| 2025-07-12: |
People still use our old-fashioned Unix login servers
|
| 2025-07-11: |
The development version of OpenZFS is sometimes dangerous, illustrated
|
| 2025-07-10: |
What OSes we use here (as of July 2025)
|
| 2025-07-09: |
(Maybe) understanding how to use systemd-socket-proxyd
|
| 2025-07-08: |
Linux 'exportfs -r' stops on errors (well, problems)
|
| 2025-07-07: |
Systemd user units, user sessions, and environment variables
|
| 2025-07-06: |
The easiest way to interact with programs is to run them in terminals
|
| 2025-07-05: |
Filesystems and the problems of exposing their internal features
|
| 2025-07-04: |
Operating system kernels could return multiple values from system calls
|
| 2025-07-03: |
What is going on in Unix with errno's limited nature
|
| 2025-07-02: |
On sysadmins (not) changing (OpenSSL) cipher suite strings
|
| 2025-07-01: |
How you can wind up trying to allocate zero bytes in C
|
| 2025-06-30: |
The "personal computer" model scales better than the "terminal" model
|
| 2025-06-29: |
How history works in the version of the rc shell that I use
|
| 2025-06-28: |
A new little shell script to improve my desktop environment
|
| 2025-06-27: |
Current cups-browsed seems to be bad for central CUPS print servers
|
| 2025-06-26: |
Tape drives (and robots) versus hard disk drives, and volume
|
| 2025-06-25: |
Some notes on X terminals in their heyday
|
| 2025-06-24: |
Some bits on malloc(0) in C being allowed to return NULL
|
| 2025-06-23: |
Compute GPUs can have odd failures under Linux (still)
|
| 2025-06-22: |
The X Window System didn't immediately have X terminals
|
| 2025-06-21: |
My pragmatic view on virtual screens versus window groups
|
| 2025-06-20: |
Quick numbers on how common HTTP/2 is on our departmental web server
|
| 2025-06-19: |
What I've observed about Linux kernel WireGuard on 10G Ethernet so far
|
| 2025-06-18: |
I feel open source has turned into two worlds
|
| 2025-06-17: |
A performance mystery with Linux WireGuard on 10G Ethernet
|
| 2025-06-16: |
Linux kernel WireGuard can go 'fast' on decent hardware
|
| 2025-06-15: |
My views on the choice of name for SMTP senders to use in TLS SNI
|
| 2025-06-14: |
Revisiting ZFS's ZIL, separate log devices, and writes
|
| 2025-06-13: |
Will (more) powerful discrete GPUs become required in practice in PCs?
|
| 2025-06-12: |
What would a multi-user web server look like? (A thought experiment)
|
| 2025-06-11: |
Some thoughts on GNOME's systemd dependencies and non-Linux Unixes
|
| 2025-06-10: |
Python argparse has a limitation on argument groups that makes me sad
|
| 2025-06-09: |
Potential issues in running your own identity provider
|
| 2025-06-08: |
Thinking about facets of (cloud) identity providers
|
| 2025-06-07: |
A silly systemd wish for moving new processes around systemd units
|
| 2025-06-06: |
Adding your own attributes to Python functions and Python typing
|
| 2025-06-05: |
You could automate (some) boilerplate Go error handling with a formatter
|
| 2025-06-04: |
Python type checkers work in different ways and can check different things
|
| 2025-06-03: |
I have divided (and partly uninformed) views on OpenTelemetry
|
| 2025-06-02: |
Things are different between system and application monitoring
|
| 2025-06-01: |
The types of TLS we see when sending email to other people (as of May 2025)
|
| 2025-05-31: |
The types of TLS seen on our external SMTP MX (as of May 2025)
|
| 2025-05-30: |
In POSIX, you can theoretically use inode zero
|
| 2025-05-29: |
My blocking of some crawlers is an editorial decision unrelated to crawl volume
|
| 2025-05-28: |
Our Grafana and Loki installs have quietly become 'legacy software' here
|
| 2025-05-27: |
Intel versus AMD is currently an emotional decision for me
|
| 2025-05-26: |
My GNU Emacs settings for the vertico package (as of mid 2025)
|
| 2025-05-25: |
A thought on JavaScript "proof of work" anti-scraper systems
|
| 2025-05-24: |
The length of file names in early Unix
|
| 2025-05-23: |
What keeps Wandering Thoughts more or less free of comment spam (2025 edition)
|
| 2025-05-22: |
Fedora's DNF 5 and the curse of mandatory too-smart output
|
| 2025-05-21: |
Thinking about what you'd want in a modern simple web server
|
| 2025-05-20: |
The five platforms we have to cover when planning systems
|
| 2025-05-19: |
Python, type hints, and feeling like they create a different language
|
| 2025-05-18: |
The lack of a good command line way to sort IPv6 addresses
|
| 2025-05-17: |
It's not obvious how to verify TLS client certificates issued for domains
|
| 2025-05-16: |
Let's Encrypt drops "Client Authentication" from its TLS certificates
|
| 2025-05-15: |
Classical "Single user computers" were a flawed or at least limited idea
|
| 2025-05-14: |
Two broad approaches to having Multi-Factor Authentication everywhere
|
| 2025-05-13: |
Using awk to check your script's configuration file
|
| 2025-05-12: |
Our need for re-provisioning support in mesh networks (and elsewhere)
|
| 2025-05-11: |
How and why typical (SaaS) pricing is too high for university departments
|
| 2025-05-10: |
Using WireGuard seriously as a mesh network needs a provisioning system
|
| 2025-05-09: |
Some notes on using 'join' to supplement one file with data from another
|
| 2025-05-08: |
In Apache, using OIDC instead of SAML makes for easier testing
|
| 2025-05-07: |
Chosing between "it works for now" and "it works in the long term"
|
| 2025-05-06: |
Netplan can only have WireGuard peers in one file
|
| 2025-05-05: |
I moved my local Firefox changes between Git trees the easy way
|
| 2025-05-04: |
LLMs ('AI') are coming for our jobs whether or not they work
|
| 2025-05-03: |
These days, Linux audio seems to just work (at least for me)
|
| 2025-05-02: |
The HTTP status codes of responses from about 22 hours of traffic to here (part 2)
|
| 2025-05-01: |
The complexity of mixing mesh networking and routes to subnets
|
| 2025-04-30: |
Being reminded that Git commits are separate from Git trees
|
| 2025-04-29: |
The appeal of keyboard launchers for (Unix) desktops
|
| 2025-04-28: |
Updating venv-based things by replacing the venv not updating it
|
| 2025-04-27: |
The glass box/opaque box unit testing argument in light of standards
|
| 2025-04-26: |
Trying to understand OpenID Connect (OIDC) and its relation to OAuth2
|
| 2025-04-25: |
Looking at OIDC tokens and getting information on them as a 'consumer'
|
| 2025-04-24: |
Chrome and the burden of developing a browser
|
| 2025-04-23: |
The many ways of getting access to information ('claims') in OIDC
|
| 2025-04-22: |
We've chosen to 'modernize' all of our ZFS filesystems
|
| 2025-04-21: |
My Cinnamon desktop customizations (as of 2025)
|
| 2025-04-20: |
I feel that DANE is not a good use of DNS
|
| 2025-04-19: |
Tailscale's surprising interaction of DNS settings and 'exit nodes'
|
| 2025-04-18: |
The clever tricks of OpenPubkey and OPKSSH
|
| 2025-04-17: |
The appeal of serving your web pages with a single process
|
| 2025-04-16: |
Looking at what NFSv4 clients have locked on a Linux NVS(v4) server
|
| 2025-04-15: |
The DNS system isn't a database and shouldn't be used as one
|
| 2025-04-14: |
ZFS's delayed compression of written data (when compression is enabled)
|
| 2025-04-13: |
Unix files have (at least) two sizes
|
| 2025-04-12: |
Mandatory short duration TLS certificates are probably coming soon
|
| 2025-04-11: |
How I install personal versions of programs (on Unix)
|
| 2025-04-10: |
One way to set up local programs in a multi-architecture Unix environment
|
| 2025-04-09: |
The problem of general OIDC identity provider support in clients
|
| 2025-04-08: |
Getting older, now-replaced Fedora package updates
|
| 2025-04-07: |
Fedora 41 seems to have dropped an old XFT font 'property'
|
| 2025-04-06: |
Sorting out the ordering of OpenSSH configuration directives
|
| 2025-04-05: |
My pessimism about changes to error handling in Go (but they'll happen)
|
| 2025-04-04: |
I should learn systemd's features for restricting things
|
| 2025-04-03: |
OIDC/OAuth2 as the current all purpose 'authentication hammer'
|
| 2025-04-02: |
The order of files in /etc/ssh/sshd_config.d/ matters (and may surprise you)
|
| 2025-04-01: |
Getting a (vague) understanding of error handling in Rust
|
| 2025-03-31: |
I'm working to switch from wget to curl (due to Fedora)
|
| 2025-03-30: |
Our simple view of 'identity' for our (Unix) accounts
|
| 2025-03-29: |
Using SimpleSAMLphp to set up an identity provider with Duo support
|
| 2025-03-28: |
In universities, sometimes simple questions aren't simple
|
| 2025-03-27: |
US sanctions and your VPN (and certain big US-based cloud providers)
|
| 2025-03-26: |
Three ways I know of to authenticate SSH connections with OIDC tokens
|
| 2025-03-25: |
How we handle debconf questions during our Ubuntu installs
|
| 2025-03-24: |
The pragmatics of doing fsync() after a re-open() of journals and logs
|
| 2025-03-23: |
The obviousness of indexing the Unix filesystem buffer cache by inodes
|
| 2025-03-22: |
How we automate installing extra packages during Ubuntu installs
|
| 2025-03-21: |
The mystery (to me) of tiny font sizes in KDE programs I run
|
| 2025-03-20: |
Go's choice of multiple return values was the simpler option
|
| 2025-03-19: |
Go's multiple return values and (Go) types
|
| 2025-03-18: |
How ZFS knows and tracks the space usage of datasets
|
| 2025-03-17: |
I don't think error handling is a solved problem in language design
|
| 2025-03-16: |
OIDC claim scopes and their interactions with OIDC token authentication
|
| 2025-03-15: |
Some notes on the OpenID Connect (OIDC) 'redirect uri'
|
| 2025-03-14: |
Some notes on configuring Dovecot to authenticate via OIDC/OAuth2
|
| 2025-03-13: |
Doing multi-tag matching through URLs on the modern web
|
| 2025-03-12: |
The commodification of desktop GUI behavior
|
| 2025-03-11: |
Some views on the common Apache modules for SAML or OIDC authentication
|
| 2025-03-10: |
The web browser as an enabler of minority platforms
|
| 2025-03-09: |
How I got my nose rubbed in my screens having 'bad' areas for me
|
| 2025-03-08: |
How SAML and OIDC differ in sharing information, and perhaps why
|
| 2025-03-07: |
The OpenID Connect (OIDC) 'sub' claim is surprisingly load-bearing
|
| 2025-03-06: |
The problem facing MFA-enabled IMAP at the moment (in early 2025)
|
| 2025-03-05: |
A Prometheus gotcha with alerts based on counting things
|
| 2025-03-04: |
What SimpleSAMLphp's core:AttributeAlter does with creating new attributes
|
| 2025-03-03: |
If you get the chance, always run more extra network fiber cabling
|
| 2025-03-02: |
Updating local commits with more changes in Git (the harder way)
|
| 2025-03-01: |
Using PyPy (or thinking about it) exposed a bug in closing files
|
| 2025-02-28: |
Always sync your log or journal files when you open them
|
| 2025-02-27: |
Using Netplan to set up WireGuard on Ubuntu 22.04 works, but has warts
|
| 2025-02-26: |
I'm not impressed by the state of NFS v4 in the Linux kernel
|
| 2025-02-25: |
MFA's "push notification" authentication method can be easier to integrate
|
| 2025-02-24: |
Go's behavior for zero value channels and maps is partly a choice
|
| 2025-02-23: |
JSON has become today's machine-readable output format (on Unix)
|
| 2025-02-22: |
Institutions care about their security threats, not your security threats
|
| 2025-02-21: |
HTTP connections are part of the web's long tail
|
| 2025-02-20: |
It's good to have offline contact information for your upstream networking
|
| 2025-02-19: |
Shared (Unix) hosting and the problem of managing resource limits
|
| 2025-02-18: |
One problem with "shared Unix hosting" was the lack of resource limits
|
| 2025-02-17: |
More potential problems for people with older browsers
|
| 2025-02-16: |
The HTTP status codes of responses from about 21 hours of traffic to here
|
| 2025-02-15: |
Why I have a little C program to filter a $PATH (more or less)
|
| 2025-02-14: |
The profusion of things that could be in your $PATH on old Unixes
|
| 2025-02-13: |
'Internal' accounts and their difference from 'external' accounts
|
| 2025-02-12: |
How you should respond to authentication failures isn't universal
|
| 2025-02-11: |
A surprise with rspamd's spam scoring and a workaround
|
| 2025-02-10: |
Everything should be able to ratelimit sources of authentication failures
|
| 2025-02-09: |
Providing pseudo-tags in DWiki through a simple hack
|
| 2025-02-08: |
The Prometheus host agent is missing some Linux NFSv4 RPC stats (as of 1.8.2)
|
| 2025-02-07: |
Web application design and the question of what is a "route"
|
| 2025-02-06: |
Linux kernel NFSv4 server and client RPC operation statistics
|
| 2025-02-05: |
How Ubuntu 24.04's bad bpftrace package appears to have happened
|
| 2025-02-04: |
The practical (Unix) problems with .cache and its friends
|
| 2025-02-03: |
Why writes to disk generally wind up in your OS's disk read cache
|
| 2025-02-02: |
Web spiders (or people) can invent unfortunate URLs for your website
Build systems and their effects on versioning and API changes
|
| 2025-02-01: |
An alarmingly bad official Ubuntu 24.04 bpftrace binary package
|
| 2025-01-31: |
Modern languages and bad packaging outcomes at scale
|
| 2025-01-30: |
The tradeoffs of having an internal unauthenticated SMTP server
|
| 2025-01-29: |
Our well-prepared phish spammer may have been chasing lucrative prey
|
| 2025-01-28: |
We got hit by an alarmingly well-prepared phish spammer
|
| 2025-01-27: |
How to accidentally get yourself with 'find ... -name something*'
|
| 2025-01-26: |
Some learning experiences with HTTP cookies in practice
|
| 2025-01-25: |
Syndication feeds here are now rate-limited on a per-IP basis
|
| 2025-01-24: |
Languages don't version themselves using semantic versioning
|
| 2025-01-23: |
Sometimes you need to (or have to) run old binaries of programs
|
| 2025-01-22: |
More features for web page generation systems doing URL remapping
|
| 2025-01-21: |
A change in the handling of PYTHONPATH between Python 3.10 and 3.12
|
| 2025-01-20: |
The (potential) complexity of good runqueue latency measurement in Linux
|
| 2025-01-19: |
Sometimes print-based debugging is your only choice
|
| 2025-01-18: |
Some ways to restrict who can log in via OpenSSH and how they authenticate
|
| 2025-01-17: |
Thoughts on having SSH allow password authentication from the Internet
|
| 2025-01-16: |
Some stuff about how Apache's mod_wsgi runs your Python apps (as of 5.0)
|
| 2025-01-15: |
(Multiple) inheritance in Python and implicit APIs
|
| 2025-01-14: |
My bug reports are mostly done for work these days
|
| 2025-01-13: |
A mystery with Django under Apache's mod_wsgi on Ubuntu 24.04
|
| 2025-01-12: |
The history and use of /etc/glob in early Unixes
|
| 2025-01-11: |
IMAP clients can vary in their reactions to IMAP errors
|
| 2025-01-10: |
The problem with combining DNS CNAME records and anything else
|
| 2025-01-09: |
Realizing why Go reflection restricts what struct fields can be modified
|
| 2025-01-08: |
Using tcpdump to see only incoming or outgoing traffic
|
| 2025-01-07: |
What a FreeBSD kernel message about your bridge means
|
| 2025-01-06: |
The issue with DNF 5 and script output in Fedora 41
|
| 2025-01-05: |
WireGuard's AllowedIPs aren't always the (WireGuard) routes you want
|
| 2025-01-04: |
There are different sorts of WireGuard setups with different difficulties
|
| 2025-01-03: |
The programmable web browser was and is inevitable
|
| 2025-01-02: |
Rejecting email at SMTP time based on the From: header address
|
| 2025-01-01: |
The modern web is why web browsers don't have "nice things" (platform APIs)
|