
The problem with filenames in IO exceptions and errors
2014-07-05: Another reason to use frameworks like Django
2014-07-04: An interesting Go concurrency bug that I inflicted on myself
2014-07-02: Bash is letting locales destroy shell scripting (at least on Linux)
Why Solaris's SMF is not a good init system
2014-07-01: An index of non-letter control characters
2014-06-30: Comparing RPM versions in the shell
My .screenrc
2014-06-29: The tradeoffs for us in a SAN versus disk servers
2014-06-27: A retrospective on our overall fileserver architecture et al
A retrospective on our Solaris ZFS-based NFS fileservers (part 2)
2014-06-25: A retrospective on our Solaris ZFS-based NFS fileservers (part 1)
How my new responsive design here works
2014-06-23: Python 3 has already succeeded in the long run
2014-06-22: Things I like about Go
I need some responsive website design around here
2014-06-21: Sometimes 'unsubscribing' does seem to reduce spam activity
2014-06-20: What Python versions I can use (June 2014 edition)
2014-06-19: Some notes on Go's godoc and what it formats how
2014-06-18: Would I be comfortable documenting our systems in some sort of public?
2014-06-16: My view: a wiki by itself will not solve your problems
2014-06-15: The web is social, and thus minor features can matter a lot
Weird spammer behavior: a non-relaying relay attempt
2014-06-14: I'm not very impressed with Ubuntu 14.04 LTS so far
2014-06-13: Undoing an errant 'git commit --amend'
2014-06-12: An init system has two jobs
2014-06-11: Some thoughts on testing parsers
2014-06-10: An irritating and interesting su change from Ubuntu 12.04 to 14.04
2014-06-09: A challenge in new languages: learning to design good APIs
2014-06-08: The fundamental problem that created su
2014-06-07: Some ways to do sleazy duck typing in Go (from a Python perspective)
2014-06-06: On the Internet, weirdness is generally uncommon
2014-06-05: SMTP's crazy address formats didn't come from nowhere
2014-06-04: Why I don't like SMTP command parameters
2014-06-03: My just-used Go logging idiom and why it is in fact wrong
2014-06-02: Vi's composability antecedent (or one of them)
2014-05-31: Wnen trying to unsubscribe from spam can be not completely crazy
One of my test based development imperfections: use driven testing
2014-05-30: In Go, sometimes a nil is not a nil
2014-05-29: The state of limits on how many groups you can be in (especially for NFS)
2014-05-28: Yahoo Groups has a bad spam problem and they don't care
2014-05-27: Some things for enumerated constants in Go
2014-05-25: Firefox, DRM, and reality
Computing has two versions of 'necessary'
2014-05-23: What ssh-agent does with multiple keys loaded
Why Java is a compiled language and Python is not
2014-05-22: Why Python uses bytecode (well, probably): it's simpler
2014-05-21: How I wish ZFS pool importing could work
2014-05-19: A building block of my environment: sps, a better tree-based process list
Why desktop Linuxes want you to reboot after updates
2014-05-18: What it would take to replace Firefox as my web browser
2014-05-17: The problem of encrypted SSH keys and screen
2014-05-16: Some notes from migrating towards encrypted SSH keys
2014-05-15: My personal and biased view of sudo versus su
2014-05-14: Modern mail forwarding is leaky
2014-05-13: The security model of sudo versus su
2014-05-12: The advantages of editors over database programs for modifying your data
2014-05-11: Why I don't use relational databases in practice
2014-05-09: Some uses for Python's 'named' form of string formatting
Operating systems cannot be hermetically sealed environments
2014-05-08: The modern world of spliced together multi-layer DNS resolution
2014-05-07: How I use Unbound on Fedora 20 to deal with the VPN DNS issue
2014-05-06: Another problem with building your own packages: dependency issues
2014-05-05: The power of meaningless identifiers
2014-05-04: How I set up my Firefox 29's UI
2014-05-03: My Firefox 29 extensions and addons
2014-05-02: An important addition to how ZFS deduplication works on the disk
2014-04-30: Failover versus sparing in theory and in practice
Backup systems, actual hosts, and logical hosts
2014-04-29: Static sites are stable sites
2014-04-28: How dynamic language code gets optimized
2014-04-27: Thoughts about Python classes as structures and optimization
2014-04-26: What I can see about how ZFS deduplication seems to work on disk
2014-04-25: A Unix semantics issue if your filesystem can snapshot arbitrary directories
2014-04-23: How Yahoo's and AOL's DMARC 'reject' policies affect us
At least partially understanding DMARC
2014-04-21: The question of language longevity for new languages
Thinking about how to split logging up in multiple categories et al
2014-04-20: A heresy about memorable passwords
2014-04-19: Cross-system NFS locking and unlocking is not necessarily fast
2014-04-18: What modern filesystems need from volume management
2014-04-17: Partly getting around NFS's concurrent write problem
2014-04-16: Where I feel that btrfs went wrong
2014-04-14: Chasing SSL certificate chains to build a chain file
My reactions to Python's warnings module
2014-04-13: A problem: handling warnings generated at low levels in your code
2014-04-11: The relationship between SSH, SSL, and the Heartbleed bug
What sort of kernel command line arguments Fedora 20's dracut seems to want
2014-04-10: My current choice of a performance metrics system and why I picked it
2014-04-09: Pragmatic reactions to a possible SSL private key compromise
2014-04-08: My goals for gathering performance metrics and statistics
2014-04-07: Giving in: pragmatic If-Modified-Since handling for Tiny Tiny RSS
2014-04-06: How not to generate If-Modified-Since headers for conditional GETs
2014-04-05: An important additional step when shifting software RAID mirrors around
2014-04-03: Shifting a software RAID mirror from disk to disk in modern Linux
The scariness of uncertainty
2014-04-02: I'm angry that ZFS still doesn't have an API
2014-03-31: I'm done with building tools around 'zpool status' output
Why I sometimes reject patches for my own software
2014-03-30: One of my worries: our spam filtering in the future
2014-03-28: Recovering from a drive failure on Fedora 20 with LVM on software RAID
How we wound up with a RFC 1918 IP address visible in our public DNS
2014-03-26: Why people keep creating new package managers
The DNS TTL problem
2014-03-24: The importance of having full remote consoles on crucial servers
Why I don't trust transitions to single-user mode
2014-03-23: Differences in URL and site layout between static and dynamic websites
2014-03-22: Avoiding reboots should not become a fetish
2014-03-21: Thinking about when rsync's incremental mode doesn't help
2014-03-20: Killing (almost) all processes on Linux is not recoverable
2014-03-19: Why I like ZFS's zfs send and zfs receive
2014-03-17: Simple versus complex marshalling in Python (and benchmarks)
Rebooting the system if init dies is a hack
2014-03-16: You don't have to reboot the system if init dies
2014-03-14: Guessing whether people will unsubscribe from your mailing lists
Logins and related things really do change, and for good reasons
2014-03-13: The argument about unbound methods versus functions
2014-03-11: How functions become bound or unbound methods
2014-03-10: The problem of conditional GET and caches for dynamic websites
2014-03-09: Solaris gives us a lesson in how not to write documentation
Why we don't change Unix login names for people
2014-03-08: Why I think 10G-T will be the dominant form of 10G Ethernet
2014-03-07: Coming to terms with D-Bus
2014-03-05: A bit more about the various levels of IPC: whether or not they're necessary
ZFS's problem with boot time magic
2014-03-03: The multiple levels of interprocess communication
2014-03-02: Googlebot is now aggressively crawling syndication feeds
Cool URL fragments don't change either
2014-02-28: Yet another problem with configuration by running commands
Arguments for explicit block delimiters in programming languages
2014-02-26: PCI slot based device names are not necessarily stable
Saying goodbye to the PHP pokers the easy way
2014-02-24: Nerving myself up to running experimental setups in production
The origins of DWiki and its drifting purpose
2014-02-23: The problem with indentation in programming languages
2014-02-22: A subtle advantage of generating absolute path URLs during HTML rendering
2014-02-21: You should segregate different traffic to different mailing lists
2014-02-19: Some rough things about the naming of SAS drives on Linux
The reasoning problem with describing things with a programming language
2014-02-18: People can always unsubscribe from your mailing lists
2014-02-17: File based engines and the awkward problem of special URLs
2014-02-16: Why comments aren't immediately visible on entries here
2014-02-14: 'Broken by design: systemd' is itself kind of broken
The good and bad of the System V init system
2014-02-13: Init's (historical) roles
2014-02-11: Why systemd is winning the init wars and other things aren't
2014-02-10: My dividing line between working remotely and working out of the office
2014-02-09: Why I want a solid ZFS implementation on Linux
Why I'm not looking at installing OmniOS via Kayak
2014-02-08: You cannot have just one network install server
2014-02-07: A followup to what sudo emails to ignore and not ignore
A surprise with OmniOS disk sizing: the rpool/dump ZVOL
2014-02-06: Some thoughts on what sudo emails to ignore and to not ignore
2014-02-05: An interesting internal Django error we just got
2014-02-03: The big attraction of SQLite
Technological progress and efficiency
2014-02-02: An illustration of the problem of noise
2014-01-31: Why I now believe that duck typed metaclasses are impossible in CPython
Linux has at least two ways that disks can die
2014-01-30: OmniOS (and by extension Illumos) is pretty much Solaris
2014-01-29: One cause of Linux's popularity among Unixes
2014-01-28: Building software packages yourself is generally a waste (why package selection matters)
2014-01-27: Things that affect how much support you get from a Linux distribution
2014-01-26: Why writing sysadmin tools in Go is getting attractive
2014-01-25: The origin of RCS (the version control system)
2014-01-24: Things I want to remember during a security incident
2014-01-22: Microsoft has become a spam emitter
Security is everyone's job (why Ruby is wrong about OpenSSL)
2014-01-21: Fake versus real metaclasses and what a fully functional metaclass is
2014-01-20: A thought about the popularity of server-side JavaScript
2014-01-19: Some thoughts on structured logging, especially in and for databases
2014-01-18: Your web application should have an audit log
2014-01-16: Link: Armin Ronacher's 'More About Unicode in Python 2 and 3'
Debian does not have long term support
2014-01-15: SELinux fails again (Fedora 20 edition)
Real support periods versus nominal official ones
2014-01-14: The problem with OmniOS's 'build your own' view for Perl and Python
2014-01-13: Sadly, we're moving away from Red Hat Enterprise Linux
2014-01-12: Why I don't want fully automated installs
2014-01-11: Why I am not enthused about Red Hat Enterprise 6
2014-01-10: An interesting recent spam run against one of my machines
2014-01-09: Using different sshd options for different origin hosts
2014-01-08: The good and bad of Linux's NetworkManager
2014-01-06: The problem with compiling your own version of Python 3
Some thoughts on blog front pages in the modern era
2014-01-05: Hard drives really do wear out, so you need a a hardware budget
2014-01-04: One aspect of partial versus full entries on blog front pages
2014-01-03: What determines Python 2's remaining lifetime?
2014-01-02: Python 3's core compatibility problem and decision

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.