Wandering Thoughts archives

2017-12-31: Is the C runtime and library a legitimate part of the Unix API?
Understanding IMAP path prefixes in clients and servers
2017-12-30: Some details of ZFS DVAs and what some of their fields store
2017-12-29: To get much faster, an implementation of Python must do less work
2017-12-28: How our IMAP server wound up running out of inodes
2017-12-27: When you have fileservers, they naturally become the center of the world
2017-12-26: I continue to have strong confidence in ZFS On Linux
2017-12-25: There were Unix machines with real DirectColor graphics hardware
2017-12-24: The interestingly different display colour models of X10 and X11
2017-12-23: Our next generation of fileservers will not be based on Illumos
2017-12-22: Our next generation of fileservers will not use any sort of SAN
2017-12-21: Checking RAM DIMM information from inside Linux
2017-12-20: I feel that Firefox forks that would be useful to me are doomed
2017-12-19: Attachment types that we see in email from Zen-listed IP addresses
2017-12-18: What file types we see inside ZIP archives with only a single file in email
2017-12-17: Some questions someone should ask Mozilla
2017-12-15: Mozilla betrays Firefox users and its nominal principles
How we automate acmetool
2017-12-14: How Python makes it hard to write well structured little utilities
2017-12-13: Our Apache file serving problem on our general purpose web server
2017-12-12: Some notes on systemd-resolved, the systemd DNS resolver
2017-12-11: Some things about booting with UEFI that are different from MBR booting
2017-12-10: Let's Encrypt and a TLS monoculture
2017-12-09: You don't have to authorize a machine for Let's Encrypt from the machine
We've switched over to using Let's Encrypt as much as possible
2017-12-08: Some thoughts on what StartCom's shutdown means in general
2017-12-06: My upgrade to Fedora 27, Secure Boot, and a mistake made somewhere
In practice, Go's slices are two different data structures in one
2017-12-04: Some notes on using Go to check and verify SSH host keys
2017-12-03: Some notes and considerations on SSH host key verification
My new Linux office workstation for fall 2017
2017-12-01: I'm basically giving up on syslog priorities
2017-11-30: We're broadly switching to synchronizing time with systemd's timesyncd
The cost of memory access across a NUMA machine can (probably) matter
2017-11-29: Sometimes the right thing to do about a spate of spam is nothing (probably)
2017-11-27: Code stability in my one Django web application
The dig program now needs some additional options for useful DNS server testing
2017-11-26: One way of capturing debugging state information in a systemd-based system
2017-11-25: Sequential scrubs and resilvers are coming for (open-source) ZFS
2017-11-24: Shooting myself in the foot by using exec in a shell script
2017-11-23: Understanding a tricky case of Bourne shell redirection and command parsing
2017-11-22: Delays on SMTP replies discourage apparently SMTP AUTH scanners
2017-11-20: Major version changes are often partly a signal about support
2017-11-19: StartCom gives up on its Certificate Authority business
Getting some information about the NUMA memory hierarchy of your server
2017-11-18: AMD Ryzens, their memory speed peculiarities, and ECC
2017-11-17: When you should run an NTP daemon on your servers
2017-11-16: I think you should mostly not run NTP daemons on your machines
2017-11-15: I've switched from ntpd to chrony as my NTP daemon
2017-11-14: We may have reached a point where (new) ARM servers will just work for Linux
2017-11-13: X11 PseudoColor displays could have multiple hardware colormaps
2017-11-12: The fun of X11 PseudoColor displays and window managers
2017-11-11: What X11's TrueColor means (with some history)
2017-11-10: A systemd mistake with a script-based service unit I recently made
2017-11-09: Why I'm not enthused about live patching kernels and systems
2017-11-08: What it means to support ECC RAM (especially for AMD Ryzen)
2017-11-07: Link: Citation Needed [on array indexing in programming languages]
My new Linux machine for fall 2017 (planned)
2017-11-05: How collections.defaultdict is good for your memory usage
Some early notes on WireGuard
2017-11-04: Why I've switched from GRE-over-IPSec to using WireGuard
2017-11-03: Illumos mountd caches netgroup lookups (relatively briefly)
2017-11-02: I think Certificate Transparency is better for the web than HTTP Key Pinning
2017-10-31: We've now seen malware in a tar archive
2017-10-30: There are two sorts of TLS certificate mis-issuing
The Illumos NFS server's caching of filesystem access permissions
2017-10-29: There are several ways to misread specifications
2017-10-28: Why I plan to pick a relatively high-end desktop CPU for my next PC
2017-10-27: HD usage can be limited by things other than cost per TB
2017-10-26: The 'standard set' of Unix programs is something that evolves over time
2017-10-25: Having different commands on different systems does matter
2017-10-24: Our frustrations with OmniOS's 'KYSTY' minimalism
2017-10-23: I've now seen something doing SMTP probing of IPv6 addresses
2017-10-22: Understanding what our wireless password protects
2017-10-21: Multi-Unix environments are less and less common now
2017-10-20: Ext4, SSDs, and RAID stripe parameters
2017-10-18: Using Shellcheck is good for me
I still like Python and often reach for it by default
2017-10-17: My current grumpy view on key generation for hardware crypto keys
2017-10-16: Getting ssh-agent working in Fedora 26's Cinnamon desktop environment
2017-10-15: Unbalanced reads from SSDs in software RAID mirrors in Linux
2017-10-14: A surprise about which of our machines has the highest disk write volume
2017-10-13: Working to understand PCI Express and how it interacts with modern CPUs
2017-10-12: I'm looking forward to using systemd's new IP access control features
2017-10-11: Understanding M.2 SSDs in practice and how this relates to NVMe
2017-10-10: An interesting way to leak memory with Go slices
2017-10-09: JavaScript as the extension language of the future
2017-10-08: Thinking about whether I'll upgrade my next PC partway through its life
2017-10-07: I'm trying out smooth scrolling in my browsers
2017-10-06: Spam issues need to be considered from the start
2017-10-05: Google is objectively running a spammer mailing list service
2017-10-04: My new worry about Firefox 56 and the addons that I care about
2017-10-03: Some thoughts on having both Python 2 and 3 programs
2017-10-02: My experience with using Fedora 26's standard font rendering (and fonts)
2017-09-30: The origin of POSIX as I learned the story (or mythology)
2017-09-29: Shell builtin versions of standard commands have drawbacks
More on systemd on Ubuntu 16.04 failing to reliably reboot some of our servers
2017-09-27: Putting cron jobs into systemd user slices doesn't always work (on Ubuntu 16.04)
ZFS's recordsize, holes in files, and partial blocks
2017-09-26: Using zdb to peer into how ZFS stores files on disk
2017-09-25: What I use printf for when hacking changes into programs
2017-09-24: Reading code and seeing what you're biased to see, illustrated
2017-09-23: A clever way of killing groups of processes
2017-09-22: Using a watchdog timer in system shutdown with systemd (on Ubuntu 16.04)
2017-09-21: My potential qualms about using Python 3 in projects
2017-09-20: Wireless is now critical (network) infrastructure
2017-09-18: Looking back at my mixed and complicated feelings about Solaris
Sorting out the world of modern USB (at least a bit)
2017-09-17: Why I didn't use the attrs module in a recent Python project
2017-09-15: Ignoring the domain when authenticating your Dovecot users
Firefox 57 and the state of old pre-WebExtensions addons
2017-09-14: Sorting out systemd's system.conf, user.conf, and logind.conf
2017-09-13: System shutdown is complicated and involves policy decisions
2017-09-12: The different contexts of stopping a Unix daemon or service
2017-09-11: Giving users what they want and expect, IMAP edition
2017-09-10: I failed to notice when my network performance became terrible
2017-09-09: Letting go of having an optical drive in my machine
2017-09-08: My view of the problem with Extended Validation TLS certificates
2017-09-07: Systemd, NFS mounts, and shutting down your system
2017-09-06: Systemd on Ubuntu 16.04 can't (or won't) reliably reboot your server
2017-09-05: If spam false positives are inevitable, should we handle them better?
2017-09-04: The idea of 'spam levels' may be a copout
2017-09-03: A fundamental limitation of systemd's per-user fair share scheduling
2017-09-02: Putting cron jobs into systemd user slices
2017-08-31: With git, it's useful to pick the right approach to your problem
People probably aren't going to tell you when your anti-spam systems are working
2017-08-30: We've wound up using the spam scores from some other mail systems
2017-08-28: OpenSSH has an annoyingly misleading sshd error log message
The types of attachments we see for malware-laden email
2017-08-27: Is bootstrapping Go from source faster using Go 1.9 or Go 1.8?
2017-08-25: The probable coming explosion of Firefox 57
Fedora 26 and a font rendering dilemma for me
2017-08-23: Why Go changes its minimum version requirements for OSes (and hardware)
An unexpected risk of using Go is it ending support for older OS versions
2017-08-22: Understanding rainbow tables
2017-08-21: Hashed Ethernet addresses are not anonymous identifiers
2017-08-20: The surprising longevity of Unix manpage formatting
2017-08-19: Subnets and early Unix implementations of TCP/IP networking
2017-08-18: How ZFS on Linux names disks in ZFS pools
2017-08-16: The three different names ZFS stores for each vdev disk (on Illumos)
Things I do and don't know about how ZFS brings pools up during boot
2017-08-15: How to get per-user fair share scheduling on Ubuntu 16.04 (with systemd)
2017-08-14: Chrome extensions are becoming a reason not to use Chrome
2017-08-13: Sorting out slice mutability in Go
2017-08-12: Notes on cgroups and systemd's interaction with them as of Ubuntu 16.04
2017-08-11: Some notes from my brief experience with the Grumpy transpiler for Python
Link: Linux Load Averages: Solving the Mystery
2017-08-10: On the Internet, merely blocking eavesdropping is a big practical win
2017-08-09: How encryption without authentication would still be useful on the web
2017-08-08: We care more about long term security updates than full long term support
2017-08-07: There will be no LTS release of the OmniOS Community Edition
2017-08-06: Our decision to restrict what we use for developing internal tools
2017-08-05: I've been hit by the startup overhead of small programs in Python
2017-08-04: The problem with distributed authentication systems for big sites
2017-08-03: Imposing temporary CPU and memory resource limits on a user on Ubuntu 16.04
2017-08-02: Why I'll never pick the 'sign in with a Facebook or Google account' option
2017-07-31: Using policy based routing to isolate a testing interface on Linux
Link: How does "the" X11 clipboard work?
Modern web page design and superstition
2017-07-30: Some terrible article page design elements on the modern web
2017-07-29: The differences between how SFTP and scp work in OpenSSH
2017-07-28: Our (Unix) staff groups problem
2017-07-26: The continuity of broad systems or environments in system administration
Why I care about Apache's mod_wsgi so much
2017-07-25: If you're going to use PyPy, I think you need servers
2017-07-24: Trying to understand the ZFS l2arc_noprefetch tunable
2017-07-23: Understanding a bit about the SSH connection protocol
2017-07-21: When the SSH protocol does and doesn't do user authentication
2017-07-20: I'm cautiously optimistic about the new OmniOS Community Edition
HTTPS is a legacy protocol
2017-07-19: I've become resigned to Firefox slowly leaking memory
2017-07-18: Python's complicating concept of a callable
2017-07-17: Link: NASA DASHlink - Real System Failures
Why I think Emacs readline bindings work better than Vi ones
2017-07-16: Why upstreams can't document their program's behavior for us
2017-07-14: Some people feel that all permanent SMTP failures are actually temporary
Link: ZFS Storage Overhead
SELinux's problem of keeping up with general Linux development
2017-07-12: Understanding the .io TLD's DNS configuration vulnerability
Recursive DNS servers send the whole original query to authoritative servers
2017-07-11: The BSD r* commands and the history of privileged TCP ports
2017-07-10: Ubuntu's 'Daily Build' images aren't for us
2017-07-09: Why we're not currently interested in PXE-based Linux installs
2017-07-08: I wish you could easily update the packages on Ubuntu ISO images
2017-07-07: Programming Bourne shell scripts is tricky, with dim corners
2017-07-06: Link: Survey of [floating point] Rounding Implementations in Go
My current views on Shellcheck
2017-07-05: How I shot my foot because the Bourne shell is different
2017-07-04: LinkedIn is still trying to send me email despite years of rejections
2017-07-02: Re-applying CPU thermal paste fixed my CPU throttling issues
Moving to smaller fileservers for us probably means no more iSCSI SAN
2017-06-30: Our current generation fileservers have turned out to be too big
Why big Exim queues are a problem for us in practice
2017-06-29: The TLDs of sender addresses for a week of our spam (June 2017 edition)
2017-06-28: I don't think you should increase ZFS on Linux's write buffering
2017-06-26: Our MTAs should probably be able to create backpressure
2017-06-25: Thinking through issues a mail client may have with SMTP-time rejections
One tradeoff in email system design is who holds problematic email
2017-06-23: In praise of uBlock Origin's new 'element zapper' feature
Links: Git remote branches and Git's missing terminology (and more)
My situation with Twitter and my Firefox setup (in which I blame pseudo-XHTML)
2017-06-22: Why we're not running the current version of Django
2017-06-21: The oddity of CVE-2014-9940 and the problem of recognizing kernel security patches
2017-06-19: Plan for manual emergency blocks for your overall mail system
How I'm currently handling the mailing lists I read
2017-06-17: One reason you have a mysterious Unix file called 2 (or 1)
2017-06-16: Go interfaces and automatically generated functions
The (current) state of Firefox Nightly and old extensions
2017-06-15: Why I am not installing your app on my phone
2017-06-14: The difference between ZFS scrubs and resilvers
2017-06-12: Resilvering multiple disks at once in a ZFS pool adds no real extra overhead
2017-06-11: Why filing away mailing lists for a while has improved my life
How to see raw USB events on Linux via usbmon
2017-06-10: One downside of the traditional style of writing Unix manpages
2017-06-09: My .procmailrc has quietly sort of turned into a swamp
2017-06-08: In practice, putting SSDs into 3.5" drive bays is a big hassle
2017-06-06: A humbling experience of misreading some simple (Go) code
The IPv6 address lookup problem (and brute force solution)
2017-06-05: Another case of someone being too clever in their User-Agent field
2017-06-04: Link: The evolution of Unix's overall architecture
Why the popen() API works but more complex versions blow up
2017-06-03: The Python Gilectomy project's performance problem
2017-06-02: My views on the JSON Feed syndication feed format
2017-05-31: How a lot of specifications are often read
Why one git fetch default configuration bit is probably okay
2017-05-29: Configuring Git worktrees to limit what's fetched on pulls
2017-05-28: My thoughts on git worktrees for me (and some notes on things I tried)
Specifications are ultimately defined by their implementations
2017-05-26: Why globally unique IDs are useful for syndication feed entries
2017-05-25: Using Linux's Magic Sysrq on modern keyboards without a dedicated Syrq key
URLs are terrible permanent identifiers for things
2017-05-24: Exploiting Python's Global Interpreter Lock for atomic operations is fun
2017-05-22: Safely using Python's Global Interpreter Lock is quite tricky and subtle
2017-05-21: We use jQuery and I've stopped feeling ashamed about it
A 'null MX' is also useful for blocking forged senders from non-email domains
2017-05-20: We now have an officially standardized 'null MX' record
2017-05-19: I'm not sure what I feel about this web spider's User-Agent value
2017-05-18: A shift in the proper sizes of images on web pages
2017-05-17: Unfortunately I don't feel personally passionate about OmniOS
2017-05-15: Thinking about how much asynchronous disk write buffering you want
How we failed at making all our servers have SSD system disks
2017-05-14: People don't like changes (in computer stuff)
2017-05-13: People don't patch systems and that's all there is to it
2017-05-12: Where bootstrapping Go with a modern version of Go has gotten faster
2017-05-11: The challenges of recovering when unpacking archives with damage
2017-05-10: Building the Go compiler from source from scratch (on Unix)
2017-05-08: Some things I've decided to do to improve my breaks and vacations
2017-05-07: ZFS's zfs receive has no error recovery and what that implies
A mistake I made when setting up my ZFS SSD pool on my home machine
2017-05-05: The temptation of a Ryzen-based machine for my next office workstation
Digging into BSD's choice of Unix group for new directories and files
2017-05-04: My views on using LVM for your system disk and root filesystem
2017-05-03: Sometimes, chmod can fail for interesting reasons
2017-05-01: When a TLS client's certificate is offered to the TLS server
2017-04-30: Some more feelings on nondeterministic garbage collection
Do we want to standardize the size of our root filesystems on servers?
2017-04-29: Some versions of sort can easily sort IPv4 addresses into natural order
2017-04-28: Hardware RAID and the problem of (not) observing disk IO
2017-04-27: Understanding Git's model versus understanding its magic
2017-04-26: Coming to a better understanding of what git rebase does
2017-04-24: What we need from an Illumos-based distribution
Corebird and coming to a healthier relationship with Twitter
2017-04-23: How I rebased changes on top of other rebased changes in Git
2017-04-21: OmniOS's (suddenly) changed future and us
Link: Rob Landley's Linux Memory Management Frequently Asked Questions
A surprising reason grep may think a file is a binary file
2017-04-20: The big motivation for a separate /boot partition
2017-04-19: Some things on how PCs boot the old fashioned BIOS way
For me Chrome clearly wins over Firefox on Javascript-heavy websites
2017-04-17: Shrinking the partitions of a software RAID-1 swap partition
Link: Introduction to Certificate Transparency for Server Operators
What I mostly care about for speeding up our Python programs
2017-04-16: Migrating a separate /boot filesystem into the root filesystem
2017-04-14: Planning out a disk shuffle for my office workstation
Sometimes laziness doesn't pay off
2017-04-12: On today's web, a local Certificate Authority is fairly dangerous
Generating good modern self-signed TLS certificates in today's world
2017-04-10: How TLS certificates specify the hosts they're for
2017-04-09: A single .jar recognized as several types of malware at once
2017-04-08: Doing things the clever way in Exim ACLs by exploiting ACL message variables
Wayland is now the future of Unix graphics and GUIs
2017-04-07: Spammers probably aren't paying any particular attention to you
2017-04-05: Making your SMTP rejection messages be useful for you
Why the modern chown command uses a colon to separate the user and group
2017-04-03: Some DNSBL developments I've just heard about
Why modules raising core exceptions mostly hurts, not helps, your users
2017-04-02: The Spamhaus CSS includes more than dedicated spam ranges
2017-03-31: I quite like the simplification of having OpenSSH canonicalize hostnames
What I know about process virtual size versus RSS on Linux
2017-03-30: What top's SHR field means in quite modern Linux kernels
2017-03-29: The work of safely raising our local /etc/group line length limit
2017-03-28: What affects automatically removing old kernels on Ubuntu
2017-03-27: Link: The Unix Heritage Society now has the 8th, 9th, and 10th editions of Research Unix
We're probably going to upgrade our OmniOS servers by reinstalling them
2017-03-26: Your exposure from retaining Let's Encrypt account keys
2017-03-24: An odd and persistent year old phish spammer
2017-03-23: ARM servers had better just work if vendors want to sell very many
2017-03-22: Setting the root login's 'full name' to identify the machine that sent email
Making sure you can identify what machine sent you a status email
2017-03-20: Modern Linux kernel memory allocation rules for higher-order page requests
My theory on why Go's gofmt has wound up being accepted
2017-03-19: Using Firefox's userContent.css for website-specific fixes
2017-03-18: Part of why Python 3.5's await and async have some odd usage restrictions
2017-03-17: Overcommitting virtual memory is perfectly sensible
2017-03-16: How we can use yield from to implement coroutines
2017-03-15: Sorting out Python generator functions and yield from in my head
2017-03-13: OpenSSH's IdentityFile directive only ever adds identity files (as of 7.4)
What should it mean for a system call to time out?
2017-03-12: CSS, <pre>, and trailing whitespace lead to browser layout weirdness
2017-03-11: Your live web server probably has features you don't know about
2017-03-10: Malware is sometimes sent through organized, purchased infrastructure
2017-03-09: I wish you could whitelist kernel modules, instead of blacklisting them
2017-03-08: An AMD Ryzen is unlikely to be my next desktop's CPU
2017-03-06: Modern X Windows can be a very complicated environment
2017-03-05: Why I (as a sysadmin) reflexively dislike various remote file access tools for editors
2017-03-04: Should you add MX entries for hosts in your (public) DNS?
2017-03-03: Why exposing only blocking APIs are ultimately a bad idea
Some notes on ZFS per-user quotas and their interactions with NFS
2017-03-01: Cheap concurrency is an illusion (at least on Unix)
2017-02-28: Using Certificate Transparency to monitor your organization's TLS activity
2017-02-27: The conflict between wildcard TLS certificates and Certificate Transparency
2017-02-26: In Python, strings are infinitely recursively iterable
How recursively flattening a list raises a Python type question
2017-02-25: A single email message with quite a lot of different malware
2017-02-24: What an actual assessment of Ubuntu kernel security updates looks like
How ZFS bookmarks can work their magic with reasonable efficiency
2017-02-22: ZFS bookmarks and what they're good for
Sometimes it can be hard to tell one cause of failure from another
2017-02-20: Some notes on moving a software RAID-1 root filesystem around (to SSDs)
Some views on the Corebird Twitter client
2017-02-19: Using pup to deal with Twitter's increasing demand for Javascript
2017-02-17: robots.txt is a hint and a social contract between sites and web spiders
Sometimes, firmware updates can be a good thing to do
2017-02-16: Waiting for a specific wall-clock time in Unix
2017-02-15: Another risk of hardware RAID controllers is the manufacturer vanishing
2017-02-14: Does CR LF as a line ending cause extra problems with buffers?
2017-02-13: What file types we see inside singleton nested zipfiles in email
2017-02-12: I'm too much of a perfectionist about contributing to open source projects
2017-02-11: Different ways you can initialize a RAID-[567+] array
2017-02-10: Python won't (and can't) import native modules from zip archives
2017-02-09: Malware strains may go away sometimes, but they generally come back
2017-02-08: How to see and flush the Linux kernel NFS server's authentication cache
2017-02-06: Systemd's slowly but steadily increased idealism about the world
Our advantage in reliable backups is that we get restore requests
2017-02-05: Systemd should be better than it is, but it is still our best init system
2017-02-04: My views on X (Windows)
2017-02-03: What it's sensible to use a bunch of Unix swap space for
2017-02-02: Link: Four Column ASCII
Sometimes you get lucky and apparently dead disks come back to life
2017-01-31: Email attachments of singleton nested zipfiles are suspicious
2017-01-30: Why having CR LF as your line ending is a mistake
How you can abruptly lose your filesystem on a software RAID mirror
2017-01-29: How Unix erases things when you type a backspace while entering text
2017-01-28: What we still use ASCII CR for today (on Unix)
2017-01-27: Conversations, conversational units, and Twitter
2017-01-26: Things that make Go channels expensive to implement
2017-01-25: I think docstrings in Python are for everything, not just public things
2017-01-23: Linux desktops and pre-packaged machines from big vendors
My still-mixed feelings about Python's docstrings
2017-01-22: An Ubuntu default Bash setup that irritates me, especially for root
2017-01-20: Why tiling window managers are not really for me (on the desktop)
Spam and virus filtering on email is a risk (although likely not a big one)
2017-01-19: Thinking about how to add some SSDs on my home machine
2017-01-18: Exim, IPv6, and hosts that MX to localhost
2017-01-17: Making my machine stay responsive when writing to USB drives
2017-01-16: Linux is terrible at handling IO to USB drives on my machine
2017-01-15: Link: Let's Stop Ascribing Meaning to Code Points
Some notes on 4K monitors and connecting to them
2017-01-14: My picks for mind-blowing Git features
2017-01-13: The ZFS pool history log that's used by 'zpool history' has a size limit
2017-01-12: Modern ad networks are why adblockers are so effective
2017-01-11: ZFS's potentially very useful 'zpool history -i' option
2017-01-10: Picking FreeType CJK fonts for xterm on a modern Linux system
2017-01-09: Making modern FreeType-using versions of xterm display CJK characters
2017-01-08: One downside of a queued IO model is memory consumption for idle connections
2017-01-07: How ready my Firefox extensions are for Firefox Electrolysis
2017-01-06: Web adblockers and the potential for recreating the Usenet killfile problem
2017-01-05: Mail submission by users versus by your machines
2017-01-04: Make sure that (system) email works on every machine
2017-01-02: Software should support configuring overall time limits
ZFS may panic your system if you have an exceptionally slow IO

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.