2014-12-31: |
I love Apache (well, like it at least)
A retrospective on my one Django web application
|
2014-12-30: |
Somewhat to my surprise, classical viruses by email are still a thing
|
2014-12-29: |
How I have partitioning et al set up for ZFS On Linux
|
2014-12-28: |
How I think DNSSec will have to be used in the real world
|
2014-12-27: |
My ZFS On Linux memory problem: competition from the page cache
|
2014-12-26: |
My experience with ZFS on Linux: it's worked pretty well for me
|
2014-12-25: |
DNSSec in the real world: my experience with DNSSec
|
2014-12-24: |
The security effects of tearing down my GRE tunnel on IPSec failure
|
2014-12-22: |
The future of OmniOS here if we can't get 10G-T working on it
Why Go's big virtual size for 64-bit programs makes sense
|
2014-12-21: |
A steady change in the source of blog comment spam attempts
|
2014-12-20: |
Unsurprisingly, laptops make bad to terrible desktops
|
2014-12-19: |
Our likely long road to working 10G-T on OmniOS
|
2014-12-17: |
The potential end of public clients at the university?
|
2014-12-16: |
Does having a separate daemon manager help system resilience?
|
2014-12-15: |
How a Firefox update just damaged practical security
Why your 64-bit Go programs may have a huge virtual size
|
2014-12-14: |
How init wound up as Unix's daemon manager
|
2014-12-13: |
There are two parts to making your code work with Python 3
|
2014-12-12: |
The bad side of systemd: two recent systemd failures
|
2014-12-10: |
What good kernel messages should be about and be like
How to delay your fileserver replacement project by six months or so
|
2014-12-09: |
Why I do unit tests from inside my modules, not outside them
|
2014-12-08: |
Why I don't believe in generic TLS terminator programs
|
2014-12-07: |
How we install Ubuntu machines here
|
2014-12-06: |
Browser addons can effectively create a new browser
|
2014-12-05: |
How security sensitive is information about your network architecture?
|
2014-12-04: |
Log retention versus log analysis, or really logs versus log analysis
|
2014-12-03: |
Security capabilities and reading process memory
|
2014-12-02: |
The unreasonable effectiveness of web crawlers
|
2014-11-30: |
You should keep your system logs for longer than you probably are
TLS versions in connections to my spam-catching sinkhole SMTP server
|
2014-11-29: |
Sometimes you need to turn things into small, readily solvable problems
|
2014-11-28: |
How I made IPSec IKE work for a point to point GRE tunnel on Fedora 20
|
2014-11-26: |
Using iptables to block traffic that's not protected by IPSec
Using go get alone is a bad way to keep track of interesting packages
|
2014-11-25: |
My Linux IPSec/VPN setup and requirements
|
2014-11-24: |
Delays on bad passwords considered harmful, accidental reboot edition
Using the SSH protocol as a secure transport protocol
|
2014-11-23: |
I'm happier ignoring the world of spam and anti-spam
|
2014-11-22: |
The effects of a moderate Hacker News link to here
|
2014-11-21: |
Lisp and data structures: one reason it hasn't attracted me
|
2014-11-20: |
Sometimes the way to solve a problem is to rethink the problem
|
2014-11-18: |
Finding free numbers in a range, crudely, with Unix tools
|
2014-11-17: |
Why I need a browser that's willing to accept bad TLS certificates
|
2014-11-16: |
We've started to decommission our Solaris 10 fileservers
States in a state machine aren't your only representation of state
|
2014-11-15: |
Our current problems with 10G Intel networking on OmniOS
|
2014-11-14: |
Sometimes there are drawbacks to replicating configuration files
|
2014-11-13: |
I want opportunistic, identity-less encryption on the Internet
|
2014-11-12: |
A wish: setting Python 3 to do no implicit Unicode conversions
|
2014-11-10: |
Why I don't have a real profile picture anywhere
What it took to get DWiki running under Python 3
|
2014-11-09: |
NFS hard mounts versus soft mounts
|
2014-11-07: |
What you're saying when you tell people to send in patches
Porting to Python 3 by updating to modern Python 2
|
2014-11-05: |
(Probably) Why Bash imports functions from the environment
The weakness of doing authentication over a side channel
|
2014-11-03: |
Hassles with getting our NFS mount authentication working on Linux
What I'm worried about with retina displays on Linux
|
2014-11-02: |
A drawback in how DWiki parses its wikitext
|
2014-10-31: |
With ZFS, rewriting a file in place might make you run out of space
A drawback to handling errors via exceptions
|
2014-10-29: |
Quick notes on the Linux iptables 'ipset' extension
Unnoticed nonportability in Bourne shell code (and elsewhere)
|
2014-10-28: |
My current somewhat tangled feelings on operator.attrgetter
|
2014-10-27: |
Practical security and automatic updates
|
2014-10-26: |
Things that can happen when (and as) your ZFS pool fills up
|
2014-10-25: |
The difference in available pool space between zfs list and zpool list
|
2014-10-24: |
In Go I've given up and I'm now using standard packages
|
2014-10-23: |
The clarity drawback of allowing comparison functions for sorting
|
2014-10-22: |
Exim's (log) identifiers are basically unique on a given machine
|
2014-10-20: |
Some numbers on our inbound and outbound TLS usage in SMTP
Revisiting Python's string concatenation optimization
|
2014-10-19: |
Vegeta, a tool for web server stress testing
|
2014-10-18: |
During your crisis, remember to look for anomalies
|
2014-10-17: |
My experience doing relatively low level X stuff in Go
|
2014-10-16: |
Don't use dd as a quick version of disk mirroring
|
2014-10-15: |
Why system administrators hate security researchers every so often
|
2014-10-14: |
Bashisms in #!/bin/sh scripts are not necessarily bugs
|
2014-10-13: |
System metrics need to be documented, not just to exist
|
2014-10-12: |
Phish spammers are apparently exploiting mailing list software
|
2014-10-11: |
Thinking about how to create flexible aggregations from causes
|
2014-10-10: |
Where your memory can be going with ZFS on Linux
|
2014-10-09: |
How /proc/slabinfo is not quite telling you what it looks like
|
2014-10-08: |
Simple web application environments and per-request state
|
2014-10-07: |
Why blocking writes are a good Unix API (on pipes and elsewhere)
|
2014-10-06: |
Why it's sensible for large writes to pipes to block
|
2014-10-05: |
Making bug reports is exhausting, frustrating, and stressful
|
2014-10-03: |
Why people are almost never going to be reporting bugs upstream
When using Illumos's lockstat , check the cumulative numbers too
|
2014-10-02: |
The problem with making bug reports about CentOS bugs
|
2014-09-30: |
NetworkManager and network device races
Don't split up error messages in your source code
|
2014-09-28: |
Learning a lesson about spam-related logging (again)
|
2014-09-27: |
Changing major version numbers does not fix compatibility issues
DWiki, Python 3, Python, and me
|
2014-09-26: |
The practical problems with simple web apps that work as HTTP servers
|
2014-09-25: |
Why CGI-BIN scripts are an attractive thing for many people
|
2014-09-24: |
One thing I've come to dislike about systemd
|
2014-09-22: |
Go is mostly easy to cross-compile (with notes)
Another side of my view of Python 3
|
2014-09-21: |
One reason why Go can have methods on nil pointers
|
2014-09-19: |
My view on using VLANs for security
What I mean by passive versus active init systems
|
2014-09-18: |
Ubuntu's packaging failure with mcelog in 14.04
|
2014-09-17: |
In praise of Solaris's pfiles command
|
2014-09-15: |
My collection of spam and the spread of SMTP TLS
I want my signed email to work a lot like SSH does
|
2014-09-14: |
My current hassles with Firefox, Flash, and (HTML5) video
|
2014-09-13: |
What can go wrong with polling for writability on blocking sockets
|
2014-09-12: |
How not to do IO multiplexing, as illustrated by Amanda
|
2014-09-10: |
The cause of our slow Amanda backups and our workaround
Does init actually need to do daemon supervision?
|
2014-09-08: |
What an init system needs to do in the abstract
|
2014-09-07: |
Systemd's fate will be decided by whether or not it works
The kernel should not generate messages at the behest of the Internet
|
2014-09-05: |
A DTrace script to help figure out what process IO is slow
Some uses for SIGSTOP and some cautions
|
2014-09-04: |
Some other benefits of using non-HTTP frontend to backend transports
|
2014-09-03: |
Why we don't want to do any NAT with IPv6
|
2014-09-01: |
An IPv6 dilemma for us: 'sandbox' machine DNS
|
2014-08-31: |
We don't believe in DHCP for (our) servers
The downside of expanding your storage through bigger disks
|
2014-08-30: |
How to change your dm-cache write mode on the fly in Linux
|
2014-08-29: |
A hazard of using synthetic data in tests, illustrated by me
|
2014-08-27: |
One reason why we have to do a major storage migration
The difference between Linux and FreeBSD boosters for me
|
2014-08-26: |
Why I don't like HTTP as a frontend to backend transport mechanism
|
2014-08-24: |
10G Ethernet is a sea change for my assumptions
My spam is (mostly) boring
|
2014-08-23: |
Some notes on Python packaging stuff that wasn't obvious to me
|
2014-08-22: |
Where DTrace aggregates are handled for printing et al
|
2014-08-21: |
How data flows around on the client during an Amanda backup
|
2014-08-20: |
Explicit error checking and the broad exception catching problem
|
2014-08-18: |
An example of a subtle over-broad try in Python
The potential issue with Go's strings
|
2014-08-17: |
The challenges of diagnosing slow backups
|
2014-08-15: |
Caches should be safe by default
A consequence of NFS locking and unlocking not necessarily being fast
|
2014-08-13: |
Bind mounts with systemd and non-fstab filesystems
How you create a systemd .mount file for bind mounts
|
2014-08-11: |
Copying GPT partition tables from disk to disk
|
2014-08-10: |
The problem with self-contained 'application bundle' style packaging
What I want out of a Linux SSD disk cache layer
|
2014-08-09: |
Intel has screwed up their DC S3500 SSDs
|
2014-08-08: |
Hardware can be weird, Intel 10G-T X540-AT2 edition
|
2014-08-06: |
A peculiarity: I'm almost never logged in to websites
|
2014-08-05: |
Why LinkedIn's 'you must join to unsubscribe' is evil
Another piece of my environment: running commands on multiple machines
|
2014-08-04: |
Why our new SAN environment is separate from our old SAN environment
|
2014-08-03: |
Our second generation ZFS fileservers and their setup
|
2014-08-02: |
The benchmarking problems with potentially too-smart SSDs
|
2014-07-31: |
The temptation to rebuild my office machine with its data in ZFS on Linux
|
2014-07-30: |
Why I like ZFS in general
My view on FreeBSD versus Linux, primarily on the desktop
|
2014-07-28: |
FreeBSD, cultural bad blood, and me
|
2014-07-27: |
Go is still a young language
Save your test scripts and other test materials
|
2014-07-25: |
An interesting picky difference between Bourne shells
The OmniOS version of SSH is kind of slow for bulk transfers
|
2014-07-23: |
What influences SSH's bulk transfer speeds
One of SELinux's important limits
|
2014-07-21: |
What I know about the different types of SSH keys (and some opinions)
|
2014-07-20: |
The CBL has a real false positive problem
HTTPS should remain genuinely optional on the web
|
2014-07-19: |
Some consequences of widespread use of OCSP for HTTPS
|
2014-07-18: |
In practice, 10G-T today can be finicky
|
2014-07-16: |
My (somewhat silly) SSD dilemma
|
2014-07-15: |
A data point on how rapidly spammers pick up addresses from the web
|
2014-07-14: |
Unmounting recoverable stale NFS mounts on Linux
|
2014-07-13: |
An obvious reminder: disks can and do die abruptly
Early impressions of CentOS 7
|
2014-07-11: |
You want to turn console blanking off on your Linux servers
Some notes on bisecting a modified Firefox source base with Mercurial
|
2014-07-10: |
The core security problem of SSL on the web is too much trust
|
2014-07-09: |
What the differences are between Python bool s and int s
|
2014-07-08: |
Exploring a surprise with equality in Python
Some thoughts on SAN long-term storage migration
|
2014-07-06: |
Goroutines versus other concurrency handling options in Go
The problem with filenames in IO exceptions and errors
|
2014-07-05: |
Another reason to use frameworks like Django
|
2014-07-04: |
An interesting Go concurrency bug that I inflicted on myself
|
2014-07-02: |
Bash is letting locales destroy shell scripting (at least on Linux)
Why Solaris's SMF is not a good init system
|
2014-07-01: |
An index of non-letter control characters
|
2014-06-30: |
Comparing RPM versions in the shell
My .screenrc
|
2014-06-29: |
The tradeoffs for us in a SAN versus disk servers
|
2014-06-27: |
A retrospective on our overall fileserver architecture et al
A retrospective on our Solaris ZFS-based NFS fileservers (part 2)
|
2014-06-25: |
A retrospective on our Solaris ZFS-based NFS fileservers (part 1)
How my new responsive design here works
|
2014-06-23: |
Python 3 has already succeeded in the long run
|
2014-06-22: |
Things I like about Go
I need some responsive website design around here
|
2014-06-21: |
Sometimes 'unsubscribing' does seem to reduce spam activity
|
2014-06-20: |
What Python versions I can use (June 2014 edition)
|
2014-06-19: |
Some notes on Go's godoc and what it formats how
|
2014-06-18: |
Would I be comfortable documenting our systems in some sort of public?
|
2014-06-16: |
My view: a wiki by itself will not solve your problems
|
2014-06-15: |
The web is social, and thus minor features can matter a lot
Weird spammer behavior: a non-relaying relay attempt
|
2014-06-14: |
I'm not very impressed with Ubuntu 14.04 LTS so far
|
2014-06-13: |
Undoing an errant 'git commit --amend '
|
2014-06-12: |
An init system has two jobs
|
2014-06-11: |
Some thoughts on testing parsers
|
2014-06-10: |
An irritating and interesting su change from Ubuntu 12.04 to 14.04
|
2014-06-09: |
A challenge in new languages: learning to design good APIs
|
2014-06-08: |
The fundamental problem that created su
|
2014-06-07: |
Some ways to do sleazy duck typing in Go (from a Python perspective)
|
2014-06-06: |
On the Internet, weirdness is generally uncommon
|
2014-06-05: |
SMTP's crazy address formats didn't come from nowhere
|
2014-06-04: |
Why I don't like SMTP command parameters
|
2014-06-03: |
My just-used Go logging idiom and why it is in fact wrong
|
2014-06-02: |
Vi's composability antecedent (or one of them)
|
2014-05-31: |
Wnen trying to unsubscribe from spam can be not completely crazy
One of my test based development imperfections: use driven testing
|
2014-05-30: |
In Go, sometimes a nil is not a nil
|
2014-05-29: |
The state of limits on how many groups you can be in (especially for NFS)
|
2014-05-28: |
Yahoo Groups has a bad spam problem and they don't care
|
2014-05-27: |
Some things for enumerated constants in Go
|
2014-05-25: |
Firefox, DRM, and reality
Computing has two versions of 'necessary'
|
2014-05-23: |
What ssh-agent does with multiple keys loaded
Why Java is a compiled language and Python is not
|
2014-05-22: |
Why Python uses bytecode (well, probably): it's simpler
|
2014-05-21: |
How I wish ZFS pool importing could work
|
2014-05-19: |
A building block of my environment: sps , a better tree-based process list
Why desktop Linuxes want you to reboot after updates
|
2014-05-18: |
What it would take to replace Firefox as my web browser
|
2014-05-17: |
The problem of encrypted SSH keys and screen
|
2014-05-16: |
Some notes from migrating towards encrypted SSH keys
|
2014-05-15: |
My personal and biased view of sudo versus su
|
2014-05-14: |
Modern mail forwarding is leaky
|
2014-05-13: |
The security model of sudo versus su
|
2014-05-12: |
The advantages of editors over database programs for modifying your data
|
2014-05-11: |
Why I don't use relational databases in practice
|
2014-05-09: |
Some uses for Python's 'named' form of string formatting
Operating systems cannot be hermetically sealed environments
|
2014-05-08: |
The modern world of spliced together multi-layer DNS resolution
|
2014-05-07: |
How I use Unbound on Fedora 20 to deal with the VPN DNS issue
|
2014-05-06: |
Another problem with building your own packages: dependency issues
|
2014-05-05: |
The power of meaningless identifiers
|
2014-05-04: |
How I set up my Firefox 29's UI
|
2014-05-03: |
My Firefox 29 extensions and addons
|
2014-05-02: |
An important addition to how ZFS deduplication works on the disk
|
2014-04-30: |
Failover versus sparing in theory and in practice
Backup systems, actual hosts, and logical hosts
|
2014-04-29: |
Static sites are stable sites
|
2014-04-28: |
How dynamic language code gets optimized
|
2014-04-27: |
Thoughts about Python classes as structures and optimization
|
2014-04-26: |
What I can see about how ZFS deduplication seems to work on disk
|
2014-04-25: |
A Unix semantics issue if your filesystem can snapshot arbitrary directories
|
2014-04-23: |
How Yahoo's and AOL's DMARC 'reject' policies affect us
At least partially understanding DMARC
|
2014-04-21: |
The question of language longevity for new languages
Thinking about how to split logging up in multiple categories et al
|
2014-04-20: |
A heresy about memorable passwords
|
2014-04-19: |
Cross-system NFS locking and unlocking is not necessarily fast
|
2014-04-18: |
What modern filesystems need from volume management
|
2014-04-17: |
Partly getting around NFS's concurrent write problem
|
2014-04-16: |
Where I feel that btrfs went wrong
|
2014-04-14: |
Chasing SSL certificate chains to build a chain file
My reactions to Python's warnings module
|
2014-04-13: |
A problem: handling warnings generated at low levels in your code
|
2014-04-11: |
The relationship between SSH, SSL, and the Heartbleed bug
What sort of kernel command line arguments Fedora 20's dracut seems to want
|
2014-04-10: |
My current choice of a performance metrics system and why I picked it
|
2014-04-09: |
Pragmatic reactions to a possible SSL private key compromise
|
2014-04-08: |
My goals for gathering performance metrics and statistics
|
2014-04-07: |
Giving in: pragmatic If-Modified-Since handling for Tiny Tiny RSS
|
2014-04-06: |
How not to generate If-Modified-Since headers for conditional GETs
|
2014-04-05: |
An important additional step when shifting software RAID mirrors around
|
2014-04-03: |
Shifting a software RAID mirror from disk to disk in modern Linux
The scariness of uncertainty
|
2014-04-02: |
I'm angry that ZFS still doesn't have an API
|
2014-03-31: |
I'm done with building tools around 'zpool status ' output
Why I sometimes reject patches for my own software
|
2014-03-30: |
One of my worries: our spam filtering in the future
|
2014-03-28: |
Recovering from a drive failure on Fedora 20 with LVM on software RAID
How we wound up with a RFC 1918 IP address visible in our public DNS
|
2014-03-26: |
Why people keep creating new package managers
The DNS TTL problem
|
2014-03-24: |
The importance of having full remote consoles on crucial servers
Why I don't trust transitions to single-user mode
|
2014-03-23: |
Differences in URL and site layout between static and dynamic websites
|
2014-03-22: |
Avoiding reboots should not become a fetish
|
2014-03-21: |
Thinking about when rsync's incremental mode doesn't help
|
2014-03-20: |
Killing (almost) all processes on Linux is not recoverable
|
2014-03-19: |
Why I like ZFS's zfs send and zfs receive
|
2014-03-17: |
Simple versus complex marshalling in Python (and benchmarks)
Rebooting the system if init dies is a hack
|
2014-03-16: |
You don't have to reboot the system if init dies
|
2014-03-14: |
Guessing whether people will unsubscribe from your mailing lists
Logins and related things really do change, and for good reasons
|
2014-03-13: |
The argument about unbound methods versus functions
|
2014-03-11: |
How functions become bound or unbound methods
|
2014-03-10: |
The problem of conditional GET and caches for dynamic websites
|
2014-03-09: |
Solaris gives us a lesson in how not to write documentation
Why we don't change Unix login names for people
|
2014-03-08: |
Why I think 10G-T will be the dominant form of 10G Ethernet
|
2014-03-07: |
Coming to terms with D-Bus
|
2014-03-05: |
A bit more about the various levels of IPC: whether or not they're necessary
ZFS's problem with boot time magic
|
2014-03-03: |
The multiple levels of interprocess communication
|
2014-03-02: |
Googlebot is now aggressively crawling syndication feeds
Cool URL fragments don't change either
|
2014-02-28: |
Yet another problem with configuration by running commands
Arguments for explicit block delimiters in programming languages
|
2014-02-26: |
PCI slot based device names are not necessarily stable
Saying goodbye to the PHP pokers the easy way
|
2014-02-24: |
Nerving myself up to running experimental setups in production
The origins of DWiki and its drifting purpose
|
2014-02-23: |
The problem with indentation in programming languages
|
2014-02-22: |
A subtle advantage of generating absolute path URLs during HTML rendering
|
2014-02-21: |
You should segregate different traffic to different mailing lists
|
2014-02-19: |
Some rough things about the naming of SAS drives on Linux
The reasoning problem with describing things with a programming language
|
2014-02-18: |
People can always unsubscribe from your mailing lists
|
2014-02-17: |
File based engines and the awkward problem of special URLs
|
2014-02-16: |
Why comments aren't immediately visible on entries here
|
2014-02-14: |
'Broken by design: systemd' is itself kind of broken
The good and bad of the System V init system
|
2014-02-13: |
Init's (historical) roles
|
2014-02-11: |
Why systemd is winning the init wars and other things aren't
|
2014-02-10: |
My dividing line between working remotely and working out of the office
|
2014-02-09: |
Why I want a solid ZFS implementation on Linux
Why I'm not looking at installing OmniOS via Kayak
|
2014-02-08: |
You cannot have just one network install server
|
2014-02-07: |
A followup to what sudo emails to ignore and not ignore
A surprise with OmniOS disk sizing: the rpool/dump ZVOL
|
2014-02-06: |
Some thoughts on what sudo emails to ignore and to not ignore
|
2014-02-05: |
An interesting internal Django error we just got
|
2014-02-03: |
The big attraction of SQLite
Technological progress and efficiency
|
2014-02-02: |
An illustration of the problem of noise
|
2014-01-31: |
Why I now believe that duck typed metaclasses are impossible in CPython
Linux has at least two ways that disks can die
|
2014-01-30: |
OmniOS (and by extension Illumos) is pretty much Solaris
|
2014-01-29: |
One cause of Linux's popularity among Unixes
|
2014-01-28: |
Building software packages yourself is generally a waste (why package selection matters)
|
2014-01-27: |
Things that affect how much support you get from a Linux distribution
|
2014-01-26: |
Why writing sysadmin tools in Go is getting attractive
|
2014-01-25: |
The origin of RCS (the version control system)
|
2014-01-24: |
Things I want to remember during a security incident
|
2014-01-22: |
Microsoft has become a spam emitter
Security is everyone's job (why Ruby is wrong about OpenSSL)
|
2014-01-21: |
Fake versus real metaclasses and what a fully functional metaclass is
|
2014-01-20: |
A thought about the popularity of server-side JavaScript
|
2014-01-19: |
Some thoughts on structured logging, especially in and for databases
|
2014-01-18: |
Your web application should have an audit log
|
2014-01-16: |
Link: Armin Ronacher's 'More About Unicode in Python 2 and 3'
Debian does not have long term support
|
2014-01-15: |
SELinux fails again (Fedora 20 edition)
Real support periods versus nominal official ones
|
2014-01-14: |
The problem with OmniOS's 'build your own' view for Perl and Python
|
2014-01-13: |
Sadly, we're moving away from Red Hat Enterprise Linux
|
2014-01-12: |
Why I don't want fully automated installs
|
2014-01-11: |
Why I am not enthused about Red Hat Enterprise 6
|
2014-01-10: |
An interesting recent spam run against one of my machines
|
2014-01-09: |
Using different sshd options for different origin hosts
|
2014-01-08: |
The good and bad of Linux's NetworkManager
|
2014-01-06: |
The problem with compiling your own version of Python 3
Some thoughts on blog front pages in the modern era
|
2014-01-05: |
Hard drives really do wear out, so you need a a hardware budget
|
2014-01-04: |
One aspect of partial versus full entries on blog front pages
|
2014-01-03: |
What determines Python 2's remaining lifetime?
|
2014-01-02: |
Python 3's core compatibility problem and decision
|