Security: Alleged Backdoor in OpenBSD's IPSEC Stack. Ouch. If there's anything to it, we might need a WikiLeaks for Open Source. And of all places, in OpenBSD, which has put security at the top of its TODO list.
sysadmin - 4.11.2009 - 15.12.2010
Homebrew — MacPorts driving you to drink? Try Homebrew!. I can only support the call. After using MacPorts for years, I have now switched to Homebrew on the Air, and it is much slimmer. And since it doesn't want to install half of the internet for every little package, you even have a realistic chance of installing the tools on the smaller disk of the Air. It's also nice that you can intervene in many places if you want to (since I am a programmer after all, it is quite a natural desire to sometimes do the configure yourself or something similar). By the way, the recipes are quite up-to-date, for example, Node.js is in the latest version, pypy is also, as well as Scala and Clojure. Fits well with my currently planned experiments.
WordPress 3.0.2 is out and since it contains security fixes, an update is recommended. The German WordPress version is also already available and the update went smoothly for me. I only had to replace all occurrences of Gallerie with Galerie in the language file to make the special handling of gallery posts work (and because Gallerie just looks stupid and is wrong - I don't understand why it's still in the language file. I reported this and it was allegedly fixed a long time ago. Well ...)
Conditional CAPTCHA for WordPress is a very nice plugin that adds Captcha to comment forms. The special feature: it only does this if Akismet thinks a comment is spam. Captcha failure is then punished with the deletion of the comment - this keeps the spam queue manageable.
WordPress › Support » WP Super Cache sometimes ignites a blank Home Page! Need to restart Apache - sounds exactly like my problem, but it's already a year old. Seems to be some combination of many parts. For now, I've turned off APC, as it also produces strange messages in the error log, for which there are no really satisfying comments on the net to find. Somehow, the whole PHP stuff is really shitty. Too many parts coming from too many different places and all somehow but not quite working together. Basically, everything runs, but as soon as you want to get a grip on the performance problems, there are all sorts of strange and inexplicable effects. All just wild hacks.
[WordPress › Support » [[Plugin: WP Super Cache]] Blank Pages - 500 Error - in Dashboard (sometimes the site too)](http://wordpress.org/support/topic/plugin-wp-super-cache-blank-pages-500-errror-in-dashboard-sometimes-the-site-too). Describes my current problem since I have SuperCache - maybe this is also my solution. Otherwise, SuperCache will just be removed, because before that it actually ran well, just slowly. If it's dark (uh, white) in between, it might be due to my problem and I'm still analyzing.
Is My Blog Working? This is a question you ask yourself quite often. And the answer is not always as simple as just looking at it - for example, what about caching? This tool provides some information, but there is even more at RedBot and Cacheability. Especially for cache information, the last two are better than the first link.
Owl Content in new home
The Owl Content is now also running on the new box. It wasn't particularly complicated, the hairiest part was a silly bug in the Feedparser used (a terribly old version, it's quite possible that newer versions have already fixed this) and an incompatibility of the PHP gettext implementation, which is still used by Wordpress 1.5. Otherwise, it actually did pretty much everything needed right away. It may be that some hits are still running on the old system until the nameserver changes have spread around, but that should grow out in the next few days. And quite incidentally, the owl now has much stronger wings. It should be enough for the next 8000 posts.
Moving Status
It's finally happening - the static extraction of my old blog for the archive took several days, but now I have created a complete backup, redirected the nameservers, and in the next few days, everything should be on the static part. I am redirecting some of the links directly, for example, the main feed and the homepage itself. Maybe I will gradually redirect other things to the new blog if I notice it's worth it.
The Meta-Owl is still on the old server, I'm afraid I have to tackle that next and see if it can be made to fly on a new system. And then there are the various photo galleries of my subtenants - at least I have already prepared everything for that, the rest is mainly copying all the files and then a bit of layout adjustment.
It looks like I can shut down the old machine in the near future (maybe even by the end of the month?). The machine has served me well for many years, but it is now a bit outdated. But I will put the last backups aside somewhere, because as I know myself, I will realize shortly after shutting it down that I have stored something somewhere that I urgently need ...
'Super-secret' debugger discovered in AMD CPUs • The Register. Wow. Hardware Backdoor.
kbhomes's TextCaptchaBreaker shows why text CAPTCHAs are basically bananas. They are often too easy to crack and especially automated - and this code shows a very nice implementation of it. My old blog still has text CAPTCHAs and gets along quite well with them, but that's probably due to the low traffic - in the last few weeks, more and more spam comments have been posted there and I'm not sure if they weren't placed by bots.
WordPress › WPtouch « WordPress Plugins - no idea if I want something like that. Could be quite interesting though, after all I have such a touch device myself. On the other hand, Mobile Safari also displays normal websites well. Moreover, there is still a problem: the nginx cache knows nothing about it and would potentially cache the wrong pages. In any case, I'm not sure that these mobile extensions get along well with caches.
WordPress › WordPress Nginx proxy cache integrator « WordPress Plugins. I use it on my box to speed up my WordPress. WordPress itself runs in a KVM with a standard stack and an Nginx in front as a cache. Does it hold up?
Bitrot reloaded
It's time to start over and rebuild. This is an attempt to work with WordPress again. After my own software was rendered obsolete by years of not updating the requirements under the blog, this time there's standard off-the-shelf software. Let's see how it goes.
rfc1437 | Content-type: matter-transport/sentient-life-form - Strong trends towards "throw away with archive and start over" with slight options for "throw away, static archive and maybe shovel a part into the new platform if I find the time". The link shows where I'm currently playing around. Wordpress with a few small plugins and an nginx caching front.
Bitrot
Got me too. My old blog software probably won't be able to survive unchanged. Old Python version (2.3), old (very old) Django (0.91), old PsycoPG driver (1.0), old PostgreSQL (7.4) and all of that on an old Debian (a wild mix of various versions with backports and custom programs and several failed upgrade attempts). Argh.
Well, I'm still torn between "rewriting" and "throwing away". The latter has the charm that I won't have to carry all that junk around anymore. And honestly, nothing particularly interesting ever happened on my blog anyway. Maybe I can set up a wget mirror beforehand and dump the whole thing somewhere statically, as an archive.
Rewriting also has a lot of charm, but converting thousands of old entries (over 4000 articles and over 4000 links, plus almost 200 images) from 8 years (first entry on November 3, 2002) doesn't sound like fun. And probably thousands of the links are outdated and obsolete anyway.
No idea what I'm going to do, maybe I'll try to bring the Metaeule to the new box first, where I only have the problem that PHP4 is no longer in the Ubuntu repository for 10.04 and I therefore have to force the owl to PHP5 (and that with code based on Wordpress 1.5 - I must really be crazy).
Or I try to install an old Debian with the packages used at that time - the box doesn't run in the front, but behind other machines, so the hacking risk is rather low at that point. The Metaeule of course also has a few thousand posts in the archive (only 8291, that's almost nothing), but if I can keep the old software running (some security patches have been added over time, so it can actually continue to potter along), I don't necessarily have to tackle it.
Somehow, the internet was also such a really bad idea ...
The V4Z80P – A Z80 Based Laptop @ Retroleum - someone not only builds their own computer with their own system, but it's also a laptop. Or something similar, at least.
Links
rfc1437 | Content-type: matter-transport/sentient-life-form - Strong trends towards "throw away with archive and start from scratch" with slight options for "throw away, static archive and maybe shovel a part into the new platform if I find the time". The link shows where I'm currently playing around. Wordpress with a few small plugins and an nginx caching front.
Bitrot
I've been hit by this as well. My old blog software probably won't be able to survive unchanged. Old Python version (2.3), old (very old) Django (0.91), old PsycoPG driver (1.0), old PostgreSQL (7.4) and all of this on an old Debian (a wild mix of various versions with backports and custom programs and several failed upgrade attempts). Argh.
Well, I'm still torn between "rewrite" and "throw away". The latter has the charm that I won't have to carry all that junk around anymore. And honestly, nothing particularly interesting ever happened on my blog anyway. Maybe I can set up a wget mirror beforehand and dump the whole thing somewhere statically, as an archive.
Rewriting naturally has a lot of charm as well, but converting thousands of old entries (over 4000 articles and over 4000 links, plus almost 200 images) from 8 years (first entry on 3.11.2002) of blogging doesn't sound like fun. And presumably, thousands of the links are outdated and obsolete anyway.
No idea what I'll do, maybe I'll try to bring the Metaeule to the new box first, where I only have the problem that PHP4 is no longer in the Ubuntu repository for 10.04 and I therefore have to force the owl onto PHP5 (and that with code based on Wordpress 1.5 - I must really be crazy).
Or I try to install an ancient Debian with the packages used at the time - the box doesn't run in the front anyway, but behind other machines, so the hacking risk is rather low at this point. The Metaeule naturally also has a few thousand posts in the archive (only 8291, which is almost nothing), but if I can keep the old software running (some security patches have been applied over time, so it can actually continue to tinker along), I don't necessarily have to tackle it.
Somehow, the internet was also such a really bad idea ...
Twisted Orchestration Language in Launchpad - and someone has ported the Orc combinators to Python, using Twisted. However, I personally find Twisted rather disgusting to program, but if you like ...
Kilim - stumbled upon this while browsing the Orc documentation, a microthread library for Java.
Orc Language - haven't read anything about it yet, but it looks quite interesting. The core is Cor, a functional language without side effects, and Orc, which is built on top of it, is used for orchestrating services in distributed systems. The whole thing in a quite appealing, compact syntax on the JVM. One could certainly take a look at it as an alternative to Scala and Clojure, Java is integrated as an external service, which makes it quite easy to build distributed systems in which parts are implemented in Java. It reminds me in many points strongly of the ideas of Erlang (generally assume a distributed system, but still keep parts local for performance reasons), but I find the syntax much more pleasant. And with the JVM a much more widespread VM than Erlang's BEAM.
Interactive Fabrication » Beautiful Modeler - wow, that's incredibly cool.
Tornado Web Server Documentation - I really need to take a closer look at Tornado. For a side project, I've built a web service with web.py, which was shockingly simple (and dirty). Tornado is based on a very similar concept, throws Django-like templates into the mix and offers a good asynchronous server and support for asynchronous sockets and http requests right away. Could be a good alternative for web services that need few resources.
Fat Cat Software - iPhoto Library Manager - since I was stupid enough to make a photobook on a different Mac than usual (well, the usual one was always occupied), I'll probably have to take a look at this to see if I can merge my books onto a single machine. It's quite annoying that Apple doesn't offer any merge function in iPhoto. With a notebook and a desktop, you quickly end up with separate libraries. If Lightroom supported book printing, I would have been gone from iPhoto a long time ago. Everything is somehow not quite satisfying.
The V4Z80P – A Z80 Based Laptop @ Retroleum - here someone not only builds his own computer with his own system, it's also a laptop. Or something similar anyway.
Oracle cooks up free and premium JVMs - and Oracle begins to try to cash in on Java. If it works, Java could soon be in a similar situation as .NET: the free implementations lag behind the scope of the commercial ones. What this means for alternative languages on the JVM remains to be seen - but it will certainly cause some problems. However, the JVM world is large enough and equipped with enough alternatives, and Oracle is not Microsoft. Therefore, this could all just be a storm in a teacup and only affect the typical Oracle victims.
Kunsthalle Bielefeld: Der Westfälische Expressionismus - I think I actually have a reason to drive to Bielefeld.
Mediathek für Mac OS X - I need to check this out. After all, archiving is now the viewers' job thanks to stupid private broadcasters (and politicians who have made themselves their errand boys).
Panasonic DMC-GF2 Preview: 1. Introduction: Digital Photography Review - I hate you, Panasonic. Now I want the cute little GF2+14mm kit. Menno. First Apple with the MacBook Air and now Panasonic, everyone just wants my money.
Eventlet Networking Library - I need to take a closer look at this, the monkey-patching of standard libraries to make them trivial to use in an asynchronous environment looks very interesting.
There is no Plan B: why the IPv4-to-IPv6 transition will be ugly - a bit negative and end-of-the-world-is-near the article, but it lists a number of problems that we will face during the IPv6 transition. It's not a trivial task, the switch from IPv4 to IPv6. But it is necessary anyway, there is no viable alternative.
Hg-Git Mercurial Plugin - did I already have this? No idea, doesn't matter, it's good, can't hurt to repeat.
Back In Time - looks quite good, it offers about what TimeMachine does. Ok, Linux-typically a bunch of options and selections have been added and simply / as a source for the backup does not work, but well, if you manually include the relevant directories (and remember to update the selection occasionally when changes are made), you can actually do something with it. The basis is rsync with hardlinks, so in the end really usable backups, because you can also manually restore them if necessary. What I haven't tried yet is what happens when you back up to removable media and they are not present. But there it also failed with faubackup. UPDATE: works quite well with removable media, it does issue an hourly message if the drive is not present, but it recognizes it cleanly and skips the backup run then. It would be nice to have an "automatically back up when the drive appears".
SSH on the iPhone at last | The 23x blog - "termcapinfo xterm ti@:te@" in the .screenrc for support of scroll gestures is the most important part of the article (and on the iPad, ssh is also quite fun - a decent server machine and you can comfortably script in the armchair with the iPad, maybe even a Bluetooth keyboard ...)
iFolder - I just came across this. Open Source from Novell that builds functionality similar to Dropbox. Only that you operate your own server (a Linux box, ready-made packages for Open Suse). The whole thing is built with Mono, clients for Linux, Windows and Mac. I haven't tried it yet (Dropbox works too well for me to feel a great urge for changes), but I think before the next renewal with Dropbox I could take a look at it. Hosting a Suse box somewhere (or getting the server to run on Ubuntu or Debian) shouldn't be the biggest problem and I'm already hitting the limits of the 50G option from Dropbox. What I haven't found is access to older versions of files - but I haven't looked through the quite extensive manuals yet.
Ceph: A Linux petabyte-scale distributed file system - too bad we don't need a distributed cluster file system in the company anymore because of the big NetApp - this sounds really interesting and looks like it actually addresses the weaknesses of previous solutions.
IBM breaks OSS patent promise, targets mainframe emulator - was to be expected, but still a nasty story. IBM is IBM - and IBM is only its own friend. Large companies first look at their own wallet, then at others. And Hercules allows some things that so far only low-end mainframes have achieved. That's where the fun and the cuddly course end for IBM.
PiCloud | Cloud Computing. Simplified. - very interesting service: trivial distribution of Python code (with access to C/C++ libraries for number crunching and other things, e.g. also image processing, even your own C/C++ libraries are possible) on a provider-managed EC2 grid. The programmer only writes his Python code, tests locally, if everything works well with small sets, upload base data, import, function call and wait until the results are there - payment is made according to usage time. Definitely keep an eye on it, in case you need to process larger amounts of data - this can indeed be cheaper than providing the necessary resources yourself.
PostgreSQL: News: 9.0 Alpha 4 Available Now - was previously called 8.5, so it is the version with streaming replication.
Report: Post plans DE-Mail for 20 cents - when I read such nonsense, I really wonder what kind of weed the clowns at Post and 1&1 are smoking. The weed can't be legal if it produces such absurd delusions. Quite apart from the fact that "secure online communication" operated by such shops is a farce anyway.
Please read: Security Issue on AMO « Mozilla Add-ons Blog - it was only a matter of time before the first Firefox extensions with trojans were distributed and slipped through Mozilla's review. Extensions are exactly that - code snippets that run in the same security context as Firefox itself. I believe that in the long run, we need a completely different architecture with much stronger sandboxing for applications and extensions if we want to get this under control.
InfiniDB 1.0.2: Analytical Database Engine for Data Mining - Golem.de - hmm, based on MySQL - I don't know if I should consider this a recommendation or a deterrent. On the other hand, a DB specifically for data mining-like query profiles would sometimes be useful - so I should try it out.
Pollution in 1/8 | RIPE Labs - 1/8 and 27/8 are now normal IP addresses - and there are conflicts with people who specifically used 1/8 for various things because it has been "unallocated" since 1981 ...
Time Capsule Memorial Register - hmm, will I have to list my TimeCapsule there someday? I still have one from the first generation ...
Windows hole discovered after 17 years - well, that's a nice greeting from the past. Privilege escalation in the old DOS boxes - back to NT 3.1!
Matasano Security LLC - Chargen - If You're Typing The Letters A-E-S Into Your Code, You're Doing It Wrong - interesting article (even if in a somewhat strange presentation form) about typical problems with the use of cryptography for SSO in web systems. Simply "I encrypt the cookie and then everything is fine" just doesn't cut it ...
Study shows viral SSIDs could be creating a massive wireless botnet Tech Sanity Check TechRepublic.com - and some more about viral SSIDs and a small list of SSIDs that have appeared in this context. I came across it because a friend of mine has one of the networks (hpsetup) near her and wondered where the SSID came from.
Viral SSID - WLAN/Wireless Security Knowledge Center - interesting. SSIDs from WLAN networks as an attack vector for computers.
Privacy of 3.5 Billion Cellphone Users Compromised – GSM Code is Broken | ProgrammerFish - well, that's it for GSM, eavesdropping made easy. As the article correctly states: there should have been updates to the encryption of GSM a long time ago, it's simply negligence in the design of the technology that updates to the encryption were not planned from the outset. It will be interesting to see when this becomes a bigger issue and telecom companies are forced to take action.
neatx - NX Server in Open Source by Google. I really like NX, but the commercial server is quite limited with only two parallel sessions in the free version. For future use at work.
openduckbill - automatic directory sync with rsync and a Python daemon (can sync locally, over NFS or SSH). Very interesting if you want to keep multiple directories in sync, but don't necessarily want or need direct NFS mounts (e.g. because it has to go across permission boundaries with different user domains).
Socket Benchmark of Asynchronous Servers in Python - interesting article about the performance and scalability to high hit rates of various asynchronous servers in Python.
git.postgresql.org Git - postgresql.git/commit - the first replication features are coming to the PostgreSQL tree and will therefore be available in 8.5. Great!
Microsoft Acknowledges Theft of Code from Plurk - first Microsoft is caught stealing GPL code (and now releases the questionable tool itself under GPL, which will surely please them) and then Microsoft is caught stealing code from Plurk (and first has to shut down the service). Quite funny, wasn't Microsoft the company that always got so worked up about others using their code illegally? Hmm ...
Bug #387308 in Ubuntu One Client: “[Wishlist] Proxy Support” - Ubuntu One has been included by default with Ubuntu since the karmic koala. And does not use the proxy settings. Tinkering!
Fingerprint Readers on Linux Laptops and Notebooks - because my company notebook has one. And surprisingly: it works! The new Fujitsu S-Series boxes are very Linux-friendly.
AvahiAndUnicastDotLocal – Avahi - because I've been looking for this forever. How to connect ZeroConf (Bonjour) and e.g. a Microsoft-Domain-thing under .local.
gopenvpn - because network-manager-openvpn under Ubuntu Karmic Koala is a complete mess. gopenvpn is like Tunnelblick on the Mac - and it just works.
uWSGI - could be interesting for the Django projects at the company, sounds quite good from the description.
Fefe's Criticism of SPDY - I'm not exactly a die-hard Fefe fan, but his criticism of Google's new protocol is, in my opinion, quite valid. My opinion on SPDY is also rather negative - the points of criticism that Google has with HTTP could be easily resolved within HTTP. Multi-Request? We already have keep-alive to minimize connection setups, expanding this to multi-request where you send multiple requests at once and then immediately get all the data would not be an unsolvable problem. SSL has been available for HTTP for a long time. Compressed headers? Sorry, but the headers really don't make up the large part of the data, compressing them doesn't really bring anything.
What DNS Is Not - ACM Queue - about the bad habit of intercepting DNS queries and redirecting them to ad servers. T-Online has been doing the same for some time. Yes, you can turn it off if you jump through various hoops. I still consider it an audacity to introduce such nonsense only as an opt-out. IMO, this is an abuse of market position.
Cluster SSH - Cluster Admin Via SSH - another interesting tool, allows commands to run in parallel via ssh on multiple machines. Good for administering many similar machines where essentially the same command should run.