| 2016-08-01: |
My new key binding hack for xcape and dmenu
|
| 2016-07-31: |
I've become mostly indifferent to what language something is written in
(Not) changing the stop timeout for systemd login session scopes
|
| 2016-07-30: |
The perils of having an ancient $HOME (a yak shaving story)
|
| 2016-07-29: |
My surprise problem with considering a new PC: actually building it
|
| 2016-07-28: |
A bit about what we use DTrace for (and when)
|
| 2016-07-27: |
When 'simple' DNS blocklists work well for you
|
| 2016-07-25: |
An irritating systemd behavior when you tell it to reboot the system
I should learn more about Grub2
|
| 2016-07-24: |
My view on people who are assholes on the Internet
|
| 2016-07-23: |
My current set of Chrome extensions (as of July 2016)
|
| 2016-07-22: |
Ubuntu 16.04's irritatingly broken MySQL updates
|
| 2016-07-21: |
My current set of essential extensions for Firefox profiles
|
| 2016-07-20: |
Official source release builds should not abort on (compilation) warnings
|
| 2016-07-19: |
How not to set up your DNS (part 23)
An interesting (and alarming) Grub2 error and its cause
|
| 2016-07-17: |
A good solution to our Unbound caching problem that sadly won't work
DNS resolution cannot be segmented (and what I mean by that)
|
| 2016-07-16: |
A caching and zone refresh problem with Unbound
|
| 2016-07-15: |
Sudo and changes in security expectations (and user behaviors)
|
| 2016-07-14: |
Your C compiler's optimizer can make your bad programs compile
|
| 2016-07-13: |
Our central web server, Apache, and slow downloads
|
| 2016-07-12: |
How we do MIME attachment type logging with Exim
|
| 2016-07-11: |
Why Python can't have a full equivalent of Go's gofmt
|
| 2016-07-10: |
Some options for logging attachment information in an Exim environment
|
| 2016-07-09: |
How Exim's ${run ...} string expansion operator does quoting
|
| 2016-07-08: |
Some notes on UID and GID remapping in the Illumos/OmniOS NFS server
|
| 2016-07-06: |
Keeping around an index to the disk bays on our iSCSI backends
It turns out that viruses do try to conceal their ZIP files
|
| 2016-07-04: |
A feature I wish the Linux NFS client had: remapping UIDs and GIDs
|
| 2016-07-03: |
An irritating little bug in the latest GNU Emacs Python autoindent code
|
| 2016-07-02: |
cal's unfortunate problem with argument handling
|
| 2016-07-01: |
How backwards compatibility causes us pain with our IMAP servers
|
| 2016-06-30: |
Some advantages of using argparse to handle arguments as well as options
What makes a email MIME part an attachment?
|
| 2016-06-29: |
Modern DNS servers (especially resolvers) should have query logging
|
| 2016-06-27: |
Today's lesson on the value of commenting your configuration settings
If you send email, don't expect people to help you with abuse handling
|
| 2016-06-26: |
How not to maintain your DNS (part 22)
|
| 2016-06-25: |
What Python 3 versions Django supports, and when this changes
|
| 2016-06-24: |
Our new plan for creating our periodic long term backups
|
| 2016-06-22: |
I need to cultivate some new coding habits for Python 3 ready code
Moving from Python 2 to Python 3 calls for a code inventory
|
| 2016-06-20: |
A tiny systemd convenience: it can reboot the system from RAM alone
|
| 2016-06-19: |
A lesson to myself: know your emergency contact numbers
Why ZFS can't really allow you to add disks to raidz vdevs
|
| 2016-06-18: |
It's easier to shrink RAID disk volumes than to reshape them
|
| 2016-06-17: |
Why you can't remove a device from a ZFS pool to shrink it
|
| 2016-06-15: |
How (some) syndication feed readers deal with HTTP to HTTPS redirections
ZFS on Linux has just fixed a long standing little annoyance
|
| 2016-06-14: |
Some notes on how xdg-open picks which web browser to use
How xdg-mime searches for MIME type handlers (more or less)
|
| 2016-06-12: |
There are (at least) two sorts of DNS blocklists
Some notes on adding exposed statistics to a (Go) program
|
| 2016-06-11: |
I accept that someday I'll give up MH and move to IMAP mail clients
|
| 2016-06-10: |
An email mistake I've made as a long-term university sysadmin
|
| 2016-06-09: |
My concern about the potential dominance of the mobile web
|
| 2016-06-08: |
How dominant is the mobile web (versus the desktop web)?
|
| 2016-06-06: |
My views of Windows 10 (from the outside)
I work in what is increasingly a pretty different sysadmin environment
|
| 2016-06-05: |
My approach for inspecting Go error values
|
| 2016-06-04: |
The (Unix) shell is not just for running programs
|
| 2016-06-03: |
One thing that makes the Bourne shell an odd language
|
| 2016-06-02: |
Spammers can abandon SMTP connections not infrequently
|
| 2016-05-31: |
Understanding the modern view of security
|
| 2016-05-30: |
The browser security dilemma
'Command line text editor' is not the same as 'terminal-based text editor'
|
| 2016-05-29: |
What does 'success' mean for a research operating system?
|
| 2016-05-28: |
A problem with using old OmniOS versions: disconnection from the community
|
| 2016-05-27: |
Your overall anti-spam system should have manual emergency blocks
|
| 2016-05-26: |
Why SELinux is inherently complex
|
| 2016-05-25: |
SELinux is beyond saving at this point
|
| 2016-05-23: |
How fast fileserver failover could matter to us
|
| 2016-05-22: |
Our problem with OmniOS upgrades: we'll probably never do any more
My view of Barracuda's public DNSBL
|
| 2016-05-21: |
Please stop the Python 2 security scaremongering
|
| 2016-05-20: |
Some notes on abusing the pexpect Python module
|
| 2016-05-19: |
Some basic data on the hit rate of the Spamhaus DBL here
|
| 2016-05-18: |
Go does not have atomic variables, only atomic access to variables
|
| 2016-05-16: |
A quick trick: using Go structs to create namespaces
Discovering my personal limit on how much I care about security
|
| 2016-05-15: |
It's time for me to upgrade my filtering HTTP proxy
|
| 2016-05-14: |
IPv6 is the future of the Internet
|
| 2016-05-13: |
You can call bind() on outgoing sockets, but you don't want to
|
| 2016-05-11: |
We're never going to be able to have everyone use two factor authentication
The difference between 'Delete' and 'Destroy' in X window managers
|
| 2016-05-09: |
An Apache trick: using directories to create redirections
You can't use expvar.Func to expose a bunch of expvar types
|
| 2016-05-08: |
Issues in fair share scheduling of RAM via resident set sizes
|
| 2016-05-07: |
'Fair share' scheduling pretty much requires a dynamic situation
|
| 2016-05-06: |
A weird little Firefox glitch with cut and paste
|
| 2016-05-04: |
My annoyance with Chrome's cut and paste support under X
The better way to clear SMART disk complaints, with safety provided by ZFS
|
| 2016-05-02: |
How I think you set up fair share scheduling under systemd
The state of supporting many groups over NFS v3 in various Unixes
|
| 2016-04-30: |
I should keep and check notes even on my own little problems
A story of the gradual evolution of network speeds without me noticing
|
| 2016-04-29: |
You should plan for your anti-spam scanner malfunctioning someday
|
| 2016-04-28: |
You should probably track what types of files your users get in email
|
| 2016-04-26: |
How 'there are no technical solutions to social problems' is wrong
Bad slide navigation on the web and understanding why it's bad
|
| 2016-04-25: |
Why you mostly don't want to do in-place Linux version upgrades
|
| 2016-04-24: |
Why we have CentOS machines as well as Ubuntu ones
|
| 2016-04-23: |
Why I think Illumos/OmniOS uses PCI subsystem IDs
|
| 2016-04-22: |
What Illumos/OmniOS PCI device names seem to mean
|
| 2016-04-20: |
A brief review of the HP three button USB optical mouse
How to get Unbound to selectively add or override DNS records
|
| 2016-04-19: |
Today's odd spammer behavior for sender addresses
|
| 2016-04-18: |
Why your Apache should have mod_status configured somewhere
|
| 2016-04-17: |
Why Unix needs a standard way to deal with the file durability problem
|
| 2016-04-16: |
Why I think Let's Encrypt won't be a threat to commercial CAs for now
|
| 2016-04-15: |
Unbound illustrates the Unix manpage mistake with its ratelimits documentation
|
| 2016-04-14: |
Unix's file durability problem
|
| 2016-04-13: |
How I'm trying to do durable disk writes here on Wandering Thoughts
|
| 2016-04-12: |
There's a spectrum of 'pets versus cattle' in servers
|
| 2016-04-11: |
Why I don't use HTTP Key Pinning and I'm not likely to any time soon
|
| 2016-04-10: |
SPF is not a security feature, as it solves the wrong problem
|
| 2016-04-09: |
Why your Ubuntu server stalls a while on boot if networking has problems
|
| 2016-04-08: |
How to shoot yourself in the foot with /etc/network/interfaces on Ubuntu
|
| 2016-04-06: |
What is behind Unix's 'Text file is busy' error
How options in my programs conflict, and where argparse falls short
|
| 2016-04-05: |
Some notes on Go's expvar package
|
| 2016-04-04: |
The three types of challenges that Let's Encrypt currently supports
|
| 2016-04-03: |
Let's Encrypt certificates can be used for more than HTTPS
|
| 2016-04-01: |
A surprise to watch out for with Go's expvar package (in expvar.Var)
|
| 2016-03-31: |
My initial experience of using NSD as a simple authoritative DNS server
|
| 2016-03-30: |
I've now used Python's argparse module and I like it
My view of Debian's behavior on package upgrades with new dependencies
|
| 2016-03-28: |
An awkward confession and what we should do about it
Why I don't think upgrading servers would save us much power
|
| 2016-03-27: |
The limits of open source with Illumos and OmniOS
|
| 2016-03-26: |
The sensible update for my vintage 2011 home machine
|
| 2016-03-25: |
There's a relationship between server utilization and server lifetime
|
| 2016-03-23: |
How old our servers are (as of 2016)
Wayland and graphics card uncertainty
|
| 2016-03-21: |
Current PC technology churn that makes me reluctant to think about a new PC
When you want non-mutating methods in Go
|
| 2016-03-20: |
What broad hit rate the Spamhaus DBL might get for us
|
| 2016-03-18: |
The Spamhaus DBL does get hits even with basic checks
Some things I believe about importance and web page design
|
| 2016-03-16: |
How 'from module import ...' is not doing what you may expect
I wish I could split up code more easily in Python
|
| 2016-03-14: |
An additional small detail of how writes work on ZFS raidzN pools
How RPM handles configuration files, both technically and socially
|
| 2016-03-13: |
I've started using the Firefox addon Self-Destructing Cookies for some stuff
|
| 2016-03-11: |
Why it's irritating when Ubuntu packages don't include their configuration files
I need to use getopts sooner (and more often) in Bourne shell scripts
|
| 2016-03-09: |
A sensible surprise (to me) in the Bourne shell's expansion of "$@"
Some thoughts on ways of choosing what TLS ciphers to support
|
| 2016-03-07: |
Why it makes sense for true and false to ignore their arguments
Apt-get and its irritating lack of easy selective upgrades
|
| 2016-03-06: |
Firefox addons seem unfortunately prone to memory leaks
|
| 2016-03-05: |
What happens when a modern Linux system boots without /bin/sh
|
| 2016-03-04: |
Some notes on supporting readline (tab) completion in your Python program
|
| 2016-03-03: |
My views on clients for Lets Encrypt
|
| 2016-03-02: |
Some notes on OpenSSH's optional hostname canonicalization
|
| 2016-02-29: |
Turning over a rock on some weird HTTP requests to our web server
Sometimes, doing a bunch of programming can be the right answer
|
| 2016-02-28: |
The status of null-sender spam from outlook.com
|
| 2016-02-27: |
Link: A Short History Of Removable Media Behind The Iron Curtain
Sometimes brute force is the answer, Samba edition
|
| 2016-02-26: |
Our problem with iSCSI connections at boot on OmniOS
|
| 2016-02-24: |
Mozilla, Symantec, SHA-1 certificates, and the balance of power
I'm often an iterative and experimental programmer
|
| 2016-02-22: |
We've permanently disabled overlayfs on our servers
The university's coordination problem
|
| 2016-02-21: |
Why the Ubuntu package update process makes me irritated
|
| 2016-02-20: |
My two usage cases for Let's Encrypt certificates
|
| 2016-02-19: |
We can't use Let's Encrypt on our production systems right now
|
| 2016-02-18: |
Two models of dealing with cookies in Firefox with addons
|
| 2016-02-17: |
The many load averages of Unix(es)
|
| 2016-02-16: |
Whether or not to use cgo for Go packages, illustrated in a dilemma
|
| 2016-02-15: |
SMTP submission ratelimits should have delays too
|
| 2016-02-14: |
Your outgoing mail system should have a per-sender stop switch
|
| 2016-02-12: |
We need to deploy anti-spam precautions even if they're a bit imperfect
Adding a new template filter in Django 1.9, and a template tag annoyance
|
| 2016-02-11: |
My current views on using OpenSSH with CA-based host and user authentication
|
| 2016-02-10: |
The fundamental practical problem with the Certificate Authority model
|
| 2016-02-08: |
Old Unix filesystems and byte order
Clearing SMART disk complaints, with safety provided by ZFS
|
| 2016-02-07: |
Your SSH keys are a (potential) information leak
|
| 2016-02-06: |
You can have many matching stanzas in your ssh_config
|
| 2016-02-05: |
Some notes on SMF manifests (on OmniOS) and what goes in them
|
| 2016-02-03: |
Django, the timesince template filter, and non-breaking spaces
You aren't entitled to good errors from someone else's web app
|
| 2016-02-02: |
A justification for some odd Linux ARP behavior
|
| 2016-01-31: |
One thing I don't like about Fedora is slow security updates
The tradeoffs of having ssh-agent hold all of your SSH keys
|
| 2016-01-30: |
Some good practices for handling OpenSSH keypairs
|
| 2016-01-29: |
What SSH identities will be offered to a remote server and when
|
| 2016-01-28: |
Modern Django makes me repeat myself in the name of something
|
| 2016-01-26: |
Why my home backup situation is currently a bit awkward
Low level issues can have quite odd high level symptoms (again)
|
| 2016-01-25: |
A Python wish: an easy, widely supported way to turn a path into a module
|
| 2016-01-24: |
Hostile HTTPS interception on the modern web is now increasingly costly and risky
|
| 2016-01-22: |
Browsers are increasingly willing to say no to users over HTTPS issues
Memory-safe languages and reading very sensitive files
|
| 2016-01-21: |
One example of why I like ZFS on Linux
|
| 2016-01-20: |
Illumos's ZFS prefetching has recently become less superintelligent than it used to be
|
| 2016-01-18: |
Today I learned that a syslog server can be very silent on the network
A limitation of tcpdump is that you can't tell in from out
|
| 2016-01-17: |
My theory on how network loop caused the problem we observed
|
| 2016-01-15: |
Network loops can have weird effects (at least sometimes)
Things I learned from OpenSSH about reading very sensitive files
|
| 2016-01-13: |
What I want out of backups for my home machine (in the abstract)
Your system's performance is generally built up in layers
|
| 2016-01-11: |
The drawback of setting an explicit mount point for ZFS filesystems
The benefits of flexible space usage in filesystems
|
| 2016-01-10: |
Updating software to IPv6 is often harder than you might think
|
| 2016-01-09: |
The convenience of having keyboard controls for sound volume
|
| 2016-01-08: |
Getting to watch a significant spam campaign recently
|
| 2016-01-07: |
The format of strings in early (pre-C) Unix
|
| 2016-01-06: |
A fun Bash buffering bug (apparently on Linux only)
|
| 2016-01-05: |
Illumos's problem with its VCS commit messages
|
| 2016-01-04: |
How I do per-address blocklists with Exim
|
| 2016-01-03: |
One anti-spam thing I like is per-person (or per-address) blocklists
|
| 2016-01-02: |
I've realized I need to change how I read Twitter
|