Wandering Thoughts archives

2016-12-31: I wish new editors thought about their overall ecology too
Ubuntu's AppArmor system is reasonably and pleasantly non-obnoxious
2016-12-30: A few useful standard readline bindings
2016-12-29: One reason why Go's increment and decrement statements are good to have
2016-12-28: The HTML IMG attributes and styling that I think I want
2016-12-26: A perhaps surprising consequence of Requires dependencies in systemd
Some new-to-me Vim motion commands that I want to try to remember
2016-12-25: What can be going on with your custom management commands in Django 1.10
2016-12-24: I should stop reading some mailing lists during breaks and vacations
2016-12-23: Why the gosimple program is great
2016-12-22: Malware is definitely out there and it's targeting us specifically
2016-12-21: An important little detail of our ZFS spares setup
2016-12-20: In praise of zpool history
2016-12-19: Don't assume you can renew TLS certificates whenever you want to
The great thing about using Let's Encrypt is the automation
2016-12-18: People may be accepting that security questions are a bad idea
2016-12-17: Some conference spammers mutate to show they're definitely spammers
2016-12-15: I now think you should have lots of Let's Encrypt accounts
Understanding the Let's Encrypt authorization process
2016-12-14: Vi, movement commands, efficiency, and me
2016-12-12: Some of my views on Naftali Harris's 'Python 2.8'
Realizing that I'm not actively attracted to FreeBSD for my desktop
2016-12-11: Fedora has become something you can't run if security matters much
2016-12-10: My view of using a docked laptop as my main machine
2016-12-09: It's a good idea to test your spare disks every so often
2016-12-08: Trailing text, a subtle gotcha with Go's fmt.Sscanf
2016-12-07: One reason why user namespaces keep enabling Linux kernel security issues
2016-12-05: My RPM build setup no longer works on Fedora for some packages
One advantage of 'self-hosted' languages
2016-12-04: Terminals are not enough (personal edition)
2016-12-03: One reason why rogue wireless access points are a bigger risk at universities
2016-12-02: IPv6, point to point links, and subnet lengths
2016-11-30: I suspect that lots of IPv6 hosts won't have reverse DNS
Terminals are not enough (sysadmin version)
2016-11-28: Some thoughts about options for light Unix laptops
Some impressions after a brief exposure to a Dell Chromebook 13
2016-11-27: The Chromebook login problem
2016-11-26: What I did to set up IPv6 on my wireless network so it really worked
2016-11-25: Why we don't and can't use the pam_exec PAM module
2016-11-23: Sometimes a little change winds up setting off a large cascade of things
We may have seen a ZFS checksum error be an early signal for later disk failure
2016-11-21: Link: RFC 6919: Further Key Words for Use in RFCs to Indicate Requirement Levels
What I'd like in Illumos/OmniOS: progressive crash dumps
I've wound up feeling tentatively enthusiastic about Python 3
2016-11-20: Is it time to not have platform-dependent integer types in languages?
2016-11-19: Why I don't think subscription-based charging gets you stability
2016-11-18: Unix shells and the problem of too-smart autocompletion
2016-11-17: Link: Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms
The somewhat odd subject of Django versus Python
2016-11-16: Go's arbitrary-precision constants and cross compilation
2016-11-14: Open source and the problem of pure maintenance
2016-11-13: Why I believe native apps are not doomed by progressive web apps
Modern shells and running shell scripts while seteuid
2016-11-11: My view on accepting bounces and replies to your email
Yahoo Groups slides further down the spam source slope
2016-11-09: Getting a Yubikey 4 working on Ubuntu 14.04 LTS and other older Linuxes (in PIV mode)
I assume that it's always possible to compromise our security somehow
2016-11-08: Security often involves not doing things
2016-11-07: Why we have multiple wireless networks around here
The other reason why I've wound up not interested in firewall managers
2016-11-06: Admitting that I have have a non-simple firewall setup
2016-11-05: Web pages versus APIs, or my views on handling 'bad' requests
2016-11-04: Caution is a mistake in modern web servers and apps
2016-11-03: I suspect that browsers are not fully prepared for bad CAs
2016-11-01: Encouragingly, browsers have not backed down over WoSign
2016-10-31: DKMS kind of has a problem with its error messages
Link: Linux containers in 500 lines of code
Why I'm interested in nftables, the theoretical Linux iptables replacement
2016-10-30: How modern SSH key exchange provides (strong) protection against attacks
2016-10-29: More on SSH, public key authentication, and 'man in the middle' attacks
2016-10-28: How I set up a DHCP client for my backup Internet connection
2016-10-26: Why I'm unhappy with how Debian builds from source packages right now
What I'm doing to use a Yubikey in Fedora 24's Cinnamon desktop environment
2016-10-24: On classifying phish spam as malware, an update
How I've wound up being one of the people who don't update IoT firmware
2016-10-23: I should keep a released version of the Go compiler suite
2016-10-22: The shutdown program on a modern systemd-based Linux system
2016-10-21: The shutdown command is a relic of BSD's historical origins
2016-10-20: I like the Python 3 string .translate() method
2016-10-19: Writing in Python 3 has been a positive experience so far
2016-10-17: Making my Yubikey work reasonably with my X screen locking
2016-10-16: Why we care about long uptimes
How I managed to shoot myself in the foot with my local DNS resolver
2016-10-15: ZFS's 'panic on on-disk corruption' behavior is a serious flaw
2016-10-14: Watch out for web server configurations that 'cross over' between sites
2016-10-13: How I've set up SSH keys on my Yubikey 4 (so far)
2016-10-12: I have yet to start using any smartphone two-factor authentication
2016-10-10: How and why the new iptables -w option is such a terrible fumble
The modern web is an unpredictable and strange place to develop for
2016-10-09: What I think I want out of CPU performance in a new PC
2016-10-08: I have a blind spot where it comes to using chmod's symbolic modes
2016-10-07: Why OmniOS boot environments don't solve our upgrade issues
2016-10-06: How we could update our iSCSI backends and why we probably won't
2016-10-05: Linux can be really stable under the right circumstances
2016-10-03: My take on Git rebasing versus cherry-picking
2016-10-02: Why I've put a Twitter client on my smartphone
The MyDoom worm is still out there
2016-09-30: Some git repository manipulations that I don't know how to do well
In search of modest scale structured syslog analysis
2016-09-29: Making systemd-networkd really skip trying IPv6 on your networks
2016-09-28: Why I switched to the rc shell
2016-09-27: Why we're going to switch from SunSSH to OpenSSH on our fileservers
2016-09-25: How I live without shell job control
A surprising benefit of command/program completion in my shell
2016-09-23: You probably want to start using the -w option with iptables
Git's selective commits plus Magit are a killer feature for me
2016-09-22: Why we've wound up without ZFS ZILs or L2ARCs on our pools
2016-09-20: Today I learned that you want to use strace -fp
2016-09-19: A surprise with switching to holding keys in ssh-agent
My view on spam and potential denial of service attacks on anti-spam systems
2016-09-18: A little shift in malware packaging that I got to watch
2016-09-17: What encoding the syslog module uses in Python 3
2016-09-16: A shell thing: globbing operators versus expansion operators
2016-09-15: What I did to set up IPv6 on my wireless network
2016-09-14: When iptables SNAT and routing happens, and how this is annoying
2016-09-13: I don't understand Linux iptables NAT as well as I should
2016-09-12: A bunch of my sysadmin work seems to be like gardening
2016-09-11: We're probably going to see a major Certificate Authority de-trusted
2016-09-10: Link: Actually using ed
Some notes on curating the set of CAs that Firefox trusts
2016-09-09: Someone's exploiting Google's account recovery system to send spam
2016-09-08: Why my smartphone is going to be an iPhone
2016-09-06: Modules should never raise core Python exceptions
2016-09-05: Using Magit to selectively discard changes in your git working tree
An argparse limitation with nargs="*" and choices=...
2016-09-04: What I want in Vim with the mouse (and why I don't think I can have it)
2016-09-03: Why semantic versioning is not going to solve all our problems
2016-09-02: Some thoughts on Python 3 module APIs and Unicode conversion errors
2016-08-31: Python 3 module APIs and the question of Unicode conversion errors
The various IDs of disks, filesystems, software RAID, LVM, et al in Linux
2016-08-30: Bourne's getopts sadly makes simple shell scripts more cluttered and verbose
2016-08-29: Phones and tablets are going to change what sort of passwords I use
2016-08-28: My logic of blocking certain sorts of attachments outright
2016-08-26: Why ZFS L2ARC is probably not a good fit for our setup
2016-08-25: The single editor myth(ology)
2016-08-24: Blindly trying to copy a web site these days is hazardous
more, less, and a story of typical Unix fossilization
2016-08-23: Link: File crash consistency and filesystems are hard
Link: Git from the inside out
2016-08-22: A belated realization about 'TLS suicide' and user CGIs et al
An interesting case of NFS traffic (probably) holding a ZFS snapshot busy
2016-08-21: My pragmatic decision on GNU Emacs versus vim for my programming
2016-08-19: My current Go autocompletion setup in GNU Emacs
Localhost is (sometimes) a network
2016-08-17: A surprising missing Unix command: waiting until a time is reached
2016-08-16: How you tell what signals a Linux process is ignoring
2016-08-15: My ambivalent view on Vim superintelligence, contrasted with GNU Emacs
Some options for reindenting (some of) my existing Python code
2016-08-14: Code alone can tell you the what but it cannot tell you why
2016-08-13: What I did to set up a wireless network and what I have left to do
2016-08-12: I think I'm going to shift my style of Python indentation
2016-08-10: Systemd has a problem with SATA disks behind port multipliers
A look into a future where things assume you have a smartphone
2016-08-08: I need more than one way to get on the Internet from home
2016-08-07: Why I like the sam editor
The harm that comes from ZFS not being GPL-compatible
2016-08-05: Free software licenses are social things, not just legal ones
It's likely worth re-detecting your system's sensor chips every so often
2016-08-03: Some malware that sends interesting fake mailing list messages
Containerization as the necessary end point of deployment automation
2016-08-01: My new key binding hack for xcape and dmenu
2016-07-31: I've become mostly indifferent to what language something is written in
(Not) changing the stop timeout for systemd login session scopes
2016-07-30: The perils of having an ancient $HOME (a yak shaving story)
2016-07-29: My surprise problem with considering a new PC: actually building it
2016-07-28: A bit about what we use DTrace for (and when)
2016-07-27: When 'simple' DNS blocklists work well for you
2016-07-25: An irritating systemd behavior when you tell it to reboot the system
I should learn more about Grub2
2016-07-24: My view on people who are assholes on the Internet
2016-07-23: My current set of Chrome extensions (as of July 2016)
2016-07-22: Ubuntu 16.04's irritatingly broken MySQL updates
2016-07-21: My current set of essential extensions for Firefox profiles
2016-07-20: Official source release builds should not abort on (compilation) warnings
2016-07-19: How not to set up your DNS (part 23)
An interesting (and alarming) Grub2 error and its cause
2016-07-17: A good solution to our Unbound caching problem that sadly won't work
DNS resolution cannot be segmented (and what I mean by that)
2016-07-16: A caching and zone refresh problem with Unbound
2016-07-15: Sudo and changes in security expectations (and user behaviors)
2016-07-14: Your C compiler's optimizer can make your bad programs compile
2016-07-13: Our central web server, Apache, and slow downloads
2016-07-12: How we do MIME attachment type logging with Exim
2016-07-11: Why Python can't have a full equivalent of Go's gofmt
2016-07-10: Some options for logging attachment information in an Exim environment
2016-07-09: How Exim's ${run ...} string expansion operator does quoting
2016-07-08: Some notes on UID and GID remapping in the Illumos/OmniOS NFS server
2016-07-06: Keeping around an index to the disk bays on our iSCSI backends
It turns out that viruses do try to conceal their ZIP files
2016-07-04: A feature I wish the Linux NFS client had: remapping UIDs and GIDs
2016-07-03: An irritating little bug in the latest GNU Emacs Python autoindent code
2016-07-02: cal's unfortunate problem with argument handling
2016-07-01: How backwards compatibility causes us pain with our IMAP servers
2016-06-30: Some advantages of using argparse to handle arguments as well as options
What makes a email MIME part an attachment?
2016-06-29: Modern DNS servers (especially resolvers) should have query logging
2016-06-27: Today's lesson on the value of commenting your configuration settings
If you send email, don't expect people to help you with abuse handling
2016-06-26: How not to maintain your DNS (part 22)
2016-06-25: What Python 3 versions Django supports, and when this changes
2016-06-24: Our new plan for creating our periodic long term backups
2016-06-22: I need to cultivate some new coding habits for Python 3 ready code
Moving from Python 2 to Python 3 calls for a code inventory
2016-06-20: A tiny systemd convenience: it can reboot the system from RAM alone
2016-06-19: A lesson to myself: know your emergency contact numbers
Why ZFS can't really allow you to add disks to raidz vdevs
2016-06-18: It's easier to shrink RAID disk volumes than to reshape them
2016-06-17: Why you can't remove a device from a ZFS pool to shrink it
2016-06-15: How (some) syndication feed readers deal with HTTP to HTTPS redirections
ZFS on Linux has just fixed a long standing little annoyance
2016-06-14: Some notes on how xdg-open picks which web browser to use
How xdg-mime searches for MIME type handlers (more or less)
2016-06-12: There are (at least) two sorts of DNS blocklists
Some notes on adding exposed statistics to a (Go) program
2016-06-11: I accept that someday I'll give up MH and move to IMAP mail clients
2016-06-10: An email mistake I've made as a long-term university sysadmin
2016-06-09: My concern about the potential dominance of the mobile web
2016-06-08: How dominant is the mobile web (versus the desktop web)?
2016-06-06: My views of Windows 10 (from the outside)
I work in what is increasingly a pretty different sysadmin environment
2016-06-05: My approach for inspecting Go error values
2016-06-04: The (Unix) shell is not just for running programs
2016-06-03: One thing that makes the Bourne shell an odd language
2016-06-02: Spammers can abandon SMTP connections not infrequently
2016-05-31: Understanding the modern view of security
2016-05-30: The browser security dilemma
'Command line text editor' is not the same as 'terminal-based text editor'
2016-05-29: What does 'success' mean for a research operating system?
2016-05-28: A problem with using old OmniOS versions: disconnection from the community
2016-05-27: Your overall anti-spam system should have manual emergency blocks
2016-05-26: Why SELinux is inherently complex
2016-05-25: SELinux is beyond saving at this point
2016-05-23: How fast fileserver failover could matter to us
2016-05-22: Our problem with OmniOS upgrades: we'll probably never do any more
My view of Barracuda's public DNSBL
2016-05-21: Please stop the Python 2 security scaremongering
2016-05-20: Some notes on abusing the pexpect Python module
2016-05-19: Some basic data on the hit rate of the Spamhaus DBL here
2016-05-18: Go does not have atomic variables, only atomic access to variables
2016-05-16: A quick trick: using Go structs to create namespaces
Discovering my personal limit on how much I care about security
2016-05-15: It's time for me to upgrade my filtering HTTP proxy
2016-05-14: IPv6 is the future of the Internet
2016-05-13: You can call bind() on outgoing sockets, but you don't want to
2016-05-11: We're never going to be able to have everyone use two factor authentication
The difference between 'Delete' and 'Destroy' in X window managers
2016-05-09: An Apache trick: using directories to create redirections
You can't use expvar.Func to expose a bunch of expvar types
2016-05-08: Issues in fair share scheduling of RAM via resident set sizes
2016-05-07: 'Fair share' scheduling pretty much requires a dynamic situation
2016-05-06: A weird little Firefox glitch with cut and paste
2016-05-04: My annoyance with Chrome's cut and paste support under X
The better way to clear SMART disk complaints, with safety provided by ZFS
2016-05-02: How I think you set up fair share scheduling under systemd
The state of supporting many groups over NFS v3 in various Unixes
2016-04-30: I should keep and check notes even on my own little problems
A story of the gradual evolution of network speeds without me noticing
2016-04-29: You should plan for your anti-spam scanner malfunctioning someday
2016-04-28: You should probably track what types of files your users get in email
2016-04-26: How 'there are no technical solutions to social problems' is wrong
Bad slide navigation on the web and understanding why it's bad
2016-04-25: Why you mostly don't want to do in-place Linux version upgrades
2016-04-24: Why we have CentOS machines as well as Ubuntu ones
2016-04-23: Why I think Illumos/OmniOS uses PCI subsystem IDs
2016-04-22: What Illumos/OmniOS PCI device names seem to mean
2016-04-20: A brief review of the HP three button USB optical mouse
How to get Unbound to selectively add or override DNS records
2016-04-19: Today's odd spammer behavior for sender addresses
2016-04-18: Why your Apache should have mod_status configured somewhere
2016-04-17: Why Unix needs a standard way to deal with the file durability problem
2016-04-16: Why I think Let's Encrypt won't be a threat to commercial CAs for now
2016-04-15: Unbound illustrates the Unix manpage mistake with its ratelimits documentation
2016-04-14: Unix's file durability problem
2016-04-13: How I'm trying to do durable disk writes here on Wandering Thoughts
2016-04-12: There's a spectrum of 'pets versus cattle' in servers
2016-04-11: Why I don't use HTTP Key Pinning and I'm not likely to any time soon
2016-04-10: SPF is not a security feature, as it solves the wrong problem
2016-04-09: Why your Ubuntu server stalls a while on boot if networking has problems
2016-04-08: How to shoot yourself in the foot with /etc/network/interfaces on Ubuntu
2016-04-06: What is behind Unix's 'Text file is busy' error
How options in my programs conflict, and where argparse falls short
2016-04-05: Some notes on Go's expvar package
2016-04-04: The three types of challenges that Let's Encrypt currently supports
2016-04-03: Let's Encrypt certificates can be used for more than HTTPS
2016-04-01: A surprise to watch out for with Go's expvar package (in expvar.Var)
2016-03-31: My initial experience of using NSD as a simple authoritative DNS server
2016-03-30: I've now used Python's argparse module and I like it
My view of Debian's behavior on package upgrades with new dependencies
2016-03-28: An awkward confession and what we should do about it
Why I don't think upgrading servers would save us much power
2016-03-27: The limits of open source with Illumos and OmniOS
2016-03-26: The sensible update for my vintage 2011 home machine
2016-03-25: There's a relationship between server utilization and server lifetime
2016-03-23: How old our servers are (as of 2016)
Wayland and graphics card uncertainty
2016-03-21: Current PC technology churn that makes me reluctant to think about a new PC
When you want non-mutating methods in Go
2016-03-20: What broad hit rate the Spamhaus DBL might get for us
2016-03-18: The Spamhaus DBL does get hits even with basic checks
Some things I believe about importance and web page design
2016-03-16: How 'from module import ...' is not doing what you may expect
I wish I could split up code more easily in Python
2016-03-14: An additional small detail of how writes work on ZFS raidzN pools
How RPM handles configuration files, both technically and socially
2016-03-13: I've started using the Firefox addon Self-Destructing Cookies for some stuff
2016-03-11: Why it's irritating when Ubuntu packages don't include their configuration files
I need to use getopts sooner (and more often) in Bourne shell scripts
2016-03-09: A sensible surprise (to me) in the Bourne shell's expansion of "$@"
Some thoughts on ways of choosing what TLS ciphers to support
2016-03-07: Why it makes sense for true and false to ignore their arguments
Apt-get and its irritating lack of easy selective upgrades
2016-03-06: Firefox addons seem unfortunately prone to memory leaks
2016-03-05: What happens when a modern Linux system boots without /bin/sh
2016-03-04: Some notes on supporting readline (tab) completion in your Python program
2016-03-03: My views on clients for Lets Encrypt
2016-03-02: Some notes on OpenSSH's optional hostname canonicalization
2016-02-29: Turning over a rock on some weird HTTP requests to our web server
Sometimes, doing a bunch of programming can be the right answer
2016-02-28: The status of null-sender spam from outlook.com
2016-02-27: Link: A Short History Of Removable Media Behind The Iron Curtain
Sometimes brute force is the answer, Samba edition
2016-02-26: Our problem with iSCSI connections at boot on OmniOS
2016-02-24: Mozilla, Symantec, SHA-1 certificates, and the balance of power
I'm often an iterative and experimental programmer
2016-02-22: We've permanently disabled overlayfs on our servers
The university's coordination problem
2016-02-21: Why the Ubuntu package update process makes me irritated
2016-02-20: My two usage cases for Let's Encrypt certificates
2016-02-19: We can't use Let's Encrypt on our production systems right now
2016-02-18: Two models of dealing with cookies in Firefox with addons
2016-02-17: The many load averages of Unix(es)
2016-02-16: Whether or not to use cgo for Go packages, illustrated in a dilemma
2016-02-15: SMTP submission ratelimits should have delays too
2016-02-14: Your outgoing mail system should have a per-sender stop switch
2016-02-12: We need to deploy anti-spam precautions even if they're a bit imperfect
Adding a new template filter in Django 1.9, and a template tag annoyance
2016-02-11: My current views on using OpenSSH with CA-based host and user authentication
2016-02-10: The fundamental practical problem with the Certificate Authority model
2016-02-08: Old Unix filesystems and byte order
Clearing SMART disk complaints, with safety provided by ZFS
2016-02-07: Your SSH keys are a (potential) information leak
2016-02-06: You can have many matching stanzas in your ssh_config
2016-02-05: Some notes on SMF manifests (on OmniOS) and what goes in them
2016-02-03: Django, the timesince template filter, and non-breaking spaces
You aren't entitled to good errors from someone else's web app
2016-02-02: A justification for some odd Linux ARP behavior
2016-01-31: One thing I don't like about Fedora is slow security updates
The tradeoffs of having ssh-agent hold all of your SSH keys
2016-01-30: Some good practices for handling OpenSSH keypairs
2016-01-29: What SSH identities will be offered to a remote server and when
2016-01-28: Modern Django makes me repeat myself in the name of something
2016-01-26: Why my home backup situation is currently a bit awkward
Low level issues can have quite odd high level symptoms (again)
2016-01-25: A Python wish: an easy, widely supported way to turn a path into a module
2016-01-24: Hostile HTTPS interception on the modern web is now increasingly costly and risky
2016-01-22: Browsers are increasingly willing to say no to users over HTTPS issues
Memory-safe languages and reading very sensitive files
2016-01-21: One example of why I like ZFS on Linux
2016-01-20: Illumos's ZFS prefetching has recently become less superintelligent than it used to be
2016-01-18: Today I learned that a syslog server can be very silent on the network
A limitation of tcpdump is that you can't tell in from out
2016-01-17: My theory on how network loop caused the problem we observed
2016-01-15: Network loops can have weird effects (at least sometimes)
Things I learned from OpenSSH about reading very sensitive files
2016-01-13: What I want out of backups for my home machine (in the abstract)
Your system's performance is generally built up in layers
2016-01-11: The drawback of setting an explicit mount point for ZFS filesystems
The benefits of flexible space usage in filesystems
2016-01-10: Updating software to IPv6 is often harder than you might think
2016-01-09: The convenience of having keyboard controls for sound volume
2016-01-08: Getting to watch a significant spam campaign recently
2016-01-07: The format of strings in early (pre-C) Unix
2016-01-06: A fun Bash buffering bug (apparently on Linux only)
2016-01-05: Illumos's problem with its VCS commit messages
2016-01-04: How I do per-address blocklists with Exim
2016-01-03: One anti-spam thing I like is per-person (or per-address) blocklists
2016-01-02: I've realized I need to change how I read Twitter

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.