Full chronological index of WanderingThoughts

This is a full index of all entries in WanderingThoughts in chronological order, most recent to oldest; you can also get an alphabetical index.

2023-06-09: (Apparent) Certificate Authorities aren't always actual CAs
2023-06-08: Let's Encrypt (really ACME) has a decent reason for (still) using CSRs
2023-06-07: A retrospective on my thesis about language niches, fifteen years later
2023-06-06: I should read the Vim help more often
2023-06-05: The Linux kernel will fix some peculiar argv usage in execve(2)
2023-06-04: Why Prometheus exporters really need fixed TCP ports
2023-06-03: Unix is not POSIX
2023-06-02: GNU Grep versus the (Linux) open source ecology
2023-06-01: Capturing data you need later when using bpftrace
2023-05-31: DNSSEC failures are how you get people to disable DNSSEC
2023-05-30: Some tricks for getting the data you need when using bpftrace
2023-05-29: System administration's long slow march to configuration automation
2023-05-28: My current editor usage (as of mid 2023)
2023-05-27: How I set up a server for testing new Grafana versions and other things
2023-05-26: In practice, Grafana has not been great at backward compatibility
2023-05-25: That people produce HTML with string templates is telling us something
2023-05-24: Encryption for stream based protocols versus 'RPC' protocols
2023-05-23: Some views on protocols and encryption
2023-05-22: What I see as good options today for encrypted NFS
2023-05-21: NFS with Kerberos and NFS without Kerberos are two quite different things
2023-05-20: Some notes on the cost of Go finalizers (in Go 1.20)
2023-05-19: The long life of Apache httpd 2.4
2023-05-18: What a desktop environment is on modern Linux
2023-05-17: (Graphical) Unix has always had desktop environments
Having metrics for something attracts your attention to it
2023-05-15: The time our Linux systems spend on integer to text and back conversions
2023-05-14: Why I use separate lexers in my recursive descent parsers
2023-05-13: The paradox of ZFS ARC non-growth and ARC hit rates
2023-05-12: The modern browser experience has some impressive subtle tricks
2023-05-11: I've mostly stopped reading technical mailing lists
2023-05-10: Mailing lists versus forums, some thoughts
2023-05-09: Curing my home desktop from locking up in the cold (so far)
2023-05-08: When to use drgn instead of eBPF tools like bpftrace, and vice versa
2023-05-07: Advisory file locks and mandatory file locks are two quite different things
2023-05-06: Finding which NFS client owns a lock on a NFS server via Linux kernel delving
2023-05-05: Some early praise for using drgn for poking into Linux kernel internals
2023-05-04: Flock() and fcntl() file locks and Linux NFS (v3)
2023-05-03: Forcefully breaking NFS locks on Linux NFS servers as of Ubuntu 22.04
2023-05-02: The types of TLS seen on our external MX (as of April 2023)
2023-05-01: How NFS v3 servers and clients re-synchronize locks after reboots
2023-04-30: Os.walk, the temptation of hammers, and the paralysis of choice
2023-04-29: A crontab related mistake you can make with internal email ratelimits
2023-04-28: More notes on Linux's /proc/locks and NFS as of Ubuntu 22.04
2023-04-27: I can't recommend serious use of an all-in-one local Grafana Loki setup
2023-04-26: Putting the 'User-Agent' in your web crawler's User-Agent
2023-04-25: Understanding ZFS ARC hit (and miss) kstat statistics
2023-04-24: Thinking about our passive exposure to IPv6 issues
2023-04-23: Programming on Unix and automatic memory management
2023-04-22: The two types of C programmers (a provocative thesis)
2023-04-21: The traditional workaround for stuck NFS(v3) locks
2023-04-20: Setting the ARC target size in ZFS on Linux (as of ZoL 2.1)
2023-04-19: An interesting mistake I made with a (Go) SSH client API
2023-04-18: When and how ZFS on Linux changes the ARC target size (as of ZoL 2.1)
2023-04-17: ARC memory reclaim statistics exposed by ZFS on Linux (as of ZoL 2.1)
2023-04-16: Some important ARC memory statistics exposed by ZFS on Linux (as of ZoL 2.1)
2023-04-15: Some thoughts on OpenSSH versus SSH
2023-04-14: The various sizes of the ZFS ARC (as of OpenZFS 2.1)
2023-04-13: OpenSSH's (signed) certificates are not TLS X.509 certificates
2023-04-12: The chain of landing web pages that I saw for a phish spam today
2023-04-11: Notification sounds and system sounds on Linux should be granular
2023-04-10: Failing to build a useful pre Go 1.21 static Go toolchain on Linux
2023-04-09: On Linux, you can't usefully statically link programs using NSS
2023-04-08: A Prometheus Alertmanager alert grouping conundrum
2023-04-07: Go 1.21 will (likely) have a static toolchain on Linux
2023-04-06: ZFS On Linux (still) needs better ways to control the ZFS ARC
2023-04-05: Giving Firefox the tiniest URL bar bookmark 'star' button possible
2023-04-04: How to get a bigger font for Firefox's preview of link targets (sort of)
2023-04-03: Automated status tests need to have little or no 'noise'
2023-04-02: You should automate some basic restore testing of your backups
2023-04-01: Avoiding HTTP/3 (for a while) as a pragmatic default
2023-03-31: Exploiting (or abusing) password fields for Multi-Factor Authentication
2023-03-30: Giving Gnome-Terminal some margins makes me happier with it
2023-03-29: The case of the very wrong email Content-Transfer-Encoding
2023-03-28: An interesting yet ordinary consequence of ZFS using the ZIL
2023-03-27: Moving from 'master' to 'main' in Git with local changes
2023-03-26: My pragmatic shift from PS/2 keyboards and mice to USB ones
2023-03-25: Apache 2.4's event MPM can require more workers than you'd expect
2023-03-24: Key rotation is not the same as key revocation (or invalidation)
2023-03-23: SSD block discard in practice on Linux systems
2023-03-22: The problem RAID faces with discarding blocks on SSDs
2023-03-21: ZFS on Linux and NFS(v3) server filesystem IDs
2023-03-20: Today the default choice for a terminal program is Gnome Terminal
2023-03-19: Easily adjusting the minimum interval on panels in Grafana dashboards
2023-03-18: There are two facets to dd usage
2023-03-17: Some reasons why CPUs might re-use unofficial NOPs for other things
2023-03-16: NFS filehandles from Linux NFS servers can be client specific
2023-03-15: The extra hazards of mutual TLS authentication (mTLS) in web servers
2023-03-14: Some notes on searching the systemd journal with journalctl
2023-03-13: What I like using Grafana Loki for (and where I avoid it)
2023-03-12: Getting a Python 2 virtual environment (in 2023's twilight of Python 2)
2023-03-11: As a system administrator, I work in many different environments
2023-03-10: Some bits on Linux NFS(v3) server filesystem IDs (and on filehandles)
2023-03-09: ZFS on Linux and when you get stale NFSv3 mounts
2023-03-08: Debconf's questions, or really whiptail, doesn't always work in xterms
2023-03-07: ANSI colours aren't consistent across X terminal programs
2023-03-06: Special tcpdump filtering options for OpenBSD's pflog interface
2023-03-05: An unexciting idea: Code changes have context
2023-03-04: How secure is merely discarding (TRIMing) all of a SSD's blocks?
2023-03-03: When securely erasing disks, who are you trying to stop?
2023-03-02: Modern email addresses can be in UTF-8
2023-03-01: A gotcha with Systemd's DynamicUser, supplementary groups, and NFS (v3)
2023-02-28: Ubuntu is a Canonical product
2023-02-27: Future Internet PKI schemes need to be bootstrapped through web PKI
2023-02-26: Universities are often environments with distributed accounts and identities
2023-02-25: Systemd-resolved plus LLMNR can create delays in name non-resolution
2023-02-24: Thinking about what a 'VPN' solution is authenticating
2023-02-23: The web single sign on versus availability problem
2023-02-22: How to block people's automatic mail forwarding (to GMail, at least)
2023-02-21: Grafana Loki doesn't compact log chunks and what this means for you
2023-02-20: A bit on unspecified unique objects in Python
2023-02-19: Using web server reverse proxying to deal with file access permissions
2023-02-18: The size of a window is complicated in X (or can be)
2023-02-17: Implementing 'grow down' window placement in Fvwm on X11
2023-02-16: Linux Ext4 directories have a maximum size (in entries)
2023-02-15: BIOS MBR booting isn't always flawless and can be odd
2023-02-14: Things I ran into when moving from Fvwm2 to Fvwm3
2023-02-13: Our current plague of revolving .top and .click spam email domains
2023-02-12: The case for atomic types in programming languages
2023-02-11: Learning about Linux fwmark masks
2023-02-10: Things that systemd-resolved is not for (as of systemd 251)
2023-02-09: I'm considering giving in to the systemd-resolved wave
2023-02-08: The general 'recursive routing' problem in IP networking
2023-02-07: What I want in Prometheus (as a whole) is aggregating alert notifications
2023-02-06: Rsync'ing (only) some of the top level pieces of a directory
2023-02-05: Some things on Prometheus's new feature to keep alerts firing for a while
2023-02-04: The practical appeal of a mesh-capable VPN solution
2023-02-03: In a university, people want to use our IPs even for external traffic
2023-02-02: A gotcha when making partial copies of Prometheus's database with rsync
2023-02-01: C was not created as an abstract machine (of course)
2023-01-31: I've had bad luck with transparent hugepages on my Linux machines
2023-01-30: One reason I still prefer BIOS MBR booting over UEFI
2023-01-29: The CPU architectural question of what is a (reserved) NOP
2023-01-28: I should assume contexts aren't retained in Go APIs
2023-01-27: Some thoughts on whether and when TRIM'ing ZFS pools is useful
2023-01-26: Some notes on using using TRIM on SSDs with ZFS on Linux
2023-01-25: You should back up the settings for your Firefox addons periodically
2023-01-24: Linux software RAID mirrors, booting, mdadm.conf, and disk counts for non-fun
2023-01-23: I should always make a checklist for anything complicated
2023-01-22: How Let's Encrypt accounts are linked to your certificates in Certbot
2023-01-21: How Prometheus makes good use of the HTTP Accept: header
2023-01-20: An instruction oddity in the ppc64 (PowerPC 64-bit) architecture
2023-01-19: My twitch about adding a shim in front of a (shell script) interpreter
2023-01-18: Some things on SSDs and their support for explicitly discarding blocks
2023-01-17: An aggressive, stealthy web spider operating from Microsoft IP space
2023-01-16: Backporting changes is clearly hard, which is a good reason to avoid it
2023-01-15: Some weird effects you can get from shared Let's Encrypt accounts
2023-01-14: Your server BMCs can need to be rebooted every so often
2023-01-13: Ubuntu 22.04 LTS servers and phased apt updates
2023-01-12: A browser tweak for system administrators doing (web) network debugging
2023-01-11: Sometimes it actually is a kernel bug: bind() in Linux 6.0.16
2023-01-10: My Git settings for carrying local changes on top of upstream development
2023-01-09: In Python, zero is zero regardless of the number type
Link: X Window System Basics
2023-01-08: Let's Encrypt's complex authorization process and multi-name TLS certificates
2023-01-07: Our ZFS spares handling system sort of relies on our patterns of disk usage
2023-01-06: Setting alerts is a chance to figure out what you really care about
2023-01-05: The different sorts of 'iconification' of windows in X
2023-01-04: Finding people's use of /usr/bin/python with the Linux audit framework
2023-01-03: Some thoughts on Prometheus Alertmanager's alert reminders
2023-01-02: Debian has removed Python 2 from its next version
2023-01-01: Research Unix V2 already had a lot of what we think of as 'Unix'
2022-12-31: Going from a Firefox preference to the underlying configuration setting
2022-12-30: Disabling automatic form autofilling in Firefox (which is now simple)
2022-12-29: Some notes to myself on 'git log -G' (and sort of on -S)
2022-12-28: Some practical notes on the systemd cgroups/units hierarchies
2022-12-27: Our varied approaches to upgrading machines with local state
2022-12-26: More use of Rust is inevitable in open source software
2022-12-25: Sorting out PC chassis power switches for ATX power supplies
2022-12-24: The systemd journal is primarily time-based
2022-12-23: Handling numbers in Vim when they have a dash in front of them
2022-12-22: The power of URLs you can use with query parameters and a HTTP GET request
2022-12-21: The Prometheus cardinality issues with systemd unit-related metrics
2022-12-20: Detecting missing or bad Go modules and module versions
2022-12-19: Systemd unit templates don't provide a native way to have multiple parameters
2022-12-18: My dmenu wrapper script and what it will invoke for me
2022-12-17: A trick of my dmenu setup: a custom $PATH
2022-12-16: A practical issue with YAML: your schema is not actually documentation
2022-12-15: How I do static IPs and names for my NAT'd libvirt-based VMs
2022-12-14: Your options for displaying status over time in Grafana 9
2022-12-13: Go and the case of the half-missing import
2022-12-12: An enforced 'real names only' policy forces people to advertise things
2022-12-11: Prometheus Blackbox 0.23.0 has added a nice improvement to its DNS checks
2022-12-10: Unix's special way of marking login shells goes back to V2 Unix (at least)
2022-12-09: Sometimes an Ubuntu package of a Python module is probably good enough
2022-12-08: Python version upgrades and deprecations
2022-12-07: My story of using Linux libvirt/KVM to get an ad hoc remote desktop
2022-12-06: Why being able to partially distrust a Certificate Authority is good
2022-12-05: I've now disabled systemd-oomd on my Fedora desktops
2022-12-04: How to lose some of your tabs in Firefox 107+ (and possibly earlier)
2022-12-03: Using Dovecot 2.3's 'events' system to create Prometheus metrics
2022-12-02: Apache 2.4's event MPM and oddities with ServerLimit
2022-12-01: Linux Certificate Authority root stores have a too simple view of 'trust'
2022-11-30: Using Dovecot 2.3's 'events' system to generate log messages
2022-11-29: The uncertain question of how much RAM our servers need
2022-11-28: The annoying question of Intel CPU support for XMP RAM profiles
2022-11-27: Getting my unit size 'prefixes' (really suffixes) straight, sort of
2022-11-26: Moving our /var/mail to be local on our IMAP server has gone very well
2022-11-25: A revealing Vim addressing mistake that I made today
2022-11-24: Unix's (technical) history is mostly old now
2022-11-23: Unix swap configuration used to be rather simple and brute force
2022-11-22: Twitter's 'quoted tweets' feature and how design affects behavior
2022-11-21: Using curl to test alternate (test) servers for a web site
2022-11-20: Floating point NaNs as map keys in Go give you weird results
2022-11-19: Python dictionaries and floating point NaNs as keys
2022-11-18: Go 1.21 may have a clear(x) builtin and there's an interesting reason why
2022-11-17: Understanding how fast Ethernet really is (and in what units)
2022-11-16: Monitoring if our wireless network is actually working in locations
2022-11-15: It's useful to think about a 'ground up' recovery of your environment
2022-11-14: Firefox will now copy non-breaking spaces from HTML and that can be a problem
2022-11-13: I wouldn't use ZFS for swap (either for swapfiles or with a zvol)
2022-11-12: Questionable TLS Certificate Authorities and Certificate Transparency
2022-11-11: How Linux swap files (and swap partitions) find where to read and write
2022-11-10: The problem of (Unix) swapfiles and server backups
2022-11-09: Linux swap files don't seem to update their modification time when you swap
2022-11-08: Some thoughts on organizations running their own Fediverse instance
2022-11-07: An odd error I encountered with ZFS snapshots on Ubuntu 18.04
2022-11-06: Go's sync.Pool has (undocumented) 'thread' locality
2022-11-05: Our upgrade wave of Ubuntu 18.04 machines has gone fine
2022-11-04: An email's Message-ID header isn't a good spam signal (in late 2022)
2022-11-03: On not having a separate /boot filesystem on modern (x86) Linux
2022-11-02: The problem of getting problem reports from (our) people
2022-11-01: (Maybe) copying email anti-spam measures from Google and company
2022-10-31: I wish ZFS supported per-user reservations, not just per-user quotas
2022-10-30: Silencing KDE application notification sounds under fvwm
2022-10-29: Importing a Python program that doesn't have a .py extension
2022-10-28: People like file extensions whether or not they're necessary
2022-10-27: Scripts and programs should skip having extensions like '.sh' and '.bash'
2022-10-26: Our computer security problems are our own fault
2022-10-25: An email phish attempt using attachment file type confusion
2022-10-24: Filesystems and progressive deletion of things
2022-10-23: Why I feel DNS CAA records are a real TLS security improvement in practice
2022-10-22: TLS Certificate Transparency is about improving the (web) TLS ecology
2022-10-21: The Prometheus timestamp() function can be used on expressions, sort of
2022-10-20: The programming challenge that is a modern browser
2022-10-19: Understanding '+incompatible' in Go module version names
2022-10-18: We're finally fully moving away from Apache's prefork MPM (hopefully)
2022-10-17: The proper setup of a Go module, as I understand it
2022-10-16: What it means to see a 'bad' certificate in TLS Certificate Transparency logs
2022-10-15: How much swap space we're using across our servers (in October 2022)
2022-10-14: Two views of CPU utilization (a realization)
2022-10-13: We're moving away from swap partitions on our Linux servers
2022-10-12: We are stuck with egrep and fgrep (unless you like beating people)
2022-10-11: When Promtail seems to make position checkpoints (as of v2.6.1)
2022-10-10: The pragmatic effects of setting nconnect on NFS v3 mounts on Linux
2022-10-09: Research Unix V7's (comparatively) long time gap from V6
2022-10-08: Linux NFS clients (normally) make only one TCP connection to each fileserver
2022-10-07: How old various Unix signals are
2022-10-06: My performance intuitions and the complexities of SSD performance
2022-10-05: The Maildir mail storage format doesn't seem to work well over NFS
2022-10-04: Our unusual traditional /var/mail setup for people's inboxes
2022-10-03: Universities, "Bring your own device", and security
2022-10-02: Universities and their non-employees (part two)
2022-10-01: YAML in practice can be looser than I expected
2022-09-30: Your Grafana Loki setup needs security and access control
2022-09-29: Python virtual environments can usually or often be moved around
2022-09-28: How I've set up my libvirt based virtual machines (in late 2022)
2022-09-27: Reaching past our firewalls with WireGuard (some thoughts)
2022-09-26: The lsb_release program and the /etc/os-release file
2022-09-25: What can a compromised TLS Certificate Transparency Log do?
2022-09-24: Needing xdg-desktop-portal may be in my future (even without Wayland)
2022-09-23: Browsers and them 'supporting' TLS certificate transparency
2022-09-22: The TLS client's view of Certificate Transparency and CT Logs
2022-09-21: Some notes on the readings you get from USB TEMPer2 temperature sensors
2022-09-20: Why the ZFS ZIL's "in-place" direct writes of large data are safe
2022-09-19: Tangled issues with what status we should use for our HTTP redirects
2022-09-18: I believe SELinux needs active support from your distribution
2022-09-17: Authenticated SMTP and IMAP authentication attacks and attempts we see here
2022-09-16: The problem of network tunnels and (asymmetric) routing
2022-09-15: The C free() API gives libraries and functions useful freedom
2022-09-14: Grafana Loki doesn't duplicate a central syslog server (or vice versa)
Link: USB, Thunderbolt, Displayport & docks
2022-09-13: My Firefox addons as of Firefox 104 (they haven't changed in a while)
2022-09-12: What's lost when running the Prometheus host agent as a non-root user on Linux
2022-09-11: The amount of memory in basic 1U servers and our shifting views of it
2022-09-10: C's malloc() and free() APIs are reasonable APIs for C
2022-09-09: How we monitor the temperature of our machine rooms
2022-09-08: Grafana's problem with the order of dashboard panel legends and Prometheus
2022-09-07: What systemd timer directives seem to be used in practice
2022-09-06: Machine room temperatures and the value of long Prometheus metrics history
2022-09-05: The history of sending signals to Unix process groups
2022-09-04: Support for 'kill -SIGNAME ...' was added in 4BSD
2022-09-03: Our Prometheus host metrics saved us from some painful experiences
2022-09-02: An rsyslog(d) syslog forwarding setup for Grafana Loki (via Promtail)
2022-09-01: Go 1.19 added an atomic.Pointer type that's a generic type
2022-08-31: ZFS DVA offsets are in 512-byte blocks on disk but zdb misleads you about them
2022-08-30: ZFS DVA offsets are in bytes, not (512-byte) blocks
2022-08-29: A thought on presentational versus semantic HTML
2022-08-28: Getting USB TEMPer2 temperature sensor readings into Prometheus (on Linux)
2022-08-27: Large scale Internet SSH brute force attacks seem to have stopped here
2022-08-26: Using systemd timers to run things frequently (some early notes)
2022-08-25: U.2, U.3, and other server NVMe drive connector types (in mid 2022)
2022-08-24: We now have some 1U servers with U.2 NVMe SSDs and they're okay
2022-08-23: On Ubuntu, AppArmor is quite persistent and likes to reappear on you
2022-08-22: Some notes on Grafana annotations sourced from Prometheus metrics
2022-08-21: ZFS DVAs and what they cover on raidz vdevs
2022-08-20: The Ubuntu 22.04 server installer wants you to scrub reused disks first
2022-08-19: I wish Prometheus had a table-driven label remapping feature
2022-08-18: Rasdaemon is what you want on Linux if you're seeing kernel MCE messages
2022-08-17: Some resources for looking at the current development version of Go
2022-08-16: The names of disk drive SMART attributes are kind of made up (sadly)
2022-08-15: Disk drive SMART attributes can go backward and otherwise be volatile
2022-08-14: Our slow turnover of servers and server generations
2022-08-13: The C free() API means memory allocation must save some metadata
2022-08-12: My adventure with URLs in a Grafana that's behind a reverse proxy
2022-08-11: My uncertainty over whether an URL format is actually legal
2022-08-10: Some notes (to myself) about formatting text in jq
2022-08-09: Ubuntu 22.04 with multiple disks and (U)EFI booting
2022-08-08: Two example Grafana Loki log queries to get things from ntpdate logs
2022-08-07: Our BMCs are not great at keeping accurate time
2022-08-06: The pervasive effects of C's malloc() and free() on C APIs
2022-08-05: How old our servers are (as of 2022)
2022-08-04: The odd return value of the original 4.2 BSD gethostbyname()
Link: The MGR Window System
2022-08-03: Vim settings I'm using for editing YAML (with a sideline into Python)
2022-08-02: I wish that systemd (and everything) would rate-limit configuration warnings
2022-08-01: A brief history of looking up host addresses in Unix
2022-07-31: Using Prometheus's recent '@ end()' PromQL feature to reduce graph noise
2022-07-30: Python is my default choice for scripts that process text
2022-07-29: How systemd names instances of templated socket service units
2022-07-28: Print based debugging and infrequent developers
2022-07-27: What ZFS 'individual' and 'aggregated' IO size statistics mean
2022-07-26: To be fully useful, Prometheus histograms want their cumulative sums
2022-07-25: ZFS pool IO statistics (and vdev statistics) are based on physical disk IO
2022-07-24: Some pragmatic issues with Linux kernel mode setting on servers
2022-07-23: The state of getting per-pool IO statistics in ZFS on Linux as of version 2.1
2022-07-22: I've now used Linux nftables for firewall rules and it went okay
2022-07-21: You can sensibly move or copy Prometheus's database with rsync
2022-07-20: A brute force solution to nested access permissions in Apache
2022-07-19: We won't be sending systemd logs to Grafana Loki in JSON format
2022-07-18: Grafana Loki and what can go wrong with label cardinality
2022-07-17: An assortment of timestamp formats found in our (Unix) logs
2022-07-16: How to get (or recognize) a common Unix log timestamp format in things
2022-07-15: 'iptables -L' doesn't show you interface matches on rules by default
2022-07-14: IMAP servers can have significant imbalances between disk and network IO
2022-07-13: How Unix didn't used to support '#!', a brief history
2022-07-12: Getting the names of your Linux software RAID devices to stick
2022-07-11: It feels surprisingly good to block Bingbot from my blog front page
2022-07-10: My distrust of multi-factor authentication's account recovery story
2022-07-09: The Linux load average does mean something (although maybe not much)
2022-07-08: Larger backup systems often operate in multiple stages
2022-07-07: DKIM signature types (algorithms) that we see (as of July 2022)
2022-07-06: My current mixed views on the Linux kernel netconsole
2022-07-05: A surprise: you can only have one Linux kernel serial console
2022-07-04: Why an empty (executable) file is generally true in Unix
2022-07-03: Filesystems versus general tree structures
2022-07-02: Why reproducible machines didn't used to be a priority (I think)
2022-07-01: A quiet shift in what tech people build for their blogs
2022-06-30: Having one is often much easier than having more than one
2022-06-29: Notes on the Linux kernel's 'pressure stall information' and its meanings
2022-06-28: What symmetric and asymmetric IP routing are
2022-06-27: Wishing for a simple way to set up multi-interface symmetric routing on Linux
2022-06-26: Modern disk sizes and powers of two
2022-06-25: A limitation on what 'go install' can install (as of Go 1.18)
2022-06-24: Even for us, SSD write volume limits can matter
2022-06-23: A mystery with Fedora 36, fontconfig, and xterm (and urxvt)
2022-06-22: Signing email with DKIM is becoming increasing mandatory in practice
2022-06-21: Some network speeds and network related speeds we see in mid 2022
2022-06-20: Modern HDDs have gotten somewhat better than they used to be
2022-06-19: What fast SSH bulk transfer speed (probably) looks like in mid-2022
2022-06-18: Humanizing numbers in Python through a regexp substitution function
2022-06-17: What is our Python 2 endgame going to be?
2022-06-16: I wish Grafana dashboards and panels could have easy, natural comments
2022-06-15: Understanding some peculiarities of per-cgroup memory usage accounting
2022-06-14: Go programs and Linux glibc versioning
2022-06-13: In general Unix system calls are not cancellable, just abortable
2022-06-12: Framebuffer consoles have been around before on Unix workstations
2022-06-11: Linux kernel mode setting on servers (and Ubuntu 22.04)
2022-06-10: Text consoles and framebuffer consoles in Linux
2022-06-09: How we wound up with Linux's kernel mode setting ('KMS')
2022-06-08: The information theory reason for assuming non-secret cryptography algorithms
2022-06-07: TLS Certificate Transparency logs don't always talk to you
2022-06-06: Doing a selective alert about a host's additional exporters in Prometheus
2022-06-05: Checking a few metrics (time series) at once in Prometheus's query language
2022-06-04: Web URL paths don't quite map cleanly onto the abstract 'filesystem API'
2022-06-03: Regular expressions are effectively a (hard) programming language
2022-06-02: Serving static files versus dynamic web server APIs
2022-06-01: Setting up Linux fair share CPU scheduling with systemd and cgroup v2
2022-05-31: The basics of Linux fair share CPU scheduling in cgroup v2 ('unified cgroups')
2022-05-30: Systemd memory limits and strict memory overcommit
2022-05-29: My wish for per-port IP access controls in systemd .service units
2022-05-28: It's a bit risky to give people access to your Prometheus Blackbox exporter
2022-05-27: Modal dialogs and other things that steal keyboard focus are dangerous
2022-05-26: Stopping an Ubuntu 22.04 desktop from suspending at the login screen
2022-05-25: Shell scripts should be written to be clear first
2022-05-24: Some notes on providing Python code as a command line argument
2022-05-23: Systems should expose a (simple) overall health metric as well as specifics
2022-05-22: Modern (public) TLS has only a limited number of intermediate certificates
2022-05-21: Some things that make languages easy (or not) to embed in Unix shell scripts
2022-05-20: Getting a Bourne shell "here document" into a shell variable
2022-05-19: Moving a libvirt-based virtualization setup from one machine to another
2022-05-18: Missing TLS intermediate certificates can create mysterious browser problems
2022-05-17: Why I'm not all that positive on working through serial consoles
2022-05-16: Python programs as wrappers versus filters of other Unix programs
2022-05-15: The idea of hierarchical filesystems doesn't feel like an API to me
2022-05-14: The web is, in a sense, designed for serving static files
2022-05-13: The cause of an odd DNF/RPM error about conflicting files
2022-05-12: Why I'm considering some use of NetworkManager (and I probably have to)
2022-05-11: Traditionally there are fewer steps in setting up a static website
2022-05-10: Seeing the speed of your USB devices under Linux the easy way
2022-05-09: Snaps don't seem compatible with NFS home directories in Ubuntu 22.04
2022-05-08: Checking if a machine is 'up' for scripts, well, for rsync
2022-05-07: Solving a problem I had with the Unix date command in the right way
2022-05-06: Filtering Prometheus metrics with deliberately repeated labels
2022-05-05: When you install systems semi-manually, when updates get done matters
2022-05-04: The temptation of smartctl's JSON output format given NVMe SSDs
2022-05-03: NVMe disk drives and SMART attributes (and data)
2022-05-02: Monitoring is too hard, as illustrated by TLS certificates expiring
Link: An opinionated list of best practices for textual websites
2022-05-01: Using Linux's libvirt for my virtualization needs has been okay
2022-04-30: Some thoughts about your (our) site needing Javascript
2022-04-29: Our positive experience with having our support site be basic HTML
2022-04-28: The practical problem with /etc/pam.d on long-lived Linux systems
2022-04-27: The root cause of my xdg-desktop-portal problems on a Fedora machine
2022-04-26: Why your physical servers running Ubuntu 22.04 LTS can boot very slowly
2022-04-25: Sort of making snapshots of UEFI libvirt-based virtual machines
2022-04-24: Some things that make shell scripts have performance issues
2022-04-23: The temptation of writing shell scripts, illustrated
2022-04-22: The state of Python (both 2 and 3) in Ubuntu 22.04 LTS
2022-04-21: 4K HiDPI monitors come in inconvenient sizes if you want two of them
2022-04-20: My virtualization setup so far with Linux's virt-manager and friends
2022-04-19: Some bits on keeping isolated network interfaces organized (on Linux)
2022-04-18: How to talk to a local IPMI under OpenBSD
Where Linux's load average comes from in the kernel
2022-04-16: "Long term support" Unixes and versions of software in them
2022-04-15: I need (or at least want) a new virtual machine (GUI) environment
2022-04-14: Building Firefox from source and Rust versions
2022-04-13: A reason why Unix programs sometimes support '-?' for help
2022-04-12: Mangling your distribution version in your Apt sources for fun and profit
2022-04-11: How Debian's procps package is surprisingly opinionated
2022-04-10: A Linux PAM setup and the problem of stopping authentication
2022-04-09: Understanding the effects of PAM module results ('controls' in PAM jargon)
2022-04-08: On the ordering of password and MFA challenges during login
2022-04-07: What goes into an X resource and its name
2022-04-06: Fedora now has a sensible UEFI boot setup (and has for some time)
2022-04-05: The failure of the idea of X resources
2022-04-04: Things I needed to change for HiDPI on Linux that weren't in my X settings
2022-04-03: Some notes on using snmpwalk to poke at devices with SNMP
2022-04-02: Sorting out IPMI and BMC terminology and technology
2022-04-01: Some notes on finding and reading information over SNMP
2022-03-31: The awkward timing of Fedora and Go releases
2022-03-30: Why a (Linux) service delaying its shutdown is a bad thing
2022-03-29: Fixing Pipx when you upgrade your system Python version
2022-03-28: We need a way to scan Microsoft Office files for malware
2022-03-27: Some thoughts on Go's unusual approach to identifier visibility
2022-03-26: Unsurprisingly, the clock in your server's IPMI drifts over time
2022-03-25: Some notes on lslocks, the Linux command to list current file locks
2022-03-24: Some notes on Linux's /proc/locks listing of file locks
2022-03-23: Document your mistakes and then try to block them in the future
2022-03-22: Getting a fixed baud rate on your serial ports for logins under systemd
2022-03-21: The modern trend of variable DNS results and its effects on troubleshooting
2022-03-20: Prometheus: using gauge-like things as if they were counters
2022-03-19: Some problems that Python's cgi.FieldStorage has
2022-03-18: Our limited use of Python's cgi module
2022-03-17: I need to remember to check for ZFS filesystems being mounted
2022-03-16: People might want to think about saving a copy of Go 1.17
2022-03-15: How Linux dynamic loaders can be both shared objects and executables
2022-03-14: Where cut comes into Unix (and a bit on the history of awk)
2022-03-13: We do see ZFS checksum failures, but only infrequently
2022-03-12: I wish ZFS pools kept a persistent count of various errors
2022-03-11: Filesystems can experience at least three different sorts of errors
2022-03-10: It would be nice if Linux had a count of disk errors in sysfs
2022-03-09: Linux disk names you can encounter in your Prometheus host metrics
2022-03-08: Hardware can be weird, server and USB keyboard edition
2022-03-07: The convenience of multi-purpose monitoring (in Prometheus)
2022-03-06: What sort of server it takes to build Firefox in four and a bit minutes
2022-03-05: Dynamic web pages can be viewed as a form of compression (sometimes)
2022-03-04: A pragmatic driver of support for serving static files on the web is efficiency
2022-03-03: Understanding a thing with ZFS on Linux, kernel versions, RPMs, and DKMS
2022-03-02: A Python program can be outside of a virtual environment it uses
2022-03-01: The problem of keeping track of hardlinks as you traverse a directory tree
2022-02-28: Firefox (Nightly) and the case of the fading scrollbars on Unix
2022-02-27: Python's os.environ is surprisingly liberal in some ways
2022-02-26: Unix environment variables (and the environment) are a fuzzy thing
2022-02-25: The varying sizes of images on the web today, and remembering that
2022-02-24: I've come to think that the Git index is a good thing
2022-02-23: Some early notes on Dovecot namespaces (in Dovecot 2.2.33, currently)
2022-02-22: A realization about using DNS sub-names in modern protocols like DMARC
2022-02-21: Python's Global Interpreter Lock is not there for Python programmers
2022-02-20: The history (sort of) of service management in Unix
2022-02-19: The important things about Unix init systems aren't booting the system
2022-02-18: Ubuntu limits the console kernel log level even on servers
2022-02-17: The Linux kernel's message log levels are relatively meaningless
2022-02-16: Lurking complexities in a web server that just serves static files
2022-02-15: A major caution when using 'rsync -a' to copy or move directory trees
2022-02-14: Beware of trying to compare the size of subtrees with du
2022-02-13: Go generics: the question of types made from generic types and type sets
2022-02-12: The 'any' confusion in Go generics between type constraints and interfaces
2022-02-11: Some things on strict and relaxed DKIM alignment in DMARC
2022-02-10: Notes on using DKIM in a DMARC world
2022-02-09: ZFS performance and modern solid state disk systems
2022-02-08: Some SSD write volumes from my machines
2022-02-07: What does it mean for a filesystem to perform well on modern hardware?
2022-02-06: Checking out a Git branch further back than the head
2022-02-05: Go 1.18 won't have a 'constraints' package of generics helpers
2022-02-04: Some notes on Grafana relative time ranges
2022-02-03: The hassles today of having servers with disks that can't be hot-swapped
2022-02-02: Disk drives can have weird SMART values for their power on hours
2022-02-01: The likely long-term result of good on-host (host-based) firewalls
2022-01-31: Git 2.34 has changed how you configure fast-forward only pulls and rebasing
2022-01-30: A thesis: most websites are implicitly designed with a short lifetime
2022-01-29: The reason Unix has the argv[0] issue (and API)
2022-01-28: Some things on Django's CSRF protection, sessions, and REMOTE_USER
2022-01-27: The Linux kernel, simultaneous multithreading, and process scheduling
Django and Apache HTTP Basic Authentication (and REMOTE_USER)
2022-01-25: Giving things an IP address is dangerous (to them)
Go generics are going to be both simple and complex (as of Go 1.18)
2022-01-23: DNS queries to external sources do fail every so often out of the blue
2022-01-22: Modern public TLS is a quite different thing than it used to be
2022-01-21: Sorting out the situation with Intel desktop CPUs and hyper-threading
2022-01-20: I'm using journalctl's --since option now to speed up checking logs
2022-01-19: When I might expect simultaneous multithreading to help
2022-01-18: Logs are invisible (at least most of the time and by default)
2022-01-17: Pipx and a problem with changing the system Python version
2022-01-16: HTTPS is still optional, at least sort of
2022-01-15: You should do lint checks on your Prometheus alert (and recording) rules
2022-01-14: Link: Histograms in Grafana (a howto)
Understanding what a DKIM (spam) replay attack is
2022-01-13: In practice, there are two types of window managers in modern X
2022-01-12: My sunk cost fallacy relationship with my home desktop
2022-01-11: Some things about Prometheus Alertmanager's notification metrics
2022-01-10: The complexity of seeing if your Prometheus Alertmanager is truly healthy
2022-01-09: I have mixed feelings about the Go time package's time formatting strings
2022-01-08: Good web scraping is not just about avoiding load
2022-01-07: In practice, Debian (and Ubuntu) have fixed minimum system UIDs and GIDs
2022-01-06: An annoyance with Debian postinstall scripts during package upgrades
2022-01-05: Some things about Dovecot, its index files, and the IMAP SELECT command
2022-01-04: Some ways to implement /dev/fd in Unix kernels
2022-01-03: The important Unix idea of the "virtual filesystem switch"
2022-01-02: Why "process substitution" is a late feature in Unix shells
Why I'm not interested in rolling back to snapshots of Linux root filesystems
2021-12-31: Why I (still) use ext4 for my Linux root filesystems
2021-12-30: Checking what features your ext4 filesystems have
2021-12-29: Pipx's 'reinstall' command works right by reinstalling injected packages too
2021-12-28: A realization of why email is critical infrastructure for the Internet
2021-12-27: Link: Eric Rescorla's "DNS Security, Part II: DNSSEC"
A thesis: large, significant open source projects must keep moving or die
Security systems and requiring attacks instead of accidents to evade them
2021-12-25: Our webmail is a surprisingly popular service
2021-12-24: Sadly, my experience is that big commercial anti-malware detection is better
2021-12-23: Running your own email is increasingly an artisanal choice, not a practical one
2021-12-22: Using pipx in a PyPy installation more or less just works
2021-12-21: Our internal network access authentication needs
2021-12-20: Some usage notes for the Linux ss program
2021-12-19: My Firefox bookmarklet to see links I've visited more reliably
Some brief notes for myself on growing a LVM root filesystem
2021-12-17: Our never-used system for user-provided NFS accessible storage
In Go 1.18, generics are implemented through code specialization
2021-12-15: User runtime directories on modern Linux, aka /run/user/<uid>
2021-12-14: Finding Ubuntu (and Debian) packages that are in odd states
2021-12-13: A bit on compilation's changing number of stages (and assembly)
2021-12-12: How Vim's visual mode has wound up being useful for me
2021-12-11: Some numbers from ZRAM swap on my two Fedora machines
2021-12-10: The question (and some answers) of modern day partition sizes for Linux
2021-12-09: Why it's good to explicitly document the purposes of things, illustrated
Some NVMe drive temperature things from my drives
2021-12-08: NVMe drives and the case of opaque bandwidth limits
2021-12-06: Linux's vm.admin_reserve_kbytes sysctl is both not big enough and not sufficient
2021-12-05: A bit on what Unix system pre-boot environments used to look like
2021-12-04: Most computer standards broadly require good faith implementations
2021-12-03: My views so far on bookmarklets versus addons in Firefox
2021-12-02: On servers maybe moving to M.2 NVMe drives for their system drives
2021-12-01: Unfortunately, damaged ZFS filesystems can be more or less unrepairable
2021-11-30: Prometheus will make persistent connections to agents (scrape targets)
2021-11-29: The long term relative prices of M.2 NVMe drives and 2.5" SSDs
2021-11-28: The problem I have with Pip's dependency version handling
2021-11-27: Two stories of how and why simultaneous multithreading works
2021-11-26: How we use the SLURM job scheduler system on our compute servers
Why region based memory allocation help with fragmentation
2021-11-25: Computation that needs to be "secure" is everywhere in practice
2021-11-23: I wish systemd logged information about the source of "transactions"
2021-11-22: Why it matters to us if exploits are available for security issues
2021-11-21: Why V7 Unix matters so much
2021-11-20: Linux has no fair-share scheduling that really works for compute servers
Why your Go programs can surprisingly be dynamically linked
2021-11-18: What data about your NVMe drives Linux puts in sysfs
2021-11-17: Why we have a split-horizon DNS setup
2021-11-16: Why we have public websites on private IPs (internally)
2021-11-15: Chrome may start restricting requests to private networks
2021-11-14: Go 1.18 will let you set the version of the "AMD64" architecture to target
2021-11-13: Considering "iowait" CPU time and CPU utilization
2021-11-12: A linear, sequential boot and startup order is easier to deal with
2021-11-11: I'm unsure of the security of simultaneous multithreading on modern x86 CPUs
2021-11-10: People will always exploit presentation, because presentation matters
2021-11-09: Our new way of waiting for the network to be "up" in systemd's world
2021-11-08: Soon to expire TLS certificates aren't necessarily a problem
2021-11-07: Systemd timer units don't have much appeal for us (over crontab entries)
2021-11-06: Thinking about when our crontab entries run
2021-11-05: If we use PyPy, we'll likely use our own install of it
2021-11-04: Two different worldviews of version control systems
2021-11-03: Thinking through the threat models when encrypting your backups
2021-11-02: Why I maintain my private changes to upstream projects via rebasing
2021-11-01: Rebasing changes can be common when working with version control systems
2021-10-31: Linux puts a bunch of DMI information into sysfs for you
Python 3 forced its own hand so that standard input had to be Unicode
2021-10-29: Why browsers are driven to offer some degree of remote control
Things to do in Python 3 when your Unix standard input is badly encoded
2021-10-27: We're seeing increasingly targeted and dangerous phish spam attempts
2021-10-26: Vim visual mode and an unfortunate restriction on the filter operation
Go 1.18 will embed source version information into binaries
2021-10-24: Companies and their stewardship of open source projects
Your SMART drive database of attribute meanings needs regular updates
2021-10-22: Python 2's status in various Linux distributions (October 2021 edition)
2021-10-21: The easy way to see underneath NFS mount points on Linux
2021-10-20: In the beginning, there was no way to expand C's stack size
2021-10-19: VCS history versus large open source development
2021-10-18: The cut and paste irritation in "smart" in-browser text editing
Getting some hardware acceleration for video in Firefox 93 on my Linux home desktop
2021-10-16: My wish for a way to activate one systemd unit when another one started
2021-10-15: You may not want to require all of your bind mounts (in systemd)
2021-10-14: Systemd (v237) can do quite odd things with /etc/fstab bind mounts
2021-10-13: Web browsers drive what Certificate Authority root certificates are accepted
2021-10-12: Reasons to limit your stack size even in non-threaded environments
2021-10-11: Unknown NMIs and counting hardware CPU events in eBPF programs
2021-10-10: TLS Certificate Transparency logs let us assess Certificate Authorities
V7 Unix had no stack size limit, and when Unix acquired one
2021-10-08: We've migrated from Yubikey 2FA to the university's MFA
What Linux kernel "unknown reason" NMI messages mean
2021-10-06: The OpenSSH server has limits on what user authentication you can use
2021-10-05: Some early notes on using pipx for managing third-party Python programs
2021-10-04: The "why" problem with on-host (host-based) firewalls on your machines
2021-10-03: Modern TLS has no place left for old things, especially clients
Desktops don't always use NetworkManager's programs
2021-10-01: Firefox on Unix is moving away from X11-based remote control
2021-09-30: Moving averages (and rates) for metrics in Prometheus (and Grafana)
2021-09-29: My changing (citation) style of external links here on Wandering Thoughts
2021-09-28: Avoiding flawed server ACPI information for power monitoring
2021-09-27: Stack size is invisible in C and the effects on "portability"
2021-09-26: The shifting view of two factor authentication at the university
2021-09-25: Notes on updating OpenBSD machines to current, supported versions
2021-09-24: Understanding EGL, GLX and friends in the Linux and X graphics stack
Link: Examining btrfs, Linux’s perpetually half-finished filesystem
Go generics have a new "type sets" way of doing type constraints
2021-09-22: It's probably not the hardware, a sysadmin lesson
2021-09-21: Why we care about being able to (efficiently) reproduce machines
2021-09-20: What the 'proto' field is about in Linux 'ip route' output (and input)
2021-09-19: Microsoft's Bingbot crawler is relentless for changing pages (it seems)
2021-09-18: One major obstacle to unifying the two types of package managers
2021-09-17: At least from an outside perspective, Ubuntu is Canonical's thing
2021-09-16: Use virtual environments to install third-party Python programs from PyPI
2021-09-15: Some notes on upgrading programs with Python's pip
2021-09-14: There are (at least) two types of package managers
2021-09-13: The rc shell's nice feature for subdirectory searching of $PATH
Why I'm mostly not a fan of coloured text (in terminals or elsewhere)
2021-09-11: How many Prometheus metrics a typical host here generates
Some things to reduce background bandwidth usage on a Fedora machine
2021-09-09: TLS Certificate Transparency logs come and go over time
2021-09-08: The "web" TLS world is different from the non-public one in practice
2021-09-07: My long-lived personal Linux installs
2021-09-06: Why Nutch-based web spiders are now blocked here
2021-09-05: Firefox on Linux is still not working well with WebRender for me (again)
2021-09-04: Adding a "host" label to all of your per-host Prometheus metrics
2021-09-03: How I try out and test new versions of Grafana
2021-09-02: Go multi-module workspace mode, a forthcoming feature in Go 1.18
2021-09-01: Large Unix programs were historically not all that portable between Unixes
2021-08-31: Go doesn't have a stack the way that some other languages do
2021-08-30: How ZFS stores symbolic links on disk
2021-08-29: Some notes on OpenZFS's new 'draid' vdev redundancy type
In Go, pointers (mostly) don't go with slices in practice
2021-08-27: What my first Linux was, and its context
Using our metrics system when I test systems before deployment
2021-08-25: I'm turning off dnf-makecache on my Fedora machines
My interest in Intel's future discrete GPUs (and my likely disappointment)
2021-08-23: Notes on deliberately invoking actions controlled by systemd timers
2021-08-22: What we'll likely do when Linux distributions drop Python 2 entirely
Setting up Python LSP support in GNU Emacs is reasonably worth it
2021-08-20: A home UPS has been more handy and useful than I expected
Seeing what all Cinnamon keyboard shortcuts are
2021-08-19: Configuration (and configuration files) is not and cannot be generic
2021-08-17: It's surprising how many things assume you have available bandwidth
2021-08-16: Browsers listening to developers or users requires them to be humble
2021-08-15: Chrome's automatic updates and the power it holds on the web
2021-08-14: Our experience with IPP-based, PPD-less CUPS printing
2021-08-13: Some of my views on using YAML for human-written configuration files
Prometheus alerts and the idea of "deadbands" (or maybe hysteresis) (with an implementation)
Learning that Vim has insert mode keystrokes that do special things
Go keeps surprising me with its careful design and specification
2021-08-12: Prometheus, Alertmanager, and maybe avoiding flapping alerts
2021-08-11: The meaning of "hysteresis" and how it relates to alerts
2021-08-09: The Firefox uMatrix addon is not quite dead (so far)
2021-08-08: The xterm terminal emulator can do a lot more than just display text
2021-08-07: Some thoughts on new top-level domains being used for spam
2021-08-06: Some bits of how Bash and GNU Readline's "bracketed paste" mode behaves
2021-08-05: Using journalctl's ability to show only one service
2021-08-04: I have mixed views on new DNS top level domains (TLDs)
When you do and don't get stuck query results from a down Prometheus
2021-08-02: Anonymous ("transparent") structures are a good thing in programming languages
2021-08-01: Unix APIs are where I first saw C #define used to rename struct fields
2021-07-31: Learning that you can use unions in C for grouping things into namespaces
2021-07-30: Hardware and (Linux) driver quality can be invisible to non-specialists
XHTML pages cause problems for some Firefox addons
2021-07-29: How Go maps store their values (and keys)
2021-07-28: Modern email is hard to search, which encourages locked up silos
2021-07-26: Understanding plain Linux NVMe device names (in /dev and kernel messages)
2021-07-25: I should probably learn command-line NetworkManager usage
The tiny irritation of ZFS's 'zpool status' nagging you about upgrades
2021-07-23: Why it matters that map values are unaddressable in Go
2021-07-22: Apache's mod_wsgi and the Python 2 issue it creates
Improving my web reading with Martin Tournoij's "readable" Firefox bookmarklet
2021-07-21: It's nice when programs switch to being launched from systemd user units
2021-07-19: Making a Go program build with Go modules can be not a small change
2021-07-18: On sending all syslog messages to one file
2021-07-17: The minimum for syslog configurations should be to log (nearly) everything
2021-07-16: The WireGuard VPN challenge of provisioning clients
Setting up a WireGuard client with NetworkManager (using nmcli)
2021-07-14: Making two Unix permissions mistakes in one
Some ways to get (or not get) information about system memory ranges on Linux
2021-07-12: Problems in the way of straightforward device naming in operating systems
Understanding something about udev's normal network device names on Linux
2021-07-10: Why Bash and GNU Readline's "bracketed paste" mode is not for us
University computer accounts are often surprisingly complicated
2021-07-08: Redirecting paths that start with two slashes in Apache
A semi-surprise with Python's urllib.parse and partial URLs
2021-07-07: The initramfs for old kernels can hide old versions of things
2021-07-06: Unused hardware in computers can now be distinctly inactive
2021-07-05: Losing track of part of our Amanda configuration and then recovering it
2021-07-04: Two ways to have Amanda always make full backups of a filesystem
2021-07-03: Some brief notes on turning Firefox bookmarklets into convenient buttons
2021-07-02: Dealing with CSS fixed position headers and footers in Firefox
2021-06-30: Giving your Linux network interfaces fixed names (under udevd and networkd)
2021-06-29: Monitoring the status of Linux network interfaces with Prometheus
2021-06-28: Be careful when matching on Ethernet addresses in systemd-networkd
I should keep track of what Python packages I install through pip
2021-06-27: Some notes on what's in Linux's /sys/class/net for network interface status
2021-06-26: Ethernet network cables can go bad over time, with odd symptoms
2021-06-25: A couple of Linux top-like programs for network traffic
2021-06-24: Go 1.17 is deprecating the traditional use of 'go get'
2021-06-22: I like WireGuard partly because it doesn't have 'sessions'
2021-06-21: A realization about our VPN and IPv6 traffic
Some notes on building Firefox from source on Ubuntu
2021-06-20: A bit on ZFS's coming raidz expansion and ZFS DVAs
2021-06-19: The Unix background of Linux's 'file-max' and nr_open kernel limits on file descriptors
2021-06-17: Apache directory indexes will notice and exclude blocked URLs in them
In Prometheus queries, on and ignoring don't drop labels from the result
2021-06-16: The challenge of what to set server BIOSes to do on power loss
2021-06-14: Some notes on Firefox's media autoplay settings as of Firefox 89
2021-06-13: A strong commitment to backwards compatibility means keeping your mistakes
Rust 1.x seems to not always be backward compatible in practice
2021-06-11: How we're dealing with our expiring OpenVPN TLS root certificate
TLS certificate durations turn out to be complicated and subtle
2021-06-10: Early notes on using the new python-lsp-server (pylsp) in GNU Emacs
2021-06-09: The modern web design aesthetic of hiding visited links
2021-06-07: My failure to arrange a graceful TLS root certificate rollover with OpenVPN
2021-06-06: TLS certificates have at least two internal representations of time
The case of the very old If-Modified-Since HTTP header
2021-06-04: HTTP/3 needs us (and other people) to make firewall changes
New versions of Bash (and readline) default to special handling of pasting into the shell (or other programs)
2021-06-02: Fedora co-mingles its source packages with Red Hat Enterprise Linux
Simple use of Let's Encrypt on OpenBSD is pleasantly straightforward (as of 6.8)
2021-05-31: It'd be useful if TLS libraries had better and more detailed error messages
I've come to like date-based names for log rotation
2021-05-30: Go 1.17 will still support the old GOPATH mode (as well as modules)
2021-05-28: Less can filter what it shows to you (a thing I recently learned)
2021-05-27: Some thoughts on having set up a personal Alertmanager instance
Being able to see links I've visited in Firefox is startlingly better
2021-05-26: Working around an AMDGPU automatic fan control problem on my Radeon RX 550
2021-05-24: Rust is a wave of the future
Why we don't have management connections to our switches (an old story)
2021-05-23: Our three generations of network implementations (over the time I've been here)
2021-05-22: I don't know how much memory our Prometheus setup needs
2021-05-20: The temptation to start using some Python type hints
2021-05-19: Fedora has significantly fumbled DKMS handling for Linux kernel modules
Speculating on why DKMS and other Linux things are large shell scripts
2021-05-17: Unix job control has some dark corners and challenging cases, illustrated
2021-05-16: Unix job control and its interactions with TTYs (and shells)
2021-05-15: Downsampling your metrics data is a compromise (what we could call a 'hack')
The size of our Prometheus setup as of May 2021
2021-05-14: The Bourne shell and Bash aren't the right languages for larger programs
2021-05-12: The Bourne shell lets you set variables in if expressions
Firefox and the challenge of trying to make visited links clearly visible
2021-05-10: Errors during SMTP conversations aren't trustworthy, illustrated
2021-05-09: DKMS built one of my kernel modules for the wrong kernel
Storing ZFS send streams is not a good backup method
2021-05-08: It's pleasantly easy to install PyPy yourself (from their binaries)
2021-05-07: Understanding OpenSSH's various options around keys and key algorithms
2021-05-06: The different types of modern (2021) SSH keys (and some opinions)
2021-05-05: It's possible for Firefox to forget about:config preferences you've set
2021-05-03: Our future upgrade wave of Ubuntu 18.04 machines
Understanding OpenSSH's future deprecation of the 'ssh-rsa' signature scheme
2021-05-02: Realizing one general way to construct symmetric ciphers
2021-04-30: Discovering outside people attempting to do dynamic DNS updates to us
There's plenty of our work that's not being done from home
2021-04-29: The shift from "two factor" to "multi-factor" authentication
2021-04-28: Firefox's slow takeover of the address bar's space
2021-04-26: The question of how to do non-annoying multi-factor authentication for SSH
Maybe a local, on-machine caching DNS resolver should be standard (for us)
2021-04-25: The question of having SATA drives behind modern SAS expanders
2021-04-24: Why people care about SAS despite not being 'enterprise'
2021-04-23: How I want to use pip with PyPy to install third party programs
2021-04-21: Go 1.17 will allow converting a slice to an array pointer (some of the time)
2021-04-20: PyPy starts fast enough for our Python 2 commands
2021-04-19: Trying out learning more Vim on demand
2021-04-18: Using NVMe SSDs over SATA SSDs in basic servers is an awkward sales pitch
My view of Wayland here in 2021
2021-04-16: A Firefox surprise from disabling dom.event.clipboardevents.enabled
2021-04-15: Learning about the idea of the HTTP self-post
Link: "a2d<C-V>3gE: Vim normal mode grammar
2021-04-14: Some things on ZFS (on Linux) per-dataset basic IO statistics
2021-04-13: Getting NVMe and related terminology straight (for once)
2021-04-12: SSD versus NVMe for basic servers today (in early 2021)
Counting how many times something started or stopped failing in Prometheus
2021-04-11: Vendors put varied and peculiar things in system DMI information
2021-04-09: Why NFS servers generally have a 'reply cache'
What NFSv3 operations can be in the Linux nfsd reply cache
2021-04-07: Rust's rustup tool is surprisingly nice and well behaved
2021-04-06: Modern Linux can require a link signal before it configures IP addresses
2021-04-05: A stable Unix updating its version of Go isn't straightforward
2021-04-04: Some uses for Prometheus's resets() function
You need a version of Go with module support (ideally good support)
2021-04-02: ZFS on Linux is improving the handling of disk names on import
Programs that read IPMI sensors tell you subtly different things
2021-03-31: Understanding Prometheus' changes() function and what it can do for me
Systemd's NSS myhostname module surprised me recently
2021-03-29: Nil in Go is typed in theory and sort of untyped in practice
2021-03-28: What tool you use to read IPMI sensor information can matter
2021-03-27: Internet routing can now vary based on things you wouldn't expect
The attractions of reading sensor information from IPMIs
2021-03-26: Linux's hardware monitoring can lie to you
2021-03-24: HTTPS is really multiple protocols these days
2021-03-23: Discovering Vim's Visual (selection) mode
2021-03-22: Portability has ongoing costs for code that's changing
2021-03-21: My uncertainty about swapping and swap sizing for SSDs and NVMe drives
My experience with x2go is that it's okay but not compelling
2021-03-20: Paging out memory can be 'global' or 'local' these days
2021-03-19: Remote X versus 'seamless windows' in remote desktop software
2021-03-18: Safari is now probably the influential wild card browser for user privacy
2021-03-17: Remote X has been a life saver over this past year
2021-03-16: The fading HTTP Referer header and (Google) Search paywall bypasses
2021-03-15: Different views of what are basic and advanced Vim features
2021-03-14: I wish Prometheus had some features to deal with 'missing' metrics
2021-03-13: Prometheus and the case of the stuck metrics
2021-03-11: Wrangling HTTP and HTTPS versions of the same Apache virtual host
What OpenSSH sshd logs when a session disconnects (on Linux)
2021-03-10: The tradeoffs of Go version behavior in go.mod module files
2021-03-09: Go version directives in go.mod files: some notes and crude usage numbers
2021-03-08: Packaging Python 2 doesn't mean that Linux distributions support it
2021-03-06: Some views and notes on ZFS deduplication today
2021-03-05: How not to use Apache's RewriteRule directive in a reverse proxy
2021-03-04: Systemd needs (or could use) a linter for unit files
2021-03-03: What signal a RJ-45 serial connection is (probably) missing
2021-03-02: The Python ctypes security issue and Python 2
2021-03-01: Link: Taking This Serially
The balance of power between distributions and software authors
2021-02-28: Dot-separated DNS name components aren't even necessarily subdomains, illustrated
2021-02-27: My Firefox addons as of Firefox 86 (and the current development version)
My pragmatic sysadmin view on subdomains and DNS zones
2021-02-25: The HTTP Referer header is fading away (at least as a useful thing)
2021-02-24: How convenience in Prometheus labels for alerts led me into a quiet mistake
How (and where) Prometheus alerts get their labels
2021-02-22: The mhbuild directives I want for sending MIME attachments with MH
How I set up testing alerts in our Prometheus environment
2021-02-20: Modern software controls dependencies because it helps software authors
2021-02-19: ZFS pool partial (selective) feature upgrades are coming in OpenZFS
2021-02-18: Understanding what 'systemctl restart' means and when I want to use it
2021-02-17: TLS certificates specifying hosts via their CommonName field is more or less gone
When browsers (or at least Firefox) send HTTP Basic Authentication headers
2021-02-15: How ZFS on Linux brings up pools and filesystems at boot under systemd
2021-02-14: Some observed read latencies for SSDs and NVMe drives under Fedora 32
Link: What was the original reason for the design of AT&T assembly syntax?
2021-02-13: Where the default values for Python function arguments are stored
2021-02-12: An interesting issue around using is with a literal in Python
2021-02-11: Getting high IOPS requires concurrency on modern SSDs and NVMe drives
2021-02-10: Let's Encrypt is preparing for an emergency and that's good for TLS in general
The issue of IOPS versus latency on SSDs and NVMe drives
2021-02-09: Normal situations should not be warnings (especially not repeated ones)
2021-02-07: Strict SameSite web cookie policies probably don't do much for us
2021-02-06: Talkd and 'mesg n': a story from the old Unix days
2021-02-05: Limiting what branches I track from an upstream Git repository
2021-02-04: There are limitations to what expendable addresses can help with
2021-02-03: Junk email as a cover for more nefarious things
2021-02-02: The small oddity in the Unix exec*() family
2021-02-01: Go 1.16 will make system calls through libc on OpenBSD
2021-01-31: The limitations on find's -exec option and implementation convenience
2021-01-30: I wish every program that wanted 'a SQL database' would let me use SQLite
2021-01-29: Illustrating the importance of fully multi-core program building today
Forecasting drive failures is not always as useful as it sounds
2021-01-27: Making tracking upstream Git repositories a bit quieter
find mostly doesn't need xargs today on modern Unixes
2021-01-25: Time for Python 2 users to make sure we have a copy of Pip and other pieces
2021-01-24: Your monitoring and alerts remember things for you
Thinking through what can go badly with databases on ZFS
2021-01-22: SMART Threshold numbers turn out to not be useful for us in practice
2021-01-21: A lingering sign of old hopes for ZFS deduplication
Real email has MIME attachments that are HTML
2021-01-20: A realization about the Linux CPU pressure stall information
2021-01-18: Where Firefox's text encoding menus are
2021-01-17: Password managers automate checking the website address for you
One reason to not trust SMART attribute data for consumer drives
2021-01-15: SMART attributes can predict SSD failures under the right circumstances
2021-01-14: Understanding WireGuard's AllowedIPs setting (and a bit of tcpdump)
2021-01-13: Installing Pip in Python 2 environments that don't provide it already
What you can and can't build in Go's module mode
2021-01-11: How to make Bash fail badly on Ubuntu 16.04 by typo'ing a command name
2021-01-10: Thinking through why you shouldn't use plaintext passwords in authentication, even inside TLS
What timestamps you get back along with Prometheus query results
2021-01-08: How to extract raw time series data from Prometheus
2021-01-07: I got to experience the march of storage technology today
2021-01-06: In modern email, it's easy for plaintext and HTML parts to drift apart
Link: ARM support in Linux distributions demystified
Unix shell pipelines have two usage patterns
2021-01-05: TLS Certificate Authority root certificate expiry dates are not how trust in them is managed
2021-01-03: TLS Certificate Authority root certificates and their dates
The modern web and (alleged) software stagnation in the past few decades
2021-01-01: An interesting and puzzling bit of Linux server utilization
2020-12-31: GNU Date and several versions of RFC 3339 dates
2020-12-30: Some ways to do a Prometheus query as of a given time
A Prometheus wish: easy ways to evaluate a PromQL query at a given time
2020-12-28: It feels like the broad Unix API is being used less these days
A little puzzle with printf() and C argument passing
2020-12-27: Our alerts are quiet most of the time (as they should be)
2020-12-25: The expiry time of Certificate Authority root certificates can be nominal (or not)
In Python 3, types are classes (as far as repr() is concerned)
2020-12-24: In CPython, types implemented in C actually are part of the type tree
2020-12-23: Using constant Python hash functions for fun and no real profit
2020-12-21: The legibility of different versions of ZFS
2020-12-20: Who I think CentOS Stream is and isn't for
Go modules are soon going to be the only future
2020-12-18: On Go, release timing, and new machines
2020-12-17: Limiting the Nouveau kernel driver's messages via removal
2020-12-16: Mailing lists and bounce handling (or not handling bounces) today
2020-12-15: How to make Grafana properly display a Unix timestamp
In Prometheus, it's hard to work with when metric points happened
2020-12-14: Chrome is getting its own set of Certificate Authority roots
2020-12-12: My views on the suitability of CentOS Stream
Sometimes a problem really is just a coincidence
2020-12-11: CentOS's switch to CentOS Stream has created a lot of confusion
2020-12-09: A probable benefit to enabling screen blanking on LCD displays
2020-12-08: CentOS's switch to Stream is a major change in what CentOS is
2020-12-07: Exploring when the network is up on a machine
2020-12-06: The deprecation of FTP in browsers and its likely effects on search engines
Linux's hostname -s switch is now safe for many people, but the situation is messy
2020-12-04: How to get generic interface names and IPs in OpenBSD PF
Some thoughts about low power loads and power supply efficiency
2020-12-02: Prometheus 2.23.0 now lets you display graphs in local time
2020-12-01: A new appreciation for Firefox's 'Performance' web developer tool
2020-11-30: Our monitoring of our OpenBSD machines, such as it is (as of November 2020)
Link: wtfpython
2020-11-29: Some thoughts on how I still miss DTrace (and also mdb)
The death and life of postmaster@anywhere
2020-11-27: Setting up self-contained Go program source that uses packages
2020-11-26: The better way to make an Ubuntu 20.04 ISO that will boot on UEFI systems
Making an Ubuntu 20.04 ISO that will boot on UEFI systems
2020-11-25: Firefox's WebRender has mixed results for me on Linux
2020-11-23: What containers do and don't help you with
My views on when you should use the official upstream versions of software
2020-11-22: Sometimes it's best to use the official upstream versions of software
2020-11-21: Github based projects have RSS syndication feeds for their releases
2020-11-19: Firefox on Linux has not worked well with WebRender for me so far
Apple Silicon Macs versus ARM PCs
2020-11-17: Grafana and the case of the infinite serial number
2020-11-16: POSIX write() is not atomic in the way that you might like
Unix doesn't normally do short write()s to files and no one expects it to
2020-11-15: I don't expect to have an ARM-based PC any time soon
2020-11-14: Linux servers can still wind up using SATA in legacy PATA mode
2020-11-13: If you use Exim on Ubuntu, you probably want to skip Ubuntu 20.04
2020-11-11: The problems inherent in building your own copies of software packages
Logging fatal exceptions in my Python programs is not enough
2020-11-09: Seriously using virtualization clashes with our funding model
Getting the git tags that are before and after a commit (in simple cases)
2020-11-08: Thinking about two different models of virtualization hosts
2020-11-07: Turning on console blanking on a Linux machine when logged in remotely
2020-11-06: Console blanking now defaults to off on Linux (and has for a while)
It's possible that the real size of different SSDs is now consistent
2020-11-04: In Python, using the logging package is part of your API, or should be
You shouldn't use the Linux dump program any more (on extN filesystems)
2020-11-03: Fixing blank Cinnamon sessions in VMWare virtual machines (on Fedora)
2020-11-01: Python's global statement and imports in functions
2020-10-31: A gotcha with combining single-label and multi-label Prometheus metrics
Some settings you want to make to CyberPower's UPS Powerpanel daemon
2020-10-30: A sysadmin learning experience courtesy of some UPS issues
2020-10-29: An illustration of why running code during import is a bad idea (and how it happens anyway)
2020-10-28: An issue with Pip installed packages and Python versions (on Unix)
2020-10-26: Sometimes alerts have inobvious reasons for existing
Link: [Firefox] Navigational Instruments
Fifteen years of DWiki, the Python engine of Wandering Thoughts
2020-10-25: Remotely upgrading my office workstation to Fedora 32 worked fine
2020-10-24: Why configuration file snippets in a directory should have some extension
2020-10-23: An inconvenience of physical hardware is that it has to be delivered
2020-10-21: Keeping VMware Workstation VMs running when I quit from VMware
A mystery uncovered by Fedora 32 changing my default font
2020-10-19: Firefox has a little handy font-related thing on Unix (or at least Linux)
What versions of PyPy I can use (October 2020 edition)
2020-10-18: We need to start getting some experience with using Ubuntu 20.04
2020-10-17: A potential Prometheus issue for labeled metrics for infrequent events
2020-10-16: Go is gaining the ability to trace init calls on program startup
2020-10-15: Go packages can have more than one init() function
2020-10-13: As an outsider, I prefer issue tracking to be in its own application
2020-10-12: If you send automated email, you should scan it with anti-spam software
2020-10-11: Microsoft SharePoint is being used to send spam
Our current usage and views of UPSes (late 2020 edition)
2020-10-10: Wanting to be able to monitor for electrical power quality issues
2020-10-09: Whether extra disks should be live or spare now depends on HDs versus SSDs
2020-10-08: Sorting out what the Single Unix Specification is and covers
2020-10-07: A handy diff argument handling feature that's actually very old
2020-10-06: Linux distributions have sensible reasons to prefer periodic releases
2020-10-04: Web page generation systems should support remapping external URLs
Link: Old-School Disk Partitions
Solid state disks in mirrors and other RAID setups, and wear lifetimes
2020-10-03: A thought about the lifetimes of hard disks and solid state disks
2020-10-02: Firefox is improving its handling of HTTP Basic Authentication (on Unix)
2020-09-30: People still use newgrp (to my surprise)
Using DMARC information is complicated in practice in the real world
How the Unix newgrp command behaved back in V7 Unix
2020-09-29: Implementing 'and' conditions in Exim SMTP ACLs the easy way (and in Exim routers too)
Why the Unix newgrp command exists (sort of)
Where (and how) you limit your concurrency in Go can matter
2020-09-28: My likely path away from spinning hard drives on my home desktop
Making product names of what you use visible to people is generally a mistake
Looking at DKIM information for our 'good' email (September 2020 edition)
2020-09-27: Remote power control for your machines comes in two flavours
2020-09-26: We rebooted all of our servers remotely (more or less) and it all worked
Using SPF on HELO/EHLO hostnames is repurposing SPF to validate a different thing
2020-09-19: Python virtual environments transparently add themselves to sys.path
2020-09-17: Python 3 venvs don't normally really embed their own copy of Python (on Unix)
2020-09-16: How I think I want to drop modern Python packages into a single program
Why I write recursive descent parsers (despite their issues)
2020-09-15: When the Go garbage collector will panic over bad pointer values
2020-09-13: I'm now a user of Vim, not classical Vi (partly because of windows)
Rolling distribution releases versus periodic releases are a tradeoff
2020-09-12: Some notes on what Fedora's DNF logs and where
2020-09-10: My take on permanent versus temporary HTTP redirects in general
Permanent versus temporary redirects when handling extra query parameters on your URLs
2020-09-08: What you should do about extra query parameters on your URLs
2020-09-07: Why Fedora version upgrades are complicated and painful for me
URL query parameters and how laxness creates de facto requirements on the web
2020-09-06: Daniel J. Bernstein's IM2000 email proposal is not a good idea
2020-09-05: Some notes on what the CyberPower UPS 'Powerpanel' software reports to you
2020-09-04: In practice, cool URLs change (eventually)
2020-09-02: Why I want something like Procmail with a dedicated mail filtering language
2020-09-01: Even in Go, concurrency is still not easy (with an example)
2020-08-31: Why we won't like it if signing email is the solution to various email problems
2020-08-30: All forms of signing email are generally solving the wrong problem (a thesis)
2020-08-29: An interesting mistake with Go's context package that I (sort of) made
2020-08-28: My divergence from 'proper' Vim by not using and exploring features
Firefox 80 and my confusion over its hardware accelerated video on Linux
2020-08-26: Even on SSDs, ongoing activity can slow down ZFS scrubs drastically
2020-08-25: My home desktop is still locking up when it gets too cold (and what next)
2020-08-24: I want a type of desktop PC (and motherboard) that's generally skipped
2020-08-23: The Linux kernel bugzilla (and others) get spammed (of course)
2020-08-22: Some bits on making Python's argparse module work like Unix usually does
2020-08-21: Link: Why Did Mozilla Remove XUL Add-ons?
When I stopped believing in Google's fundamental good nature
2020-08-20: What you're looking for with a Grafana dashboard affects its settings
2020-08-19: Potential problem points for Chrome (or any browser) to support Linux
2020-08-18: The Prometheus host agent can disturb Linux CPU frequency measurements
2020-08-17: Firefox and web browsers for Linux
Important parts of Unix's history happened before readline support was common
2020-08-16: "It works on my laptop" is a blame game
2020-08-15: Go will inline functions across packages (under the right circumstances)
2020-08-14: Go 1.15's interface optimization for small integers is invisible to Go programs
2020-08-12: People often have multiple social identities even in the physical realm
How Go 1.15 improved converting small integer values to interfaces
2020-08-10: Disabling DNF modules on Fedora 31 so they don't mess up package updates
2020-08-09: Unix options conventions are just that, which makes them products of culture
2020-08-08: More problems with Fedora 31 DNF modules and package updates
2020-08-07: How we choose our time intervals in our Grafana dashboards
Our problem installing an old Ubuntu kernel set of packages
2020-08-05: My views on some conventions for Unix command line options
We may wind up significantly delaying or mostly skipping Ubuntu 20.04
2020-08-03: Exim's change to 'taint' some Exim variables is going to cause us pain
The issue of how to propagate some errors in our Django web app
2020-08-01: Getting my head around the choice between sleeping and 'tickers'
2020-07-31: Putting some extra 'obvious' information into our temperature alerts
2020-07-30: Putting IPMIs on a port isolated network to deal with shared network interfaces
2020-07-29: The problem of 'shared' IPMI network interfaces
2020-07-28: Our ZFS spares handling system for ZFS on Linux
Digital microwaves show an example of good UI doing what you wanted
2020-07-26: Linux PAM leads to terrible error messages from things like passwd
Keeping backup ZFS on Linux kernel modules around
2020-07-24: My varied types of Firefox windows
Some thoughts on us overlooking Illumos's syseventadm
2020-07-23: C's main() is one of the places where Unix's user and kernel APIs differ
2020-07-21: Contrasting the two common approaches to where programs start running
2020-07-20: An exploration of why Python doesn't require a 'main' function
2020-07-19: In praise of ZFS On Linux's ZED 'ZFS Event Daemon'
2020-07-18: Using Go build directives to optionally use new APIs in the standard library
2020-07-17: Not all sysadmin tools should be silent by default
2020-07-16: Malware spammers put .exe Windows executables in everything
2020-07-15: A piece of phish spam with some clever URL obfuscation
2020-07-14: Today I learned that Python's argparse module allows you to abbreviate long command line options
Link: The Anatomy of a PromQL Query
2020-07-13: How major and minor device numbers worked in V7 Unix
2020-07-12: Running servers and Fred Brooks on transforming programs to products
Linux desktop application autostarting is different from systemd user units
2020-07-10: The impact on middleware of expanding APIs with Go's interface smuggling
Ubuntu, building current versions of Firefox, and snaps
2020-07-09: Link: Mime type associations (on Linux)
2020-07-08: "Interface smuggling", a Go design pattern for expanding APIs
2020-07-07: Some thoughts on Fedora moving to btrfs as the default desktop file system
I now think that blog 'per day' pages with articles are a mistake
2020-07-05: A Go lesson learned: sometimes I don't want to use goroutines if possible
2020-07-04: How you get multiple TLS certificate chains from a server certificate
What a TLS self signed certificate is at a mechanical level
2020-07-02: The work that's not being done from home is slowly accumulating for us
Link: Code Only Says What it Does
2020-07-01: In ZFS, your filesystem layout needs to reflect some of your administrative structure
2020-06-30: The unfortunate limitation in ZFS filesystem quotas and refquota
2020-06-29: How Prometheus Blackbox's TLS certificate metrics would have reacted to AddTrust's root expiry
Adapting our Django web app to changing requirements by not doing much
2020-06-28: Understanding why Django's goals are not our goals for our web application
2020-06-26: NetworkManager and (not) dealing with conflicting network connections
2020-06-25: What Prometheus Blackbox's TLS certificate expiry metrics are checking
2020-06-24: Unix's design issue of device numbers being in stat() results for files
2020-06-23: Sometimes it takes other people to show you some of your site's design flaws
2020-06-22: Today I learned that HTML <abbr> may not do much on mobile browsers
2020-06-21: In Go, the compiler needs to know the types of things when copying values
2020-06-20: The additional complications in DNS updates that secondary DNS servers add
2020-06-19: Removing unmaintained packages from your Fedora machine should require explicitly opting in
People's efficiency expectations for generics in 'Go 2' and patterns of use
2020-06-17: How applications autostart on modern Linux desktops
A scrolling puzzle involving GTK+, XInput, and alternate desktops (on Fedora)
2020-06-15: Input events on X have an old world and a new world
2020-06-14: Product code and utility code
2020-06-13: An interesting combination of flaws in some /etc/mailcap handling
2020-06-12: The safety of GMail's POP server TLS certificate verification (or lack of it)
Dual displays contrasting with virtual screens (aka multiple desktops)
2020-06-10: A dual display setup creates a natural split between things
2020-06-09: The practical people problem with instance diversity in the Fediverse
My mixed feelings about 'swap on zram' for Linux
2020-06-07: A Go time package gotcha with parsing time strings that use named time zones
2020-06-06: Why sysadmins don't like changing things, illustrated
2020-06-05: Why we put alert start and end times in our Prometheus alert messages
2020-06-04: Formatting alert start and end times in Prometheus Alertmanager messages
2020-06-03: In theory you (we) should have SPF records for HELO hostnames too
2020-06-02: A subtle trap when formatting Go time.Time values
2020-06-01: Watching the recent AddTrust root CA certificate expiry has been humbling
2020-05-31: Mail forwarding is slowly dying (probably)
2020-05-30: How we're likely to DKIM sign some of our email messages
2020-05-29: What sort of SSH keys our users use or have listed in their authorized keys files
2020-05-28: The surprising persistence of RSA keys in SSH
2020-05-27: What I think OpenSSH 8.2+'s work toward deprecating 'ssh-rsa' means
My various settings in X to get programs working on my HiDPI display
2020-05-25: My failure with Xpra (probably because what I want is almost impossible)
2020-05-24: A cheatsheet for Python's pip for how I use it
Security questions and warnings are effectively confirmation requests
2020-05-22: Mixed feelings about Firefox Addons' new non-Recommended extensions warning
Working out how frequently your ICMP pings fail in Prometheus
2020-05-20: How I work on Python 2 and Python 3 with the Python Language Server (in GNU Emacs)
Switching to the new in-kernel WireGuard module was easy (on Fedora 31)
2020-05-18: Reading the POSIX standard for Unix functions is not straightforward
2020-05-17: Syndication feeds (RSS) and social media can be complementary
Some views on having your system timezone set to UTC
2020-05-15: Why we use city names when configuring system timezones
2020-05-14: Exploring munmap() on page zero and on unmapped address space
2020-05-13: Getting my head around what things aren't comparable in Go
The modern HTTPS world has no place for old web servers
2020-05-11: Why we have several hundred NFS filesystems in our environment
2020-05-10: How we guarantee there's always some free space in our ZFS pools
2020-05-09: How big our fileserver environment is (as of May 2020)
2020-05-08: Revisiting what the ZFS recordsize is and what it does
Linux software RAID resync speed limits are too low for SSDs
2020-05-06: Modern versions of systemd can cause an unmount storm during shutdowns
How to set up an Ubuntu 20.04 ISO image to auto-install a server
2020-05-04: Notes on the autoinstall configuration file format for Ubuntu 20.04
The Go compiler has real improvements in new versions (and why)
2020-05-03: What OSes we use here (as of May 2020)
2020-05-01: What problems Snaps and Flatpaks are solving
2020-04-30: The afterlife of Python 2
2020-04-29: The problem of Ubuntu 20.04, Snaps, and where your home directory is
Dealing with my worries about Django and HTTP Basic Authentication
2020-04-27: I think you should generally be using the latest version of Go
My views on SystemTap as compared to eBPF for Linux kernel instrumentation
2020-04-26: Looking back at DTrace from a Linux eBPF world (some thoughts)
2020-04-25: Some notes on Firefox's interstitial warning for old TLS versions
2020-04-24: Accepting TLS certificate hostnames based on IP address checks is not safe
2020-04-23: The Unix divide over who gets to chown things, and (disk space) quotas
2020-04-22: More on chown in combination with symlinks
2020-04-20: An important safety note about chown and symlinks (also chmod and chgrp)
2020-04-19: Verifying the server hostname for a TLS certificate has two purposes
GMail, POP, and TLS server certificate verification
2020-04-17: We've disabled eBPF for normal users on our Linux machines
Some bits of grep usage are where I disagree with Shellcheck
2020-04-15: Some ways that servers make their disks not hot-swappable
We're (temporarily) moving to three way mirrored disks on our servers
2020-04-13: If you use GNU Grep on text files, use the -a (--text) option
2020-04-12: The appeal of doing exact string comparisons with Apache's RewriteCond
ZFS on Linux has now become the OpenZFS ZFS implementation
2020-04-10: 'Deduplicated' ZFS send streams are now deprecated and on the way out
Why my commit messages for configuration files describe my changes
2020-04-08: Why you want a Linux bootloader even on UEFI systems
There can be differences in what malware variants anti-spam systems distinguish
2020-04-06: Fedora 31 fumbles DNF modules, package updates edition
2020-04-05: My normal process for upgrading from one Fedora version to another
Why it's very bad for applications to start themselves automatically
2020-04-03: Microsoft Teams' bad arrogance on (Fedora) Linux
2020-04-02: We may face some issues with the timing of Ubuntu 20.04 and its effects
2020-04-01: Why Linux bootloaders wind up being complicated
2020-03-31: My home DSL link really is fast enough to make remote X acceptable
2020-03-30: It's worth documenting the obvious (before it stops being obvious)
Notes on Grafana 'value groups' for dashboard variables
2020-03-29: I set up Python program options and arguments in a separate function
2020-03-28: The Prometheus host agent's CPU utilization metrics can be a bit weird
2020-03-27: OpenBSD's 'spinning' CPU time category
2020-03-26: Any KVM over IP systems need to be on secure networks
2020-03-25: The problem of your (our) external mail gateway using internal DNS views
2020-03-23: How we set up our ZFS filesystem hierarchy in our ZFS pools
Why we use 1U servers, and the two sides of them
2020-03-22: Avoiding the 'dangling else' language problem with mandatory block markers
2020-03-20: Wishing for a remote resilient server environment (now that it's too late)
2020-03-19: Make sure to keep useful labels in your Prometheus alert rules
Sorting out Go's 'for ... = range ..' and when it copies things
2020-03-18: Understanding X mouse cursors (and their several layers of history)
2020-03-17: A problem I'm having with my HiDPI display, remote X, and (X) cursors
2020-03-16: How Firefox could support automatically using local DNS over HTTPS servers
2020-03-15: Why the choice of DNS over HTTPS server needs to be automatic (a sysadmin view)
2020-03-14: The two meanings of 'DNS over HTTPS' today
2020-03-13: Sensible heuristics for when to use DNS over HTTPS can't work for us
2020-03-12: TLS increasingly exists in three different worlds
2020-03-11: Some notes on the state of DNS over HTTPS in Firefox (as of March 2020)
2020-03-09: Logging out of HTTP Basic Authentication in Firefox
What makes our Ubuntu updates driver program complicated
2020-03-08: How we sort of automate updating system packages across our Ubuntu machines
2020-03-07: Linux's iowait statistic and multi-CPU machines
2020-03-05: The problem of Unix iowait and multi-CPU machines
2020-03-04: Unix's iowait% is a narrow and limited measure that can be misleading
2020-03-03: One impact of the dropping of Python 2 from Linux distributions
2020-03-02: More or less what versions of Go support what OpenBSD releases (as of March 2020)
2020-03-01: The situation with Go on OpenBSD
2020-02-29: OpenBSD versus Prometheus (and Go)
2020-02-28: One reason for Go to prefer providing indexes in for ... range loops
2020-02-27: Some alert inhibition rules we use in Prometheus Alertmanager
2020-02-26: The magic settings to make a bar graph in Grafana
The browsers are probably running the TLS show now
2020-02-25: The basics of /etc/mailcap on Ubuntu (and Debian)
2020-02-23: Webmail providers (and others) hiding user IPs was the right decision
Our (unusual) freedom to use alerts as notifications
2020-02-22: Will common motherboards ever have very many NVMe drive slots?
2020-02-21: An appreciation for Cinnamon's workspace flipping keyboard shortcuts
2020-02-20: Link: Stop Using Encrypted Email
2020-02-19: Load average is now generally only a secondary problem indicator
How and why we regularly capture information about running processes
2020-02-17: The uncertainty of an elevated load average on our Linux IMAP server
The case of mysterious load average spikes on our Linux login server
2020-02-16: With sudo, complex argument validation is best in cover scripts
2020-02-14: Unix's /usr split and standards (and practice)
The /bin versus /usr split and diskless workstations
2020-02-12: You can't delegate a ZFS administration permission to delete only snapshots
Some git aliases that I use
2020-02-10: Doing frequent ZFS scrubs lets you discover problems close to when they happened
2020-02-09: I'm likely giving up on trying to read Fedora package update information
Code dependencies and operational dependencies
2020-02-08: Ways that I have lost the source code for installed programs
2020-02-07: I frequently use dependencies because they enable my programs to exist
2020-02-05: The drawback of having a dynamic site with a lot of URLs on today's web
2020-02-04: What 'is' translates to in CPython bytecode
The place of the 'is' syntax in Python
2020-02-02: What we do to enable us to grow our ZFS pools over time
Some unusual and puzzling bad requests for my CSS stylesheet
2020-01-31: Finding out what directories exist with only basic shell builtins (a Unix shell trick)
2020-01-30: Some notes on Python's email.header.decode_header()
2020-01-29: Some effects of the ZFS DVA format on data layout and growing ZFS pools
Why ZFS is not good at growing and reshaping pools (or shrinking them)
2020-01-28: More badly encoded MIME Content-Disposition headers
2020-01-26: The real world is mutable (and consequences for system design)
How big our Prometheus setup is (as of January 2020)
2020-01-25: A network interface losing and regaining signal can have additional effects (in Linux)
2020-01-24: Go compared to Python for small scale system administration scripts and tools
2020-01-23: What we've written in Go at work and how it came about (as of January 2020)
2020-01-22: Why I've come to like that Go's type inference is limited
2020-01-20: The value of automation having ways to shut it off (a small story)
2020-01-19: Python 2, Apache's mod_wsgi, and its future in Linux distributions
Why a network connection becoming writable when it succeeds makes sense
2020-01-18: CUPS's page log, its use of SNMP, and (probably) why CUPS PPDs turn that off
2020-01-17: The question of how long Python 2 will be available in Linux distributions
2020-01-15: How Go's net.DialContext() stops things when the context is cancelled
Stopping udev from renaming your VLAN interfaces to bad names
2020-01-13: We may not want to use OCSP stapling in our web servers
Link: Mercurial's Journey to and Reflections on Python 3
2020-01-12: Sorting out the dates of Python 2's 'end of life'
How I now think you want to configure Apache for OCSP stapling
2020-01-10: OCSP stapling and what web servers and browsers do in the face of errors
Fedora 31 has decided to allow (and have) giant process IDs (PIDs)
2020-01-08: Why I use both uBlock Origin and uMatrix
My Firefox addons as of Firefox '74' (the current development version)
2020-01-07: eBPF based tools are still a work in progress on common Linuxes
2020-01-06: How I move files between iOS devices and Unix machines (using SSH)
2020-01-05: Why I prefer the script exporter for exposing script metrics to Prometheus
2020-01-04: Three ways to expose script-created metrics in Prometheus
2020-01-03: How job control made the SIGCHLD signal useful for (BSD) Unix
2020-01-01: The good and bad of errno in a traditional Unix environment
2019-12-31: Things I've stopped using in GNU Emacs for working on Go
2019-12-30: A retrospective on our OmniOS ZFS-based NFS fileservers
The history and background of us using Prometheus
2019-12-29: Prometheus and Grafana after a year (more or less)
2019-12-28: Our setup of Prometheus and Grafana (as of the end of 2019)
2019-12-26: The Unix C library API can only be reliably used from C
2019-12-25: Some reasons for Go to not make system calls through the standard C library
Why udev may be trying to rename your VLAN interfaces to bad names
2019-12-23: The BSD and Linux approaches to development put coherence in different places
2019-12-22: OpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux
Filenames and paths should be a unique type and not a form of strings
2019-12-20: My new Linux office workstation disk partitioning for the end of 2019
Splitting a mirrored ZFS pool in ZFS on Linux
2019-12-18: Linux kernel Security Modules (LSMs) need their own errno value
PCIe slot bandwidth can change dynamically (and very rapidly)
2019-12-17: Browsers and the relative size of their default monospace fonts
2019-12-16: Some pragmatics of blackbox and whitebox malware filtering
2019-12-15: Peering into the depths of (presumed) website vulnerability probing
2019-12-14: It's unfortunately time to move away from using '/usr/bin/python'
2019-12-13: Working out which of your NVMe drives is in what slot under Linux
2019-12-12: Linux makes your PCIe topology visible in sysfs (/sys)
2019-12-11: Fedora is got a good choice if long term stability and usability is a high priority
2019-12-10: It's a good idea to label all of the drives in your desktop
2019-12-09: Firefox's peculiar handling of font choice preferences
2019-12-08: The Go runtime scheduler's clever way of dealing with system calls
2019-12-07: Some important things about how PCIe works out involve BIOS magic
2019-12-06: PCIe bus addresses, lspci, and working out your PCIe bus topology
2019-12-05: Looking into your system's PCIe slot topology and PCIe lane count under Linux
2019-12-04: Desktop motherboards can have fewer useful PCIe slots than they seem to
2019-12-02: You can have Grafana tables with multiple values for a single metric (with Prometheus)
Calculating usage over time in Prometheus (and Grafana)
2019-11-30: Operating spam and malware filtering is ultimately a social problem
Counting the number of distinct labels in a Prometheus metric
2019-11-29: The problem of multiple NVMe drives in a PC desktop today
2019-11-27: Selecting metrics to gather mostly based on what we can use
Capturing command output in a Bourne shell variable as a brute force option
2019-11-25: In Prometheus, don't be afraid of high cardinality metrics if they're valuable enough
2019-11-24: I use unit tests partly to verify that something works in the first place
Timing durations better in Python (most of the time)
2019-11-23: Thinking about timeouts and exceptions in Python
2019-11-22: Our problem of checking if our L2TP VPN servers are actually working
2019-11-20: In the old days, we didn't use multiple Unixes by choice (mostly)
The fading out of multi-'architecture' Unix environments
2019-11-18: LiveJournal and the path to NoSQL
2019-11-17: It's good to make sure you have notifications of things
The operational differences between notifications and logs
2019-11-15: How we structure our Django web application's configuration settings
2019-11-14: TCP/IP and a consequence of reliable delivery guarantees
2019-11-13: How to make a rather obnoxiously bad web spider the easy way
My mistake in forgetting how Apache .htaccess files are checked
2019-11-11: An apparent hazard of removing Linux software RAID mirror devices
2019-11-10: Putting a footer on automated email that says what generated it
The problems with piping curl to a shell are system management ones
2019-11-08: I have to assume that people here can be successfully phished
2019-11-07: Some notes on getting email when your systemd timer services fail
Realizing that Go constants are always materialized into values
2019-11-06: Systemd needs official documentation on best practices
2019-11-04: Systemd timer units have the unfortunate practical effect of hiding errors
Many of our 'worklog' messages currently assume a lot of context
2019-11-02: Using personal ruleset recipes in uMatrix in Firefox
2019-11-01: The appeal of text templating systems for generating HTML
2019-10-31: Some thoughts on the pragmatics of classifying phish spam as malware
2019-10-30: Chrony has been working well for us (on Linux, where we use it)
2019-10-29: Netplan's interface naming and issues with it
2019-10-28: One of XHTML's practical problems was its implications for web page generation
2019-10-27: An interesting little glitch in how Firefox sometimes handles updates to addons
My common patterns in shell script verbosity (for sysadmin programs)
2019-10-26: An incorrect superstition about running commands in the Bourne shell
2019-10-24: Third party ClamAV signatures seem to include a lot of phish and other spam
2019-10-23: The DBus daemon and out of memory conditions (and systemd)
2019-10-22: Groups of processes are a frequent and fundamental thing in Unix
2019-10-21: Filesystem size limits and the complication of when errors are detected
2019-10-20: A small irritation with Go's crypto/tls package
2019-10-19: Ubuntu LTS is (probably) still the best Linux for us and many people
2019-10-18: My little irritation with Firefox's current handling of 'Do-Not-Track'
Remembering that Django template code is not quite your Django Python code
2019-10-16: Some magical weirdness in Django's HTML form classes
2019-10-15: The Ubuntu package roulette
2019-10-14: Googlebot is both quite fast and very determined to crawl your pages
2019-10-13: If you don't test it in your automated testers, it's broken
Magic is fine if it's all magic: why I've switched to use-package in GNU Emacs
2019-10-11: A YAML syntax surprise and trick in Prometheus Alertmanager configuration
2019-10-10: Some additional information on ZFS performance as you approach quota limits
2019-10-09: Limiting the size of things in a filesystem is harder than it looks
2019-10-08: How we implement reboot notifications when our machines reboot in Prometheus
2019-10-07: Why we generate alert notifications about our machines having rebooted
2019-10-06: Automating our 'bookable' compute servers with SLURM has created generic 'cattle' machines
2019-10-05: The wikitext problem with new HTML elements such as <details>
2019-10-04: Vim, its defaults, and the problem this presents sysadmins
2019-10-03: Making changes to multiple files at once in Vim
2019-10-02: It's useful to record changes that you tried and failed to do
2019-10-01: My interest in and disappointment about HTML5's new <details> element
2019-09-30: Using alerts as tests that guard against future errors
Link: The asymmetry of Internet identity
ZFS performance really does degrade as you approach quota limits
2019-09-29: Understanding when to use and not use the -F option for flock(1)
2019-09-27: Some field notes on imposing memory resource limits on users on Ubuntu 18.04
A file permissions and general deployment annoyance with Certbot
2019-09-25: It's always convenient when malware is clear about its nature (7z edition)
Our workaround for Ubuntu 16.04 and 18.04 failing to reliably reboot some of our servers
2019-09-24: How we implement per-user CPU and memory resource limits on Ubuntu
2019-09-22: The increasing mess of libreadline versions in Linux distributions
2019-09-21: Why chroot is a security feature for (anonymous) FTP
2019-09-20: Modernizing (a bit) some of our HTML form <input> elements
TLS server certificate verification has two parts (and some consequences)
2019-09-18: Firefox, DNS over HTTPS, and us
Converting a Go pointer to an integer doesn't quite do what it looks like
2019-09-17: Finding metrics that are missing labels in Prometheus (for alert metrics)
2019-09-16: The problem of 'triangular' Network Address Translation
2019-09-14: Some notes on the structure of Go binaries (primarily for ELF)
2019-09-13: Bidirectional NAT and split horizon DNS in our networking setup
2019-09-12: The mystery of why my Fedora 30 office workstation was booting fine
2019-09-11: Making your own changes to things that use Go modules
2019-09-10: Catching Control-C and a gotcha with shell scripts
2019-09-09: A safety note about using (or having) go.mod inside $GOPATH in Go 1.13
2019-09-08: Jumping backward and forward in GNU Emacs
2019-09-07: CentOS 7 and Python 3
2019-09-06: Programs that let you jump around should copy web browser navigation
Go modules and the problem of noticing updates to dependencies
2019-09-04: If you use the rarfile module, make sure you're using version 3.0 (or later)
Using Wireshark's Statistics menu to get per-host traffic volume
2019-09-02: Another way to do easy configuration for lots of Prometheus Blackbox checks
2019-09-01: Some limitations of wifi MAC address randomization
2019-08-31: The sorts of email attachments that we get these days have become boring
2019-08-30: ZFS is not a universal filesystem that is always good for all workloads
How I'm dealing with my Python indentation problem in GNU Emacs
2019-08-28: A wifi MAC address randomization surprise in a new Android gadget
Allowing some Alias directives to override global Redirects in Apache
2019-08-26: A lesson of (alert) scale we learned from a power failure
2019-08-25: Text UIs and the problem of discoverability
2019-08-24: Apache, Let's Encrypt, and site-wide reverse proxies and HTTP redirections
2019-08-23: What happens in ZFS when you have 4K sector disks in an ashift=9 vdev
Link: GNOME Terminal Cursor Blinking Saga
2019-08-22: Pruning deleted remote Git branches (manually or automatically)
2019-08-21: Making sense of OpenBSD 'pfctl -ss' output for firewall state tables
2019-08-20: Saying goodbye to Flash (in Firefox, and in my web experience)
2019-08-19: Go 2 Generics: contracts are now boring (and that's good)
2019-08-18: Early notes on using LSP-based editing in GNU Emacs for Python
2019-08-17: A situation where Python has undefined values
2019-08-16: A gotcha with Fedora 30's switch of Grub to BootLoaderSpec based configuration
Systemd and waiting until network interfaces or addresses are configured
2019-08-15: Getting LSP-based editing working for Go in GNU Emacs
2019-08-13: Changes to Go and the appearance of finality
2019-08-12: Linux can run out of memory without triggering the Out-Of-Memory killer
2019-08-11: Roughly when the Linux Out-Of-Memory killer triggers (as of mid-2019)
2019-08-10: One core problem with DNSSEC
2019-08-09: Turning off DNSSEC in my Unbound instances
Non-uniform caches are harder to make work well
2019-08-07: What has to happen with Unix virtual memory when you have no swap space
Rewriting my iptables rules using ipsets
2019-08-05: dup(2) and shared file descriptors
2019-08-04: Some notes on understanding how to use flock(1)
2019-08-03: Sharing file descriptors with child processes is a clever Unix decision
Link: ASCII table and history (Or, why does Ctrl+i insert a Tab in my terminal?)
2019-08-02: If you can, you should use flock(1) for shell script locking
Getting NetworkManager to probably verify TLS certificates for 802.1x networks
2019-08-01: How not to set up your DNS (part 24)
2019-07-31: How mountd and exportfs handle NFS export permissions on Linux
Link: A program to read AMD Ryzen RAPL information on Linux
2019-07-30: I think it's time to explicitly set Go's $GO111MODULE environment variable
2019-07-29: The practical difference between CPU TDP and observed power draw illustrated
2019-07-28: A note on using the Go Prometheus client package to exposed labeled metrics
What I want out of my window manager
2019-07-26: Some things on the GUID checksum in ZFS pool uberblocks
How 'zpool import' generates its view of a pool's configuration
2019-07-24: I think I like systemd's DynamicUser feature (under the right circumstances)
ZFS pool imports happen in two stages of pool configuration processing
2019-07-22: Why file and directory operations are synchronous in NFS
2019-07-21: Why we're going to be using Certbot as our new Let's Encrypt client
Wireless networks have names and thus identify themselves
2019-07-19: Some brief views on iOS clients for Mastodon (as of mid 2019)
2019-07-18: Switching Let's Encrypt clients is currently quite disruptive
2019-07-17: Django 1.11 has a bug that causes intermittent CSRF validation failures
2019-07-16: Go's proposed try() will be used and that will change how code is written
2019-07-15: ZFS on Linux still has annoying issues with ARC size
2019-07-14: We're going to be separating our redundant resolving DNS servers
2019-07-13: Our switches can wind up in weird states after a power failure
2019-07-12: Browers can't feasibly stop web pages from talking to private (local) IP addresses
Reflections on almost entirely stopping using my (work) Yubikey
2019-07-10: I brought our Django app up using Python 3 and it mostly just worked
2019-07-09: Systemd services that always restart should probably set a restart delay too
2019-07-08: SMART drive self-tests seem potentially useful, but not too much
2019-07-07: Straightforward web applications are now very likely to be stable in browsers
2019-07-06: Clearing disk errors (or SMART complaints) for Linux software RAID arrays
2019-07-05: My plan for two-stage usage of Certbot when installing web server hosts
2019-07-04: Django's goals are probably not our goals for our web application
2019-07-03: Converting a variable to a single-element slice in Go via unsafe
Finding out what 32-bit x86 Linux programs your users are running
2019-07-01: The power of option types is in what they do to the rest of the language
2019-06-30: Understanding why 'root window' X under Wayland may matter
2019-06-29: Being realistic about what we're going to do with our Django app
2019-06-28: Using Prometheus's statsd exporter to let scripts make metrics updates
2019-06-27: Our last OmniOS fileserver is now out of production (and service)
2019-06-26: The death watch for the X Window System (aka X11) has probably started
A hazard of our old version of OmniOS: sometimes powering off doesn't
2019-06-24: The convenience (for me) of people writing commands in Python
2019-06-23: What it takes to run a 32-bit x86 program on a 64-bit x86 Linux system
2019-06-22: Google Groups entirely ignores SMTP time rejections
We get a certain amount of SMTP MAIL FROM's in UTF-8 with odd characters
2019-06-21: One of the things a metrics system does is handle state for you
2019-06-19: How Bash decides it's being invoked through sshd and sources your .bashrc
A Let's Encrypt client feature I always want for easy standard deployment
2019-06-17: Sometimes, the problem is in a system's BIOS
My Mastodon remark about tiling window managers
2019-06-16: Firefox and my views on the tradeoffs of using DNS over HTTPS
2019-06-15: Some notes on Intel's CPUID and how to get it for your CPUs
2019-06-14: Intel's approach to naming Xeon CPUs is pretty annoying
Intel's MDS issues have now made some old servers almost completely useless to us
2019-06-12: My weird problem with the Fedora 29 version of Firefox 67
An interesting Fedora 29 DNF update loop with the createrepo package
2019-06-10: Keeping your past checklists doesn't help unless you can find them again
2019-06-09: Go recognizes and specially compiles some but not all infinite loops
2019-06-08: Hardware Security Modules are just boxes running opaque and probably flawed software
Our current approach for updating things like build instructions
2019-06-06: Feed readers and their interpretation of the Atom 'title' element
2019-06-05: The HTML <pre> element doesn't do very much
Go channels work best for unidirectional communication, not things with replies
2019-06-03: Almost all of our OmniOS machines are now out of production
2019-06-02: Exploring the start time of Prometheus alerts via ALERTS_FOR_STATE
I haven't customized my Vim setup and I'm not sure I should try to (yet)
2019-05-31: Some things on how ZFS dnode object IDs are allocated (which is not sequentially)
Some things about where icons for modern X applications come from
2019-05-30: Conditional expressions in any form are an attractive thing
2019-05-28: Distribution packaging of software needs to be informed (and useful)
An interesting report on newly used domain names and their usage in spam
2019-05-27: Something that Linux distributions should not do when packaging things
2019-05-26: Why I no longer have strong feelings about changes to Python
2019-05-25: Blocking JavaScript by default is not an easy path
2019-05-24: The problem of paying too much attention to our dashboards
2019-05-23: I will probably never give my shell dotfiles the major reform they could use
On programming languages belonging (or not) to their community
2019-05-22: Go is Google's language, not ours
2019-05-20: Understanding how to pull in labels from other metrics in Prometheus
2019-05-19: DKIM signed email as a signal (of something)
2019-05-18: Binding keys to actions in xterm, and my bindings as an example
2019-05-17: My new favorite tool for looking at TLS things is certigo
One of our costs of using OmniOS was not having 10G networking
2019-05-16: Go has no type for types in the language
2019-05-15: An infrequent odd kernel panic on our Ubuntu 18.04 fileservers
2019-05-13: Fixing Alpine to work over NFS on Ubuntu 18.04 (and probably other modern Linuxes)
2019-05-12: What we'll want in a new Let's Encrypt client
Committed address space versus active anonymous pages in Linux: a mystery
2019-05-10: Some thoughts on Red Hat Enterprise 8 including Python 2 and what it means
Firefox versus Chrome (my 2019 view)
2019-05-08: Some general things and views on DNS over HTTPS
A Linux machine with a strict overcommit limit can still trigger the OOM killer
2019-05-07: Some weird and dubious syndication feed fetching from SBL-listed IPs
2019-05-05: TLS certificate rollover outside of the web is complex and tangled
What usually identifies an intermediate or root TLS certificate
2019-05-03: In Go, unsafe type conversions are still garbage collection safe
Some implications of using offset instead of delta() in Prometheus
2019-05-01: One of my problems with YAML is its sheer complexity
2019-04-30: My problem with YAML's use of whitespace
2019-04-29: Notifications and interruptions, and my view on them
2019-04-28: A gotcha with stale metrics and *_over_time() in Prometheus
2019-04-27: Some useful features of (GNU) date for things like time conversion
2019-04-26: Brief notes on making Prometheus instant queries with curl
Various aspects of Python made debugging my tarfile problem unusual
2019-04-24: How we're making updated versions of a file rapidly visible on our Linux NFS clients
The appeal of using plain HTML pages
2019-04-22: Go 2 Generics: The usefulness of requiring minimal contracts
You might as well get an x86 CPU now, despite Meltdown and its friends
2019-04-21: My view on upgrading Prometheus (and Grafana) on an ongoing basis
2019-04-19: V7 Unix programs are often not written the way you would expect
Links: A Practitioner's Guide to System Dashboard Design (with a bonus)
2019-04-18: One reason ed(1) was a good editor back in the days of V7 Unix
A pattern for dealing with missing metrics in Prometheus in simple cases
2019-04-17: Private browsing mode versus a browser set to keep nothing on exit
2019-04-15: How Linux starts non-system software RAID arrays during boot under systemd
2019-04-14: A VPN for me but not you: a surprise when tethering to my phone
2019-04-13: Remembering that Prometheus expressions act as filters
WireGuard was pleasantly easy to get working behind a NAT (or several)
2019-04-12: Getting (and capturing) spam can sometimes be useful to see what's in it
2019-04-10: The tarfile module is too generous about what is considered a tar file
A Git tool that I'd like and how I probably use Git differently from most people
2019-04-08: An example of a situation where Go interfaces can't substitute for generics
2019-04-07: Why selecting times is still useful even for dashboards that are about right now
A ZFS resilver can be almost as good as a scrub, but not quite
2019-04-05: I won't be trying out ZFS's new TRIM support for a while
It's always DNS (a story of our circular dependency)
2019-04-03: A sign of people's fading belief in RSS syndication
NVMe and an interesting technology change
2019-04-01: Our plan for handling TRIM'ing our ZFS fileserver SSDs
2019-03-31: Our likely ZFS fileserver upgrade plans (as of March 2019)
Erasing SSDs with blkdiscard (on Linux)
2019-03-29: Our current approach for significantly upgrading or modifying servers
My NVMe versus SSD uncertainty (and hesitation)
2019-03-27: A new and exciting failure mode for Linux UEFI booting
2019-03-26: Drifting away from OmniOS (CE)
2019-03-25: The mystery of my desktop that locks up when it gets too cold
2019-03-24: Prometheus's delta() function can be inferior to subtraction with offset
Link: What has your microcode done for you lately?
A bit more on ZFS's per-pool performance statistics
2019-03-22: Sometimes the simplest version of a graph is a text table
2019-03-21: What sorts of good email attachments our users get (March 2019 edition)
2019-03-20: The types of attachments we see in malware email (March 2019 edition)
2019-03-19: ZFS Encryption is still under development (as of March 2019)
2019-03-18: Prometheus subqueries pick time points in a surprising way
2019-03-17: Going from a bound instance method to its class instance in Python
2019-03-16: Callable class instances versus closures in Python
Staying away from Google Chrome after six months or so
2019-03-14: The plague of 'you've logged in to our site again' notification emails
2019-03-13: Peculiarities about Unix's statfs() or statvfs() API
2019-03-12: An easy optimization for restricted multi-metric queries in Prometheus
2019-03-11: Testing Prometheus alert conditions through subqueries
2019-03-10: What the default query step is for Prometheus subqueries
Turning something into a script encourages improving it
2019-03-08: Exploring how and why interior pointers in Go keep entire objects alive
2019-03-07: Exploring the mild oddity that Unix pipes are buffered
Our problem with Netplan and routes on Ubuntu 18.04
2019-03-06: Using Prometheus subqueries to look for spikes in rates
2019-03-04: A surprisingly arcane little Unix shell pipeline example
2019-03-03: Understanding a change often requires understanding how the code behaves
Really understanding diffs requires knowing their context too
2019-03-01: What you get when you do a DNS A record lookup for a CNAME'd name
2019-02-28: Taking advantage of the Linux kernel NFS server's group membership cache
2019-02-27: How to see and flush the Linux kernel NFS server's group membership cache
Using Prometheus subqueries to do calculations over time ranges
2019-02-25: ntpdate has a surprising restriction on what it will sync to
Link: Vim anti-patterns
2019-02-24: Process states from /proc/[pid]/stat versus /proc/stat's running and blocked numbers
The modern danger of locales when you combine sort and cron
2019-02-22: Using default function arguments to avoid creating a class
2019-02-21: An advantage of tablets and two-in-one devices over small laptops
2019-02-20: What /proc/[pid]/stat's process state means and where it comes from
The cliffs in the way of adding tests to our Django web app
2019-02-18: When cloning git repos, things go faster if you start from a good base
2019-02-17: Why I like middle mouse button paste in xterm so much
Some notes on heatmaps and histograms in Prometheus and Grafana
2019-02-15: Accumulating a separated list in the Bourne shell
2019-02-14: A pleasant surprise with a Thunderbolt 3 10G-T Ethernet adapter
2019-02-13: An unpleasant surprise with part of Apache's AllowOverride directive
2019-02-12: Using grep with /dev/null, an old Unix trick
2019-02-11: Thinking about the merits of 'universal' URL structures
2019-02-10: Open protocols can evolve fast if they're willing to break other people
2019-02-09: 'Scanned' versus 'issued' numbers for ZFS scrubs (and resilvers)
2019-02-08: Making more use of keyboard control over window position and size
2019-02-07: A touchpad is not a mouse, or at least not a good one
2019-02-06: Using a single git repo to compare things between two upstreams
2019-02-05: A problem with strict memory overcommit in practice
2019-02-04: Hand-building an updated upstream kernel module for your (Fedora) kernel
2019-02-03: My temptation of getting a personal laptop
2019-02-02: A little appreciation for Vim's 'g' command
2019-02-01: A bit of Sun's history that still lingers on in Illumos
2019-01-31: What getopt package I use for option handling in my Go programs
2019-01-30: ZFS On Linux's kernel modules issues are not like NVidia's
How having a metrics system centralized information and got me to check it
2019-01-28: Go 2 Generics: some features of contracts that I like
The potential risk to ZFS created by the shift in its userbase
2019-01-27: How to handle Unicode character decoding errors depends on your goals
2019-01-25: A piece of email malware that wanted to make sure we rejected it
The Linux kernel's pstore error log capturing system, and ACPI ERST
2019-01-23: Consider setting your Linux servers to reboot on kernel problems
A little surprise with Prometheus scrape intervals, timeouts, and alerts
2019-01-22: Things you can do to make your Linux servers reboot on kernel problems
2019-01-21: Two annoyances I have with Python's imaplib module
2019-01-20: A few notes on using SSL in Python 3 client programs
2019-01-19: A surprise potential gotcha with sharenfs in ZFS on Linux
2019-01-18: Linux CPU numbers are not necessarily contiguous
2019-01-17: Why C uninitialized global variables have an initial value of zero
2019-01-16: Perhaps you no longer want to force a server-preferred TLS cipher order on clients
2019-01-14: Why your fresh new memory pages are zero-filled
2019-01-13: Two views of ZFS's GPL-incompatibility and the Linux kernel
The risk that comes from ZFS on Linux not being GPL-compatible
Even thinking about spam makes me angry
2019-01-12: I have somewhat mixed feelings about Python 3's socket module errors
2019-01-11: A new drawback of using my custom-compiled Firefox
2019-01-10: Why I still have a custom-compiled Firefox (early 2019 edition)
2019-01-09: On right and wrong ways to harvest system-level performance stats
2019-01-08: Link: The IOCCC 2018 "Best of show" program
2019-01-07: Daemons and the pragmatics of unexpected error values from system calls
2019-01-06: accept(2)'s problem of trying to return two different sorts of errors
Linux network-scripts being deprecated is a problem for my home PPPoE link
2019-01-05: Some things on ZFS's per-pool performance statistics
2019-01-04: Planning ahead in documentation worked out for us
2019-01-02: You shouldn't allow Firefox to recommend things to you any more
How I get a copy of the Ubuntu kernel source code (as of Ubuntu 18.04)
2018-12-31: Our Linux ZFS fileservers work much like to our OmniOS ones
Thinking about DWiki's Python 3 Unicode issues
2018-12-30: Our third generation ZFS fileservers and their setup
2018-12-28: An odd MIME Content-Disposition or two
2018-12-27: Having metrics has taught me I didn't really know how our systems behave
The many return values of read() (plus some other cases)
2018-12-26: The problem of screenshots when you have a HiDPI display
2018-12-24: Some notes on ZFS prefetch related stats
Plaintext parts of email are fading away (in spam and non-spam)
2018-12-23: How I wound up finding a bug in GNU Tar
2018-12-21: Moving to Fedora 29 has not been one of the smooth upgrades for me
Working around an irritating recent XTerm change in behavior
2018-12-20: FreeBSD ZFS will be changing to be based on ZFS on Linux
2018-12-19: My unusual Linux setup of an untagged network and tagged VLANs on the same interface
2018-12-17: My current trick for keeping reasonably ready virtual machine images
Exploring casual questions with our new metrics system
2018-12-16: The Go 2 Error Handling proposal will likely lead to more use of error in return types
2018-12-15: Python 3's approach to filenames and arguments is pragmatically right
2018-12-14: Link: Everything you should know about certificates and PKI but are too afraid to ask
Why our Grafana URLs always require HTTP Basic Authentication
2018-12-13: Some new-to-me features in POSIX (or Single Unix Specification) Bourne shells
2018-12-12: One situation where you absolutely can't use irate() in Prometheus
2018-12-10: Why I'm usually unnerved when modern SSDs die on us
A spate of somewhat alarming flaky SMART errors on Crucial MX500 SSDs
2018-12-09: Firefox, WebExtensions, and Content Security Policies
2018-12-08: Link: HTTPS in the real world
2018-12-07: Why we like HTTP Basic Authentication in Apache so much
Modern Bourne shell arithmetic is pretty pleasant
2018-12-05: Some basic ZFS ARC statistics and prefetching
The brute force cron-based way of flexibly timed repeated alerts
2018-12-03: Wget is not welcome here any more (sort of)
Linux disk IO stats in Prometheus
2018-12-02: Checking to see if a process is alive (on Linux)
2018-11-30: Today I (re-)learned that top's output can be quietly system dependent
I've learned that sometimes the right way to show information is a simple one
2018-11-29: Go 2 Generics: Interfaces are not the right model for type constraints
2018-11-28: Go 2 Generics: A way to make contracts more readable for people (if not programs)
2018-11-26: (Open)SSH quiet connection disconnects in theory and in practice
2018-11-25: Firefox's middle-click behavior on HTML links on Linux
How we monitor our Prometheus setup itself
2018-11-23: Some Linux disk IO stats you can calculate from kernel information
Qualified praise for the Linux ss program
2018-11-21: Some views on more flexible (Illumos) kernel crash dumps
What I really miss when I don't have X across the network
2018-11-20: When Prometheus Alertmanager will tell you about resolved alerts
2018-11-18: Old zombie Linux distribution versions aren't really doing you any favours
Some notes about kernel crash dumps in Illumos
2018-11-16: Restisting the temptation to rely on Ubuntu for Django 1.11
Go 2 Generics: Contracts are too clever
2018-11-14: Linux iptables compared to OpenBSD PF (through a real example)
2018-11-13: Our pragmatic attachment to OpenBSD PF for our firewall needs
2018-11-12: What Python 3 versions I can use (November 2018 edition)
2018-11-11: Easy configuration for lots of Prometheus Blackbox checks
The needs of Version Control Systems conflict with capturing all metadata
OpenSSH 7.9's new key revocation support is welcome but can't be a full fix
2018-11-10: Why Prometheus turns out not be our ideal alerting system
Character by character TTY input in Unix, then and now
2018-11-09: Getting CPU utilization breakdowns efficiently in Prometheus
2018-11-08: The future of our homedir-based mail server system design
2018-11-07: What email messages to not send autoreplies to (late 2018 edition)
2018-11-06: Our self-serve system for 'vacation' autoreplies and its surprising advantage
2018-11-05: rate() versus irate() in Prometheus (and Grafana)
2018-11-04: DKIM provides sender attribution (for both spam and not necessarily spam)
My view on Debian versus Ubuntu LTS for us today
2018-11-02: Metadata that you can't commit into a VCS is a mistake (for file based websites)
2018-11-01: In Linux, hitting a strict overcommit limit doesn't trigger the OOM killer
2018-10-31: Do I feel uncertain about CentOS's future now? Yes, a bit
OpenSSH has broader key revocation than I thought
2018-10-29: Shooting myself in the foot by cargo-culting Apache configuration bits
2018-10-28: How I'm visualizing health check history in Grafana
Link: HiDPI on dual 4K monitors with Linux
The obviousness of inheritance blinded me to the right solution
2018-10-26: What 'dependency' means in Unix init systems is underspecified
2018-10-25: I should always give my Python classes a __str__ method
2018-10-24: You can sort of use zdb as a substitute for a proper ZFS fsck
2018-10-23: ZFS scrubs check (much) less than you probably think they do
2018-10-22: Some DKIM usage statistics from our recent inbound email (October 2018 edition)
Using group_* vector matching in Prometheus for database lookups
2018-10-21: Some tradeoffs of having a Certificate Authority in your model
2018-10-20: The original Unix ed(1) didn't load files being edited into memory
2018-10-18: Some things on delays and timings for Prometheus alerts
Link: Vectorized Emulation [of CPUs and virtual machines]
Why you should be willing to believe that ed(1) is a good editor
2018-10-17: When metrics disappear on updates with Prometheus Pushgateway
2018-10-16: Quickly bashing together little utilities with Python is nice
2018-10-15: The external delivery delays we see on our central mail machine
Garbage collection and the underappreciated power of good enough
2018-10-13: Getting a CPU utilization breakdown in Prometheus's query language, PromQL
How Prometheus's query steps (aka query resolution) work
2018-10-12: My unusual use for Firefox's Private Browsing mode
2018-10-11: Some notes on Prometheus's Blackbox exporter
2018-10-10: Even systemd services and dependencies are not self-documenting
2018-10-09: Something systemd is missing for diagnosing oddly slow boots
2018-10-07: It's good to check systemd for new boot-time things every so often
2018-10-06: A deep dive into the OS memory use of a simple Go program
Go basically never frees heap memory back to the operating system
2018-10-05: My non-approach to password management tools
2018-10-03: Thinking about what we want to be alerted about
2018-10-02: Thinking about what we probably want for monitoring, metrics, etc
An irritating limitation or two of addons in Firefox Quantum
2018-09-30: My Firefox addons as of Firefox '64' (the current development version)
Why updating my Fedora kernels is a complicated multi-step affair
2018-09-28: Addressable values in Go (and unaddressable ones too)
Using a very old ZFS filesystem can give you a kernel panic on Linux
2018-09-27: Learning about Go's unaddressable values and slicing
2018-09-25: A problem with unmounting FUSE mount points that are on NFS filesystems
2018-09-24: Why I don't set master passwords in programs
Walking away from Google Chrome
2018-09-22: The ed(1) command in the Single Unix Specification (and the SVID)
Some differences between various versions of ed(1)
2018-09-21: Your databases always have a schema
Why I mostly don't use ed(1) for non-interactive edits in scripts
2018-09-20: Ubuntu pretty much is the 'universe' repository for us
2018-09-19: The Extended Validation TLS certificate endgame is here (to my surprise)
2018-09-17: Python 3 supports not churning memory on IO
The importance of explicitly and clearly specifying things
2018-09-16: CPython has a fairly strongly predictable runtime, which can be handy
2018-09-15: How to use uBlock Origin to block Javascript by default
2018-09-14: How you migrate ZFS filesystems matters
2018-09-13: I don't like getters and setters and prefer direct field access
2018-09-12: A surprise discovery about procmail (and wondering about what next)
2018-09-11: The Linux kernel's internals showing through in the specifics of an NFS bug
2018-09-09: Why I don't think browsers will ever standardize how 'Reader Mode' works
Cookie management models in Firefox Quantum in practice
2018-09-07: My view of the current state of Go's dependency management (as of Go 1.11)
I've slowly been improving my web experience by trusting uMatrix more
2018-09-06: Our future IPv6 access control problems due to non-DHCP6 machines
2018-09-04: Some views on the Go 2 Error Inspection early draft proposal
ZFS quietly discards all-zero blocks, but only sometimes
2018-09-02: Link: "The History of a Security Hole" (in various *BSD kernels)
An extravagant and dense piece of malware-laden email
If one phish spam doesn't succeed, maybe another will
NFS directory reading and directory file type information
2018-08-31: Link: A deep dive into the Go memory allocator
Configurations can quietly drift away from working over time, illustrated
Making Ubuntu bug reports seems to be useless (or pointless)
2018-08-29: Our problem with (Amanda) backups of many files, especially incrementals
How I recently used vendoring in Go
2018-08-28: An illustration of why it's hard to port outside code into the Linux kernel
2018-08-26: A little bit of the one-time MacOS version still lingers in ZFS
How ZFS maintains file type information in directories
2018-08-25: The history of file type information being available in Unix directories
2018-08-24: Incremental development in Python versus actual tests
2018-08-23: It's time for me to buckle down and add tests to our Django web app
2018-08-22: Why ed(1) is not a good editor today
2018-08-20: Explicit manipulation versus indirect manipulation UIs
It's worth testing that obvious things actually do work
2018-08-19: Why I'm mostly not interest in exploring new fonts (on Unix)
2018-08-17: Some malware apparently believes in covering its bases
Some Firefox addons I'm experimenting with (as of Firefox 62 or so)
2018-08-16: It matters where (or when) your programs ask questions
2018-08-14: Go's net package doesn't have opaque errors, just undocumented ones
Our problem with HTTPS and user-created content
2018-08-12: The evolution of our account creation script
A recent spate of ZIP attachments with everything
2018-08-10: Fetching really new Fedora packages with Bodhi
The benefits of driving automation through cron
One simple general pattern for making sure things are alive
2018-08-08: Systemd's DynamicUser feature is (currently) dangerous
A timesyncd total failure and systemd's complete lack of debugability
2018-08-06: Link: Where Vim Came From
Linux's /dev/disk/by-path names for disks change over time
2018-08-05: Some more notes on Firefox 63 and perhaps later media autoplay settings
Why email is often not as good as modern communication protocols
2018-08-03: Firefox now implements its remote control partly over D-Bus
How I want to use Go's versioned modules
2018-08-02: Ubuntu 18.04's problem with Amanda's amrecover
2018-07-31: The hidden danger of using rsync to copy files instead of cp
2018-07-30: My own configuration files don't have to be dotfiles in $HOME
Being reminded that an obvious problem isn't necessarily obvious
2018-07-29: Our ZFS fileservers aren't happy when you do NFS writes to a full filesystem
2018-07-28: Word-boundary regexp searches are what I usually want
2018-07-27: Today I saw a spammer parasite itself on another spammer (probably)
2018-07-25: One advantage of Go modules will be less mess in $HOME/go/src
2018-07-24: I doubt Chrome's new 'not secure' warning about HTTP sites will change much (at least right away)
2018-07-23: Some notes on lifting Python 2 code into Python 3 code
The irritatingly many executable formats of Windows
2018-07-22: The problem with some non-HiDPI aware applications (is that they're very small)
2018-07-21: How we're handling NFS exports for our ZFS on Linux systems
2018-07-20: Linux's NFS exports permissions model compared to Illumos's
2018-07-19: Sometimes it actually is a Linux kernel bug
2018-07-17: Some things on Illumos NFS export permissions
2018-07-16: Why people are probably going to keep using today's Unixes
2018-07-15: When I'll probably be able to use Python assignment expressions
Understanding ZFS System Attributes
2018-07-14: The challenge of storing file attributes on disk
2018-07-13: ZFS on Linux's sharenfs problem (of what you can and can't put in it)
2018-07-11: You should probably write down what your math actually means
2018-07-10: Some thoughts on performance shifts in moving from an iSCSI SAN to local SSDs
Remembering that Python lists can use tuples as the sort keys
2018-07-08: TLS Certificate Authorities and 'trust'
We've decided to write our future Python tools in Python 3
2018-07-06: Having your SSH server on an alternate port provides no extra security today
I'm seeing occasional mysterious POST requests without Content-Types
2018-07-04: How and why we sell storage to people here
The hardware and basic setup for our third generation of ZFS fileservers
2018-07-03: The history of our custom NFS mount authorization system (or some of it)
2018-07-01: Understanding the first imperative of a commercial Certificate Authority
2018-06-30: My interesting experience with rapid repeated PID rollover on Linux
2018-06-29: What 'PID rollover' is on Unix systems
How ZFS makes things like 'zfs diff' report filenames efficiently
2018-06-27: My Ryzen-based Linux office machine appears to finally be stable
I think it's still reasonable to run personal servers on the Internet
2018-06-25: Twitter probably isn't for you or me any more
2018-06-24: What ZFS block pointers are and what's in them
A broad overview of how ZFS is structured on disk
2018-06-22: When you make changes, ZFS updates much less stuff than I thought
Running servers (and services) well is not trivial
2018-06-20: Revising my view on Python 3 for new code again: you should use it
The time to be compatible with both Python 2 and Python 3 is past
2018-06-18: Getting Xorg to let you terminate the X server with Ctrl + Alt + Backspace
2018-06-17: The history of terminating the X server with Ctrl + Alt + Backspace
A broad overview of how modern Linux systems boot
2018-06-16: The 'on premise' versus 'off premise' approach to environments
2018-06-15: Default X resources are host specific (which I forgot today)
2018-06-14: Clearing cached HTTP redirections or HSTS status in Firefox
2018-06-13: Link: A Child’s Garden of Inter-Service Authentication Schemes
Link: About the memory management in the Bourne shell
The mess Ubuntu 18.04 LTS has made of libreadline
2018-06-11: A website's design shows its actual priorities
2018-06-10: People receiving email don't feel it should be their job to stop spam
2018-06-09: What ZFS messages about 'permanent errors in <0x95>:<0x0>' mean
How to run a mail sending service that will probably never send spam
2018-06-08: Networks form through usage and must be maintained through it
2018-06-07: The history of Unix's confusing set of low-level ways to allocate memory
2018-06-06: The downsides of processing files using too large a buffer size
2018-06-04: The superficial versus deep appeal of ZFS
What I use Github for and how I feel about it
2018-06-03: Why I believe that HTTPS-only JavaScript APIs make sense
2018-06-02: Intel versus AMD for me (in 2018)
2018-05-31: What is the long term future for Extended Validation TLS certificates?
Extended Validation TLS certificates are basically invisible
2018-05-30: Taking over program names in Linux is generally hard
2018-05-28: An incomplete list of reasons why I force-quit iOS apps
2018-05-27: ZFS pushes file renamings and other metadata changes to disk quite promptly
Most modern web spiders are parasites
2018-05-25: Some notes on Go's runtime.KeepAlive() function
There's real reasons for Linux to replace ifconfig, netstat, et al
2018-05-24: Registering for things on the Internet is dangerous these days
2018-05-23: Almost no one wants to run their own infrastructure
2018-05-21: Bad versions of packages in the context of minimal version selection
2018-05-20: 'Minimal version selection' accepts that semantic versioning is fallible
Modern CPU power usage varies unpredictably based on what you're doing
2018-05-18: ZFS spare-N spare vdevs in your pool are mirror vdevs
How I usually divide up NFS (operation) metrics
2018-05-17: I'm worried about Wayland but there's not much I can do about it
2018-05-16: How you run out of inodes on an extN filesystem (on Linux)
2018-05-15: I have a boring desktop and I think I'm okay with that
2018-05-13: My GDPR pessimism
2018-05-12: ZFS on Linux's development version now has much better pool recovery for damaged pools
Sorting out some of my current views on operator overloading in general
2018-05-11: Notice to web spiders: an email address in your user-agent isn't good enough
2018-05-10: Python modules use operator overloading in two different ways
2018-05-09: Yubico fails to care that people give you email addresses for specific purposes
2018-05-08: How we're going to be doing custom NFS mount authorization on Linux
2018-05-07: One reason why Python doesn't let you overload the boolean AND and OR operations
2018-05-06: Firefox turns out to need some degree of 'autoplay' support
2018-05-05: Modern Unix GUIs now need to talk to at least one C library
2018-05-04: Why you can't put zero bytes in Unix command line arguments
2018-05-03: Using grep to hunt around for null bytes in text files
2018-05-02: An interaction of low ZFS recordsize, compression, and advanced format disks
2018-04-30: You probably need to think about how to handle core dumps on modern Linux servers
Microsoft's Bingbot crawler is on a relative rampage here
2018-04-29: My new 4K HiDPI display really does make a visible difference
2018-04-28: What sorts of good email attachments our users get (April 2018 edition)
2018-04-27: Some notes on Firefox's current media autoplay settings
2018-04-26: The shifting goals of our custom NFS mount authorization system
2018-04-25: An implementation difference in NSS netgroups between Linux and Solaris
2018-04-24: What the core practical problems with HiDPI seem to be on Linux
2018-04-23: ZFS's recordsize as an honest way of keeping checksum overhead down
2018-04-22: Thinking about why ZFS only does IO in recordsize blocks, even random IO
2018-04-20: The increasingly surprising limits to the speed of our Amanda backups
Spam from Yahoo Groups has quietly disappeared
2018-04-18: The sensible way to use Bourne shell 'here documents' in pipelines
A CPU's TDP is a misleading headline number
2018-04-17: Link: Parsing: a timeline
Go and the pragmatic problems of having a Python-like with statement
2018-04-16: Some notes and issues from trying out urxvt as an xterm replacement
2018-04-15: The unfortunate configuration choice Grub2 makes in UEFI configurations
2018-04-13: For the first time, my home PC has no expansion cards
A learning experience about the performance of our IMAP server
2018-04-12: I'm hoping that RHEL 8's decision on Python 2 isn't Ubuntu 20.04's decision
2018-04-10: Our real problem with a removal of Python 2 is likely to be our users
2018-04-09: Power consumption numbers for my 2018 home and work machines
2018-04-08: The interesting question of whether Ubuntu 20.04 LTS will include Python 2
A learning experience with iOS's fingerprint recognition
2018-04-07: Some numbers for how well various compressors do with our /var/mail backup
2018-04-06: Using Go finalizers can be a better option than not using them
2018-04-05: Switching over to Firefox Quantum was relatively painless
2018-04-04: Today's learning experience is that gzip is not fast
2018-04-03: Sorting out my systemd mistake with a script-based service unit
2018-04-02: Link: Closing the Loop: The Importance of External Engagement in Computer Science Research
I've retired my filtering HTTP proxy
2018-03-31: Using a local database to get consistent device names is a bad idea
My new Linux home machine for 2018
2018-03-30: My current set of Firefox Quantum (57+) addons
Sometimes, not trying to reject some sort of spam is the right answer
2018-03-29: The problem with Linux's 'predictable network interface names'
2018-03-28: The correlation between Spamhaus Zen listings and attachment types (March 2018 edition)
2018-03-27: My uncertainties around X drivers for modern Intel integrated graphics
2018-03-26: xprt: data for NFS mounts in /proc/self/mountstats is per-fileserver, not per-mount
2018-03-25: Our revised Dovecot IMAP configuration migration plans (and processes)
2018-03-24: Our current ugly hacks to Dovecot to help mitigate our IMAP problems
2018-03-23: Some things about Dovecot, its index files, and the IMAP LIST command
2018-03-22: Why seeing what current attributes a Python object has is hard
2018-03-21: You probably don't want to run Firefox Nightly any more
2018-03-20: Python and the 'bags of unstructured data' approach
2018-03-19: Some exciting ZFS features that are in OmniOS CE's (near) future
2018-03-18: Why I use Facebook (a story of web development)
2018-03-17: Much better ZFS pool recovery is coming (in open source ZFS)
2018-03-16: Wrestling with metrics to get meaningful, useful ones
2018-03-14: What I think I want out of a hypothetical nfsiotop for Linux
Why Let's Encrypt's short certificate lifetimes are a great thing
2018-03-12: A spammer misses a glorious opportunity
Linux is good at exposing the truth of how motherboards are wired
2018-03-11: A bad web scraper operating out of OVH IP address space
2018-03-09: In Fedora, your initramfs contains a copy of your sysctl settings
Some questions I have about DDR4 RAM speed and latency in underclocked memory
2018-03-07: Some things I mean when I talk about 'forged HTTP referers'
The lie in Ubuntu source packages (and probably Debian ones as well)
2018-03-05: Getting chrony to not try to use IPv6 time sources on Fedora
2018-03-04: The value locked up in the Unix API makes it pretty durable
The practical Unix API is more than system calls (or POSIX)
2018-03-02: Frequent versus infrequent developers (in languages and so on)
A sysadmin's perspective on Go vendoring and vgo
2018-02-28: egrep's -o argument is great for extracting unusual fields
Using Python 3 for example code here on Wandering Thoughts
2018-02-26: Meltdown and Spectre have made this a bad time to get a new x86 CPU
It feels good to have a fallback option for home computing
2018-02-25: What Python does when you subclass a __slots__ class is the right answer
2018-02-24: The question of what will be sending email spam over IPv6
2018-02-23: Github and publishing Git repositories
2018-02-21: Sorting out what exec does in Bourne shell pipelines
2018-02-20: How switching to uMatrix for JavaScript blocking has improved my web experience
I've now received my first spam email over IPv6
2018-02-19: Some consumer SSDs are moving to a 4k 'advance format' physical block size
2018-02-18: Memories of MGR
2018-02-17: Using lsblk to get extremely useful information about disks
2018-02-16: How I tend to label bad hardware
2018-02-15: DTrace being GPL (and thrown into a Linux kernel) is just the start
2018-02-14: Some things about ZFS block allocation and ZFS (file) record sizes
2018-02-12: Writing my first addon for Firefox wasn't too hard or annoying
2018-02-11: Sending emails to your inbox is a dangerous default
Access control security requires the ability to do revocation
2018-02-10: The interesting error codes from Linux program segfault kernel messages
2018-02-09: My failure to migrate my workstation from MBR booting to UEFI
2018-02-08: What the Linux kernel's messages about segfaulting programs mean on 64-bit x86
2018-02-07: Consumer SSDs and their nominal physical block sizes, now and in the future
2018-02-05: I should remember that sometimes C is a perfectly good option
2018-02-04: A surprise in how ZFS grows a file's record size (at least for me)
More notes on using uMatrix in Firefox 56 (in place of NoScript)
2018-02-02: Some practical tradeoffs involved in using HTTPS instead of HTTP
X's network transparency was basically free at the time
2018-01-31: Mozilla's Looking Glass 'retrospective' is unfortunately inadequate
How the IPs sending us malware break down (January 2018 edition)
2018-01-30: Reverse engineering some settings for Google Search
2018-01-28: Adding 'view page in no style' to the WebExtensions API in Firefox Quantum
Adding 'view page in no style' to Firefox Quantum's context menu
The limitations of Firefox's Reader mode
2018-01-26: A misbehaving SMTP sender can fool me about malware volume
X's network transparency has wound up mostly being a failure
2018-01-24: What the Linux rcu_nocbs kernel argument does (and my Ryzen issues again)
Some early notes on using uMatrix to replace NoScript in Firefox 56
2018-01-22: The addons that I would likely use with Firefox Quantum (57+)
Doing something when a Cinnamon-based laptop suspends or hibernates
2018-01-21: The temptation of Firefox Quantum for me
2018-01-19: I'm one of those people who never log out from their desktop
2018-01-18: Why Go cares about the difference between unsafe.Pointer and uintptr
A recent performance surprise with X on my Fedora Linux desktop
2018-01-17: My new Ryzen desktop is causing Linux to hang (and it's frustrating)
2018-01-16: You could say that Linux is AT&T's fault
2018-01-15: Meltdown and the temptation of switching to Ryzen for my new home machine
2018-01-14: Our small tools for running commands on multiple machines
2018-01-13: Some plans for migrating my workstation from MBR booting to UEFI
2018-01-12: Open source software licenses matter
2018-01-10: Linux's glibc monoculture is not a bad thing
Glibc and the Linux API
2018-01-09: Differences between keywords and constants in Python
2018-01-08: Link: Some fascinating details of cellular data transmission
2018-01-07: The challenges of having true constants in Python
Link: The Python decorators they won't tell you about
2018-01-06: What's happening when you change True and False in Python 2
What ZFS gang blocks are and why they exist
2018-01-05: Confirming the behavior of file block sizes in ZFS
2018-01-04: The goals and problems of our Dovecot IMAP configuration migration
2018-01-03: A brief review of the Dell XPS 13 as a Fedora laptop
2018-01-02: Some notes on relative imports and vendor/ in Go
2017-12-31: Is the C runtime and library a legitimate part of the Unix API?
Understanding IMAP path prefixes in clients and servers
2017-12-30: Some details of ZFS DVAs and what some of their fields store
2017-12-29: To get much faster, an implementation of Python must do less work
2017-12-28: How our IMAP server wound up running out of inodes
2017-12-27: When you have fileservers, they naturally become the center of the world
2017-12-26: I continue to have strong confidence in ZFS On Linux
2017-12-25: There were Unix machines with real DirectColor graphics hardware
2017-12-24: The interestingly different display colour models of X10 and X11
2017-12-23: Our next generation of fileservers will not be based on Illumos
2017-12-22: Our next generation of fileservers will not use any sort of SAN
2017-12-21: Checking RAM DIMM information from inside Linux
2017-12-20: I feel that Firefox forks that would be useful to me are doomed
2017-12-19: Attachment types that we see in email from Zen-listed IP addresses
2017-12-18: What file types we see inside ZIP archives with only a single file in email
2017-12-17: Some questions someone should ask Mozilla
2017-12-15: Mozilla betrays Firefox users and its nominal principles
How we automate acmetool
2017-12-14: How Python makes it hard to write well structured little utilities
2017-12-13: Our Apache file serving problem on our general purpose web server
2017-12-12: Some notes on systemd-resolved, the systemd DNS resolver
2017-12-11: Some things about booting with UEFI that are different from MBR booting
2017-12-10: Let's Encrypt and a TLS monoculture
2017-12-09: You don't have to authorize a machine for Let's Encrypt from the machine
We've switched over to using Let's Encrypt as much as possible
2017-12-08: Some thoughts on what StartCom's shutdown means in general
2017-12-06: My upgrade to Fedora 27, Secure Boot, and a mistake made somewhere
In practice, Go's slices are two different data structures in one
2017-12-04: Some notes on using Go to check and verify SSH host keys
2017-12-03: Some notes and considerations on SSH host key verification
My new Linux office workstation for fall 2017
2017-12-01: I'm basically giving up on syslog priorities
2017-11-30: We're broadly switching to synchronizing time with systemd's timesyncd
The cost of memory access across a NUMA machine can (probably) matter
2017-11-29: Sometimes the right thing to do about a spate of spam is nothing (probably)
2017-11-27: Code stability in my one Django web application
The dig program now needs some additional options for useful DNS server testing
2017-11-26: One way of capturing debugging state information in a systemd-based system
2017-11-25: Sequential scrubs and resilvers are coming for (open-source) ZFS
2017-11-24: Shooting myself in the foot by using exec in a shell script
2017-11-23: Understanding a tricky case of Bourne shell redirection and command parsing
2017-11-22: Delays on SMTP replies discourage apparently SMTP AUTH scanners
2017-11-20: Major version changes are often partly a signal about support
2017-11-19: StartCom gives up on its Certificate Authority business
Getting some information about the NUMA memory hierarchy of your server
2017-11-18: AMD Ryzens, their memory speed peculiarities, and ECC
2017-11-17: When you should run an NTP daemon on your servers
2017-11-16: I think you should mostly not run NTP daemons on your machines
2017-11-15: I've switched from ntpd to chrony as my NTP daemon
2017-11-14: We may have reached a point where (new) ARM servers will just work for Linux
2017-11-13: X11 PseudoColor displays could have multiple hardware colormaps
2017-11-12: The fun of X11 PseudoColor displays and window managers
2017-11-11: What X11's TrueColor means (with some history)
2017-11-10: A systemd mistake with a script-based service unit I recently made
2017-11-09: Why I'm not enthused about live patching kernels and systems
2017-11-08: What it means to support ECC RAM (especially for AMD Ryzen)
2017-11-07: Link: Citation Needed [on array indexing in programming languages]
My new Linux machine for fall 2017 (planned)
2017-11-05: How collections.defaultdict is good for your memory usage
Some early notes on WireGuard
2017-11-04: Why I've switched from GRE-over-IPSec to using WireGuard
2017-11-03: Illumos mountd caches netgroup lookups (relatively briefly)
2017-11-02: I think Certificate Transparency is better for the web than HTTP Key Pinning
2017-10-31: We've now seen malware in a tar archive
2017-10-30: There are two sorts of TLS certificate mis-issuing
The Illumos NFS server's caching of filesystem access permissions
2017-10-29: There are several ways to misread specifications
2017-10-28: Why I plan to pick a relatively high-end desktop CPU for my next PC
2017-10-27: HD usage can be limited by things other than cost per TB
2017-10-26: The 'standard set' of Unix programs is something that evolves over time
2017-10-25: Having different commands on different systems does matter
2017-10-24: Our frustrations with OmniOS's 'KYSTY' minimalism
2017-10-23: I've now seen something doing SMTP probing of IPv6 addresses
2017-10-22: Understanding what our wireless password protects
2017-10-21: Multi-Unix environments are less and less common now
2017-10-20: Ext4, SSDs, and RAID stripe parameters
2017-10-18: Using Shellcheck is good for me
I still like Python and often reach for it by default
2017-10-17: My current grumpy view on key generation for hardware crypto keys
2017-10-16: Getting ssh-agent working in Fedora 26's Cinnamon desktop environment
2017-10-15: Unbalanced reads from SSDs in software RAID mirrors in Linux
2017-10-14: A surprise about which of our machines has the highest disk write volume
2017-10-13: Working to understand PCI Express and how it interacts with modern CPUs
2017-10-12: I'm looking forward to using systemd's new IP access control features
2017-10-11: Understanding M.2 SSDs in practice and how this relates to NVMe
2017-10-10: An interesting way to leak memory with Go slices
2017-10-09: JavaScript as the extension language of the future
2017-10-08: Thinking about whether I'll upgrade my next PC partway through its life
2017-10-07: I'm trying out smooth scrolling in my browsers
2017-10-06: Spam issues need to be considered from the start
2017-10-05: Google is objectively running a spammer mailing list service
2017-10-04: My new worry about Firefox 56 and the addons that I care about
2017-10-03: Some thoughts on having both Python 2 and 3 programs
2017-10-02: My experience with using Fedora 26's standard font rendering (and fonts)
2017-09-30: The origin of POSIX as I learned the story (or mythology)
2017-09-29: Shell builtin versions of standard commands have drawbacks
More on systemd on Ubuntu 16.04 failing to reliably reboot some of our servers
2017-09-27: Putting cron jobs into systemd user slices doesn't always work (on Ubuntu 16.04)
ZFS's recordsize, holes in files, and partial blocks
2017-09-26: Using zdb to peer into how ZFS stores files on disk
2017-09-25: What I use printf for when hacking changes into programs
2017-09-24: Reading code and seeing what you're biased to see, illustrated
2017-09-23: A clever way of killing groups of processes
2017-09-22: Using a watchdog timer in system shutdown with systemd (on Ubuntu 16.04)
2017-09-21: My potential qualms about using Python 3 in projects
2017-09-20: Wireless is now critical (network) infrastructure
2017-09-18: Looking back at my mixed and complicated feelings about Solaris
Sorting out the world of modern USB (at least a bit)
2017-09-17: Why I didn't use the attrs module in a recent Python project
2017-09-15: Ignoring the domain when authenticating your Dovecot users
Firefox 57 and the state of old pre-WebExtensions addons
2017-09-14: Sorting out systemd's system.conf, user.conf, and logind.conf
2017-09-13: System shutdown is complicated and involves policy decisions
2017-09-12: The different contexts of stopping a Unix daemon or service
2017-09-11: Giving users what they want and expect, IMAP edition
2017-09-10: I failed to notice when my network performance became terrible
2017-09-09: Letting go of having an optical drive in my machine
2017-09-08: My view of the problem with Extended Validation TLS certificates
2017-09-07: Systemd, NFS mounts, and shutting down your system
2017-09-06: Systemd on Ubuntu 16.04 can't (or won't) reliably reboot your server
2017-09-05: If spam false positives are inevitable, should we handle them better?
2017-09-04: The idea of 'spam levels' may be a copout
2017-09-03: A fundamental limitation of systemd's per-user fair share scheduling
2017-09-02: Putting cron jobs into systemd user slices
2017-08-31: With git, it's useful to pick the right approach to your problem
People probably aren't going to tell you when your anti-spam systems are working
2017-08-30: We've wound up using the spam scores from some other mail systems
2017-08-28: OpenSSH has an annoyingly misleading sshd error log message
The types of attachments we see for malware-laden email
2017-08-27: Is bootstrapping Go from source faster using Go 1.9 or Go 1.8?
2017-08-25: The probable coming explosion of Firefox 57
Fedora 26 and a font rendering dilemma for me
2017-08-23: Why Go changes its minimum version requirements for OSes (and hardware)
An unexpected risk of using Go is it ending support for older OS versions
2017-08-22: Understanding rainbow tables
2017-08-21: Hashed Ethernet addresses are not anonymous identifiers
2017-08-20: The surprising longevity of Unix manpage formatting
2017-08-19: Subnets and early Unix implementations of TCP/IP networking
2017-08-18: How ZFS on Linux names disks in ZFS pools
2017-08-16: The three different names ZFS stores for each vdev disk (on Illumos)
Things I do and don't know about how ZFS brings pools up during boot
2017-08-15: How to get per-user fair share scheduling on Ubuntu 16.04 (with systemd)
2017-08-14: Chrome extensions are becoming a reason not to use Chrome
2017-08-13: Sorting out slice mutability in Go
2017-08-12: Notes on cgroups and systemd's interaction with them as of Ubuntu 16.04
2017-08-11: Some notes from my brief experience with the Grumpy transpiler for Python
Link: Linux Load Averages: Solving the Mystery
2017-08-10: On the Internet, merely blocking eavesdropping is a big practical win
2017-08-09: How encryption without authentication would still be useful on the web
2017-08-08: We care more about long term security updates than full long term support
2017-08-07: There will be no LTS release of the OmniOS Community Edition
2017-08-06: Our decision to restrict what we use for developing internal tools
2017-08-05: I've been hit by the startup overhead of small programs in Python
2017-08-04: The problem with distributed authentication systems for big sites
2017-08-03: Imposing temporary CPU and memory resource limits on a user on Ubuntu 16.04
2017-08-02: Why I'll never pick the 'sign in with a Facebook or Google account' option
2017-07-31: Using policy based routing to isolate a testing interface on Linux
Link: How does "the" X11 clipboard work?
Modern web page design and superstition
2017-07-30: Some terrible article page design elements on the modern web
2017-07-29: The differences between how SFTP and scp work in OpenSSH
2017-07-28: Our (Unix) staff groups problem
2017-07-26: The continuity of broad systems or environments in system administration
Why I care about Apache's mod_wsgi so much
2017-07-25: If you're going to use PyPy, I think you need servers
2017-07-24: Trying to understand the ZFS l2arc_noprefetch tunable
2017-07-23: Understanding a bit about the SSH connection protocol
2017-07-21: When the SSH protocol does and doesn't do user authentication
2017-07-20: I'm cautiously optimistic about the new OmniOS Community Edition
HTTPS is a legacy protocol
2017-07-19: I've become resigned to Firefox slowly leaking memory
2017-07-18: Python's complicating concept of a callable
2017-07-17: Link: NASA DASHlink - Real System Failures
Why I think Emacs readline bindings work better than Vi ones
2017-07-16: Why upstreams can't document their program's behavior for us
2017-07-14: Some people feel that all permanent SMTP failures are actually temporary
Link: ZFS Storage Overhead
SELinux's problem of keeping up with general Linux development
2017-07-12: Understanding the .io TLD's DNS configuration vulnerability
Recursive DNS servers send the whole original query to authoritative servers
2017-07-11: The BSD r* commands and the history of privileged TCP ports
2017-07-10: Ubuntu's 'Daily Build' images aren't for us
2017-07-09: Why we're not currently interested in PXE-based Linux installs
2017-07-08: I wish you could easily update the packages on Ubuntu ISO images
2017-07-07: Programming Bourne shell scripts is tricky, with dim corners
2017-07-06: Link: Survey of [floating point] Rounding Implementations in Go
My current views on Shellcheck
2017-07-05: How I shot my foot because the Bourne shell is different
2017-07-04: LinkedIn is still trying to send me email despite years of rejections
2017-07-02: Re-applying CPU thermal paste fixed my CPU throttling issues
Moving to smaller fileservers for us probably means no more iSCSI SAN
2017-06-30: Our current generation fileservers have turned out to be too big
Why big Exim queues are a problem for us in practice
2017-06-29: The TLDs of sender addresses for a week of our spam (June 2017 edition)
2017-06-28: I don't think you should increase ZFS on Linux's write buffering
2017-06-26: Our MTAs should probably be able to create backpressure
2017-06-25: Thinking through issues a mail client may have with SMTP-time rejections
One tradeoff in email system design is who holds problematic email
2017-06-23: In praise of uBlock Origin's new 'element zapper' feature
Links: Git remote branches and Git's missing terminology (and more)
My situation with Twitter and my Firefox setup (in which I blame pseudo-XHTML)
2017-06-22: Why we're not running the current version of Django
2017-06-21: The oddity of CVE-2014-9940 and the problem of recognizing kernel security patches
2017-06-19: Plan for manual emergency blocks for your overall mail system
How I'm currently handling the mailing lists I read
2017-06-17: One reason you have a mysterious Unix file called 2 (or 1)
2017-06-16: Go interfaces and automatically generated functions
The (current) state of Firefox Nightly and old extensions
2017-06-15: Why I am not installing your app on my phone
2017-06-14: The difference between ZFS scrubs and resilvers
2017-06-12: Resilvering multiple disks at once in a ZFS pool adds no real extra overhead
2017-06-11: Why filing away mailing lists for a while has improved my life
How to see raw USB events on Linux via usbmon
2017-06-10: One downside of the traditional style of writing Unix manpages
2017-06-09: My .procmailrc has quietly sort of turned into a swamp
2017-06-08: In practice, putting SSDs into 3.5" drive bays is a big hassle
2017-06-06: A humbling experience of misreading some simple (Go) code
The IPv6 address lookup problem (and brute force solution)
2017-06-05: Another case of someone being too clever in their User-Agent field
2017-06-04: Link: The evolution of Unix's overall architecture
Why the popen() API works but more complex versions blow up
2017-06-03: The Python Gilectomy project's performance problem
2017-06-02: My views on the JSON Feed syndication feed format
2017-05-31: How a lot of specifications are often read
Why one git fetch default configuration bit is probably okay
2017-05-29: Configuring Git worktrees to limit what's fetched on pulls
2017-05-28: My thoughts on git worktrees for me (and some notes on things I tried)
Specifications are ultimately defined by their implementations
2017-05-26: Why globally unique IDs are useful for syndication feed entries
2017-05-25: Using Linux's Magic Sysrq on modern keyboards without a dedicated Syrq key
URLs are terrible permanent identifiers for things
2017-05-24: Exploiting Python's Global Interpreter Lock for atomic operations is fun
2017-05-22: Safely using Python's Global Interpreter Lock is quite tricky and subtle
2017-05-21: We use jQuery and I've stopped feeling ashamed about it
A 'null MX' is also useful for blocking forged senders from non-email domains
2017-05-20: We now have an officially standardized 'null MX' record
2017-05-19: I'm not sure what I feel about this web spider's User-Agent value
2017-05-18: A shift in the proper sizes of images on web pages
2017-05-17: Unfortunately I don't feel personally passionate about OmniOS
2017-05-15: Thinking about how much asynchronous disk write buffering you want
How we failed at making all our servers have SSD system disks
2017-05-14: People don't like changes (in computer stuff)
2017-05-13: People don't patch systems and that's all there is to it
2017-05-12: Where bootstrapping Go with a modern version of Go has gotten faster
2017-05-11: The challenges of recovering when unpacking archives with damage
2017-05-10: Building the Go compiler from source from scratch (on Unix)
2017-05-08: Some things I've decided to do to improve my breaks and vacations
2017-05-07: ZFS's zfs receive has no error recovery and what that implies
A mistake I made when setting up my ZFS SSD pool on my home machine
2017-05-05: The temptation of a Ryzen-based machine for my next office workstation
Digging into BSD's choice of Unix group for new directories and files
2017-05-04: My views on using LVM for your system disk and root filesystem
2017-05-03: Sometimes, chmod can fail for interesting reasons
2017-05-01: When a TLS client's certificate is offered to the TLS server
2017-04-30: Some more feelings on nondeterministic garbage collection
Do we want to standardize the size of our root filesystems on servers?
2017-04-29: Some versions of sort can easily sort IPv4 addresses into natural order
2017-04-28: Hardware RAID and the problem of (not) observing disk IO
2017-04-27: Understanding Git's model versus understanding its magic
2017-04-26: Coming to a better understanding of what git rebase does
2017-04-24: What we need from an Illumos-based distribution
Corebird and coming to a healthier relationship with Twitter
2017-04-23: How I rebased changes on top of other rebased changes in Git
2017-04-21: OmniOS's (suddenly) changed future and us
Link: Rob Landley's Linux Memory Management Frequently Asked Questions
A surprising reason grep may think a file is a binary file
2017-04-20: The big motivation for a separate /boot partition
2017-04-19: Some things on how PCs boot the old fashioned BIOS way
For me Chrome clearly wins over Firefox on Javascript-heavy websites
2017-04-17: Shrinking the partitions of a software RAID-1 swap partition
Link: Introduction to Certificate Transparency for Server Operators
What I mostly care about for speeding up our Python programs
2017-04-16: Migrating a separate /boot filesystem into the root filesystem
2017-04-14: Planning out a disk shuffle for my office workstation
Sometimes laziness doesn't pay off
2017-04-12: On today's web, a local Certificate Authority is fairly dangerous
Generating good modern self-signed TLS certificates in today's world
2017-04-10: How TLS certificates specify the hosts they're for
2017-04-09: A single .jar recognized as several types of malware at once
2017-04-08: Doing things the clever way in Exim ACLs by exploiting ACL message variables
Wayland is now the future of Unix graphics and GUIs
2017-04-07: Spammers probably aren't paying any particular attention to you
2017-04-05: Making your SMTP rejection messages be useful for you
Why the modern chown command uses a colon to separate the user and group
2017-04-03: Some DNSBL developments I've just heard about
Why modules raising core exceptions mostly hurts, not helps, your users
2017-04-02: The Spamhaus CSS includes more than dedicated spam ranges
2017-03-31: I quite like the simplification of having OpenSSH canonicalize hostnames
What I know about process virtual size versus RSS on Linux
2017-03-30: What top's SHR field means in quite modern Linux kernels
2017-03-29: The work of safely raising our local /etc/group line length limit
2017-03-28: What affects automatically removing old kernels on Ubuntu
2017-03-27: Link: The Unix Heritage Society now has the 8th, 9th, and 10th editions of Research Unix
We're probably going to upgrade our OmniOS servers by reinstalling them
2017-03-26: Your exposure from retaining Let's Encrypt account keys
2017-03-24: An odd and persistent year old phish spammer
2017-03-23: ARM servers had better just work if vendors want to sell very many
2017-03-22: Setting the root login's 'full name' to identify the machine that sent email
Making sure you can identify what machine sent you a status email
2017-03-20: Modern Linux kernel memory allocation rules for higher-order page requests
My theory on why Go's gofmt has wound up being accepted
2017-03-19: Using Firefox's userContent.css for website-specific fixes
2017-03-18: Part of why Python 3.5's await and async have some odd usage restrictions
2017-03-17: Overcommitting virtual memory is perfectly sensible
2017-03-16: How we can use yield from to implement coroutines
2017-03-15: Sorting out Python generator functions and yield from in my head
2017-03-13: OpenSSH's IdentityFile directive only ever adds identity files (as of 7.4)
What should it mean for a system call to time out?
2017-03-12: CSS, <pre>, and trailing whitespace lead to browser layout weirdness
2017-03-11: Your live web server probably has features you don't know about
2017-03-10: Malware is sometimes sent through organized, purchased infrastructure
2017-03-09: I wish you could whitelist kernel modules, instead of blacklisting them
2017-03-08: An AMD Ryzen is unlikely to be my next desktop's CPU
2017-03-06: Modern X Windows can be a very complicated environment
2017-03-05: Why I (as a sysadmin) reflexively dislike various remote file access tools for editors
2017-03-04: Should you add MX entries for hosts in your (public) DNS?
2017-03-03: Why exposing only blocking APIs are ultimately a bad idea
Some notes on ZFS per-user quotas and their interactions with NFS
2017-03-01: Cheap concurrency is an illusion (at least on Unix)
2017-02-28: Using Certificate Transparency to monitor your organization's TLS activity
2017-02-27: The conflict between wildcard TLS certificates and Certificate Transparency
2017-02-26: In Python, strings are infinitely recursively iterable
How recursively flattening a list raises a Python type question
2017-02-25: A single email message with quite a lot of different malware
2017-02-24: What an actual assessment of Ubuntu kernel security updates looks like
How ZFS bookmarks can work their magic with reasonable efficiency
2017-02-22: ZFS bookmarks and what they're good for
Sometimes it can be hard to tell one cause of failure from another
2017-02-20: Some notes on moving a software RAID-1 root filesystem around (to SSDs)
Some views on the Corebird Twitter client
2017-02-19: Using pup to deal with Twitter's increasing demand for Javascript
2017-02-17: robots.txt is a hint and a social contract between sites and web spiders
Sometimes, firmware updates can be a good thing to do
2017-02-16: Waiting for a specific wall-clock time in Unix
2017-02-15: Another risk of hardware RAID controllers is the manufacturer vanishing
2017-02-14: Does CR LF as a line ending cause extra problems with buffers?
2017-02-13: What file types we see inside singleton nested zipfiles in email
2017-02-12: I'm too much of a perfectionist about contributing to open source projects
2017-02-11: Different ways you can initialize a RAID-[567+] array
2017-02-10: Python won't (and can't) import native modules from zip archives
2017-02-09: Malware strains may go away sometimes, but they generally come back
2017-02-08: How to see and flush the Linux kernel NFS server's authentication cache
2017-02-06: Systemd's slowly but steadily increased idealism about the world
Our advantage in reliable backups is that we get restore requests
2017-02-05: Systemd should be better than it is, but it is still our best init system
2017-02-04: My views on X (Windows)
2017-02-03: What it's sensible to use a bunch of Unix swap space for
2017-02-02: Link: Four Column ASCII
Sometimes you get lucky and apparently dead disks come back to life
2017-01-31: Email attachments of singleton nested zipfiles are suspicious
2017-01-30: Why having CR LF as your line ending is a mistake
How you can abruptly lose your filesystem on a software RAID mirror
2017-01-29: How Unix erases things when you type a backspace while entering text
2017-01-28: What we still use ASCII CR for today (on Unix)
2017-01-27: Conversations, conversational units, and Twitter
2017-01-26: Things that make Go channels expensive to implement
2017-01-25: I think docstrings in Python are for everything, not just public things
2017-01-23: Linux desktops and pre-packaged machines from big vendors
My still-mixed feelings about Python's docstrings
2017-01-22: An Ubuntu default Bash setup that irritates me, especially for root
2017-01-20: Why tiling window managers are not really for me (on the desktop)
Spam and virus filtering on email is a risk (although likely not a big one)
2017-01-19: Thinking about how to add some SSDs on my home machine
2017-01-18: Exim, IPv6, and hosts that MX to localhost
2017-01-17: Making my machine stay responsive when writing to USB drives
2017-01-16: Linux is terrible at handling IO to USB drives on my machine
2017-01-15: Link: Let's Stop Ascribing Meaning to Code Points
Some notes on 4K monitors and connecting to them
2017-01-14: My picks for mind-blowing Git features
2017-01-13: The ZFS pool history log that's used by 'zpool history' has a size limit
2017-01-12: Modern ad networks are why adblockers are so effective
2017-01-11: ZFS's potentially very useful 'zpool history -i' option
2017-01-10: Picking FreeType CJK fonts for xterm on a modern Linux system
2017-01-09: Making modern FreeType-using versions of xterm display CJK characters
2017-01-08: One downside of a queued IO model is memory consumption for idle connections
2017-01-07: How ready my Firefox extensions are for Firefox Electrolysis
2017-01-06: Web adblockers and the potential for recreating the Usenet killfile problem
2017-01-05: Mail submission by users versus by your machines
2017-01-04: Make sure that (system) email works on every machine
2017-01-02: Software should support configuring overall time limits
ZFS may panic your system if you have an exceptionally slow IO
2016-12-31: I wish new editors thought about their overall ecology too
Ubuntu's AppArmor system is reasonably and pleasantly non-obnoxious
2016-12-30: A few useful standard readline bindings
2016-12-29: One reason why Go's increment and decrement statements are good to have
2016-12-28: The HTML IMG attributes and styling that I think I want
2016-12-26: A perhaps surprising consequence of Requires dependencies in systemd
Some new-to-me Vim motion commands that I want to try to remember
2016-12-25: What can be going on with your custom management commands in Django 1.10
2016-12-24: I should stop reading some mailing lists during breaks and vacations
2016-12-23: Why the gosimple program is great
2016-12-22: Malware is definitely out there and it's targeting us specifically
2016-12-21: An important little detail of our ZFS spares setup
2016-12-20: In praise of zpool history
2016-12-19: Don't assume you can renew TLS certificates whenever you want to
The great thing about using Let's Encrypt is the automation
2016-12-18: People may be accepting that security questions are a bad idea
2016-12-17: Some conference spammers mutate to show they're definitely spammers
2016-12-15: I now think you should have lots of Let's Encrypt accounts
Understanding the Let's Encrypt authorization process
2016-12-14: Vi, movement commands, efficiency, and me
2016-12-12: Some of my views on Naftali Harris's 'Python 2.8'
Realizing that I'm not actively attracted to FreeBSD for my desktop
2016-12-11: Fedora has become something you can't run if security matters much
2016-12-10: My view of using a docked laptop as my main machine
2016-12-09: It's a good idea to test your spare disks every so often
2016-12-08: Trailing text, a subtle gotcha with Go's fmt.Sscanf
2016-12-07: One reason why user namespaces keep enabling Linux kernel security issues
2016-12-05: My RPM build setup no longer works on Fedora for some packages
One advantage of 'self-hosted' languages
2016-12-04: Terminals are not enough (personal edition)
2016-12-03: One reason why rogue wireless access points are a bigger risk at universities
2016-12-02: IPv6, point to point links, and subnet lengths
2016-11-30: I suspect that lots of IPv6 hosts won't have reverse DNS
Terminals are not enough (sysadmin version)
2016-11-28: Some thoughts about options for light Unix laptops
Some impressions after a brief exposure to a Dell Chromebook 13
2016-11-27: The Chromebook login problem
2016-11-26: What I did to set up IPv6 on my wireless network so it really worked
2016-11-25: Why we don't and can't use the pam_exec PAM module
2016-11-23: Sometimes a little change winds up setting off a large cascade of things
We may have seen a ZFS checksum error be an early signal for later disk failure
2016-11-21: Link: RFC 6919: Further Key Words for Use in RFCs to Indicate Requirement Levels
What I'd like in Illumos/OmniOS: progressive crash dumps
I've wound up feeling tentatively enthusiastic about Python 3
2016-11-20: Is it time to not have platform-dependent integer types in languages?
2016-11-19: Why I don't think subscription-based charging gets you stability
2016-11-18: Unix shells and the problem of too-smart autocompletion
2016-11-17: Link: Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms
The somewhat odd subject of Django versus Python
2016-11-16: Go's arbitrary-precision constants and cross compilation
2016-11-14: Open source and the problem of pure maintenance
2016-11-13: Why I believe native apps are not doomed by progressive web apps
Modern shells and running shell scripts while seteuid
2016-11-11: My view on accepting bounces and replies to your email
Yahoo Groups slides further down the spam source slope
2016-11-09: Getting a Yubikey 4 working on Ubuntu 14.04 LTS and other older Linuxes (in PIV mode)
I assume that it's always possible to compromise our security somehow
2016-11-08: Security often involves not doing things
2016-11-07: Why we have multiple wireless networks around here
The other reason why I've wound up not interested in firewall managers
2016-11-06: Admitting that I have have a non-simple firewall setup
2016-11-05: Web pages versus APIs, or my views on handling 'bad' requests
2016-11-04: Caution is a mistake in modern web servers and apps
2016-11-03: I suspect that browsers are not fully prepared for bad CAs
2016-11-01: Encouragingly, browsers have not backed down over WoSign
2016-10-31: DKMS kind of has a problem with its error messages
Link: Linux containers in 500 lines of code
Why I'm interested in nftables, the theoretical Linux iptables replacement
2016-10-30: How modern SSH key exchange provides (strong) protection against attacks
2016-10-29: More on SSH, public key authentication, and 'man in the middle' attacks
2016-10-28: How I set up a DHCP client for my backup Internet connection
2016-10-26: Why I'm unhappy with how Debian builds from source packages right now
What I'm doing to use a Yubikey in Fedora 24's Cinnamon desktop environment
2016-10-24: On classifying phish spam as malware, an update
How I've wound up being one of the people who don't update IoT firmware
2016-10-23: I should keep a released version of the Go compiler suite
2016-10-22: The shutdown program on a modern systemd-based Linux system
2016-10-21: The shutdown command is a relic of BSD's historical origins
2016-10-20: I like the Python 3 string .translate() method
2016-10-19: Writing in Python 3 has been a positive experience so far
2016-10-17: Making my Yubikey work reasonably with my X screen locking
2016-10-16: Why we care about long uptimes
How I managed to shoot myself in the foot with my local DNS resolver
2016-10-15: ZFS's 'panic on on-disk corruption' behavior is a serious flaw
2016-10-14: Watch out for web server configurations that 'cross over' between sites
2016-10-13: How I've set up SSH keys on my Yubikey 4 (so far)
2016-10-12: I have yet to start using any smartphone two-factor authentication
2016-10-10: How and why the new iptables -w option is such a terrible fumble
The modern web is an unpredictable and strange place to develop for
2016-10-09: What I think I want out of CPU performance in a new PC
2016-10-08: I have a blind spot where it comes to using chmod's symbolic modes
2016-10-07: Why OmniOS boot environments don't solve our upgrade issues
2016-10-06: How we could update our iSCSI backends and why we probably won't
2016-10-05: Linux can be really stable under the right circumstances
2016-10-03: My take on Git rebasing versus cherry-picking
2016-10-02: Why I've put a Twitter client on my smartphone
The MyDoom worm is still out there
2016-09-30: Some git repository manipulations that I don't know how to do well
In search of modest scale structured syslog analysis
2016-09-29: Making systemd-networkd really skip trying IPv6 on your networks
2016-09-28: Why I switched to the rc shell
2016-09-27: Why we're going to switch from SunSSH to OpenSSH on our fileservers
2016-09-25: How I live without shell job control
A surprising benefit of command/program completion in my shell
2016-09-23: You probably want to start using the -w option with iptables
Git's selective commits plus Magit are a killer feature for me
2016-09-22: Why we've wound up without ZFS ZILs or L2ARCs on our pools
2016-09-20: Today I learned that you want to use strace -fp
2016-09-19: A surprise with switching to holding keys in ssh-agent
My view on spam and potential denial of service attacks on anti-spam systems
2016-09-18: A little shift in malware packaging that I got to watch
2016-09-17: What encoding the syslog module uses in Python 3
2016-09-16: A shell thing: globbing operators versus expansion operators
2016-09-15: What I did to set up IPv6 on my wireless network
2016-09-14: When iptables SNAT and routing happens, and how this is annoying
2016-09-13: I don't understand Linux iptables NAT as well as I should
2016-09-12: A bunch of my sysadmin work seems to be like gardening
2016-09-11: We're probably going to see a major Certificate Authority de-trusted
2016-09-10: Link: Actually using ed
Some notes on curating the set of CAs that Firefox trusts
2016-09-09: Someone's exploiting Google's account recovery system to send spam
2016-09-08: Why my smartphone is going to be an iPhone
2016-09-06: Modules should never raise core Python exceptions
2016-09-05: Using Magit to selectively discard changes in your git working tree
An argparse limitation with nargs="*" and choices=...
2016-09-04: What I want in Vim with the mouse (and why I don't think I can have it)
2016-09-03: Why semantic versioning is not going to solve all our problems
2016-09-02: Some thoughts on Python 3 module APIs and Unicode conversion errors
2016-08-31: Python 3 module APIs and the question of Unicode conversion errors
The various IDs of disks, filesystems, software RAID, LVM, et al in Linux
2016-08-30: Bourne's getopts sadly makes simple shell scripts more cluttered and verbose
2016-08-29: Phones and tablets are going to change what sort of passwords I use
2016-08-28: My logic of blocking certain sorts of attachments outright
2016-08-26: Why ZFS L2ARC is probably not a good fit for our setup
2016-08-25: The single editor myth(ology)
2016-08-24: Blindly trying to copy a web site these days is hazardous
more, less, and a story of typical Unix fossilization
2016-08-23: Link: File crash consistency and filesystems are hard
Link: Git from the inside out
2016-08-22: A belated realization about 'TLS suicide' and user CGIs et al
An interesting case of NFS traffic (probably) holding a ZFS snapshot busy
2016-08-21: My pragmatic decision on GNU Emacs versus vim for my programming
2016-08-19: My current Go autocompletion setup in GNU Emacs
Localhost is (sometimes) a network
2016-08-17: A surprising missing Unix command: waiting until a time is reached
2016-08-16: How you tell what signals a Linux process is ignoring
2016-08-15: My ambivalent view on Vim superintelligence, contrasted with GNU Emacs
Some options for reindenting (some of) my existing Python code
2016-08-14: Code alone can tell you the what but it cannot tell you why
2016-08-13: What I did to set up a wireless network and what I have left to do
2016-08-12: I think I'm going to shift my style of Python indentation
2016-08-10: Systemd has a problem with SATA disks behind port multipliers
A look into a future where things assume you have a smartphone
2016-08-08: I need more than one way to get on the Internet from home
2016-08-07: Why I like the sam editor
The harm that comes from ZFS not being GPL-compatible
2016-08-05: Free software licenses are social things, not just legal ones
It's likely worth re-detecting your system's sensor chips every so often
2016-08-03: Some malware that sends interesting fake mailing list messages
Containerization as the necessary end point of deployment automation
2016-08-01: My new key binding hack for xcape and dmenu
2016-07-31: I've become mostly indifferent to what language something is written in
(Not) changing the stop timeout for systemd login session scopes
2016-07-30: The perils of having an ancient $HOME (a yak shaving story)
2016-07-29: My surprise problem with considering a new PC: actually building it
2016-07-28: A bit about what we use DTrace for (and when)
2016-07-27: When 'simple' DNS blocklists work well for you
2016-07-25: An irritating systemd behavior when you tell it to reboot the system
I should learn more about Grub2
2016-07-24: My view on people who are assholes on the Internet
2016-07-23: My current set of Chrome extensions (as of July 2016)
2016-07-22: Ubuntu 16.04's irritatingly broken MySQL updates
2016-07-21: My current set of essential extensions for Firefox profiles
2016-07-20: Official source release builds should not abort on (compilation) warnings
2016-07-19: How not to set up your DNS (part 23)
An interesting (and alarming) Grub2 error and its cause
2016-07-17: A good solution to our Unbound caching problem that sadly won't work
DNS resolution cannot be segmented (and what I mean by that)
2016-07-16: A caching and zone refresh problem with Unbound
2016-07-15: Sudo and changes in security expectations (and user behaviors)
2016-07-14: Your C compiler's optimizer can make your bad programs compile
2016-07-13: Our central web server, Apache, and slow downloads
2016-07-12: How we do MIME attachment type logging with Exim
2016-07-11: Why Python can't have a full equivalent of Go's gofmt
2016-07-10: Some options for logging attachment information in an Exim environment
2016-07-09: How Exim's ${run ...} string expansion operator does quoting
2016-07-08: Some notes on UID and GID remapping in the Illumos/OmniOS NFS server
2016-07-06: Keeping around an index to the disk bays on our iSCSI backends
It turns out that viruses do try to conceal their ZIP files
2016-07-04: A feature I wish the Linux NFS client had: remapping UIDs and GIDs
2016-07-03: An irritating little bug in the latest GNU Emacs Python autoindent code
2016-07-02: cal's unfortunate problem with argument handling
2016-07-01: How backwards compatibility causes us pain with our IMAP servers
2016-06-30: Some advantages of using argparse to handle arguments as well as options
What makes a email MIME part an attachment?
2016-06-29: Modern DNS servers (especially resolvers) should have query logging
2016-06-27: Today's lesson on the value of commenting your configuration settings
If you send email, don't expect people to help you with abuse handling
2016-06-26: How not to maintain your DNS (part 22)
2016-06-25: What Python 3 versions Django supports, and when this changes
2016-06-24: Our new plan for creating our periodic long term backups
2016-06-22: I need to cultivate some new coding habits for Python 3 ready code
Moving from Python 2 to Python 3 calls for a code inventory
2016-06-20: A tiny systemd convenience: it can reboot the system from RAM alone
2016-06-19: A lesson to myself: know your emergency contact numbers
Why ZFS can't really allow you to add disks to raidz vdevs
2016-06-18: It's easier to shrink RAID disk volumes than to reshape them
2016-06-17: Why you can't remove a device from a ZFS pool to shrink it
2016-06-15: How (some) syndication feed readers deal with HTTP to HTTPS redirections
ZFS on Linux has just fixed a long standing little annoyance
2016-06-14: Some notes on how xdg-open picks which web browser to use
How xdg-mime searches for MIME type handlers (more or less)
2016-06-12: There are (at least) two sorts of DNS blocklists
Some notes on adding exposed statistics to a (Go) program
2016-06-11: I accept that someday I'll give up MH and move to IMAP mail clients
2016-06-10: An email mistake I've made as a long-term university sysadmin
2016-06-09: My concern about the potential dominance of the mobile web
2016-06-08: How dominant is the mobile web (versus the desktop web)?
2016-06-06: My views of Windows 10 (from the outside)
I work in what is increasingly a pretty different sysadmin environment
2016-06-05: My approach for inspecting Go error values
2016-06-04: The (Unix) shell is not just for running programs
2016-06-03: One thing that makes the Bourne shell an odd language
2016-06-02: Spammers can abandon SMTP connections not infrequently
2016-05-31: Understanding the modern view of security
2016-05-30: The browser security dilemma
'Command line text editor' is not the same as 'terminal-based text editor'
2016-05-29: What does 'success' mean for a research operating system?
2016-05-28: A problem with using old OmniOS versions: disconnection from the community
2016-05-27: Your overall anti-spam system should have manual emergency blocks
2016-05-26: Why SELinux is inherently complex
2016-05-25: SELinux is beyond saving at this point
2016-05-23: How fast fileserver failover could matter to us
2016-05-22: Our problem with OmniOS upgrades: we'll probably never do any more
My view of Barracuda's public DNSBL
2016-05-21: Please stop the Python 2 security scaremongering
2016-05-20: Some notes on abusing the pexpect Python module
2016-05-19: Some basic data on the hit rate of the Spamhaus DBL here
2016-05-18: Go does not have atomic variables, only atomic access to variables
2016-05-16: A quick trick: using Go structs to create namespaces
Discovering my personal limit on how much I care about security
2016-05-15: It's time for me to upgrade my filtering HTTP proxy
2016-05-14: IPv6 is the future of the Internet
2016-05-13: You can call bind() on outgoing sockets, but you don't want to
2016-05-11: We're never going to be able to have everyone use two factor authentication
The difference between 'Delete' and 'Destroy' in X window managers
2016-05-09: An Apache trick: using directories to create redirections
You can't use expvar.Func to expose a bunch of expvar types
2016-05-08: Issues in fair share scheduling of RAM via resident set sizes
2016-05-07: 'Fair share' scheduling pretty much requires a dynamic situation
2016-05-06: A weird little Firefox glitch with cut and paste
2016-05-04: My annoyance with Chrome's cut and paste support under X
The better way to clear SMART disk complaints, with safety provided by ZFS
2016-05-02: How I think you set up fair share scheduling under systemd
The state of supporting many groups over NFS v3 in various Unixes
2016-04-30: I should keep and check notes even on my own little problems
A story of the gradual evolution of network speeds without me noticing
2016-04-29: You should plan for your anti-spam scanner malfunctioning someday
2016-04-28: You should probably track what types of files your users get in email
2016-04-26: How 'there are no technical solutions to social problems' is wrong
Bad slide navigation on the web and understanding why it's bad
2016-04-25: Why you mostly don't want to do in-place Linux version upgrades
2016-04-24: Why we have CentOS machines as well as Ubuntu ones
2016-04-23: Why I think Illumos/OmniOS uses PCI subsystem IDs
2016-04-22: What Illumos/OmniOS PCI device names seem to mean
2016-04-20: A brief review of the HP three button USB optical mouse
How to get Unbound to selectively add or override DNS records
2016-04-19: Today's odd spammer behavior for sender addresses
2016-04-18: Why your Apache should have mod_status configured somewhere
2016-04-17: Why Unix needs a standard way to deal with the file durability problem
2016-04-16: Why I think Let's Encrypt won't be a threat to commercial CAs for now
2016-04-15: Unbound illustrates the Unix manpage mistake with its ratelimits documentation
2016-04-14: Unix's file durability problem
2016-04-13: How I'm trying to do durable disk writes here on Wandering Thoughts
2016-04-12: There's a spectrum of 'pets versus cattle' in servers
2016-04-11: Why I don't use HTTP Key Pinning and I'm not likely to any time soon
2016-04-10: SPF is not a security feature, as it solves the wrong problem
2016-04-09: Why your Ubuntu server stalls a while on boot if networking has problems
2016-04-08: How to shoot yourself in the foot with /etc/network/interfaces on Ubuntu
2016-04-06: What is behind Unix's 'Text file is busy' error
How options in my programs conflict, and where argparse falls short
2016-04-05: Some notes on Go's expvar package
2016-04-04: The three types of challenges that Let's Encrypt currently supports
2016-04-03: Let's Encrypt certificates can be used for more than HTTPS
2016-04-01: A surprise to watch out for with Go's expvar package (in expvar.Var)
2016-03-31: My initial experience of using NSD as a simple authoritative DNS server
2016-03-30: I've now used Python's argparse module and I like it
My view of Debian's behavior on package upgrades with new dependencies
2016-03-28: An awkward confession and what we should do about it
Why I don't think upgrading servers would save us much power
2016-03-27: The limits of open source with Illumos and OmniOS
2016-03-26: The sensible update for my vintage 2011 home machine
2016-03-25: There's a relationship between server utilization and server lifetime
2016-03-23: How old our servers are (as of 2016)
Wayland and graphics card uncertainty
2016-03-21: Current PC technology churn that makes me reluctant to think about a new PC
When you want non-mutating methods in Go
2016-03-20: What broad hit rate the Spamhaus DBL might get for us
2016-03-18: The Spamhaus DBL does get hits even with basic checks
Some things I believe about importance and web page design
2016-03-16: How 'from module import ...' is not doing what you may expect
I wish I could split up code more easily in Python
2016-03-14: An additional small detail of how writes work on ZFS raidzN pools
How RPM handles configuration files, both technically and socially
2016-03-13: I've started using the Firefox addon Self-Destructing Cookies for some stuff
2016-03-11: Why it's irritating when Ubuntu packages don't include their configuration files
I need to use getopts sooner (and more often) in Bourne shell scripts
2016-03-09: A sensible surprise (to me) in the Bourne shell's expansion of "$@"
Some thoughts on ways of choosing what TLS ciphers to support
2016-03-07: Why it makes sense for true and false to ignore their arguments
Apt-get and its irritating lack of easy selective upgrades
2016-03-06: Firefox addons seem unfortunately prone to memory leaks
2016-03-05: What happens when a modern Linux system boots without /bin/sh
2016-03-04: Some notes on supporting readline (tab) completion in your Python program
2016-03-03: My views on clients for Lets Encrypt
2016-03-02: Some notes on OpenSSH's optional hostname canonicalization
2016-02-29: Turning over a rock on some weird HTTP requests to our web server
Sometimes, doing a bunch of programming can be the right answer
2016-02-28: The status of null-sender spam from outlook.com
2016-02-27: Link: A Short History Of Removable Media Behind The Iron Curtain
Sometimes brute force is the answer, Samba edition
2016-02-26: Our problem with iSCSI connections at boot on OmniOS
2016-02-24: Mozilla, Symantec, SHA-1 certificates, and the balance of power
I'm often an iterative and experimental programmer
2016-02-22: We've permanently disabled overlayfs on our servers
The university's coordination problem
2016-02-21: Why the Ubuntu package update process makes me irritated
2016-02-20: My two usage cases for Let's Encrypt certificates
2016-02-19: We can't use Let's Encrypt on our production systems right now
2016-02-18: Two models of dealing with cookies in Firefox with addons
2016-02-17: The many load averages of Unix(es)
2016-02-16: Whether or not to use cgo for Go packages, illustrated in a dilemma
2016-02-15: SMTP submission ratelimits should have delays too
2016-02-14: Your outgoing mail system should have a per-sender stop switch
2016-02-12: We need to deploy anti-spam precautions even if they're a bit imperfect
Adding a new template filter in Django 1.9, and a template tag annoyance
2016-02-11: My current views on using OpenSSH with CA-based host and user authentication
2016-02-10: The fundamental practical problem with the Certificate Authority model
2016-02-08: Old Unix filesystems and byte order
Clearing SMART disk complaints, with safety provided by ZFS
2016-02-07: Your SSH keys are a (potential) information leak
2016-02-06: You can have many matching stanzas in your ssh_config
2016-02-05: Some notes on SMF manifests (on OmniOS) and what goes in them
2016-02-03: Django, the timesince template filter, and non-breaking spaces
You aren't entitled to good errors from someone else's web app
2016-02-02: A justification for some odd Linux ARP behavior
2016-01-31: One thing I don't like about Fedora is slow security updates
The tradeoffs of having ssh-agent hold all of your SSH keys
2016-01-30: Some good practices for handling OpenSSH keypairs
2016-01-29: What SSH identities will be offered to a remote server and when
2016-01-28: Modern Django makes me repeat myself in the name of something
2016-01-26: Why my home backup situation is currently a bit awkward
Low level issues can have quite odd high level symptoms (again)
2016-01-25: A Python wish: an easy, widely supported way to turn a path into a module
2016-01-24: Hostile HTTPS interception on the modern web is now increasingly costly and risky
2016-01-22: Browsers are increasingly willing to say no to users over HTTPS issues
Memory-safe languages and reading very sensitive files
2016-01-21: One example of why I like ZFS on Linux
2016-01-20: Illumos's ZFS prefetching has recently become less superintelligent than it used to be
2016-01-18: Today I learned that a syslog server can be very silent on the network
A limitation of tcpdump is that you can't tell in from out
2016-01-17: My theory on how network loop caused the problem we observed
2016-01-15: Network loops can have weird effects (at least sometimes)
Things I learned from OpenSSH about reading very sensitive files
2016-01-13: What I want out of backups for my home machine (in the abstract)
Your system's performance is generally built up in layers
2016-01-11: The drawback of setting an explicit mount point for ZFS filesystems
The benefits of flexible space usage in filesystems
2016-01-10: Updating software to IPv6 is often harder than you might think
2016-01-09: The convenience of having keyboard controls for sound volume
2016-01-08: Getting to watch a significant spam campaign recently
2016-01-07: The format of strings in early (pre-C) Unix
2016-01-06: A fun Bash buffering bug (apparently on Linux only)
2016-01-05: Illumos's problem with its VCS commit messages
2016-01-04: How I do per-address blocklists with Exim
2016-01-03: One anti-spam thing I like is per-person (or per-address) blocklists
2016-01-02: I've realized I need to change how I read Twitter
2015-12-31: A defense of C's null-terminated strings
How I've wound up taking my notes
2015-12-30: Some notes on entering unusual characters in various X applications
2015-12-29: Take notes when (and as) you do things and keep them
2015-12-28: The limits of what ZFS scrubs check
2015-12-27: A confession: I find rejecting spam at SMTP time to be more satisfying
2015-12-26: Adjusting mouse sensitivity on Linux, and why you might want to
2015-12-25: I like Magit, the GNU Emacs package for Git
2015-12-24: There is a surprising amount of old SSL code in running MTAs
2015-12-23: Where cryptographic hashes come into TLS certificates
2015-12-21: Some opinions on how package systems should allow you to pin versions
The Apache mod_qos module worked for us
2015-12-20: There are three places spam filtering can happen these days
2015-12-18: A fun tale of network troubleshooting involving VLANs and MACs
Some things about the XSettings system
2015-12-17: Fixing the GTK UI font in my Fedora 23 setup
2015-12-16: I just had another smooth Fedora version upgrade with ZFS on Linux
2015-12-14: Some things that force Go to call the C library for name resolution on Linux
Getting xterm and modern X applications to do cut and paste together
2015-12-13: I still believe in shimming modules for tests
2015-12-12: My views on the choice of Linux distribution
2015-12-11: The ArchLinux wiki has quietly become a good resource for me
2015-12-09: Goroutines, network IO streams, and the resulting synchronization problem
A surprise about cryptographic signatures
2015-12-07: What I like web templating languages for
The old-fashioned and modern ways to remap keys in X (some notes)
2015-12-06: The (peculiar) freedom of having a slow language
2015-12-05: The details behind zpool list's new fragmentation percentage
2015-12-04: One limit to how much TLS can do for you against MITM attacks
2015-12-02: What zpool list's new FRAG fragmentation percentage means
2015-12-01: Red Hat has really doubled down on being email spammers
2015-11-30: My current dilemma: is it worth putting the root filesystem on a SSD
A new piece of my environment: xcape, an X modifier key modifier
2015-11-29: My feelings about my mechanical mini keyboard
2015-11-27: Documentation should explain why things are security issues, at least briefly
A thought on the apparent popularity of new static typing languages
2015-11-26: Some notes on Apache's suexec
2015-11-25: Why speeding up (C)Python matters
2015-11-23: PC laptop and desktop vendors are now clearly hostile parties
Why I care about how fast CPython is
2015-11-22: I should find some good small packages for templates and forms for CGIs
2015-11-21: What I think I want out of autocompletion in GNU Emacs (for Go coding)
2015-11-20: What modern version control systems are
2015-11-18: VCS bisection steps should always be reversible
Increasingly, I no longer solidly and fully know Python
2015-11-16: On public areas on the Net and conversations therein
The problems with creating a new template language
2015-11-15: I should remember that I can cast things in Go
2015-11-14: ZFS pool import needs much better error messages
2015-11-13: We killed off our SunSolve email contact address yesterday
2015-11-12: Don't have support registrations in the name of a specific sysadmin
2015-11-11: No new web templating languages; use an existing one
2015-11-10: Why I spent a lot of time agonizing over an error message recently
2015-11-09: What sysadmins want out of logging means that it can't be too simple
2015-11-08: The great Delete versus Backspace split
2015-11-07: Why I (still) care about SELinux and its flaws
2015-11-06: Revisiting a bit of my X keymapping history
2015-11-04: SELinux's usability, illustrated once again
Outlook.com now has collected some SBL listings
2015-11-02: When setting up per-thing email addresses, make sure you can turn them off
Status reporting commands should have script-oriented output too
2015-10-31: One advantage of System V is that it was available
In practice, anything involving the JVM is often a heavyweight thing
2015-10-30: My discovery that the USB mouse polling rate matters
2015-10-29: USB mouse polling rates under Linux
2015-10-28: System V was kind of backwards for a long time
2015-10-27: Some theories about what spammers get out of using null sender addresses
2015-10-26: The null sender spammers now seem to be entrenched on outlook.com
2015-10-25: More on chroot()'s history, and my blind spot about System III
2015-10-24: How my PS/2 to USB conversion issues have shaken out
2015-10-23: Perhaps it's a good idea to reboot everything periodically
2015-10-22: CPython's trust of bytecode is not a security problem
2015-10-21: Python bytecode is quite heavily trusted by CPython
2015-10-20: Why I never tell people how I voted
2015-10-19: Installing and pinning specific versions of OmniOS packages
2015-10-18: In Go, unsafe.Pointer is a built in type in the compiler
2015-10-17: Do generic stock servers have a future in a cloud world?
2015-10-16: Inside a Go 'terrible hack' in the reflect package
2015-10-15: Some notes on finding package versions in OmniOS with pkg
2015-10-14: OS installers should be easy to open up and modify
2015-10-13: Why I've come to really like git
2015-10-12: Why we hold kernels and other packages on our Ubuntu machines
2015-10-11: Bad news about how we detect and recover from NFS server problems
2015-10-09: How much space ZFS reserves in your pools varies across versions
Our low-rent approach to verifying that NFS mounts are there
2015-10-08: Why you (probably) want to have blog categories (and topics and more)
2015-10-07: The irritation of all of the Ubuntu kernels you wind up with
2015-10-05: How many recent sender domains are in the Spamhaus DBL
I don't trust Linux distributions to leave directories alone
2015-10-04: There's no point in multiple system filesystems any more
2015-10-03: There are two approaches to disaster recovery plans
2015-10-02: What creates a good wikitext dialect depends on how it's going to be used
2015-09-30: There are good and bad wikitext dialects
Why I can't see IPv6 as a smooth or fast transition
2015-09-29: Maybe I should try to find another good mini keyboard
2015-09-28: On not having people split their time between different bosses
2015-09-27: Wikitext not having errors creates a backtracking problem
2015-09-26: I've decided I'll port DWiki to Python 3, but not any time soon
2015-09-25: Do we want to continue using a SAN in our future fileserver design?
2015-09-24: We're probably going to need new Linux iSCSI target software
2015-09-23: One thing I'm hoping for in our third generation fileservers
2015-09-22: The Go 'rolling errors' pattern, in function call form
2015-09-21: When chroot() started to confine processes inside the new root
2015-09-20: Spam from outlook.com has gotten worse (well, for me)
2015-09-19: Experimenting with Firefox's 'Reader' mode (or view)
2015-09-18: Modern Linux laptop suspending and screenlocking makes me twitch
2015-09-17: We know what you are
2015-09-16: There are two different scenarios for replacing disks in a RAID
2015-09-14: A caution about cgo's error returns for errno
Tweaking code when I'm faced with the urge to replace it entirely
2015-09-13: I should have started blocking web page elements well before now
2015-09-12: How NFS deals with the pending delete problem
2015-09-11: ZFS scrub rates, speeds, and how fast is fast
2015-09-10: Changing kernel tunables can drastically speed up ZFS scrubs
2015-09-09: Some notes on my experience using Go's cgo system
2015-09-08: How we disable accounts here (and why)
2015-09-07: Getting gocode based autocompletion working for Go in GNU Emacs
Why we wind up deleting user accounts
2015-09-06: Optimizing finding unowned files on our ZFS fileservers
2015-09-05: Why we aren't tempted to use ACLs on our Unix machines
2015-09-04: Consistency and durability in the context of filesystems
2015-09-03: How I've decided to coordinate multiple git repos for a single project
2015-09-02: Thinking about the different models of supplying computing
2015-08-31: CGo's Go string functions explained
Turning, well copying blobs of memory into Go structures
2015-08-30: Getting C-compatible structs in Go with and for cgo
2015-08-29: The mailing list thread to bug tracking system problem
2015-08-28: The somewhat surprising history of chroot()
2015-08-27: Some notes on using Solaris kstat(s) in a program
2015-08-26: Why I wind up writing my own (sysadmin) tools
2015-08-25: One view on practical blockers for IPv6 adoption
2015-08-24: PS/2 to USB converters are complex things with interesting faults
2015-08-23: I think you should get your TLS configuration advice from Mozilla
2015-08-21: What surprised me about the Python assignment puzzle
What's going on with a Python assignment puzzle
2015-08-20: Using abstract namespace Unix domain sockets and SO_PEERCRED in Python
2015-08-19: Linux's abstract namespace for Unix domain sockets
2015-08-17: Getting dd's skip and seek straight once and for all
Why languages like 'declare before use' for variables and functions
2015-08-16: My irritation with Intel's CPU segmentation (and why it probably exists)
2015-08-15: Spam scoring systems are often not deliberately designed
2015-08-14: My current views on using DomainKeys (DKIM) here
2015-08-13: Enabling services on package updates is a terrible mistake
2015-08-12: What common older versions of free are telling you
2015-08-11: What free is really telling you, and some bits from /proc/meminfo
2015-08-10: My irritation with 'systemctl status'
2015-08-09: One potential problem with cloud computing for us is the payment model
2015-08-08: The ARC now seems to work right in ZFS on Linux
2015-08-07: One thing I now really want in ZFS: faster scrubs (and resilvers)
2015-08-06: Two factor authentication and emergency access to systems
2015-08-05: What I want out of two factor authentication for my own use
2015-08-04: A lesson to myself: commit my local changes in little bits
2015-08-03: Running Fedora 22's dnf as a normal user versus as root
2015-08-02: My view on the potential death of the ad-supported web
2015-07-31: The future problem with Firefox's Electrolysis project
Ubuntu once again fails at a good kernel security update announcement
2015-07-29: My workflow for testing Github pull requests
A cynical view on needing SSDs in all your machines in the future
2015-07-28: Why I still report bugs
2015-07-27: Spammers mine everything, Github edition
2015-07-26: Why I increasingly think we're unlikely to ever use Docker
2015-07-25: Everything that does TLS should log the SSL parameters used
2015-07-24: Fedora 22's problem with my scroll wheel
2015-07-22: A modest little change I'd like to see in bug reporting systems
Some thoughts on log rolling with date extensions
2015-07-20: My brush with the increasing pervasiveness of smartphone GPS mapping
The OmniOS kernel can hold major amounts of unused memory for a long time
2015-07-19: 'Retail' versus 'wholesale' spam
2015-07-18: Some data on how long it is between fetches of my Atom feed
2015-07-17: Your standard input is a tty in a number of surprising cases
2015-07-15: Eating memory in Python the easy way
Mdb is so close to being a great tool for introspecting the kernel
2015-07-14: Don't support shortened versions of your domain names in email addresses
2015-07-13: My personal view of OpenBSD
2015-07-12: A Linux software RAID message flood
2015-07-11: OpenBSD and the impact of culture
2015-07-10: What SSH keys in your .ssh/config will be offered to servers
2015-07-09: When SSH needs you to decrypt your keys
2015-07-08: Making GTK applications in alternate locations, settings edition
2015-07-07: The Git 'commit local changes and rebase' experience is a winning one
2015-07-06: My Django form field validation and cleanup pain
2015-07-05: Sysadmin use of email is often necessarily more or less interrupt driven
2015-07-04: Googlebot and Feedfetcher are still aggressively grabbing syndication feeds
2015-07-03: Wandering Thoughts is now ten years old
Some notes on my 'commit local changes and rebase' Git workflow
2015-07-02: Some thoughts on Go compiler directives being in source comments
2015-06-30: My early impressions of Fedora 22, especially of DNF
The probable and prosaic explanation for a socket() API choice
2015-06-29: BSD Unix developed over more time than I usually think
2015-06-28: Faster SSDs matter to companies because they sell things
2015-06-27: The next (or coming) way to connect SSDs to your system
2015-06-26: The status of our problems with overloaded OmniOS NFS servers
2015-06-25: Multiple set matches with Linux's iptables 'ipset' extension
2015-06-24: I've finally turned SELinux fully off even on my laptop
2015-06-23: A Bash test limitation and the brute force way around it
2015-06-22: Modern *BSDs have a much better init system than I was expecting
2015-06-21: Why System V init's split scripts approach is better than classical BSD
2015-06-20: Thinking about people's SSD inflection points in general
2015-06-19: Sometimes looking into spam for a blog entry has unexpected benefits
2015-06-18: The cost of OmniOS not having /etc/cron.d
2015-06-17: Exploring the irritating thing about Python's .join()
2015-06-16: NFS writes and whether or not they're synchronous
2015-06-15: My view of NFS protocol versions
2015-06-14: What I plug into my home Linux machine as far as peripherals go
2015-06-12: My pragmatic view of HTTPS versus caching
Red Hat are marketing email spammers now (in the traditional way)
2015-06-11: HTTP should be dropped even as a pure Internet transport mechanism
2015-06-10: My pragmatic view on switching to HTTPS and TLS everywhere
2015-06-09: How I use virtual screens in my desktop environment
2015-06-08: Exceptions as aggregators of error handling
2015-06-07: You won't get people off Python 2 by making their lives worse
2015-06-06: The security danger of exploitable bugs in file format libraries
2015-06-05: My current views on Rust (the programming language)
2015-06-04: Linux evolution through de facto quiet standards
2015-06-03: What makes for a simple web application environment
2015-06-01: The problem with 'what is your data worth?'
2015-05-31: Unix has been bad before
My view of setting up sane web server application delegations
2015-05-30: What I'm doing in reaction to Logjam (for HTTPS, SSH, and IKE)
2015-05-29: I don't commit changes in my working repos
2015-05-28: I don't find Github pull requests an easy way to submit patches
2015-05-27: The impact on you of making 'bad' bug reports
2015-05-25: One of the problems with 'you should submit a patch'
Email providers cannot stop spam by scanning outgoing email
2015-05-24: A mod_wsgi problem with serving both HTTP and HTTPS from the same WSGI app
2015-05-23: The right way for your WSGI app to know if it's using HTTPS
2015-05-22: Unsurprisingly, Amazon is now running a mail spamming service
2015-05-21: It's time for me to stop using lighttpd
2015-05-20: On the modern web, ISPs are one of your threats
2015-05-19: Converting filesystems from ext3 to ext4, and concerns attached to it (plus bad news for me)
2015-05-17: Why I'm interested in converting my ext3 filesystems to ext4
A bit more on the ZFS delete queue and snapshots
2015-05-15: Your Illumos-based NFS fileserver may be 'leaking' deleted files
The ZFS delete queue: ZFS's solution to the pending delete problem
The pending delete problem for Unix filesystems
2015-05-14: In Go, you need to always make sure that your goroutines will finish
2015-05-13: Go goroutines as a way to capture and hold state
2015-05-12: It's time to stop coddling software that can't handle HTTPS URLs
2015-05-11: The problem with proportional fonts for editing code and related things
2015-05-10: Our mail submission system winds up handling two sorts of senders
2015-05-09: What addresses we accept and reject during mail submission
2015-05-08: Sometimes it's useful to have brute force handy: an amusing IPMI bug
2015-05-06: Why keeping output to 80 columns (or less) is still sensible
Unix's pipeline problem (okay, its problem with file redirection too)
2015-05-04: Monitoring tools should report timestamps (and what they're monitoring)
What I want to have in shell (filename) completion
2015-05-03: Sometimes knowing causes does you no good (and sensible uses of time)
2015-05-02: OmniOS as a NFS server has problems with sustained write loads
2015-04-30: I'm considering ways to mass-add URLs to Firefox's history database
Why I have a perpetual browser history
2015-04-29: The 'EHLO ylmf-pc' plague of SMTP authentication guessers
2015-04-28: There's no portable way to turn a file descriptor read only or write only
2015-04-27: The fading out of tcpwrappers and its idea
2015-04-26: My complicated feelings on abandoning old but good code
2015-04-25: I'm still running a twelve year old Python program
2015-04-24: A DKMS problem I had with lingering old versions
2015-04-23: Upgrading machines versus reinstalling them
2015-04-22: Don't make /opt a filesystem on OmniOS (or probably Illumos generally)
2015-04-20: I don't think I'm interested in containers
An interesting trick for handling line numbers in little languages
2015-04-19: A potential path to IPv6 (again), but probably not a realistic one today
2015-04-18: A core problem of IPv6 adoption is the lack of user benefits
2015-04-17: In practice, programmers mostly understand complexity by superstition
2015-04-16: Are Python dictionaries necessarily constant-time data structures?
2015-04-15: Illusory security is terrible and is worse than no security
2015-04-14: Allowing people to be in more than 16 groups with an OmniOS NFS server
2015-04-12: One speed limit on your ability to upgrade your systems
Spam victims don't care what business unit is responsible for the spam
2015-04-10: I wish systemd would get over its thing about syslog
My Firefox 37 extensions and addons (sort of)
2015-04-09: Probably why Fedora puts their release version in package release numbers
2015-04-08: Your entire download infrastructure needs to use HTTPS
2015-04-07: How Ubuntu and Fedora each do kernel packages
2015-04-06: What adblockers block
2015-04-05: A note on the argument about the 'morality' of adblockers
2015-04-04: An important note if you want to totally stop an IKE IPSec connection
A weird new IKE IPSec problem that I just had on Fedora 21's latest kernel
2015-04-03: Understanding the (original) meaning of Unix load average
2015-04-02: When the Unix load average was added to Unix
2015-03-31: Btrfs's mistake in limiting itself to two-way mirroring
2015-03-30: My preliminary views on mosh
The 'cattle' model for servers is only a good fit in certain situations
2015-03-29: SSH connection sharing and erratic networks
2015-03-28: All browsers need a (good) way to flush memorized HTTP redirects
2015-03-27: Looking more deeply into some SMTP authentication probes
2015-03-26: Why systemd should have ignored SysV init script LSB dependencies
2015-03-25: A significant amount of programming is done by superstition
2015-03-24: What is and isn't a bug in software
2015-03-23: Systemd is not fully backwards compatible with System V init scripts
2015-03-22: I now feel that Red Hat Enterprise 6 is okay (although not great)
2015-03-21: Spammers show up fast when you open up port 25 (at least sometimes)
2015-03-20: Unix's mistake with rm and directories
2015-03-19: A brief history of fiddling with Unix directories
2015-03-18: The real speed advantage static rendering has over dynamic rendering
2015-03-16: Solving our authenticated SMTP problem by rethinking it
Our difficulties with OmniOS upgrades
2015-03-15: The importance of user interface, illustrated by the Go flag package
2015-03-14: Using an automounter doesn't always help with bad NFS servers
2015-03-13: The puzzle of packets to your host that your host doesn't respond to
2015-03-12: My feelings about GRUB 1 versus GRUB 2
2015-03-11: The irritation of being told 'everyone who cares uses ECC RAM'
2015-03-10: Why installing packages is almost always going to be slow (today)
2015-03-09: I should document my test plans and their results
2015-03-08: Why ZFS's 'directory must be empty' mount restriction is sensible
2015-03-06: Our brute force solution for port isolation without port isolated switches
The simple way CPython does constant folding
2015-03-05: An interesting excursion with Python strings and is
2015-03-04: What creates inheritance?
2015-03-03: The latest xterm versions mangle $SHELL in annoying ways
2015-03-02: My view of the difference between 'pets' and 'cattle'
2015-02-28: Sometimes why we have singleton machines is that failover is hard
2015-02-27: Email from generic word domains is usually advance fee fraud spam
What limits how fast we can install machines
2015-02-25: My current issues with systemd's networkd in Fedora 21
My Linux container temptation: running other Linuxes
2015-02-24: How we do and document machine builds
2015-02-23: In shell programming, I should be more willing to write custom tools
2015-02-22: Unsurprisingly, random SMTP servers do get open relay probes
2015-02-21: It turns out that I routinely use some really old Linux binaries
2015-02-20: All of our Solaris 10 machines are now out of production
2015-02-19: Exploiting Python metaclasses to forbid subclassing and where it fails
2015-02-18: I wish Python didn't allow any callable to be a 'metaclass'
2015-02-17: Your example code should work and be error-free
2015-02-16: Web ads considered as a security exposure
2015-02-15: My current views on Firefox adblocker addons
2015-02-14: Planning ahead in documentation: kind of a war story
2015-02-13: The technical side of Python metaclasses (a pointer)
2015-02-11: Good technical writing is not characterless and bland
ZFS can apparently start NFS fileservice before boot finishes
2015-02-10: Our ZFS fileservers have a serious problem when pools hit quota limits
2015-02-09: 'Inbox zero' doesn't seem to work for me but it's still tempting
2015-02-08: The history of commercial Unix and my pragmatism
2015-02-07: Trying to move towards Ed25519 OpenSSH host keys: a stumbling block
2015-02-06: A thought on containerization, isolation, and deployment
2015-02-05: All of our important machines are pets and special snowflakes
2015-02-04: How our console server setup works
2015-02-03: Why we've wound up moving away from serial consoles on our machines
2015-02-02: Why people were enthused about gcc early on in its life
2015-01-31: The problem with punishing people over policy violations
Upgrades and support periods
2015-01-30: I've come to believe Django's way of defining database tables is wrong
2015-01-29: The practical result of OpenBSD's support policy
2015-01-28: A thought about social obligations to report bugs
2015-01-27: Our current email anti-virus system is probably ineffective now
2015-01-26: Some notes on keeping up with Go packages and commands
2015-01-25: The long term problem with ZFS on Linux is its license
2015-01-24: Web applications and generating alerts due to HTTP requests
2015-01-23: A problem with gnome-terminal in Fedora 21, and tracking it down
2015-01-22: How to set up static networking with systemd-networkd, or at least how I did
2015-01-21: Why I'm switching to systemd's networkd stuff for my networking
2015-01-19: A gotcha with Python tuples
Why user-hostile policies are a bad thing and a mistake
2015-01-18: Limited retention policies for email are user-hostile
2015-01-16: Node.js is not for me (and why)
Using systemd-run to limit something's RAM consumption on the fly
2015-01-15: Link: Against DNSSEC by Thomas Ptacek
General ZFS pool shrinking will likely be coming to Illumos
2015-01-14: What /etc/shells is and isn't
2015-01-13: Our tradeoffs on ZFS ZIL SLOG devices for pools
2015-01-12: I've now seen comment spam attempts from Tor exit nodes
2015-01-11: The effects of losing a ZFS ZIL SLOG device, as I understand them
2015-01-10: Autoplaying anything is a terrible decision, doubly so for video
2015-01-09: Why filesystems need to be where data is checksummed
2015-01-08: ZFS should be your choice today if you need an advanced filesystem on Unix
2015-01-07: Forwarding access to only a subset of ssh-agent's identities
2015-01-06: Choices filesystems make about checksums
2015-01-05: Today on Linux, ZFS is your only real choice for an advanced filesystem
2015-01-04: What makes a 'next generation' or 'advanced' modern filesystem, for me
2015-01-03: The effects of our fileserver multi-tenancy
2015-01-02: Where we have multi-tenancy in our fileserver environment
2014-12-31: I love Apache (well, like it at least)
A retrospective on my one Django web application
2014-12-30: Somewhat to my surprise, classical viruses by email are still a thing
2014-12-29: How I have partitioning et al set up for ZFS On Linux
2014-12-28: How I think DNSSec will have to be used in the real world
2014-12-27: My ZFS On Linux memory problem: competition from the page cache
2014-12-26: My experience with ZFS on Linux: it's worked pretty well for me
2014-12-25: DNSSec in the real world: my experience with DNSSec
2014-12-24: The security effects of tearing down my GRE tunnel on IPSec failure
2014-12-22: The future of OmniOS here if we can't get 10G-T working on it
Why Go's big virtual size for 64-bit programs makes sense
2014-12-21: A steady change in the source of blog comment spam attempts
2014-12-20: Unsurprisingly, laptops make bad to terrible desktops
2014-12-19: Our likely long road to working 10G-T on OmniOS
2014-12-17: The potential end of public clients at the university?
2014-12-16: Does having a separate daemon manager help system resilience?
2014-12-15: How a Firefox update just damaged practical security
Why your 64-bit Go programs may have a huge virtual size
2014-12-14: How init wound up as Unix's daemon manager
2014-12-13: There are two parts to making your code work with Python 3
2014-12-12: The bad side of systemd: two recent systemd failures
2014-12-10: What good kernel messages should be about and be like
How to delay your fileserver replacement project by six months or so
2014-12-09: Why I do unit tests from inside my modules, not outside them
2014-12-08: Why I don't believe in generic TLS terminator programs
2014-12-07: How we install Ubuntu machines here
2014-12-06: Browser addons can effectively create a new browser
2014-12-05: How security sensitive is information about your network architecture?
2014-12-04: Log retention versus log analysis, or really logs versus log analysis
2014-12-03: Security capabilities and reading process memory
2014-12-02: The unreasonable effectiveness of web crawlers
2014-11-30: You should keep your system logs for longer than you probably are
TLS versions in connections to my spam-catching sinkhole SMTP server
2014-11-29: Sometimes you need to turn things into small, readily solvable problems
2014-11-28: How I made IPSec IKE work for a point to point GRE tunnel on Fedora 20
2014-11-26: Using iptables to block traffic that's not protected by IPSec
Using go get alone is a bad way to keep track of interesting packages
2014-11-25: My Linux IPSec/VPN setup and requirements
2014-11-24: Delays on bad passwords considered harmful, accidental reboot edition
Using the SSH protocol as a secure transport protocol
2014-11-23: I'm happier ignoring the world of spam and anti-spam
2014-11-22: The effects of a moderate Hacker News link to here
2014-11-21: Lisp and data structures: one reason it hasn't attracted me
2014-11-20: Sometimes the way to solve a problem is to rethink the problem
2014-11-18: Finding free numbers in a range, crudely, with Unix tools
2014-11-17: Why I need a browser that's willing to accept bad TLS certificates
2014-11-16: We've started to decommission our Solaris 10 fileservers
States in a state machine aren't your only representation of state
2014-11-15: Our current problems with 10G Intel networking on OmniOS
2014-11-14: Sometimes there are drawbacks to replicating configuration files
2014-11-13: I want opportunistic, identity-less encryption on the Internet
2014-11-12: A wish: setting Python 3 to do no implicit Unicode conversions
2014-11-10: Why I don't have a real profile picture anywhere
What it took to get DWiki running under Python 3
2014-11-09: NFS hard mounts versus soft mounts
2014-11-07: What you're saying when you tell people to send in patches
Porting to Python 3 by updating to modern Python 2
2014-11-05: (Probably) Why Bash imports functions from the environment
The weakness of doing authentication over a side channel
2014-11-03: Hassles with getting our NFS mount authentication working on Linux
What I'm worried about with retina displays on Linux
2014-11-02: A drawback in how DWiki parses its wikitext
2014-10-31: With ZFS, rewriting a file in place might make you run out of space
A drawback to handling errors via exceptions
2014-10-29: Quick notes on the Linux iptables 'ipset' extension
Unnoticed nonportability in Bourne shell code (and elsewhere)
2014-10-28: My current somewhat tangled feelings on operator.attrgetter
2014-10-27: Practical security and automatic updates
2014-10-26: Things that can happen when (and as) your ZFS pool fills up
2014-10-25: The difference in available pool space between zfs list and zpool list
2014-10-24: In Go I've given up and I'm now using standard packages
2014-10-23: The clarity drawback of allowing comparison functions for sorting
2014-10-22: Exim's (log) identifiers are basically unique on a given machine
2014-10-20: Some numbers on our inbound and outbound TLS usage in SMTP
Revisiting Python's string concatenation optimization
2014-10-19: Vegeta, a tool for web server stress testing
2014-10-18: During your crisis, remember to look for anomalies
2014-10-17: My experience doing relatively low level X stuff in Go
2014-10-16: Don't use dd as a quick version of disk mirroring
2014-10-15: Why system administrators hate security researchers every so often
2014-10-14: Bashisms in #!/bin/sh scripts are not necessarily bugs
2014-10-13: System metrics need to be documented, not just to exist
2014-10-12: Phish spammers are apparently exploiting mailing list software
2014-10-11: Thinking about how to create flexible aggregations from causes
2014-10-10: Where your memory can be going with ZFS on Linux
2014-10-09: How /proc/slabinfo is not quite telling you what it looks like
2014-10-08: Simple web application environments and per-request state
2014-10-07: Why blocking writes are a good Unix API (on pipes and elsewhere)
2014-10-06: Why it's sensible for large writes to pipes to block
2014-10-05: Making bug reports is exhausting, frustrating, and stressful
2014-10-03: Why people are almost never going to be reporting bugs upstream
When using Illumos's lockstat, check the cumulative numbers too
2014-10-02: The problem with making bug reports about CentOS bugs
2014-09-30: NetworkManager and network device races
Don't split up error messages in your source code
2014-09-28: Learning a lesson about spam-related logging (again)
2014-09-27: Changing major version numbers does not fix compatibility issues
DWiki, Python 3, Python, and me
2014-09-26: The practical problems with simple web apps that work as HTTP servers
2014-09-25: Why CGI-BIN scripts are an attractive thing for many people
2014-09-24: One thing I've come to dislike about systemd
2014-09-22: Go is mostly easy to cross-compile (with notes)
Another side of my view of Python 3
2014-09-21: One reason why Go can have methods on nil pointers
2014-09-19: My view on using VLANs for security
What I mean by passive versus active init systems
2014-09-18: Ubuntu's packaging failure with mcelog in 14.04
2014-09-17: In praise of Solaris's pfiles command
2014-09-15: My collection of spam and the spread of SMTP TLS
I want my signed email to work a lot like SSH does
2014-09-14: My current hassles with Firefox, Flash, and (HTML5) video
2014-09-13: What can go wrong with polling for writability on blocking sockets
2014-09-12: How not to do IO multiplexing, as illustrated by Amanda
2014-09-10: The cause of our slow Amanda backups and our workaround
Does init actually need to do daemon supervision?
2014-09-08: What an init system needs to do in the abstract
2014-09-07: Systemd's fate will be decided by whether or not it works
The kernel should not generate messages at the behest of the Internet
2014-09-05: A DTrace script to help figure out what process IO is slow
Some uses for SIGSTOP and some cautions
2014-09-04: Some other benefits of using non-HTTP frontend to backend transports
2014-09-03: Why we don't want to do any NAT with IPv6
2014-09-01: An IPv6 dilemma for us: 'sandbox' machine DNS
2014-08-31: We don't believe in DHCP for (our) servers
The downside of expanding your storage through bigger disks
2014-08-30: How to change your dm-cache write mode on the fly in Linux
2014-08-29: A hazard of using synthetic data in tests, illustrated by me
2014-08-27: One reason why we have to do a major storage migration
The difference between Linux and FreeBSD boosters for me
2014-08-26: Why I don't like HTTP as a frontend to backend transport mechanism
2014-08-24: 10G Ethernet is a sea change for my assumptions
My spam is (mostly) boring
2014-08-23: Some notes on Python packaging stuff that wasn't obvious to me
2014-08-22: Where DTrace aggregates are handled for printing et al
2014-08-21: How data flows around on the client during an Amanda backup
2014-08-20: Explicit error checking and the broad exception catching problem
2014-08-18: An example of a subtle over-broad try in Python
The potential issue with Go's strings
2014-08-17: The challenges of diagnosing slow backups
2014-08-15: Caches should be safe by default
A consequence of NFS locking and unlocking not necessarily being fast
2014-08-13: Bind mounts with systemd and non-fstab filesystems
How you create a systemd .mount file for bind mounts
2014-08-11: Copying GPT partition tables from disk to disk
2014-08-10: The problem with self-contained 'application bundle' style packaging
What I want out of a Linux SSD disk cache layer
2014-08-09: Intel has screwed up their DC S3500 SSDs
2014-08-08: Hardware can be weird, Intel 10G-T X540-AT2 edition
2014-08-06: A peculiarity: I'm almost never logged in to websites
2014-08-05: Why LinkedIn's 'you must join to unsubscribe' is evil
Another piece of my environment: running commands on multiple machines
2014-08-04: Why our new SAN environment is separate from our old SAN environment
2014-08-03: Our second generation ZFS fileservers and their setup
2014-08-02: The benchmarking problems with potentially too-smart SSDs
2014-07-31: The temptation to rebuild my office machine with its data in ZFS on Linux
2014-07-30: Why I like ZFS in general
My view on FreeBSD versus Linux, primarily on the desktop
2014-07-28: FreeBSD, cultural bad blood, and me
2014-07-27: Go is still a young language
Save your test scripts and other test materials
2014-07-25: An interesting picky difference between Bourne shells
The OmniOS version of SSH is kind of slow for bulk transfers
2014-07-23: What influences SSH's bulk transfer speeds
One of SELinux's important limits
2014-07-21: What I know about the different types of SSH keys (and some opinions)
2014-07-20: The CBL has a real false positive problem
HTTPS should remain genuinely optional on the web
2014-07-19: Some consequences of widespread use of OCSP for HTTPS
2014-07-18: In practice, 10G-T today can be finicky
2014-07-16: My (somewhat silly) SSD dilemma
2014-07-15: A data point on how rapidly spammers pick up addresses from the web
2014-07-14: Unmounting recoverable stale NFS mounts on Linux
2014-07-13: An obvious reminder: disks can and do die abruptly
Early impressions of CentOS 7
2014-07-11: You want to turn console blanking off on your Linux servers
Some notes on bisecting a modified Firefox source base with Mercurial
2014-07-10: The core security problem of SSL on the web is too much trust
2014-07-09: What the differences are between Python bools and ints
2014-07-08: Exploring a surprise with equality in Python
Some thoughts on SAN long-term storage migration
2014-07-06: Goroutines versus other concurrency handling options in Go
The problem with filenames in IO exceptions and errors
2014-07-05: Another reason to use frameworks like Django
2014-07-04: An interesting Go concurrency bug that I inflicted on myself
2014-07-02: Bash is letting locales destroy shell scripting (at least on Linux)
Why Solaris's SMF is not a good init system
2014-07-01: An index of non-letter control characters
2014-06-30: Comparing RPM versions in the shell
My .screenrc
2014-06-29: The tradeoffs for us in a SAN versus disk servers
2014-06-27: A retrospective on our overall fileserver architecture et al
A retrospective on our Solaris ZFS-based NFS fileservers (part 2)
2014-06-25: A retrospective on our Solaris ZFS-based NFS fileservers (part 1)
How my new responsive design here works
2014-06-23: Python 3 has already succeeded in the long run
2014-06-22: Things I like about Go
I need some responsive website design around here
2014-06-21: Sometimes 'unsubscribing' does seem to reduce spam activity
2014-06-20: What Python versions I can use (June 2014 edition)
2014-06-19: Some notes on Go's godoc and what it formats how
2014-06-18: Would I be comfortable documenting our systems in some sort of public?
2014-06-16: My view: a wiki by itself will not solve your problems
2014-06-15: The web is social, and thus minor features can matter a lot
Weird spammer behavior: a non-relaying relay attempt
2014-06-14: I'm not very impressed with Ubuntu 14.04 LTS so far
2014-06-13: Undoing an errant 'git commit --amend'
2014-06-12: An init system has two jobs
2014-06-11: Some thoughts on testing parsers
2014-06-10: An irritating and interesting su change from Ubuntu 12.04 to 14.04
2014-06-09: A challenge in new languages: learning to design good APIs
2014-06-08: The fundamental problem that created su
2014-06-07: Some ways to do sleazy duck typing in Go (from a Python perspective)
2014-06-06: On the Internet, weirdness is generally uncommon
2014-06-05: SMTP's crazy address formats didn't come from nowhere
2014-06-04: Why I don't like SMTP command parameters
2014-06-03: My just-used Go logging idiom and why it is in fact wrong
2014-06-02: Vi's composability antecedent (or one of them)
2014-05-31: Wnen trying to unsubscribe from spam can be not completely crazy
One of my test based development imperfections: use driven testing
2014-05-30: In Go, sometimes a nil is not a nil
2014-05-29: The state of limits on how many groups you can be in (especially for NFS)
2014-05-28: Yahoo Groups has a bad spam problem and they don't care
2014-05-27: Some things for enumerated constants in Go
2014-05-25: Firefox, DRM, and reality
Computing has two versions of 'necessary'
2014-05-23: What ssh-agent does with multiple keys loaded
Why Java is a compiled language and Python is not
2014-05-22: Why Python uses bytecode (well, probably): it's simpler
2014-05-21: How I wish ZFS pool importing could work
2014-05-19: A building block of my environment: sps, a better tree-based process list
Why desktop Linuxes want you to reboot after updates
2014-05-18: What it would take to replace Firefox as my web browser
2014-05-17: The problem of encrypted SSH keys and screen
2014-05-16: Some notes from migrating towards encrypted SSH keys
2014-05-15: My personal and biased view of sudo versus su
2014-05-14: Modern mail forwarding is leaky
2014-05-13: The security model of sudo versus su
2014-05-12: The advantages of editors over database programs for modifying your data
2014-05-11: Why I don't use relational databases in practice
2014-05-09: Some uses for Python's 'named' form of string formatting
Operating systems cannot be hermetically sealed environments
2014-05-08: The modern world of spliced together multi-layer DNS resolution
2014-05-07: How I use Unbound on Fedora 20 to deal with the VPN DNS issue
2014-05-06: Another problem with building your own packages: dependency issues
2014-05-05: The power of meaningless identifiers
2014-05-04: How I set up my Firefox 29's UI
2014-05-03: My Firefox 29 extensions and addons
2014-05-02: An important addition to how ZFS deduplication works on the disk
2014-04-30: Failover versus sparing in theory and in practice
Backup systems, actual hosts, and logical hosts
2014-04-29: Static sites are stable sites
2014-04-28: How dynamic language code gets optimized
2014-04-27: Thoughts about Python classes as structures and optimization
2014-04-26: What I can see about how ZFS deduplication seems to work on disk
2014-04-25: A Unix semantics issue if your filesystem can snapshot arbitrary directories
2014-04-23: How Yahoo's and AOL's DMARC 'reject' policies affect us
At least partially understanding DMARC
2014-04-21: The question of language longevity for new languages
Thinking about how to split logging up in multiple categories et al
2014-04-20: A heresy about memorable passwords
2014-04-19: Cross-system NFS locking and unlocking is not necessarily fast
2014-04-18: What modern filesystems need from volume management
2014-04-17: Partly getting around NFS's concurrent write problem
2014-04-16: Where I feel that btrfs went wrong
2014-04-14: Chasing SSL certificate chains to build a chain file
My reactions to Python's warnings module
2014-04-13: A problem: handling warnings generated at low levels in your code
2014-04-11: The relationship between SSH, SSL, and the Heartbleed bug
What sort of kernel command line arguments Fedora 20's dracut seems to want
2014-04-10: My current choice of a performance metrics system and why I picked it
2014-04-09: Pragmatic reactions to a possible SSL private key compromise
2014-04-08: My goals for gathering performance metrics and statistics
2014-04-07: Giving in: pragmatic If-Modified-Since handling for Tiny Tiny RSS
2014-04-06: How not to generate If-Modified-Since headers for conditional GETs
2014-04-05: An important additional step when shifting software RAID mirrors around
2014-04-03: Shifting a software RAID mirror from disk to disk in modern Linux
The scariness of uncertainty
2014-04-02: I'm angry that ZFS still doesn't have an API
2014-03-31: I'm done with building tools around 'zpool status' output
Why I sometimes reject patches for my own software
2014-03-30: One of my worries: our spam filtering in the future
2014-03-28: Recovering from a drive failure on Fedora 20 with LVM on software RAID
How we wound up with a RFC 1918 IP address visible in our public DNS
2014-03-26: Why people keep creating new package managers
The DNS TTL problem
2014-03-24: The importance of having full remote consoles on crucial servers
Why I don't trust transitions to single-user mode
2014-03-23: Differences in URL and site layout between static and dynamic websites
2014-03-22: Avoiding reboots should not become a fetish
2014-03-21: Thinking about when rsync's incremental mode doesn't help
2014-03-20: Killing (almost) all processes on Linux is not recoverable
2014-03-19: Why I like ZFS's zfs send and zfs receive
2014-03-17: Simple versus complex marshalling in Python (and benchmarks)
Rebooting the system if init dies is a hack
2014-03-16: You don't have to reboot the system if init dies
2014-03-14: Guessing whether people will unsubscribe from your mailing lists
Logins and related things really do change, and for good reasons
2014-03-13: The argument about unbound methods versus functions
2014-03-11: How functions become bound or unbound methods
2014-03-10: The problem of conditional GET and caches for dynamic websites
2014-03-09: Solaris gives us a lesson in how not to write documentation
Why we don't change Unix login names for people
2014-03-08: Why I think 10G-T will be the dominant form of 10G Ethernet
2014-03-07: Coming to terms with D-Bus
2014-03-05: A bit more about the various levels of IPC: whether or not they're necessary
ZFS's problem with boot time magic
2014-03-03: The multiple levels of interprocess communication
2014-03-02: Googlebot is now aggressively crawling syndication feeds
Cool URL fragments don't change either
2014-02-28: Yet another problem with configuration by running commands
Arguments for explicit block delimiters in programming languages
2014-02-26: PCI slot based device names are not necessarily stable
Saying goodbye to the PHP pokers the easy way
2014-02-24: Nerving myself up to running experimental setups in production
The origins of DWiki and its drifting purpose
2014-02-23: The problem with indentation in programming languages
2014-02-22: A subtle advantage of generating absolute path URLs during HTML rendering
2014-02-21: You should segregate different traffic to different mailing lists
2014-02-19: Some rough things about the naming of SAS drives on Linux
The reasoning problem with describing things with a programming language
2014-02-18: People can always unsubscribe from your mailing lists
2014-02-17: File based engines and the awkward problem of special URLs
2014-02-16: Why comments aren't immediately visible on entries here
2014-02-14: 'Broken by design: systemd' is itself kind of broken
The good and bad of the System V init system
2014-02-13: Init's (historical) roles
2014-02-11: Why systemd is winning the init wars and other things aren't
2014-02-10: My dividing line between working remotely and working out of the office
2014-02-09: Why I want a solid ZFS implementation on Linux
Why I'm not looking at installing OmniOS via Kayak
2014-02-08: You cannot have just one network install server
2014-02-07: A followup to what sudo emails to ignore and not ignore
A surprise with OmniOS disk sizing: the rpool/dump ZVOL
2014-02-06: Some thoughts on what sudo emails to ignore and to not ignore
2014-02-05: An interesting internal Django error we just got
2014-02-03: The big attraction of SQLite
Technological progress and efficiency
2014-02-02: An illustration of the problem of noise
2014-01-31: Why I now believe that duck typed metaclasses are impossible in CPython
Linux has at least two ways that disks can die
2014-01-30: OmniOS (and by extension Illumos) is pretty much Solaris
2014-01-29: One cause of Linux's popularity among Unixes
2014-01-28: Building software packages yourself is generally a waste (why package selection matters)
2014-01-27: Things that affect how much support you get from a Linux distribution
2014-01-26: Why writing sysadmin tools in Go is getting attractive
2014-01-25: The origin of RCS (the version control system)
2014-01-24: Things I want to remember during a security incident
2014-01-22: Microsoft has become a spam emitter
Security is everyone's job (why Ruby is wrong about OpenSSL)
2014-01-21: Fake versus real metaclasses and what a fully functional metaclass is
2014-01-20: A thought about the popularity of server-side JavaScript
2014-01-19: Some thoughts on structured logging, especially in and for databases
2014-01-18: Your web application should have an audit log
2014-01-16: Link: Armin Ronacher's 'More About Unicode in Python 2 and 3'
Debian does not have long term support
2014-01-15: SELinux fails again (Fedora 20 edition)
Real support periods versus nominal official ones
2014-01-14: The problem with OmniOS's 'build your own' view for Perl and Python
2014-01-13: Sadly, we're moving away from Red Hat Enterprise Linux
2014-01-12: Why I don't want fully automated installs
2014-01-11: Why I am not enthused about Red Hat Enterprise 6
2014-01-10: An interesting recent spam run against one of my machines
2014-01-09: Using different sshd options for different origin hosts
2014-01-08: The good and bad of Linux's NetworkManager
2014-01-06: The problem with compiling your own version of Python 3
Some thoughts on blog front pages in the modern era
2014-01-05: Hard drives really do wear out, so you need a a hardware budget
2014-01-04: One aspect of partial versus full entries on blog front pages
2014-01-03: What determines Python 2's remaining lifetime?
2014-01-02: Python 3's core compatibility problem and decision
2013-12-31: Two uses of fmt
Reversing my view on Python 3 for new general code: avoid it
Link: Alex Gaynor's 'About Python 3'
2013-12-30: My growing entanglement into vi
2013-12-29: Broad thoughts on tags for blog entries
2013-12-28: The era of known top-level domains or valid TLD patterns is mostly over
2013-12-27: A reason to keep tags external in 'entry as file' blog engines
2013-12-26: How ZFS scrubs routinely save us
2013-12-25: Procedures are not documentation
2013-12-24: The 'entry as file' blog engine problem with tags
2013-12-23: A good reason to use write-intent bitmaps
2013-12-22: The benefits of using expendable email addresses for most things
2013-12-21: If you're using Linux's magic SysRq, increase the log level right away
2013-12-20: A realization: on the modern web, everything gets visited
2013-12-19: Your (HTML) template language should have conditionals
2013-12-18: Thinking about what we'll need for reproducible OmniOS installs
2013-12-17: You probably don't want to use Make to build your generated files
2013-12-16: My computers are increasingly sort of Internet terminals
2013-12-15: Making large selections in xterm (and urxvt and Gnome Terminal)
2013-12-14: Why I'm not likely to use Chrome much in the future
2013-12-13: Using cgroups to limit something's RAM consumption (a practical guide)
2013-12-12: Some observations from playing with PyPy on DWiki
2013-12-11: The problem with nondeterministic garbage collection
2013-12-10: My current view of PyPy
2013-12-09: Hardware is weird (disk enclosure edition)
2013-12-08: Sometimes the right thing to do is to stop (and even to give up)
2013-12-07: Things get weird with read-only NFS mounts and atime on Linux
2013-12-06: The three levels of read-only NFS mounts
2013-12-05: Some thoughts on a body of knowledge for system administration
2013-12-04: sudo is not an auditing mechanism
2013-12-03: The three faces of sudo
2013-12-02: What Go has become for me: Python with performance
2013-11-30: Why 'hotplug' approaches to device handling are the right way
The case of the disappearing ESATA disk
2013-11-29: How modern Linux software RAID arrays are assembled on boot (and otherwise)
2013-11-28: A quick analysis of bounces here
2013-11-27: The difference between CPython and Python
2013-11-25: From CPython bytecode up to function objects (in brief)
Track your disk failures
2013-11-24: Baidu's web spider ignores robots.txt (at least sometimes)
2013-11-23: You are not fooling us with broken bounce addresses
2013-11-22: My hack use for Chrome's Incognito mode
2013-11-20: test is surprisingly smart
The difference between no argument and an empty argument
2013-11-18: Why booting Linux from a ZFS root filesystem with GRUB can be hard
2013-11-17: The 10G Ethernet performance problem on Linux
Sending and receiving file descriptors in Python
2013-11-16: Unix getopt versus Google's getopt variant and why Unix getopt wins
2013-11-15: Professional knowledge, certification, and regulation
2013-11-14: One reason I like Go: it seems natural to avoid object churn
2013-11-13: The cost of expensive hardware and the benefit of hindsight
2013-11-11: Go's getopt problem
2013-11-10: Are those chassis fans actually still spinning?
My views on network booting as an alternative to system disks
2013-11-09: Google Feedfetcher is still fetching feeds and a User-Agent caution
2013-11-08: The spectrum of options when netbooting systems
2013-11-06: Why you might not want to use SSDs as system disks just yet
Modern versions of Unix are more adjustable than they used to be
2013-11-04: How writes work on ZFS raidzN pools, with implications for 4k disks
2013-11-03: Wikitext needs a better way of writing tables
Why we're switching to SSDs for system disks
2013-11-02: Revising our peculiar ZFS L2ARC trick
2013-10-31: Our likely future backend and fileserver hardware
Naming disk devices: drive IDs versus drive locations
2013-10-30: An open question: part uniformity versus unit cost
2013-10-28: If you're on the IPv4 Internet, you really are in public now
2013-10-27: Old and new addresses and spam
Some things I've learned from transitioning a website to HTTPS
2013-10-26: 10G Ethernet and network buffer sizes (at least on Linux)
2013-10-25: Modern disk write caches and how they get dealt with (a quick overview)
2013-10-24: How to force a disk write cache flush operation on Linux
2013-10-23: Paying for services is not necessarily enough
2013-10-21: NFS's problem with (concurrent) writes
Thinking about how I want to test disk IO on an iSCSI backend
2013-10-20: Thoughts inspired by the abstract idea of Docker-like things
2013-10-19: I should never have allowed 'outside' content to break my layout
2013-10-18: ZFS uberblock rollback and the top level metadata change rate
2013-10-17: There are two cases for changing SSL/TLS cipher settings
2013-10-16: Disused addresses and the impact of spam
2013-10-15: Why I'm not looking for any alternatives to iSCSI for us
2013-10-14: The importance of small UI tweaks (for me), dmenu edition
2013-10-13: Revisiting some bits of ZFS's ZIL with separate log devices
2013-10-11: Some pain points of parsing wikitext (and simplifications that avoid them)
How DWiki parses its wikitext (part 1)
2013-10-10: Sun's NeWS was a mistake, as are all toolkit-in-server windowing systems
2013-10-09: An interesting bug with module garbage collection in Python
2013-10-07: What happens when CPython deletes a module
2013-10-06: What reloading a Python module really does
The per-NFS-operation data for NFS mounts in /proc/self/mountstats
2013-10-05: The xprt: data for NFS mounts in /proc/self/mountstats
2013-10-04: The bytes and events data for NFS mounts in /proc/self/mountstats
2013-10-03: What is in /proc/self/mountstats for NFS mounts: an introduction
2013-10-02: What your User-Agent header should include and why
2013-09-30: Centralizing syslogs as an easy way to improve your environment
2013-09-29: Spammers illustrating, well, something
Universities and long term perspectives
2013-09-28: Why I put configuration management systems over packaging systems
2013-09-27: The long term future of any particular configuration management system
2013-09-26: Trying to explain my harshness on configuration management tools
2013-09-24: A semi-wish for an official 'null MX' standard
2013-09-23: The FTE pricing gamble (for vendors)
ZFS filesystem compression and quotas
2013-09-22: An example of optimizing C in the face of undefined behavior
2013-09-20: Nested conditional expressions in Python (and code golf)
2013-09-19: Processes waiting for NFS IO do show in Linux %iowait statistics
Load is a whole system phenomenon
2013-09-18: Reconsidering external disk enclosures versus disk servers
2013-09-17: The pain (or annoyance) of deploying a simple WSGI thing
2013-09-15: Regular expression performance and performance folklore
Identities, trust, and work
2013-09-14: A basic overview of SAS and using SATA with SAS
2013-09-13: Why I think dir() excludes metaclass methods
2013-09-12: I am not a (Unix) purist
2013-09-11: Understanding why CSRF protection really needs cookies
2013-09-09: Why the RPM source and binary package format is superior to Debian .debs
A slow realization: many of my dotfiles don't need to be dotfiles
2013-09-07: Why wiring things up physically instead of virtually is better for us
Good SSL for your website is absurdly difficult in practice
2013-09-06: Making switch configuration changes is not as easy as it looks
2013-09-05: The physical versus the virtual approach to network wiring
2013-09-04: What (and how) I use HTML tables for layout here
2013-09-02: The current weak areas of ZFS on Linux
A little bit more on ZFS RAIDZ read performance
2013-08-31: Simple availability doesn't capture timing and the amount of warning
HTML quoting as I currently understand it
2013-08-30: I'm done with feeling guilty about using HTML tables for layout
2013-08-29: A new piece of my environment: clearing the X selection
2013-08-28: I'm vaguely yearning for a simpler framework than Django
2013-08-26: An example GNU Readline quoting function
2013-08-25: On classifying phish spam as malware
Adding basic quoting to your use of GNU Readline
2013-08-24: My personal view of Fedora versus Ubuntu on the desktop
2013-08-23: Looking at how many viruses we've seen in email recently
2013-08-22: I've changed my thinking about redundant power supplies
2013-08-21: Disk enclosures versus 'all in one case' designs
2013-08-20: The challenge for ARM servers, at least here
2013-08-19: My views on various bits of disk drive technology today
2013-08-16: SSDs may make ZFS raidz viable for general use
A peculiar use of ZFS L2ARC that we're planning
Funding and the size of hardware you want to buy
2013-08-15: My understanding of modern C undefined behavior and its effects
2013-08-14: The pragmatics of an HTTP to HTTPS transition
2013-08-13: You should convert wikitext to HTML through an AST
2013-08-11: The feature (or features) I really want added to xterm
Multi-mount protection and SAN failover
2013-08-10: The importance of names, illustrated through my mistake
2013-08-09: Link: My current dmenu changes
2013-08-08: How to accidentally reboot a server
My Cinnamon desktop customizations
2013-08-07: Understanding how generators help asynchronous programming
2013-08-05: Who or what your website is for and more on HTTP errors
2013-08-04: What's changed in Unix networking in the last decade or so
2013-08-03: The paucity of generally useful HTTP error codes
The pragmatic issues around HTTP error codes mattering (or not)
2013-08-02: I'm giving up on a custom laptop environment for Fedora 19
2013-07-31: The problem with a custom laptop environment: designing it
A Python code structure problem: exception handling with flags
2013-07-30: Phish spam and outside events
2013-07-29: A consistent preference in APIs for kernel and other low-level APIs
2013-07-28: The constraints shaping kernel APIs
2013-07-27: The easy path versus the virtuous path (in system setup)
2013-07-26: Communication is work and a corollary
2013-07-25: An important thing about security issues in HTTP error responses
2013-07-24: Why vendor prices are important things to have
2013-07-23: When Python regexp alternation is faster than separate regexps
2013-07-22: External disk enclosures versus disk servers
2013-07-21: A fun problem: monitoring randomness reduces it
2013-07-19: A bit on the performance of lexers in Python
Thinking about the security issues in HTTP 403 versus 404 errors
2013-07-18: Fedora 19 and the search for volume management
2013-07-17: Do specific HTTP error codes actually matter?
2013-07-15: Systemd needs sensible, non-truncated output
Git's petty little irritation for me
2013-07-14: Why single vendor solutions are a hard sell
2013-07-13: What we need in our fileservers (in the abstract)
2013-07-11: The ZFS ZIL's optimizations for data writes
ZFS transaction groups and the ZFS Intent Log
2013-07-10: Knowing when to go your own way with open source programs
2013-07-09: How we want to recover our ZFS pools from SAN outages
2013-07-07: Sometimes the right thing to do is nothing (at least right then)
A mistake to avoid with summer interns
2013-07-06: Is it particularly useful to have old Unix source sitting around?
2013-07-05: ZFS deduplication is terribly documented
2013-07-04: My version of the story of universities and Unix source code
2013-07-03: You can re-connect() UDP sockets (portably)
2013-07-02: Today's question: are anti-spam statistics useful for us?
2013-06-30: Our pragmatic approach to updating machines to match our baseline
Some very basic DNS blocklist hit information for the last 30 days
2013-06-29: connect() plus write() versus sendto() for UDP sockets
2013-06-28: The limitations of not actually knowing a language
2013-06-27: How much of our incoming email is checked at SMTP DATA time
2013-06-26: What I want from a future version of NFS
2013-06-25: Balancing Illumos against ZFS on Linux
2013-06-24: How to get your syndication feed fetcher at least temporarily banned here
2013-06-23: 'Human error' is not a root cause of problems
2013-06-22: Automatedly overwriting changed files is not a feature
2013-06-21: A Django application design puzzle about modularity
2013-06-20: The question of whether to rewrite an old but working service
2013-06-19: Our approach to configuration management
2013-06-18: What's in the way of us using automated configuration management
2013-06-17: My job versus my career: some thoughts
2013-06-16: Python 3 has very little benefit for ordinary Python programmers
2013-06-15: I'm considering building a custom laptop environment
2013-06-14: The core issue in the Python 3 transition (from my view)
2013-06-13: I don't usually think about IO transfer times
2013-06-12: UI details that you don't expect to can matter a lot
2013-06-11: The good and bad of IPS (as I see it)
2013-06-10: What the SELinux community should be doing
2013-06-09: SELinux should have its own errno value
2013-06-08: The Flickr redesign and knowing your site's focus
2013-06-07: My current understanding of 'software defined networking'
2013-06-06: Why building RPMs for a different architecture is a hard problem
2013-06-05: The case against blog sidebars
2013-06-04: SELinux's toxic mistake
2013-06-02: Security is not the most important thing to most people
Why I do IPSec improperly and reduce my security
2013-05-31: The mystery of POSTs with a zero Content-Length
Understanding the MongoDB code that people are laughing at
2013-05-30: I find Systemtap oddly frustrating
2013-05-28: How you should package local-use configuration files
2013-05-27: Understanding SQL placeholders
Our situation with ZFS and 4 Kb physical sector disks
2013-05-26: Empirically, modern mailing list services are spam senders
2013-05-24: Understanding how CVE-2013-1979 might be exploited
My issue with infinite scrolling web pages: the lack of a stopping point
2013-05-23: Why web robots sending Referer headers is wrong
2013-05-21: Diffbot's bad Referer header
2013-05-20: A serious potential danger with Exim host lists in ACLs
2013-05-19: Today's comment spammer trick: regurgitated comments
The technical effects of being an out of tree Linux kernel module
2013-05-18: A little habit of our documentation: how we write logins
2013-05-17: Why I'm not considering btrfs for our future fileservers just yet
2013-05-16: Why ZFS's CDDL license matters for ZFS on Linux
2013-05-15: Why I've so far been neglecting functional programming languages
2013-05-13: My language irritations with Go (so far) and why I'm wrong about them
The Unix philosophy is not an end to itself
2013-05-11: The consequences of importing a module twice
2013-05-10: Illustrating the tradeoff of security versus usability
Disk IO is what shatters the VM illusion for me right now
2013-05-08: Thoughts on when to replace disks in a ZFS pool
How ZFS resilvering saved us
2013-05-07: Python's relative import problem
2013-05-05: Unix is not necessarily Unixy
The original vision of RISC was that it would be pervasive
2013-05-04: What I see as RISC's big bets
2013-05-03: Virtual disks should be treated as 4k 'Advanced Format' drives
2013-05-01: Two xargs gotchas that you may not know about
2013-04-30: The two stories of RISC
2013-04-29: My practical problem with preconfigured virtual machine templates
My view of ARM versus other RISCs
2013-04-28: My sysadmin view of Python virtualenvs
2013-04-27: Some theories on why DNSBLs may be dwindling away
2013-04-26: Are there less anti-spam DNS blocklists than there used to be?
2013-04-25: How SuS probably requires the 'run at least once' xargs behavior
2013-04-24: Two mistakes I made with VMs today
2013-04-23: Goodbye, djb dnscache
2013-04-21: RCS should not be your first choice for version control
Why a free SSL Certificate Authority is not horrifying
2013-04-19: How ZFS deals with 'advanced format' disks with 4 Kb physical sectors
How I want storage systems to handle disk block sizes
2013-04-18: How SCSI devices tell you their logical and physical block sizes
2013-04-17: Some thoughts on going to HTTPS by default
2013-04-15: The basics of 4K sector hard drives (aka 'Advanced Format' drives)
Go's friction points for me (and a comparison to Python)
2013-04-14: Python's data structures problem
2013-04-13: Classic linked lists versus Python's list (array) type
2013-04-12: My view on software RAID and the RAID write hole
2013-04-11: Something I'd like to be easier in Solaris's IPS
2013-04-10: Some important things about OpenBSD PF's max-* options
2013-04-08: Fedora 18's TexLive packaging failure
Why ZFS still needs an equivalent of fsck
2013-04-07: The apparent source of my Firefox memory bloat problems
2013-04-06: What I needed to do with Grub2 to change my boot disk
2013-04-05: Authoritative, non-recursive DNS servers now need ratelimiting
2013-04-04: An irritating OpenBSD PF limitation on redirections
2013-04-03: How to make sysadmins unhappy with your project's downloads
2013-04-02: Why listen(2)'s backlog parameter has such an odd meaning
2013-03-31: Why we'll continue to have local compute servers in the future
Can we really use the cloud?
2013-03-30: One irritation in xargs's interface
2013-03-29: Illumos-based distributions are currently not fully mature
2013-03-27: What checksums in your filesystem are usually actually doing
2013-03-26: Reconsidering a ZFS root filesystem
2013-03-25: Rethinking avoiding Apache
My (current) view of using branches in VCSes
2013-03-24: Looking at how many external recipients inbound email goes to
2013-03-22: Looking at how many recipients our average inbound email has
The problem with trying to make everything into a Python module
2013-03-21: The FreeBSD iSCSI initiator is not ready for serious use (as of 9.1)
2013-03-20: Don't use ab for your web server stress tests (I like siege instead)
2013-03-18: The wrong way for a framework to lay out projects
2013-03-17: The power of suggestion that documentation has
Argument validation using functions
2013-03-16: I'm giving up on upgrading my laptop from Fedora 14
2013-03-15: A dive into the depths of yes `yes no`
2013-03-14: What I want out of a web-based syndication feed reader
2013-03-12: MATE Desktop's failure in Fedora 18
In universities, computers are not an essential service
2013-03-10: The easy way to wind up with multiple subnets on a single (V)LAN segment
The systemd dependency problem
2013-03-09: Why .rpmnew files are evidence of packaging failures
2013-03-08: Debian shows how to do Apache configuration right (and Fedora fumbles it)
2013-03-06: How we make Exim cut off bounce loops
Turning off delays on failed password authentications
2013-03-04: Why you should never use '/bin/sh -c ...' in configuration files
2013-03-03: Why a netcat-like program is a good test of a language
Go: when I'd extend an interface versus making a new one
2013-03-02: The mythology of spending money on things, or not doing so
2013-02-28: A decorator for decorators that accept additional arguments
Looking at whether Zen-listed IPs keep trying to send us email
2013-02-27: Link: Go at Google: Language Design in the Service of Software Engineering
2013-02-26: How Linux servers should boot with software RAID
Thinking about how much Solaris 11 is worth to us
Looking at whether (some) IP addresses persist in zen.spamhaus.org
2013-02-24: You should avoid using socket.SOMAXCONN
What limits the number of concurrent connections to a server
2013-02-22: (Ab)using awk on the fly
2013-02-21: Go: using type assertions to safely reach through interface types
Some notes on my first experience with Go
2013-02-20: The meaning of listen(2)'s backlog parameter
2013-02-19: The source of C's dependency hell for linking
2013-02-18: The strikes against Solaris 11 for us
2013-02-17: Some brief opinions and notes on uWSGI
2013-02-16: Finding out what TLS/SSL cryptography people actually get with your servers
2013-02-15: SSL/TLS cipher names (aka 'cipher suites') and what goes into them
2013-02-14: The cost of an API mistake in the socket module's fromfd()
2013-02-12: Some notes on Linux's ionice
2013-02-11: The sinking feeling of discovering a design mistake in your code
Thinking about how I use email
2013-02-10: A little irritating (but understandable) limitation on Go interfaces
2013-02-09: Solve your command parsing problems by using scripts
2013-02-08: Linux's great advantage as a Unix is its willingness to make wrenching changes
2013-02-07: Today's learning experience with CSS: don't be indirect
2013-02-05: What makes DWiki and other dynamic file based blog engines slow
2013-02-04: Dynamic web sites and blogs need not be slow, illustrated
What good cryptography error messages need to include
2013-02-03: Systems with cryptography should always have minimal workarounds
2013-02-02: A fundamental problem with the trackback protocol
2013-01-31: The shifting SBL, as experienced here
Why you should support specifying comparison keys (and functions)
2013-01-30: Thinking about FreeBSD versus Illumos for our ZFS fileservers
2013-01-28: Some patterns for easy to parse Domain Specific Languages in Python
2013-01-27: How the modern web 2.0 social web irritates me by hiding discussions
User mode servers versus kernel mode servers
2013-01-25: Some places where I think that Unix is incomplete or imperfect
Unix needs to grow and a consequence of that
2013-01-23: My Unix is a general purpose operating system
What I want to know about kernel security updates
2013-01-22: Disaster recovery preparation is not the same as a DR plan
2013-01-20: Disaster recovery for computers is a means, not an end to itself
Real disaster recovery plans require preallocated resources
2013-01-18: SLAs, downtime, and planning
More on my favorite way of marking continued lines
2013-01-16: My favorite way of marking continued lines
How I drafted (okay, wrote) an entry in public by accident
2013-01-14: Why JavaScript (or something like it) is in demand
Good JavaScript usage is a good thing
2013-01-13: Blogspot's massive web 1.0 failure
2013-01-12: Runtime loading of general code usually requires general dynamic linking
2013-01-11: A thought about static linking and popularity
2013-01-10: The fundamental problem faced by user-level NFS servers
2013-01-09: It turns out I'm biased towards kernel iSCSI target implementations
2013-01-08: Why we wound up using Linux for our iSCSI targets
2013-01-07: Why bad support matters (war story included)
2013-01-06: 24 hours of Atom feed requests here
2013-01-05: What I think changed to make spam deliveries not cost-free
2013-01-04: DTrace's stable providers are not good enough
2013-01-03: An alterate pattern for polymorphism in C
2013-01-02: Some patterns for polymorphism in C
2012-12-31: How our fileserver infrastructure is a commodity setup (and inexpensive)
GNU sort's -h option
2012-12-30: What I'd have liked to hear about Python 3 from the developers
2012-12-29: Why I think that stupid spamming is actively wasteful
2012-12-28: A spammer that is not the brightest light in the box
2012-12-27: Why I somewhat irrationally have a distrust of ZFS on Linux
2012-12-26: Does Python 2 need to evolve?
2012-12-25: A confession: Python 3 has always made me kind of angry
2012-12-24: Why we're almost certainly staying with ZFS
2012-12-23: What we (probably) want in a future version of Solaris
2012-12-22: Packaging in compiled versus interpreted languages
2012-12-21: Version control comes first
2012-12-20: Sysadmins should pretty much version control everything
2012-12-19: Part of good awk programming is getting the clause order right
2012-12-18: Why I'm still using VMware
2012-12-17: Should you alert on the glaringly obvious?
2012-12-16: Alerts should be actionable (and the three sorts of 'alerts')
2012-12-15: A few small notes about OpenBSD PF (as of 4.4 and 5.1)
2012-12-13: A drawback of short servers
2012-12-12: fork() and closing file descriptors
One good use for default function arguments
2012-12-10: The general lesson from the need for metrics
Things that systemd gets right
2012-12-09: When I'd use a web server other than Apache
2012-12-08: Why Apache is such a temptation
2012-12-07: How I use virtualization (and what for)
2012-12-05: One way to break down how people use virtualization
In praise of KVM-over-IP systems
2012-12-04: You can't assume that your performance problems will be obvious
2012-12-03: A reason for detailed commit messages: as a guard against errors
2012-12-02: What goes into the terminal's 'cbreak' and 'raw' modes
2012-11-30: All kernel messages should be usefully ratelimited. No exceptions.
My new view on why you need to profile code
2012-11-29: One reason why having metrics is important
2012-11-28: When you make a harmless change, check to make sure that it is
2012-11-27: You don't necessarily know what matters for performance
2012-11-25: More thoughts on why Python doesn't see much monkey-patching
The limits of monkey patching in Python
2012-11-24: Simple markup as a style guide and limiter
2012-11-22: A little Unix difference that irritates: what word erase erases
Optional features are in practice not optional to understand
2012-11-21: The varying appeal of wikitext and other simple markup
2012-11-20: Where my Firefox performance problem seems to be
2012-11-19: Python 3's print() annoys me (although maybe it shouldn't)
2012-11-18: Linux is less divergent than commercial Unixes used to be
2012-11-17: Why Google's handling of multiple domains on inbound messages is okay
2012-11-16: Why DTrace does not attract people to Solaris very often
2012-11-15: A learning experience: internal mail flow should never be allowed to bounce
2012-11-13: The problem with SELinux (still)
A potential path to IPv6
2012-11-11: Explaining an RPM oddity
A reminder: string concatenation really is string concatenation
2012-11-10: Why Unix doesn't have user-changeable namespaces
2012-11-09: Some amusing cut and paste work from spammers
2012-11-08: Devops, the return of system programmers?
2012-11-07: DTrace: figuring out what you have access to at tracepoints
2012-11-06: Why I want to do full end-to-end performance tests
2012-11-04: Your logs should always include IP addresses (in addition to hostnames)
Good and bad formats for your log messages
2012-11-03: Another go-around on the drawbacks and balances of automation
2012-11-02: Why our ZFS fileservers sometimes boot slowly
2012-10-31: Our DTrace scripts for NFS server, ZFS, and iSCSI initiator monitoring
Some stats and notes on relay attempts for our external mail gateway
2012-10-30: How I am doing randomized read IO to avoid ZFS prefetching
2012-10-29: How ZFS file prefetching seems to work
2012-10-28: Some unusual SMTP activity from would-be spammers
2012-10-27: The difference between cryptographic and normal random number generators
2012-10-26: Thinking about an unusual sequence
2012-10-25: Always make sure you really understand what your problem is
2012-10-24: Why you should support 'reload' as well as 'restart'
2012-10-23: The problem of simulating random IO
2012-10-22: Why parsers matter
2012-10-21: Why fork() is a good API
2012-10-20: The issue with measuring disk performance through streaming IO
2012-10-19: An old Unix trick for saving databases
2012-10-18: A danger of default values for function arguments (in illustrated form)
2012-10-17: Operators and system programmers: a bit of System Administrator history
2012-10-16: Switch flow control and buffering: what we think was wrong in our iSCSI network
2012-10-15: The anatomy of a performance problem with our mail spool
2012-10-14: DTrace: two mistakes you can make in DTrace scripts
2012-10-13: DTrace: counting, aggregates, and a nice undocumented printa() feature
2012-10-12: SSL CAs have an impossible job (if you want them to be thorough)
2012-10-11: Controlling Linux TCP socket send buffer sizes
2012-10-10: Disk IO latency is often what matters
2012-10-09: The negative results problem with search engines
2012-10-08: Acclimatization makes competition in web search engines hard(er)
2012-10-06: Python can execute zip files
How averages mislead you
2012-10-05: Notes on Linux's blktrace
2012-10-04: Averages mislead: an illustrated example
2012-10-03: DTrace: notes on quantization and aggregates
2012-10-02: Some notes on getting durations in DTrace
2012-09-30: A new anti-spam precaution after our local spam incident
2012-09-29: A recent spam oddity that I've been mulling over
What I would like in colour-specification interfaces
2012-09-28: fork() versus strict virtual memory overcommit handling
2012-09-27: Microkernels and device drivers
2012-09-26: Microkernels and modularity: do microkernels ever make sense?
2012-09-25: The jaundiced C programmer's view of object orientation
2012-09-24: The wrong way to harvest system-level performance stats
2012-09-23: How we handle Ubuntu LTS versions
2012-09-22: Speculation about what comment spammers think they're doing here
2012-09-21: How I enter URLs in my browser
2012-09-20: My alternative to bookmarks: a page of links as the browser start page
2012-09-19: Two views of the argparse module
2012-09-18: My Python versions
2012-09-17: The options problem in Python
2012-09-16: The problem with noise
2012-09-15: Sensible reboot monitoring
2012-09-14: What determines how much work a ZFS resilver has to do
2012-09-13: Why you need mass package rebuilds in some circumstances
2012-09-12: The core problem with developers doing their own packaging
2012-09-11: A realization about ratelimit time horizons
2012-09-09: The core difference between Debian source packages and RPMs
When I've interned Python strings
2012-09-08: When you can log bad usernames for failed authentications
2012-09-07: What the standard(s) say about the order of readdir()'s results
2012-09-06: A little trick and gotcha with Exim ratelimits
2012-09-05: Some thoughts on logging failed login attempts (for existing users)
2012-09-03: People are not ignorant (usually)
2012-09-02: What I would like: testable mailers
Solaris 11 is still closed source (and Oracle is careless with words)
2012-08-31: A realization about one bit of test-driven development
A small rant about looking down on Linux users
2012-08-30: My perspective on why we do in-place reinstalls of machines
2012-08-29: A realization: install configuration files before packages
2012-08-28: When Exim generates bounce messages
2012-08-27: You should log all successful user authentication
2012-08-26: Some brief information about a local spam incident
2012-08-25: Some odd behavior from blog comment spammers
2012-08-24: The theoretical right way to check if an account is in a Unix group
2012-08-23: Illustrating the Ubuntu clown car, AccountsService edition
2012-08-22: My view on the understandability of language idioms
2012-08-21: Another problem with how Debian builds from source packages
2012-08-20: Sysadmins hate updates (more or less)
2012-08-19: Why I don't like the Debian source package format
2012-08-18: What everyone needs in source packages
2012-08-17: How Firefox performs (and doesn't) for me
2012-08-16: Why I hate vendors, printers edition
2012-08-15: The historical background of the *BSD 'base system' versus Linux
2012-08-13: When and where I fell out of love with Firefox
2012-08-12: A nice illustration of the cost of creating and destroying objects in Python
The CPython bytecode difference between iteration and looping
2012-08-11: How not to write kernel messages
2012-08-09: Learning something from not testing jQuery 1.8's beta releases
Ubuntu 12.04 and symbolic links in world-writeable sticky-bitted directories
2012-08-08: Linux ps's problem with login names
2012-08-06: The theoretical legality of shadowing builtins in Python
The (possibly apocryphal) story of System V IPC's origins
2012-08-05: Reasoning backwards (a story about what can happen to SATA disks)
2012-08-04: Oracle, ZFS, and Linux (and Solaris)
2012-08-03: What makes an operating system attractive
2012-08-02: Can Oracle make ZFS much more attractive?
2012-07-31: Would GPL'ing ZFS have worked or been a good idea?
Ruminations on the future of ZFS
2012-07-30: IPv6 is going to be a fruitful source of configuration mistakes
2012-07-29: The periodic strangeness of idiomatic Python
2012-07-28: The ecological niches of current open source Unixes
2012-07-27: What 32-bit x86 Linux's odd 896 MB kernel memory boundary is about
2012-07-25: The kernel memory addressing problem
My dislike for what I call 'perverse Test Driven Development'
2012-07-24: Unicode's two new problems
2012-07-22: The history of booting Linux with software RAID
A sleazy trick to capture debugging output from an initramfs
2012-07-20: Ubuntu 12.04 can't reliably boot with software RAID (and why)
The temptation of selective sender address verification
2012-07-19: Unicode code points and abstract characters
2012-07-18: Strings in Python 2 and Python 3
2012-07-16: Getting an Ubuntu 12.04 machine to give you boot messages
My arrogance about Unicode and character encodings
2012-07-15: My general issue with Unicode in Python 3
2012-07-14: ZFS's problem with generic messages
2012-07-13: Why system administration certifications have worked so far
2012-07-12: Why formal sysadmin education isn't likely any time soon
2012-07-11: The extremely cynical take on DevOps
2012-07-10: A theory on why defaults for tunable parameters stay unchanged
2012-07-09: Why the defaults for tunable kernel parameters matter
2012-07-08: Why System V shared memory may normally be limited
2012-07-06: Why Exim has a single queue for all email
Exploring an ARP mystery: a little Linux surprise
2012-07-04: How to irritate sysadmins and give mailers heartburn with your MXes
2012-07-03: The secure web voting problem
The well behaved Unix program and job control signals
2012-07-01: Another cynical take on the nofollow tag
2012-06-30: What Linux distributions should do to help their Python 3 transitions
2012-06-29: The magnitude of the migration to Python 3, illustrated
More about my issues with DTrace's language
2012-06-28: Why I don't like implicit string interpolation
2012-06-27: One root of my problem with GNU Emacs
2012-06-26: A little gotcha with SSH connection sharing
2012-06-25: Why sophisticated line editing is not in the kernel
2012-06-24: My take on fancy editors for programming
2012-06-22: How the Linux kernel command line is processed (more or less)
The effects of DTrace's problems
2012-06-21: How I want to do redirects in Apache, especially in .htaccess files
2012-06-20: An update on comment spammer behavior here on WanderingThoughts (once again)
2012-06-19: How I'm doing AJAX with Django in my web app
2012-06-17: A realization about whether I can contribute to Python development
Why our server had its page allocation failure
2012-06-16: Decoding the Linux kernel's page allocation failure messages
2012-06-15: How the Linux kernel divides up your RAM
2012-06-13: Some tricky bits in in-browser form mangling and validation
Client side form validation can let people explore their options
2012-06-11: What bits of a form are useful to check on the client side
Choosing how slowly your mailer should time out email
2012-06-10: The anti-spam implications of email being multiple things in one
Modern email is actually multiple things in one system (mailer timeouts edition)
2012-06-09: Rethinking when your mailer sends 'not-yet-delivered' warning messages
2012-06-08: An (accessible) explanation of the Flame malware's Windows Update compromise
2012-06-07: My experience doing a Fedora 17 upgrade with yum: it worked fine
2012-06-06: A feature that Linux installers should have: restoring your backups
2012-06-04: Why the TTY line discipline exists in the kernel
2012-06-03: Another view of the merge versus rebase debate in version control
My view on Mercurial versus Git
2012-06-01: Some things that strike me about Linux and UEFI secure booting
The secure boot problem
2012-05-31: What OSes have succeeded or failed here
Thinking about why Solaris has failed here
2012-05-30: What it means for an OS to succeed or fail
2012-05-28: Yes, git add makes a difference (no matter what people think)
How to do a very cautious LVM storage migration
2012-05-27: Complications in spam filter stats in our environment
2012-05-25: How CSLab currently does server side email anti-spam stuff (version 2)
2012-05-24: Today's Mercurial command alias: a short form hg incoming
How we do milter-based spam rejection with Exim
2012-05-23: Some notes on using XFT fonts in TK 8.5
2012-05-22: Our pragmatic experiences with (ZFS) disk errors in our infrastructure
2012-05-21: More on CISC (well, x86) versus RISC
2012-05-20: The XFT font naming issue
2012-05-19: A semi-brief history and overview of X fonts and font rendering technology
2012-05-17: My Firefox memory bloat was mostly from All-in-One Gestures
The Go language's problem on 32-bit machines
2012-05-15: Some stuff on 'time since boot' timestamps
2012-05-14: My Firefox 12 extensions and addons
2012-05-13: My experiment with Firefox Nightly builds: a failure
A basic step in measuring and improving network performance
2012-05-12: The death of paging on the web
2012-05-10: All your servers should have Linux's magic SysRq enabled
2012-05-09: Using rsync to pull a directory tree to client machines
Things I will do differently in the next building power shutdown (part 2)
2012-05-07: Third party Linux kernel modules should build against non-running kernels
2012-05-06: Why I wound up using Django
Counting your syndication feed readers
2012-05-05: Look for your performance analysis tools now
2012-05-04: Explaining a piece of deep weirdness with Python's exec
2012-05-03: Python scopes and the CPython bytecode opcodes that they use
2012-05-01: Into the depths of a Python exec scope-handling bug
2012-04-30: Notes to myself about progressive JavaScript
2012-04-29: The Python language tutorial is a gem
My two approaches to learning (programming) languages
2012-04-28: ZFS and various sorts of read errors
2012-04-27: The case of the Twitter spam I don't understand
2012-04-26: When we replace disks in our ZFS fileserver environment
2012-04-25: Models of providing computing access in a university department
2012-04-24: Universities and their non-employees
2012-04-23: My perspective on the 'Bring Your Own Device' controversy
2012-04-22: I may be wrong about my simple answer being the right one
2012-04-21: Bash's superintelligent errors about exec failures
2012-04-20: Sometimes the simple answers are the right ones (a lesson from bash)
2012-04-19: An interesting experience with IP-based SMTP blocks
2012-04-18: Why you should never use file (or libmagic) to identify files
2012-04-17: ls -l should show the presence of Linux capabilities
2012-04-16: What you need for migrating web content
2012-04-15: My view on why CISC (well, x86) won over RISC in the end
2012-04-14: The wiki trap (that we've fallen into)
2012-04-12: Tanenbaum was wrong in the Tanenbaum-Torvalds debate
Hypervisors are not microkernels
2012-04-11: Faking (or not) a ternary if operator with && and ||
2012-04-10: Revisiting checksum functions
2012-04-09: Understanding hashing in Python
2012-04-08: My story of running scripts from the web
2012-04-06: Checksums and hashes
Why we haven't taken to DTrace
2012-04-05: Why I hate having /tmp as a tmpfs
2012-04-04: More on equality in Python (well, mostly Python 2.7)
2012-04-03: Python's two versions of equality, with a long digression on hash()
2012-04-02: The problem of ZFS pool and filesystem version numbers
2012-03-31: Our sysadmin environment
Why I no longer believe that you need Solaris if you want ZFS
2012-03-29: Scalable system management is based on principles
2012-03-28: How I (once) did change management with scripts
Ultimately, abuse issues have to be handled by humans
2012-03-26: Microkernels are quite attractive to academic computer science researchers
What it means to become another user on Unix
2012-03-25: Atom feeds and constrained (web) environments
Link: Getting Real About Distributed System Reliability
2012-03-24: Garbage collection and modern virtual memory systems
2012-03-23: Sometimes you get lucky
2012-03-22: The problems of operations and sysadmin heroism
2012-03-21: My view of where the Unix community is
2012-03-20: How I use objects in Python
2012-03-19: A modest suggestion: increase your text size
2012-03-18: The standard trajectory of a field
2012-03-16: Parsing versus rewriting: how to tell them apart
2012-03-15: Part of the cleverness of Unix permissions (a little thought)
2012-03-14: The right way to do wikitext transitions
Configuration management is not documentation, at least not of intentions
2012-03-12: Why it matters whether your software works when virtualized
Why ZFS log devices aren't likely to help us
2012-03-11: A CBL false positive reveals a significant issue with the CBL
2012-03-09: Why you do not want to patch your source code in place
2012-03-08: What I have to run for my custom environment on Fedora 16
2012-03-07: The hard part of custom environments on Fedora (or any Linux)
How not to use Apache's ProxyPass directive
2012-03-05: Web frameworks should be secure by default
Convenience in web frameworks is often insecure
2012-03-04: Some stuff on Python 2.7.x support periods
2012-03-03: Two ways I increase the security of SSH personal keys
2012-03-01: A trick for dealing with irregular multi-word lines in shell scripts
2012-02-29: SSDs and understanding your bottlenecks
The two sorts of display resolution improvements
2012-02-28: In place migration to Linux software RAID
2012-02-26: What information I want out of ZFS tools and libraries
How much spam is forged as being from who it's sent to?
2012-02-25: The (future) problem with Python 2.7
2012-02-24: Blogs and the problem of indexes
2012-02-22: How I can be wrong about the death of sysadmin jobs
2012-02-21: Using and understanding Python metaclasses (an index)
2012-02-20: Why I still have a custom-compiled Firefox
My view of where TCL went wrong
2012-02-18: The most popular sender domains for spam messages sent to here
The downside of automation versus the death of system administration
2012-02-16: Handling modern IPv6 in programming environments
2012-02-15: The temptation of LVM mirroring
A downside of automation
2012-02-13: The problem with long-term production support of things
2012-02-12: Some things about changing from old X fonts to modern TrueType fonts
Understanding FVWM States, with better FVWM code for selecting terminal windows
2012-02-11: How I select (terminal) windows from the keyboard in FVWM
2012-02-09: What supporting a production OS means for me
A general point about SSH personal keys
2012-02-08: Choosing the superblock format for Linux's software RAID
2012-02-06: The advantage of HDMI for dual displays
2012-02-05: My view on what will kill 'traditional' system administration
Link: Filenames.WTF
What five years of PC technology changed for me
2012-02-03: Understanding a subtle Twitter feature
Understanding Resident Set Size and the RSS problem on modern Unixes
2012-02-01: A ZFS pool scrub wish: suspending scrubs
2012-01-31: The solution to the modern X font handling mystery
Where is Oracle going with Solaris?
2012-01-30: HTML is not a SGML dialect and never really has been
2012-01-29: Dealing with Fitts' Law on widescreen displays
Thinking about spam rejection and abuse addresses
2012-01-28: How I use FvwmIconMan
2012-01-27: Why metaclasses work in Python
2012-01-26: The drawback of modern X font handling gets mysterious
2012-01-25: The death of system administration: I'm all for it
2012-01-24: Why I use exec in my shell scripts
2012-01-23: Every so often, I solve a problem with a hammer
2012-01-22: My view of the purpose of object orientation
2012-01-21: The C juggernaut illustrated
2012-01-20: Another Russ Cox regexp article: How Google Code Search Worked
2012-01-19: How not to do repeated fields in web forms
Let's make it official: Solaris 11 is closed source
2012-01-18: SOPA and PIPA matter for everyone
2012-01-17: The first browser blinks on XHTML parsing
2012-01-16: Understanding isinstance() on Python classes
What you can find out about the memory usage of your Linux programs
2012-01-15: Understanding the basic shape of Unix virtual memory management
2012-01-14: What do we mean when we talk about something's memory usage?
2012-01-13: Notes on what Linux's /proc/<pid>/smaps fields mean
2012-01-11: A Yum plugin I would like: using a local DVD as a repo source
How to use systemd to just run some stuff on boot
2012-01-10: An insight on the purpose of comments: volume control
2012-01-09: What my physical desk is like
2012-01-08: The latest annoyance with Google Groups
2012-01-07: Why you might want multiple keys for disk encryption
2012-01-05: Nailing down RPM epoch numbers
Disk encryption, backups, and your threat model
2012-01-03: How to lose your data with full disk encryption the easy way
The drawback of full disk encryption
2012-01-02: An example sort that needs a comparison function
2011-12-31: Why CA-based SSL is not likely to be replaced any time soon
My thoughts on the mockist versus classicalist testing approaches
2011-12-30: Why I don't like Python 3 dropping the comparison function for sorting
2011-12-29: An empirical exploration of whether spammers take Christmas off
2011-12-28: Blog entries should have visible dates (usually)
2011-12-27: Python 3 from the perspective of someone writing new Python code
2011-12-26: Labs versus offices for sysadmins (or at least us)
More wiring for sysadmins: sysadmins and gigabit networking
2011-12-25: Why office switches plus VLANs aren't the answer for sysadmins
2011-12-24: Wiring offices for sysadmins
2011-12-23: Disk space in the modern world
2011-12-21: Python 3 from the perspective of someone with existing Python code
2011-12-20: SSH, man in the middle attacks, and public key authentication
A little script: nssh
2011-12-19: An advance fee fraud spam aphorism
2011-12-18: Understanding the close() and EINTR situation
2011-12-17: Python 3 from the perspective of a Unix sysadmin
2011-12-16: Avoiding the classic C quoting bug in your language
2011-12-14: Practical issues with REST's use of the Accept header
What makes backups real
Shell functions versus shell scripts
2011-12-13: I'm on Twitter now
DWiki's code is now on Github (among other things)
2011-12-12: How not to improve your package updater application
What debugging info I want from things like SMF and systemd
2011-12-11: head versus sed
2011-12-10: ZFS pool activation and iSCSI (part II)
2011-12-09: A quiet advantage of the systemd approach to service management
2011-12-08: Another reason sysadmins should program
2011-12-07: Understanding the Solaris iSCSI initiator (a bit)
2011-12-06: What I know about boot time ZFS pool activation (part I)
2011-12-05: Debuggers and two sorts of bugs
2011-12-04: The current state of GPT, EFI, and Linux
2011-12-03: Why I have comments here
Link: Russ Cox's articles on regular expressions
2011-12-02: The many ways PCs can dual boot multiple OSes
2011-11-30: On how PCs boot and hard disk partitioning
My mouse button bindings in fvwm, my window manager
2011-11-29: The alternate screen terminal emulator plague
2011-11-28: The login name problem
2011-11-27: Why processing things in inode order is a good idea
2011-11-26: About the order that readdir() returns entries in
2011-11-25: Python instance dictionaries, attribute names, and memory use
2011-11-24: About SATA port multipliers
2011-11-23: The many names of Linux SATA devices
2011-11-21: A cheap caching trick with a preforking server in Python
Mouse scroll wheels versus buttons that you actually want to use
The likely cause of my IPSec dropped packet mystery
2011-11-20: Google Groups fails both anti-spam and basic mailing list management
2011-11-19: My Liferea crashes are not Liferea's fault
2011-11-17: The drawback of modern X font handling
A classic and standard C quoting bug
2011-11-16: Solaris is not an enterprise operating system
2011-11-15: A scroll wheel experiment
2011-11-13: Thinking about how to test our UPSes
A confession about our ZFS configuration
2011-11-12: (Not) parsing wikitext
2011-11-11: My view of the right way to copy lists in Python
2011-11-10: Praise for systemd
2011-11-09: The disappearance of separate filesystems for /usr and /var
2011-11-08: Files and fundamental filesystem activities (on Unix)
2011-11-07: An IPSec mystery with dropped packets
2011-11-06: Ubuntu does system disk mirroring right
2011-11-05: Understanding Apache's Allow, Deny, and Order directives
2011-11-04: More on my Firefox 7 extensions
2011-11-03: My Firefox 7 extensions
2011-11-02: Attention marketers: blog comments are not email
2011-10-31: Why 'quiet' options to programs aren't as useful as you think
Deduplication is always going to be expensive
2011-10-30: Why we have a VPN
2011-10-29: Why ZFS dedup is not something we can use
2011-10-28: ZFS features that could entice us to upgrade Solaris versions
2011-10-27: A Wikitext formatting mistake that I made here
2011-10-26: How to fail at useful cryptography: bad error messages
2011-10-25: A reason not to automate: policy flexibility
2011-10-24: Salting passwords compared to slow password hashing
2011-10-23: Boiling frogs and PC performance
2011-10-22: Fedora 15 versus me
2011-10-21: How I'm capturing only the last portion of standard error
2011-10-20: The kind of computer usage I think Gnome 3 is targeting
2011-10-19: Defending Berkeley's forced choice in network device naming
2011-10-18: The Ethernet device naming mistake (or one part of it)
2011-10-17: What I want out of stable device names
2011-10-15: Why I say Fedora 15 could get my machine's Ethernet's name right
The problem with Fedora 15's consistent network device naming
2011-10-14: Power consumption numbers for my 2011 home machine
2011-10-13: The problem with event loops
2011-10-12: The true cost of sysadmin time (actually, of anyone's time)
2011-10-11: Why people are attracted to minimal language cores
2011-10-10: Arranging scopes for for loops
2011-10-09: My view of the state of graphics cards for Linux (in fall 2011)
2011-10-08: My new Linux machine for fall 2011 (planned)
2011-10-07: Python's philosophy of what closures close over
2011-10-06: Thinking about event loops versus threads
2011-10-05: Understanding the motivations of mail service vendors
2011-10-03: On CPython, cell objects, and closures
My idea of how a modern mailing service should work
2011-10-02: Another comment spam precaution that no longer works out
2011-10-01: Understanding a tricky bit of Python generators
2011-09-30: Some thoughts from a close view of catastrophe
Unit testing by analogy to scientific hypotheses
2011-09-28: A multilevel view of DevOps (with more balance)
Oracle shows its appreciation for long-term Sun customers again
2011-09-26: DevOps and the blame problem: an outsider's view
2011-09-25: How we handle iSCSI device names in Solaris
Danger signs for mail senders in SMTP conversations
2011-09-24: Some recent Google spam problems
2011-09-23: Python's attribute lookup order
2011-09-22: An operational explanation of Python types
2011-09-21: I've surrendered on utm_* query parameters in URLs
2011-09-20: Why I still comment out code even with a VCS
2011-09-19: An operational explanation of Python metaclasses (part 4)
2011-09-18: An operational explanation of Python metaclasses (part 3)
2011-09-17: An operational explanation of Python metaclasses (part 2)
2011-09-16: Setting the character encoding for HTML form input
2011-09-15: How your Linux installer should help you set up filesystems
2011-09-14: Graphs are not enough (for your monitoring system)
2011-09-13: 'Web of trust' is a security failure
2011-09-12: An operational explanation of Python metaclasses (part 1)
2011-09-11: The weakness of the certificate authority model, illustrated
2011-09-09: You really want to put your switches in server racks
Things that could happen to your archives
2011-09-08: Archival storage in the modern world
2011-09-06: How not to set up your DNS (part 21)
2011-09-05: The real reason why true asynchronous file IO is hard
2011-09-04: Why true asynchronous file IO is hard, at least for reads
How some Unixes did shared libraries in the old days
2011-09-03: The core of modern Unix shared libraries
2011-09-01: Things I will do differently in the next building power shutdown
2011-08-31: An interesting debugging experience (another tale from long ago)
Who is the audience for a trouble ticket update?
2011-08-29: Devirtualization
Designing services for disengagement
2011-08-28: The problem with busy sysadmins
2011-08-26: Why we don't use a trouble ticketing system
The problem for WSGI middleware
2011-08-25: Trouble ticketing systems and the future
2011-08-24: Why we have a problem with Oracle's Solaris support pricing
2011-08-23: Reading the tea leaves about Oracle, Solaris, and universities
2011-08-22: V8's neat encoding trick for type tracking
2011-08-21: The conflict between caching and tracking on the web
2011-08-20: Why browsers can't really change or validate Last-Modified
2011-08-19: Visibility: an advantage of automation
2011-08-18: You should always use super()
2011-08-17: MH is an iceberg
2011-08-16: An interesting way to shoot yourself in the foot and a limitation of super()
2011-08-15: A bit about what life was like on Unix before shared libraries
2011-08-14: The tragedy of MH
2011-08-12: A Gnome 3 shell extensions failure
One reason we install machines from checklists instead of via automation
2011-08-11: Friendly 'noreply' email addresses
2011-08-10: The 'key plus authenticator' pattern in web apps
2011-08-08: You need to hash web app session IDs
An incomplete list of the ways around MAC address blocking
2011-08-07: What I want out a Symbol type in Python
2011-08-06: Gnome 3: I'm out
2011-08-05: Why sysadmins don't just notify users about compromised machines
2011-08-04: On banning MAC addresses
2011-08-03: How I encode and decode the milter protocol (or, how to write a codec for a sane binary protocol)
2011-08-02: How to make yourself look bad: broken bounce addresses
2011-07-31: Reference counting and multiple inheritance in (C)Python
One of my testing little dirty secrets
2011-07-29: Deciding the meaning of 'disabling' an account (and the value of procedures)
2011-07-28: A directory service doesn't make it easy to disable user accounts
Another reason why version control systems should support history rewriting
2011-07-27: Why not YP, er, NIS
2011-07-26: Disabling an account can be kind of complex
2011-07-25: The risks of using CentOS are split
A little thing that irritates me about common WSGI implementations
2011-07-24: On documenting (or not documenting) binary protocols
2011-07-23: What good secure string expansion on Unix should look like
2011-07-22: String expansion and securely running programs on Unix
2011-07-20: Why I would like my mailer to have a real programming language (part 2)
Our ZFS spares handling system (part 3)
2011-07-18: Thinking about when SQL normalization can improve performance
My view on ORMs
2011-07-17: Another reason to reject spam at SMTP time: as a signal
2011-07-15: Ubuntu, illustrating how to utterly fail at kernel security updates
Something to remember: HTML forms are anonymous
2011-07-14: Ramblings on handling optional arguments in Python
2011-07-12: Why I'm going to be skipping Fedora 15
Some thoughts on creating simple and sane binary protocols
2011-07-11: mxiostat: second generation better Linux disk IO statistics
Some things to think about when doing polymorphic WSGI
2011-07-10: Exploiting polymorphic WSGI again to create cat
2011-07-08: My view on iSCSI performance troubleshooting
2011-07-07: An interesting gotcha with Exim and .forward processing
How Exim makes traditional .forward semantics work
2011-07-06: Our solution to the spam forwarding problem
2011-07-05: Another reason to allow mail origin address forgery
2011-07-04: Our ZFS spares handling system (part 2)
2011-07-03: Why Ubuntu's PAM versioning failure matters
2011-07-02: Dear Googlebot: SMTP is not HTTP
2011-06-30: Some ways to test if a program securely runs other programs
Please have symmetric option negotiations in your protocols
2011-06-29: Our ZFS spares handling system (part 1)
2011-06-28: How to securely run programs from inside your program on Unix
2011-06-27: Formatting information output to make it easy to manage
2011-06-26: Design systems to be managed
2011-06-25: A small wish about parked and squatted domains
2011-06-23: Milter tools for Python and an experiment with coding in public
The ZFS opacity problem and its effect on manageability
2011-06-22: A basic Namespace metaclass for Python
Abusing Python classes as namespaces
2011-06-20: It's long since time for languages to provide sensible network IO
What I need for stream decoding and encoding binary protocols
2011-06-19: The Unix shell initialization problem and how shells should work
2011-06-18: My xdm heresy
2011-06-17: cgroups: so close and yet so far away from per-user fair scheduling
2011-06-16: My three sorts of (Linux) desktops
2011-06-15: The persistence of spammers, illustrated
2011-06-14: A package dependency failure in Fedora 15
2011-06-13: An example of the evolution of a real network
2011-06-12: Noting some wandering thoughts on the occasion of an anniversary
Why [], {}, and () are cheap in Python
2011-06-11: Some notes on __slots__ and class hierarchies
2011-06-10: What __slots__ are good for (or, how to use slots to save memory)
2011-06-09: My issues with Chrome's handling of extensions
More impressions of Google Chrome
2011-06-08: OpenBSD pf rule numbers and tcpdump filtering
2011-06-07: Databases as a compromise damage limiter in web applications
2011-06-06: How much space a Python dictionary entry uses
2011-06-05: A subtle difference between tuples and lists in CPython
2011-06-04: Sometimes having a system programmer around is the right answer
2011-06-03: Ints, __slots__, and Python 3
2011-06-02: My understanding of SQL normalization
2011-05-31: The programmer's problem with WikiText systems
How to fail at versioning
2011-05-30: My recent experience with Firefox's speed
2011-05-29: Getting the stages of the class namespace straight
2011-05-28: The stickyness of Fedora 8 (despite my better intentions)
2011-05-26: You can get 'stale filehandle' errors for local files on extN filesystems
2011-05-25: More not supporting random query parameters in URLs
How Django's form field ordering works
2011-05-24: Proper SQL database design versus the real world
2011-05-23: An aside on RAID-5/RAID-6 and disk failures
2011-05-22: Why losing part of a striped RAID is fatal even on smart filesystems
2011-05-21: One of my irritations: outgoing email that was scored as spam
2011-05-20: Why the kernel does mmap() (beyond efficiency)
2011-05-19: One limitation of simple bisection searches in version control systems
2011-05-18: Why open source projects should use 'git rebase' or the equivalent
2011-05-17: What we could use 10G Ethernet for in the near future
2011-05-16: How our network is implemented (as of May 2011)
2011-05-15: The most interesting reason for an unrouted sandbox network
2011-05-14: Our environment illustrated: what network cable colours mean what
2011-05-13: Our network layout (as of May 2011)
2011-05-11: How ZFS lets you recover from damaged metadata, and what the limitations are
2011-05-10: An important way to get ZFS metadata corruption
A brief summary of how ZFS updates (top-level) metadata
The different ways that you can lose a ZFS pool
2011-05-09: X and the misleading claim of 'mechanisms not policy'
2011-05-08: Fvwm as a window manager construction kit
2011-05-07: Email has two faces today
2011-05-06: A realization about cache entry lifetime and validation
2011-05-05: Thinking about when not disabling iSCSI's InitialR2T matters
2011-05-04: Why xterm's cut and paste model is non-standard and limited
2011-05-03: The importance of xterm for X Windows
2011-05-02: The apparent origins of some odd limitations in the iSCSI protocol
2011-04-30: Our likely iSCSI parameter tuning
2011-04-29: Understanding the iSCSI protocol for performance tuning
2011-04-28: How CPython implements __slots__ (part 2): access
2011-04-27: Mail rejection stats for our external mail gateway
Some notes on what __dictoffset__ on types means in CPython
2011-04-26: A quick look at some spam filtering stats from our system
2011-04-25: An important note about multi-line log message formats
2011-04-24: Notes to myself on the priorities of Linux routing policy rules
2011-04-23: The Upstart dependency problem
2011-04-21: Nailing down new-style classes and types in Python
How CPython implements __slots__ (part 1): storage
2011-04-19: Another reason to avoid using __slots__ in your Python classes
A difference between Python 'structs' and C structs
2011-04-18: What made X Windows so special
2011-04-17: The ultimate (for now) answer for our ZFS ARC size problem
2011-04-16: Cache validators versus cache invalidation
2011-04-15: Why a dynamic website with caching is simpler than a baked site
2011-04-14: More on baking websites to static files and speed
2011-04-13: Some common caching techniques for dynamic websites
2011-04-11: You don't need to bake your site to static files to be fast
The importance of test suites for standards
2011-04-10: The evolution of the git tree format
2011-04-08: An example of modifying a Firefox extension
2011-04-07: Why I don't like Solaris boot archives, illustrated
2011-04-06: Monkey subclassing for fun and profit
2011-04-05: The story of leaving N% of your filesystem unused for performance
2011-04-04: Why logging to syslog is different than logging to standard error
Logs are not just streams
2011-04-03: Please don't alert based on percentages
2011-04-02: How to use gdb to call getpeername()
2011-03-31: A slightly unobvious trap with 'from module import *'
A really annoying gap in system observability
2011-03-30: A realization about code complexity and clarity
2011-03-28: Why you should avoid 'from module import whatever'
The problem with contributing documentation to projects
2011-03-27: Some thinking on proliferating web standards
2011-03-26: How not to issue Linux kernel security update notices
2011-03-25: Sending email via a SMTP connection considered harmful
2011-03-24: XHTML and web authoring folklore
2011-03-22: How to add and use additional fields on Django model formsets
Some notes on doing things with Django model formsets
2011-03-21: Why XHTML was doomed from the beginning
2011-03-20: The devil's advocate argument against paying attention to web standards
2011-03-19: The two sides of (PPPoE) DSL service
2011-03-18: How to configure a (PPPoE) DSL connection on a normal Fedora 14 Gnome desktop
2011-03-17: The timing of production Linux deployments
2011-03-16: Thinking about our alternatives to Solaris
2011-03-15: Our uncertain future with Solaris 11
2011-03-14: Why growing IPv6 usage is going to be fun, especially for sysadmins
2011-03-13: Why programs traditionally used sparse files on Unix
2011-03-12: Trust betrayed: a story of modern email
2011-03-11: What tools I use to deal with email
2011-03-10: What we did to get iSCSI multipathing working on Solaris 10 update 8
2011-03-09: Why feed readers have been a geek flash in the pan
2011-03-08: My personal hard drive capacity curve inflection point
2011-03-07: What terminal emulators I use when
2011-03-06: A fun Linux kernel pty problem, or maybe it's not a problem
2011-03-05: FastCGI's encoding mistakes and how not to design a wire protocol
2011-03-04: Why I call FastCGI complex and SCGI much simpler
2011-03-02: The POSIX shell and the three sorts of Unixes
Filtering, email, and differences from Usenet
2011-02-28: The evolution of filtering (a story from the Usenet era)
The slowdown of Solaris here
2011-02-27: Django's forms are security-smart the way you want them to be
2011-02-26: A belated realization about web spiders and your page cache
2011-02-25: Why I am not enthused about ZFS for my root filesystem
2011-02-23: Handling variations of a page (or, the revenge of REST)
A quick tour of my desktop
2011-02-22: Why I want read-only form fields in Django
2011-02-21: How to get automatic volume management on Fedora 14 without Gnome
2011-02-20: What windows I use window titlebars on
2011-02-19: My view on window titlebars and when they are good and bad
2011-02-18: Another building block of my environment: xrun
2011-02-17: My latest crazy plan to upgrade my home Linux machine
2011-02-16: The myth of isolated, independent sysadmins
2011-02-15: More on an advantage of the blog approach to web writing
2011-02-14: Thinking about misunderstandings (in systems)
2011-02-13: A humbling experience with '#' characters in filenames
2011-02-12: An advantage of the blog approach to web writing versus the wiki approach
2011-02-11: The letdown
2011-02-10: Using Django forms with HTTP GETs
2011-02-09: On flow (a digression)
2011-02-08: Thinking realistically about SQL database field sizes
2011-02-07: My brute force email archive
2011-02-06: Dear Unix mailers: please allow more forgery
2011-02-05: A side note on Google Chrome and the future of HTML
2011-02-04: Why people put NFS mounts in subdirectories
2011-02-03: The real lesson of XHTML
2011-02-02: Django and primary keys versus surrogate keys
My issues with primary keys are not Django specific
2011-01-31: There are two sorts of standards in the world
A little advantage of Django's automatic primary keys
2011-01-30: An obvious realization about SQL foreign keys
2011-01-29: Two things I have discovered about Django schema design
The amusement of minimalist spam
2011-01-28: On programming (and me)
2011-01-27: Not very much about Solaris NFS filehandles
2011-01-26: The various ways of writing a modern Python web app
2011-01-25: The modern Python web application stack (as I understand it)
2011-01-24: Poison pills, a tale of interrupts versus highly structured systems
2011-01-23: The question of how long our greylisting interval should be
2011-01-22: The clash between wikis and blogging
2011-01-21: A bit more on listing file locks on Solaris 10
2011-01-20: Something I've worked out about Django's admin interface
2011-01-18: What I am trying to do with Django
2011-01-17: Wrestling with how to design a schema for a Django app
2011-01-16: More on Linux FHS and /var
Why I don't use either a thin client or a fat client
2011-01-15: Linux's FHS is not the right answer for where to put data directories
2011-01-14: Wikis are not a simple solution for blogging
2011-01-13: One of SELinux's problems is that it's a backup mechanism
2011-01-11: My problem with SELinux
The optimistic view of SELinux's real purpose
2011-01-10: Why really high computer security is not interesting to most people
2011-01-09: What would be nice for SSL is out-of-band certificate binding
2011-01-08: Finding out if you've been hit by careful, clever spammers
2011-01-07: More modest suggestions for bug trackers
2011-01-06: An appreciation for the Posix $( ) command substitution syntax
2011-01-05: An actual use for the CSS overflow property
2011-01-04: A new building block of my environment: dmenu
2011-01-03: On improved but less functional versions of things
2011-01-02: Why there is a gulf between shells and scripting languages
2010-12-31: The only way to really be secure with SSL
One group that can sensibly use non-GPL'd Linux kernel modules
2010-12-30: Why you need select() even with communication channels
2010-12-29: Spam as a tax on public participation in open source projects
2010-12-28: A modest proposal for fixing your bug tracker
2010-12-27: Users don't care about security
2010-12-26: A lesson for myself: write tests. Really.
2010-12-25: Garbage-collected languages and memory allocation failures
2010-12-24: The jurisdiction problem with making SSL CAs liable for things
2010-12-23: More on the Unix interpreter startup problem
2010-12-22: The Unix interpreter problem(s)
2010-12-21: Why I want tests to be easy to write
2010-12-20: I don't understand how to test complex data structures
2010-12-19: A tale of memory allocation failure
2010-12-17: A Python (non-)idiom that I should really avoid
Sometimes bugs have very small edit distances
2010-12-16: The elements of a non-event
2010-12-15: Always remember that people make mistakes
2010-12-13: Fumbling towards understanding how to use DRBD
A program that I want to write: a 'sink' SMTP server
2010-12-12: One problem with the files-in-directory approach to configuration
2010-12-11: The danger of having system programmers around, illustrated
2010-12-10: How to get sysadmins to never use your software again
2010-12-09: A small request for C programmers: no static locals
2010-12-08: Exploring a limitation of the DTrace fbt provider (on x86)
2010-12-07: More on https as a necessary mistake
2010-12-06: What performance anomalies mean
2010-12-05: A log message format mistake that I've made
2010-12-03: Asking users questions never increases security
Why https was a mistake, but an inevitable one
2010-12-02: My view of OpenSolaris and Illumos
2010-11-30: A modest idea on how to get people to use Fedora Rawhide
2010-11-29: Why low quality encryption is not better than no encryption
Why 10G Ethernet is not a near-term issue for us
2010-11-28: Why I am harsh on Solaris Live Upgrade and similar tools
2010-11-27: Why I'm not really interested in Solaris's Live Upgrade stuff
2010-11-26: My view on Wayland replacing X in Linux
2010-11-25: An example of the progress of the modern web
2010-11-24: My oddly inconsistent caution (or paranoia) with email addresses
2010-11-22: Where to find the Illumos source repository
2010-11-21: Why I think some coding tricks are especially damaging
2010-11-20: Why I avoid DSA when I have a choice
More on those Python import oddities
2010-11-18: My current Apache SSL cipher settings
Thinking about how long our infrastructure will last
2010-11-16: When good ideas go bad: how not to do a file chooser dialog
2010-11-15: The language dilemma for production software
2010-11-14: Four reasons to have a firewall
The ordering of SSL chain certificates
2010-11-13: How os.path exposes some Python import weirdness
2010-11-11: The changing assumptions about viruses in email
Some yum tricks with distro-sync and --releasever
2010-11-09: Directory link counts and a find trick
2010-11-08: A find optimization and a piece of history, all in one
When Linux's rp_filter might make sense
2010-11-07: When you should care about security
2010-11-06: Modern versions of Apache and Redirect
2010-11-05: GNU sort and -k: a gotcha
2010-11-04: What we (currently) use virtualization for
2010-11-03: One reason that I call us a midsized environment
2010-11-01: Redirecting from HTTP to HTTPS is a bad security idea
2010-10-31: How I run two Firefoxes at once and still have remote control
How I set up my isolated testing Firefox environment
2010-10-30: A very convenient trick: having a testing browser
2010-10-29: What problems the Maildir mail storage format solves
2010-10-27: An extra problem with not documenting things in open source modules
A modern VCS mistake enabled by working on live trees
2010-10-26: Why Python's struct module isn't great for handling binary protocols
2010-10-24: Why we built our own ZFS spares handling system
Why I'm interested in Go
2010-10-23: My issues with Go's net package
2010-10-22: My theory on Unix's one chance to have a standard GUI
2010-10-21: The problems with testing for round-trip capable codecs
2010-10-20: Round-trip capable character encodings in Python
2010-10-18: A module that I want in the standard library: Parsing
The cache eviction death spiral
2010-10-17: Read IO is generally synchronous (unlike write IO)
2010-10-16: The attraction of the milter protocol
2010-10-15: How big our fileserver environment is (part 2)
2010-10-13: How big our fileserver environment is (part 1)
Why visited links being visible is important for blog usability
2010-10-12: Why non-linear directories have not been popular in filesystems
2010-10-11: The Unix directory problem and the history of directories
2010-10-10: Fixing Upstart's coupling of startup script presence and activation
2010-10-09: An illustration of how careful and clever spammers are today
2010-10-08: Why I am unhappy with Upstart right now
2010-10-07: In universities, you often buy hardware when you can
2010-10-06: What is going on with Samba's POSIX locking on NFS on Linux
2010-10-05: Why people combine NFS with Samba servers
2010-10-04: Linux, Samba, NFS, and POSIX locking
2010-10-03: An API mistake Unix has made several times
2010-10-02: ZFS resilvers are a whole-pool activity
2010-09-30: Stopping kernel updates on Ubuntu
A lot of my bugs are conceptual oversights
2010-09-29: A surprise about random IO versus unnecessary IO
2010-09-27: Why there is no POSIX standard for a Unix GUI
Why Grub2 doesn't solve my Ubuntu kernel problem
2010-09-26: The problems with OpenSolaris
2010-09-25: How Usenet used to be a filesystem stress test
2010-09-24: Frames were never necessary for menus and tables of contents
2010-09-23: Why things should be in Python's standard library
2010-09-22: The mysteries of video cards for Linux
2010-09-20: Dear Solaris boot sequence: SHUT UP
2010-09-19: Your on the fly control system should not use toggles
Some notes on (dynamic) Bind 9 logging
2010-09-18: Another reason why I don't like Ubuntu kernel packaging
2010-09-17: More on the module selection problem
2010-09-15: Why I like modules to be in the Python standard library
An overview of the Debian and RPM source package formats
2010-09-14: A confession: I find third party modules awkward in Python
2010-09-13: Why you want a recursive-forwarding caching nameserver
2010-09-12: Keyword expansion: why RCS rewrites files when you commit them
One aspect of getting used to modern version control
2010-09-11: A simple thing that every package management system should have
2010-09-10: Go's network package and IPv6 (and my ideal version thereof)
2010-09-09: Go, IPv6, and single binding machines
2010-09-07: My new view of DomainKeys
2010-09-06: Sorting out DomainKeys and understanding its limits
2010-09-05: An observation from changing my password
A plan to deal with my feed reader problem
2010-09-04: The laziness of a programmer, illustrated
2010-09-03: Finally understanding the attraction of AJAX
2010-09-02: Why Python's global is necessary
2010-08-31: I don't understand how net.ipv4.conf.*.rp_filter can work
2010-08-30: My avoidance of Python global variables
2010-08-29: A Bourne shell irritation: no wildcard matching operator
How many uberblock copies ZFS writes on transaction group commits
2010-08-28: The different between an SMTP proxy and a SMTP relay
2010-08-27: My impressions of Google Chrome so far
2010-08-25: A Windows moment on my laptop
The limitation of templates for web design changes
2010-08-24: A design mistake in my comments form
2010-08-23: Why I hate the Solaris 10 version of /bin/sh
My (probably wrong) assumption about Flash on Fedora
2010-08-22: Another reason to hate $LANG and locales on Unix
2010-08-21: A sudden realization about Unix access time updates and disk mirrors
2010-08-20: A clever blog anti-usability trick
2010-08-19: Getting Flash to work on my upgraded 64-bit Fedora 13 machine
2010-08-18: Please, no automatic scrolling to the next item
2010-08-17: The two sorts of Referer spam that I see
2010-08-16: What OpenSolaris's death probably means for us
2010-08-15: Why I change font sizes
2010-08-14: What I want in a caching nameserver
2010-08-13: PPP over ssh: solving problems with indirection
2010-08-12: Many programs should provide an easy way to change font size
2010-08-11: You should have a way to purge history
2010-08-10: Upgrading to Fedora 13 with my first yum upgrade
2010-08-08: The joy of debugging other people's programs
A personal view of the Fedora versus Ubuntu issue
2010-08-07: Why buying a Linux machine is not such a simple thing
2010-08-06: A thing I miss in the modern X world: command line arguments
2010-08-05: Doing unsigned 32-bit integer math in Python
2010-08-04: Good Solaris news from Oracle for once
2010-08-02: How OpenBSD's pf source-hash maps internal IPs to NAT pool IPs
2010-08-01: The consequence of Oracle's Solaris decisions
2010-07-31: The other peculiar effects of grant funding at universities
It's the indirect failure modes that will get you
2010-07-30: A little modern Unix twitch
2010-07-29: Some brief notes on OpenSSH's known_hosts hashing
2010-07-28: My Fedora 8 problem: upgrading
2010-07-27: What I would now do differently in a file based blog engine
2010-07-25: Why sysadmins almost never replace distribution packages
iSCSI versus NFS
2010-07-24: Thinking about the implications of your program being successful
2010-07-23: A realization about why my inbox keeps being my to-do tracker
2010-07-22: Why keeping /etc under version control doesn't entirely help
2010-07-21: The easy way to do fast OS upgrades
2010-07-20: The sysadmin view of messages from programs
2010-07-19: Why blog calendar widgets are bad
2010-07-18: How I solve the configure memory problem
2010-07-17: More building blocks of my environment: tkrxterm, tkssh, and pyhosts
2010-07-16: Realistic blog usability
2010-07-14: Making the Linux kernel shut up about segfaulting user programs
The challenges of shared spares in RAID arrays
2010-07-13: Sun Support's habit of publicizing private bug reports
Single-level list flattening in Python
2010-07-12: On (not) logging calculated statistics
2010-07-11: When is using SQL the right answer?
2010-07-10: People forget exceptions
2010-07-08: Unix programs should avoid exiting non-zero for clever reasons
2010-07-07: A gotcha with the Bourne shell's set -e and &&
2010-07-06: How zpool status reports on ZFS scrubs and resilvers
ZFS scrubs and resilvers are not sequential IO
2010-07-05: A thesis: noisy email addresses are dead
2010-07-03: /u, one of our long-standing Unix customizations
Returning to the era of 'duplicated' Ethernet addresses
2010-07-02: A gotcha with Python's socket.htonl() and ntohl()
A corollary to the limits of anti-spam precautions
2010-06-30: An update on comment spammer behavior here on WanderingThoughts
2010-06-29: Converting between IPv4 addresses and 32-bit integers in Python
There is such a thing as too much SQL (a reminder to myself)
2010-06-28: The great irritation of hidden access controls
2010-06-27: How we propagate password information in our fileserver infrastructure
2010-06-26: The Unix system UID and login name problem
2010-06-25: Python class definitions can be nested
2010-06-24: The elements of fileserver infrastructure
2010-06-23: The advantages of separate machines for separate things
2010-06-22: Why feed readers are not good for skimming things
2010-06-21: Applying low distraction design to alerting systems
2010-06-20: How my mail notifier avoids interrupting me
2010-06-19: Don't make your 'I am processing' animation too complex
2010-06-18: ZFS and multi-pool shared spares
2010-06-17: One reason why I prefer browser windows to browser tabs
2010-06-16: The problem of testing firewall rules changes
2010-06-14: The practicalities of non-GPL'd Linux kernel modules
A thought on feed readers versus the social web
2010-06-13: A (surprising) missing Unix tool program
2010-06-12: iSCSI Enterprise Target and disk write caches (and ZFS)
2010-06-11: What I know about ZFS and disk write caches
2010-06-10: What an iSCSI Enterprise Target kernel message really means
2010-06-09: The challenge of analyzing NFS packet traces
2010-06-08: Focusing on what you actually need in a program
2010-06-07: One problem with testing system changes
2010-06-06: The quiet death of postmaster@anywhere
2010-06-04: How to set up your module exceptions to be useful
How disk write caches can corrupt filesystem metadata
2010-06-02: A ZFS feature wish: rewriting read errors
2010-06-01: My sad little irritation with Twitter
2010-05-31: Another building block of my environment: sshterm
2010-05-30: The end of university-provided email is probably nigh
2010-05-29: UPSes: defense against problems, or sources of them?
Some comments on spam scoring and anti-spam tools in general
2010-05-28: Why I am really unhappy with ZFS right now: a ZFS import failure
2010-05-27: One benefit of relying on third-party (anti-)spam filtering
2010-05-25: Watch out for quietly degrading SATA disks
2010-05-24: Give your personal scripts good error messages
2010-05-23: Replacing modules for testing (and fun)
2010-05-22: How I fixed Google's search results redesign
Why I'm wrong about what sort of APIs C's stdargs allows
2010-05-21: An example of an API that you can't do with C stdargs
2010-05-20: The limitations of C's varargs support
2010-05-19: Why RPM's .rpmnew files don't work in practice
2010-05-18: An illustrated example of how not to do package updates
2010-05-16: You should also document why you didn't do attractive things
A theory about our jumbo frame switch firmware bug
2010-05-15: Why we don't use jumbo frames for iSCSI: a cautionary tale on testing
2010-05-14: A sysadmin mistake: shooting your virtual foot off
2010-05-13: Python exceptions for C programmers
2010-05-12: 'Borrowing' IPv4 netblocks to get around address space exhaustion
2010-05-11: Retrospectives are uncommon
2010-05-10: A little vi twitch
2010-05-09: Why diskless Unix machines lost out
2010-05-08: SSL certificate vendors are selling a commodity
2010-05-06: Oracle's future for Sun's hardware and OS business is now clear
The right way and the wrong way to disable init.d services
2010-05-05: The right way to fix ZFS disk glitches (at least for us)
2010-05-04: Dear software packagers, startup scripts edition
2010-05-03: Keeping track of filesystem consistency
2010-05-02: A brief history of fsck
2010-04-30: A rule of thumb: Automate where you can make mistakes
Never kill the screen locker
2010-04-29: How you access an object can be important in Python
2010-04-28: Altering a Python function's local variables with a trace function
2010-04-27: Evolving our mail system step 1: adding an external mail gateway
2010-04-26: How we moved from a black-box mailer configuration to a white-box one
2010-04-25: An observation about Twitter (and Google)
2010-04-24: Evolving our mail system: the overview and our goals
2010-04-23: What per-partition disk IO stats you get from the Linux kernel
2010-04-22: The latest Solaris licensing and support rumbles
2010-04-21: The advantage of garbage collection for APIs
2010-04-20: Standard format Unix errors in Python programs
2010-04-19: Why you don't want to host your MTA machine in the cloud
2010-04-18: I think it's time to turn off automatic periodic ext3 fscks
2010-04-17: The 30 second elevator pitch on HTML 4.01 (vs XHTML)
2010-04-16: How to write to stderr so people will like you
2010-04-15: The standard format Unix error messages
2010-04-14: The myth of a completely shared knowledge base across sysadmins
2010-04-13: The impact of single-disk slow writes on mirrors (and other RAID arrays)
2010-04-12: The importance of figuring out low-level symptoms of problems
2010-04-11: The comedy potential inherent in people reusing your address space
2010-04-10: Why commands can never afford to get it wrong in a version
2010-04-09: The processing flow of a network copying program
2010-04-08: A little script: sshup
2010-04-07: Our current mail system's configuration
2010-04-06: How not to set up IP aliases on Ubuntu (and probably Debian)
2010-04-05: An important thing about how ZFS handles spares
2010-04-04: The problem with header and footer overlays on web pages
2010-04-03: A DVCS advantage for open source development
2010-04-02: Notes on the compatibility of crypted passwords on various Unixes
2010-03-31: Looking back at a year of our disk-based backup system
Remote applications and Gnome settings: an irritation
2010-03-30: One possible future for Solaris
2010-03-29: More signs of Oracle's view of Solaris
My theory on why our worklogs work for us
2010-03-28: The evolution of checklists in my work
2010-03-27: Testing in the face of popen()
2010-03-26: Tkinter sometimes has a busy-wait main loop (more or less)
2010-03-25: The problem with overly verbose package installation
2010-03-24: One reason why 'zpool status' can hang
2010-03-23: No DSL is 'human-readable' as such
2010-03-22: Why I exploit Python to shim modules for testing purposes
2010-03-21: The power of 'I like this' in social applications
2010-03-20: Web analytics versus GET parameter security
2010-03-19: The problem with general purpose languages as configuration languages
2010-03-17: How Solaris 10's mountd works
Another building block of my environment: rxterm
2010-03-16: The Solaris 10 NFS server's caching of filesystem access permissions
2010-03-15: How to create pointless error reports (and how not to)
2010-03-14: Space and content
2010-03-13: A surprising lack: milter clients
2010-03-12: End results versus what's inside the black box
2010-03-11: Why the pam_mail PAM module is not my friend
2010-03-10: Mythology about Unix workstations
2010-03-09: How not to design an API (in C): the enum ordering mistake
2010-03-08: Exceptions versus error return values
2010-03-07: Why I don't expect third-party support for OpenSolaris
2010-03-06: Pushing code changes upstream is hard work
2010-03-05: PCs are (or can be) Unix workstations
2010-03-04: You want to do spam forwarding on a separate machine
2010-03-03: All syndication formats use XML
2010-03-02: A building block of my environment: rxexec
2010-02-28: Why XML is terrible for configuration files
The dividing line between supporting code and forking it
2010-02-27: An 'email marketing' wish
2010-02-26: The remaining Unixes (and their manpages)
2010-02-25: Reading the Oracle tea leaves for Solaris
2010-02-24: How to listen on a socket in the modern IPv6-enabled world
2010-02-23: What Linux's getaddrinfo() is doing with IPv6 (on some versions)
2010-02-22: Unix portability and scripting language versions
2010-02-21: It's sinking in that Sun is gone
2010-02-20: Viral marketing versus word of mouth marketing
2010-02-19: Using socket.getaddrinfo to look up IP addresses
2010-02-18: Some notes on using socket.getaddrinfo()
2010-02-17: The purpose of configuration files
2010-02-16: A Linux gotcha about daemons and bindv6only
2010-02-15: IPv6 with Lighttpd on Linux
2010-02-14: Brief notes on IPv6 support in some Linux programs
2010-02-13: Some stuff on dual-bound IPv6 sockets on Linux
2010-02-12: The many IPv6 addresses of an IPv4 machine
2010-02-11: Forcing your webpage content to scroll is generally a bad idea
2010-02-10: Beware of using Linux's hostname -s switch
Some thoughts about 6to4
2010-02-09: Why your program should have an actual configuration file
2010-02-08: A thought on deliberately slow disaster recovery
2010-02-07: The problem with blog footnotes
2010-02-06: Why a laptop is not likely to be my primary machine any time soon
2010-02-05: Emergency procedures checklists need check steps
2010-02-03: Outdated documentation is especially risky for sysadmins
Link: Pollution in
How to destroy people's interest in updating documentation
2010-02-02: What charging credit cards doesn't prove
2010-01-31: More vim options it turns out that I want
Thinking about syndication feeds and spoilers
2010-01-30: I'm puzzled about DNS glue records in the modern world
2010-01-29: A theory about Apple's new iPad
2010-01-28: Always sign exactly what you are authenticating
2010-01-27: AT&T's mad unbundling and the damage it did to Unix
2010-01-26: Why the modern age is great
2010-01-25: You can only really expire cookies on the server
2010-01-24: How I should have done password crypto for DWiki
2010-01-23: A Python safety tip: Do notice that things can throw exceptions
2010-01-22: Three ways to get tracebacks in your CGI Python application
2010-01-20: The argument for not managing systems via packages
One of the things that killed network computers (aka thin clients)
2010-01-19: OpenSolaris versus Solaris
2010-01-18: More on mismatched sectors on Linux software RAID mirrors
2010-01-17: I do not like Unix's fossilization
2010-01-16: Different visions of what packaging systems are for
2010-01-15: Packaging systems should support overlays
2010-01-14: Packaging systems should be comprehensive
2010-01-13: One reason why you should not let people register other people
2010-01-12: How systems get created in the real world
2010-01-11: In praise of crash (and kernel source)
2010-01-10: Why the Solaris packaging system is bad
2010-01-09: Patch management is part of package management
2010-01-08: A brief and jaundiced history of Unix packaging systems
Interesting things can happen when you scale things up
2010-01-06: A theory on why most browsers control their own list of CA roots
The department's model for providing computing support
2010-01-04: Some thoughts on battery backup for RAID controller cards
Turning synchronous channels asynchronous
2010-01-03: Go interfaces are not my sort of interfaces
2010-01-02: Proper disclosure, or how not to be a comment spammer
2010-01-01: Brief bits from the evolving ipsCA failure
2009-12-31: Why free things are so attractive in universities
Look at your pull-based system for things that push
2009-12-30: Real world support periods are shorter than they look
2009-12-29: Solaris is not open source
2009-12-28: The annoying timing of future SSL certificate renewals
2009-12-27: Some OpenSSL and SSL certificate basics
2009-12-26: Things that limit the performance of hardware acceleration
2009-12-25: Linux's non-strict overcommit is the right default
2009-12-24: The advantages of open source software RAID
2009-12-23: Another demonstration of SSL Certification Authority (in)competence
2009-12-22: How not to set up your DNS (part 20)
Do you have a network layout diagram?
Using OpenID for local web application authentication
2009-12-20: Some things about getting useful output from time
Some thoughts on intercepting https traffic
2009-12-19: Local CAs and an interesting consequence of the SSL security model
2009-12-18: Secure or useful: pick one
2009-12-17: The good and bad of SQL
2009-12-16: How Linux software RAID is making me grumpy right now
2009-12-15: The high costs of true security paranoia in the face of compromises
2009-12-13: Sysadmin versus developer uses of version control systems
Mercurial versus git for sysadmins, or why we picked Mercurial
2009-12-12: You should always be able to get a program's version and basic usage
2009-12-11: A wish for KVM virtualization: simple bridged networking
2009-12-10: How not to copy a file to standard output in Python
2009-12-09: My views on inheritance versus interface
2009-12-08: Why I am not enthused about etckeeper and similar systems
2009-12-07: Why whitelists (and blacklists) are long-term poison for online systems
2009-12-05: Overcoming the drawbacks of preforking accept() servers
What version of Python is included in various current OSes
2009-12-04: Learning from Unicorn: the accept() thundering herd non-problem
2009-12-02: The problem with the OpenSolaris source repository
The mixed directory/unrelated files VCS problem
2009-11-30: Using content hashing to avoid the double post problem
Poking around the OpenSolaris codebase (for sysadmins)
2009-11-29: In security, you need to stop the root mistake
2009-11-28: 'Conditional restart' in init.d scripts can be dangerous
2009-11-27: Modern version control systems change your directory layouts
2009-11-26: Some notes for myself on git bisect
2009-11-25: Why I love Unix, number N (for some N)
2009-11-24: An important lesson for me on Fedora upgrades
2009-11-23: Converting a directory from RCS to Mercurial
My current unhappy thoughts on Fedora 12
2009-11-22: RCS versus modern version control systems
2009-11-21: An update on faulted ZFS spares
2009-11-20: Spam and the attraction of reach
2009-11-19: The corollary for effective anti-spam heuristics
2009-11-18: Universities are open environments
2009-11-17: Finally understanding the appeal of 'Interfaces'
2009-11-16: 'Is-a' versus 'is-a-descendant-of'
2009-11-15: A limitation of Python types from C extension modules
2009-11-14: How to defer things in Exim
2009-11-13: (Ab)using Exim routers for their full power
2009-11-12: What makes Exim work as a mailer construction kit
2009-11-11: For universities, the Internet world has fundamentally changed
2009-11-10: HTML5 may end up giving us real, working XHTML
2009-11-08: My problem with the obvious solution to my unexposed types problem
2009-11-07: Solving unexposed types and the limits of duck typing
A gotcha with Bash on Ubuntu 8.04
2009-11-06: A shell script thing that I have learned the hard way
2009-11-05: Why the NFS client is at fault in the multi-filesystem NFS problem
2009-11-04: The cause of the multi-filesystem NFS export problem
2009-11-02: Are security bugs always code bugs?
2009-10-31: My thoughts on why invented standards succeed or fail
The risk continuum for standardization success
2009-10-30: Understanding hash length extension attacks
2009-10-29: Why per-process (or per-user) memory resource limits are hard
2009-10-28: Python modules should make visible their (fundamental) types
2009-10-27: A personal experience of web browsers making bad text editors
2009-10-26: What I think I understand about how standards get created
2009-10-25: Some thoughts on a 'modern' university email system
2009-10-24: Something I have realized about university services
2009-10-22: The limits of some anti-spam precautions
How to waste lots of CPU time checking for module updates
2009-10-21: Why you should be able to get a list of your local email addresses
2009-10-20: Simple mailing lists: an illustration of Exim's flexibility
2009-10-19: The case against backup MXes
2009-10-18: Backup MXes versus redundant MXes
2009-10-17: Automated web software should never fill in the Referer header
2009-10-16: A tale of network horror, or at least excitement
2009-10-15: One complexity of buffered IO on Unix
2009-10-14: Why 'invite-your-friends' features are spam from you, not your users
2009-10-13: There are two different uses of conditional GETs
2009-10-12: ZFS GUIDs vs device names
2009-10-11: Why security bugs aren't bugs
2009-10-10: You should delete obsolete data files
2009-10-09: A fun bug I once ran across
2009-10-08: What is going on with faulted ZFS spares
2009-10-07: A brief introduction to ZFS (disk) GUIDs
2009-10-06: The danger of software suspend on servers
2009-10-05: The problem with security bugs is that they aren't bugs
2009-10-04: Why Unix filesystems precreate lost+found directories
2009-10-03: One thing that top-posting is good for
2009-10-01: The rules for combining things with Bourne shell 'here documents'
2009-09-30: A little habit: cat >/dev/null
On (not) putting IP addresses in registration email
2009-09-28: Two ends of hardware acceleration
What I think about why graphics cards keep being successful
2009-09-27: Some suggestions for registration confirmation emails
Why you can no longer have an 'invite-your-friends' feature
2009-09-26: How our 'plug in and go' laptop network DHCP portal works
2009-09-25: How our DHCP registration portal redirections work
2009-09-24: SSL certificates require proper domain names
2009-09-23: A brief overview of the Solaris 10 nvpair library
2009-09-22: Some trivia about Python frame objects
2009-09-21: Exploring the frame object f_builtins member
2009-09-20: Why kernel packaging is so bad in Debian and Ubuntu
2009-09-19: Why I am not a fan of hardware acceleration
2009-09-18: Are you sure it's a C string?
2009-09-17: A trick to testing https setups on test machines
2009-09-16: Some kernel lockd NFS error messages explained
2009-09-14: Listing file locks on Solaris 10
Forwarding emails without false positives
2009-09-13: How modern CPUs are like (modern) disks
2009-09-12: My opinions on when you should let ZFS handle RAID stuff
2009-09-11: Why you should let ZFS handle the RAID stuff
2009-09-10: What I know about how ZFS actually handles spare disks
2009-09-09: Postfix versus Exim
2009-09-08: Some ways to avoid needing a public ticketing system
2009-09-07: A use for ticketing systems as your primary support method
2009-09-06: What typing ^D really does on Unix
2009-09-05: Why the Unix EINTR semantics (probably) exist
2009-09-03: An interesting issue with doing NFS over TCP (apparently)
Programming blindness and security
2009-09-02: Environment variables make bad switches
2009-08-31: How to deprecate bits of your program
The IO scheduler improvements I saw
2009-08-30: Some more thinking about requirements in specifications
2009-08-29: MUST versus SHOULD in your specifications
2009-08-28: ZFS changes filesystem device numbers on reboot
2009-08-26: What packages SystemTap requires on Ubuntu 8.04 (and others)
A frame object's f_locals isn't always the locals
2009-08-24: The problem with the CFQ IO scheduler and our iSCSI targets
Anti-spam content scanning systems need to scan more
2009-08-23: You should not use HTTP request parameters as filenames
2009-08-22: A gotcha with Python's new signal.siginterrupt()
2009-08-21: The danger of powerful generality, illustrated
2009-08-20: Python modules should not reinvent OSError
2009-08-19: Link: Using colour well in data visualization
Python, signal handlers, and EINTR
2009-08-18: Why user programs mapping page zero is so bad news on x86 hardware
2009-08-17: More accidental BitTorrent on our network
2009-08-16: Testing versus extensibility
2009-08-15: SSDs and the RAID resync problem
2009-08-14: Sorting out what 'passive ftp' is
2009-08-12: Undo is sometimes not good enough
One thing your mail-sending system should do
2009-08-11: The somewhat apocryphal history of comments in the Bourne shell
2009-08-10: The difference in the Bourne shell between : and #
2009-08-09: Building true ssh opportunistic connection sharing
2009-08-08: How I use ssh's connection sharing feature
2009-08-07: The basics of ssh's connection sharing feature
2009-08-06: A rule for Internet software
2009-08-05: A feature that I wish Linux package managers had
2009-08-04: A downside to syndication feed readers respecting permanent HTTP redirects
2009-08-02: Limitations on custom NFS mount authorization on Solaris
What you can't do before you drop setuid permissions
2009-07-31: Using SystemTap to trace the system calls of setuid programs on Linux
How fast various ssh ciphers are
2009-07-30: How we do custom NFS mount authorization on Solaris 10
2009-07-29: The shift-selection trick in X terminal programs
2009-07-28: Spammers are quite dedicated in their address scraping
2009-07-27: Why you should do code reviews for sysadmin scripts
2009-07-26: The anatomy of a hack to get around try:/finally: and generators
2009-07-25: When code in generators runs
2009-07-24: The usefulness of a syndication feed of your blog's comments
2009-07-22: Thinking like a security paranoid: an example
A peculiar change in Linux flock() and fcntl() behavior
2009-07-21: Packages should not contain both tools and policies
2009-07-20: Minimalistic spam, another annoyance to worry about
2009-07-19: The importance of making an issue visible
2009-07-18: Why NFS filehandles fail as access capabilities
2009-07-17: The hard problem of live major release upgrades
2009-07-16: Another reason to safely update files that are looked at over NFS
2009-07-15: A Bourne shell gotcha with ( ... ) command grouping
2009-07-13: Some stuff on NFS access restrictions
Shell scripts should not use absolute paths for programs
2009-07-12: A brief history of NFS server access restrictions
2009-07-11: What can go wrong in making NFS mounts
2009-07-10: An unpleasant surprise about ZFS scrubbing in Solaris 10 U6
2009-07-09: The high-level version of how mounting NFS filesystems works
2009-07-08: Fedora and workstations (on Linux distributions for desktops)
2009-07-07: Why and why not Fedora
2009-07-06: How you could do a shared root directory with NFS
2009-07-05: The coming Internet identity problem
2009-07-04: A side note on the cost of operations
2009-07-03: How software makes reverse proxying hard
2009-07-02: Finding out when a command in a pipeline fails
2009-06-30: A Unix irritation: pipeline status
More on why users keep mailing specific people
2009-06-29: A theory on why users keep mailing specific people
2009-06-28: How we solve the multiuser PHP problem
2009-06-27: Possible limits on our port multiplied ESATA performance
2009-06-26: How not to set up your DNS (part 19)
An advantage for hardware RAID over software RAID
2009-06-25: Patching systems versus patching appliances
2009-06-24: Another source of stickyness for social web sites
2009-06-22: Solaris 10 NFS server parameters that we change and why
Why GNU tools are sometimes not my favorite programs
2009-06-21: Email is intrusive, and why
2009-06-20: Using GRUB to figure out the mapping of BIOS drive numbers
2009-06-19: Fedora desperately needs a better upgrade system
2009-06-18: A kernel NFS error message explained
2009-06-17: The NFS 'reserved ports' option and why you care
2009-06-16: Maybe understanding blogrolls
2009-06-15: try:/finally: and generators
2009-06-14: How to set up your vacation messages to get thrown off mailing lists
2009-06-13: One of the reasons good alerting is tough
2009-06-12: What I know about Solaris 10 NFS server file lock limits
2009-06-11: There are two different purposes of monitoring systems
2009-06-10: Users are lazy
2009-06-08: Another way that generators are not lists: modifying them
Monitoring systems should be always be usefully informative
2009-06-07: It's important to get the real costs right
2009-06-06: User perceptions (and expectations) of backups
2009-06-05: How we're planning our backup storage capacity needs
2009-06-04: Another irritation with Gnome's gconf settings system
2009-06-03: The costs of development versus the costs of operation
2009-06-02: Sometimes brute force is the answer (on Unix)
2009-05-31: A thought on giving custom redundant storage systems some history
The better way to install Sun's Java
2009-05-30: The program energy efficiency optimist's view
2009-05-29: The cost of program energy efficiency
2009-05-28: Encapsulation may be in the eye of the beholder
2009-05-27: Hosted servers, cloud computing, and backups
2009-05-25: Backups versus redundancy
2009-05-24: An interesting bit of ssh and sshd behavior
What modern email is good for
2009-05-23: The drawback of using a language with a good interface to the OS
2009-05-22: How CPython handles (and delays) Unix signals
2009-05-21: Solving the Python SIGCHLD problem
2009-05-20: Why directory URLs have to have trailing slashes
2009-05-19: Some notes on rewrites in Apache .htaccess files
2009-05-17: One reason for Unix's permission checking timing
The crucial difference between online and offline backups
2009-05-16: Autoresponders in the modern email world
2009-05-15: Why df on an NFS-mounted ZFS filesystem can give odd results
2009-05-14: Fixing your system after hitting the RAID growth gotcha
2009-05-13: Booting a Linux system without a root mirror
2009-05-12: A serious gotcha with growing software RAID devices
2009-05-10: What affects how fast you can restore backups
Another advantage of disk-based backup systems
2009-05-09: Our disk-based backup system
2009-05-08: The problem with tapes (for backup)
2009-05-07: How to set up your xorg.conf for RandR-based dual-headed systems
2009-05-06: An irritation with Linux's 'mount -t nfs' output
2009-05-05: How we periodically scrub our ZFS pools
2009-05-03: An inexplicable omission in bash's sourcing of .bashrc
2009-05-02: Why version control systems should support 'rewriting history'
Convenient ssh in Gnome, or 'my sshmenu wish comes true'
2009-04-30: My standard Gnome customizations
Why I would still like MC/S in Linux
2009-04-29: Pragmatic issues with hash verifiers for email messages
2009-04-27: One of my TDD weaknesses: mock objects for complex objects
The problems of over-documenting things
2009-04-26: A Bourne shell irritation: piping just stderr
Lighttpd, CGIs, and standard error
2009-04-25: On digital signatures and client security issues
2009-04-24: The difference between Web 1.0 and Web 2.0
2009-04-23: A Gnome irritation
2009-04-21: Why your ticketing system should not be accessible to users
2009-04-20: Some ways to add versioning to pickled objects
Why pickle is not a good way to save your data
2009-04-19: Sometimes you don't want behavior with your data
2009-04-18: What users see as benefits from sysadmins
2009-04-17: Git and 'rewriting history'
2009-04-16: What causes the ZFS file deletion problem with snapshots
2009-04-15: The problem with Solaris 10 update 6's ZFS failmode setting
2009-04-13: How I went wrong in thinking about /boot mirroring
Your ticketing system should be optional
2009-04-12: A hairshirt too far: on always avoiding CSS
2009-04-11: The advantage of having an (XML) sitemap
2009-04-10: Why 'sender stores message' is easier for spammers than real mail servers
2009-04-09: Why ssh needs to verify host keys
2009-04-07: Handling ssh to generic hostnames
The technical problems with 'sender stores messages' schemes
2009-04-06: An interesting hardware mystery
2009-04-05: Why I don't expect ARM-based netbooks to be a success
2009-04-03: The (or a) problem with Unix manpages
How to use Vixie cron to schedule at regular odd times
2009-04-02: System status announcements and where your users are
2009-03-31: The SSD boom and the theoretical multicore revolution
A sysadmin use for Twitter
2009-03-30: There are three entry states for feed readers
2009-03-29: Why I wrote my own bulk IO performance measurement tool
2009-03-28: Make your web application's interface elements obvious
2009-03-27: The theoretical advantage of a separate /boot filesystem
2009-03-26: An important difference
The git version control system as a creation of the modern age
2009-03-24: Using fully mirrored system disks on Linux
How not to improve your CD player application
Frustration for a sysadmin (well, for me)
2009-03-23: How libraries should handle internal warning messages
2009-03-22: An outline of a possibly easier IPv4 to IPv6 transition
2009-03-21: Why the ideal IPv4 to IPv6 transition is impossible
2009-03-19: Why 'sender stores message' schemes won't cure phish spams
2009-03-18: An obvious thing about dealing with web spider misbehavior
Principles of email in the modern age
2009-03-16: An important gotcha with iSCSI multipathing in Solaris 10
Complex data structures and the two sorts of languages
2009-03-15: A realization: planet aggregators have a natural size limit
2009-03-14: Why I don't trust seteuid() and friends
2009-03-12: The problem with /var today
The not so secret history of /var
2009-03-11: Checklists versus procedures
2009-03-10: Why checklists work
2009-03-09: What list methods don't make sense for heterogeneous lists
2009-03-08: Python's theoretically missing core data type
2009-03-07: What past problems of mine the collections module solves
2009-03-06: What can keep a ZFS pool busy and prevent it from exporting
2009-03-05: What seems to use power on a Dell Mini 12
2009-03-04: The ASUS Eee PC versus the Dell Mini 12
2009-03-03: Rollbacks versus downgrades
2009-03-02: Some gotchas with ZFS in Solaris 10 update 6
2009-02-28: What it would take for me to use Fedora Rawhide
The potential problems with distribution downgrades
2009-02-27: The peculiar case of the conference spammers
2009-02-26: What I learned from Google Mail's recent outage
2009-02-25: Don't log usernames for bad logins
2009-02-24: A core principle of error and warning messages
2009-02-23: A problem with microtransactions
2009-02-22: Internet scale security: the impact of cheapness
2009-02-21: How to turn off gnome-terminal's cursor blinking
2009-02-20: An attraction of planet-style blog aggregators as your feed reader
2009-02-19: Appearances are deceptive in the (anti-)spam world
2009-02-18: My theory on why people wind up using common passwords
2009-02-17: Design versus construction
2009-02-16: My approach to website passwords (and why it is the right one)
2009-02-15: How CPython optimizes allocations for some built-in types
2009-02-14: Some of my assumptions about Python object allocation
2009-02-13: The accumulator mini-pattern and .setdefault()
2009-02-12: Recognizing non-interactive shells and 'shell levels'
2009-02-11: True point in time restores may be hard
2009-02-09: Backups and archives
I hate flaky systems, Fedora 10 and/or hardware edition
2009-02-08: When bash sources your .bashrc
2009-02-07: An illustration of one reason that documentation is hard
2009-02-06: Our SunFire X2100 nVidia Ethernet experiences
2009-02-04: An alarming ZFS status message and what is usually going on with it
Why btrfs was inevitable: a corollary to (not) getting ZFS in Linux
2009-02-02: A grumpy remark about Solaris's scalability
2009-02-01: Understanding ZFS cachefiles in Solaris 10 update 6
2009-01-31: Why social mudding works
When can you assume UTF-8 filenames?
2009-01-30: A surprising lack on Linux: browsers for camera RAW photos
2009-01-29: An RPM packaging utter FAIL
2009-01-28: The (or an) attraction of Twitter
2009-01-27: My wishes for Sun's online documentation
2009-01-26: My reaction to Solaris 10 update 6's ZFS changes
How LiveJournal is sticky
2009-01-25: Thinking about what you do with undo
2009-01-24: Towards a better undo
2009-01-23: The HTML tax (in Python, and in general)
2009-01-22: The NFS re-export problem
2009-01-20: Why high availability NFS requires shared storage
The inner life of NFS filehandles
2009-01-19: Using iptables to get around the policy based routing limitation
2009-01-18: The basic implementation of relatively high-availability NFS
2009-01-17: Practical issues with getting ZFS on Linux
2009-01-16: A lament about modern NFS development