23rd May 2013
Electro-optic found treasure on free agency signed an agreement with, who before starting OT San Diego Chargers have signed Best Jerseys In Sports
may 2013 player of the season as their starting left tackle. According to the ESPN report, Max Starks signed a one-year contract and electro-optical. Team later confirmed the news. Starks meets electro-optic team in offensive front-line talent and depth of demand. Best Soccer Uniforms
Starks has a very good chance of replacing gold-denglapucheng for electro-optic team's starting left tackle. This year's first-round rookie D.J.-Flach as the starting right tackle. 31 of the past 5 seasons, Starks is the Pittsburgh Steelers Nike NFL Shop
team protecting the blind side of Ben-luotelisiboge. Every document in the last season he was involved in the team's offense, however, because steel team hopes that in this place has better exercise capacity, Personalized Team Jerseys
after the end of the season they do not renew and Stax. Electro-optic team should feel lucky, after the opening of the free agent market for so long that they can find a suitable player, Philip-Rivers also was thrilled.
23rd May 2013 06:33:16
No comments. Link
Union President in mind people pray throughout the Union to echeng NFL NFL spring meeting in Boston on Tuesday, Best NFL Jerseys
President Roger Gould discussed many topics with football themes. Nike 2013 Jerseys
But he is to express to the Oklahoma City area tornado triggered by extreme shock to go on with my speech. "Enter the 2013 season, Authentic Nike NFL Jerseys
we have many significant and important issues need to be addressed, but at this moment I would like in particular to mention what happened yesterday in the Oklahoma disaster. When you think of Oklahoma was going on, 2013 New Jerseys
and we are doing things here, and it's really hard to imagine, "Gould said of the emotional. "We're praying for the people in the disaster, Professional Soccer Jerseys
all of us who care about the people of Oklahoma. According to the latest official news, the tornado has claimed the lives of 24 people, including 9 children.
23rd May 2013 06:32:32
No comments. Link
2014 NFL draft will still be held at Radio City Music Hall, Wholesale Jerseys Free Shippingand the time will be postponed to May. NFL Executive Roger Gould on Tuesday noted that the Union might be in after 2014 draft arrangements in other locations, even outside New York City. "If we want the show back in April, so we will have to find another venue.Football Jerseys Wholesale
Other cities, and other locations, "Gould said at the NFL spring meeting. Gould confirmed due to schedule conflict at the Conference, Free Soccer Jerseys
talent show would be postponed until May next year, probably in May-8 or 15-17. Radio City Music Hall is planning a spring exhibition, sessional and annual talent show clash of the General Assembly. Gould said he had no intention to return to previously held the draft to the General Assembly in New York. "We found in New York did not meet our requirements and we believe that it continues to hold talent Assembly locations," Gould said. "If it is found, Wholesale Nike Jersey
it will become the one of the alternative. I think one of the things we need to do now is to started looking for talent show held in other cities. In addition we have also learned the following information at the press conference: 1, the Union will decide next May at its 52nd session, Cheap Sport Jerseys
host of the Super Bowl. 2, the focus of the NFL spring meeting was clear: that is the stadium. 50th and 51st Super Bowl will be held in San Francisco and Houston, respectively, are to a large extent, this is because they have a new stadium. Union has adopted a multi-year cooperation agreement with Microsoft. Atlanta Falcons without a Union also plans to build new stadiums, and adopted a plan of transformation of the Philadelphia Eagles and Carolina Panthers home game. Gould also want Wi-Fi problems can fire around the stadium. 3, the Union believes that the NFL rookie visit training camp changed in the years after the start of the League, "useful". Gould said the Union was and players unions for negotiations on this issue. 4, Gould said the expanded NFL playoffs will also continue to discuss the problem, but not this week.
23rd May 2013 06:31:41
No comments. Link
Back to the Bay area for the first time since the Super Bowl since 1985,Football Team Jerseys
and Houston do not have to wait too long. NFL team owners voted on Tuesday right to host the 2016 Super Bowl belongs to San Francisco, the game will be in Santa Clara, 49 new Levi's stadium for the team.Nike Sports Clothing
This comes as no surprise, San Francisco defeated South Florida Stadium problems, access to the host that's significant rights of the Super Bowl. Elected after the 50th Super Bowl host team bosses voted 51st Super Bowl held,Nike NFL Jerseys For Sale
results in 2004, held the 38th Super Bowl Houston defeated South Florida, won the right to host. Winning the right to host the 50th Super Bowl 49 men team's efforts paid off in four years. 2010 Santa Clara by voting through the construction of a new stadium plan. Head coach-Jim Harper 2011 pointers took over the team, and soon brought the team back to the top of the League standing. Construction of Soccer Jerseys Store
the stadium has made breakthrough progress in 2012. This month renowned clothing brand Levi's and Stadium Stadium naming deal was signed. Bay area hosted a Super Bowl, when Joe Montana led 49-member team on the 19th Super Bowl at Stanford Stadium defeated the Miami Dolphins Dan Marino and his team,Where To Buy Soccer Jerseys
and Tuesday's vote and the game is also very similar. Because of South Florida didn't get through the creation of a public fund to upgrade the stadium proposal before the vote had actually completely in the downwind. Today the results for other cities and the team delivered a clear message: If your stadium is outdated, then you will not be able to host the Super Bowl.
23rd May 2013 05:02:27
No comments. Link
The San Diego Chargers have Best Jerseys In Sports
gotten to the player who most likely is its incumbent left tackle in the 2013 season. Josina Anderson of ESPN reported that Max Starks said it has a Free Soccer Jerseys
contract for one year with the Chargers. The team then confirmed that they have signed to Starks. Starks filled a great Best Soccer Uniforms
need for the Chargers, who have the talent and depth problems. Starks has a great opportunity of unseating to King Dunlap of left tackle in San Diego. He selected in the first round D.J. Fluker will be the holder on the other Nike NFL Shop
side of the offensive line. Starks, 31 years old, spent the past five seasons covering the blind-side of Ben Roethlisberger Personalized Team Jerseys
with the Pittsburgh Steelers. Starks took part in every game last season, but was not signed by the Steelers looking for someone very athletic in the position.
23rd May 2013 04:42:34
No comments. Link
The San Diego Chargers have <a href="http://www.nfl-fire.com">
Best Jerseys In Sports</a> gotten to the player who most likely is its incumbent left tackle in the 2013 season.
Josina Anderson of ESPN reported that Max Starks said it has a <a href="http://www.nfl-fire.com">
Free Soccer Jerseys</a> contract for one year with the Chargers. The team then confirmed that they have signed to Starks.
Starks filled a great <a href="http://www.nfl-fire.com">
Best Soccer Uniforms</a> need for the Chargers, who have the talent and depth problems. Starks has a great opportunity of unseating to King Dunlap of left tackle in San Diego. He selected in the first round
D.J. Fluker will be the holder on the other <a href="http://www.nfl-fire.com">
Nike NFL Shop</a> side of the offensive line.
Starks, 31 years old, spent the past five seasons covering the blind-side of Ben Roethlisberger <a href="http://www.nfl-fire.com">
Personalized Team Jerseys</a> with the Pittsburgh Steelers. Starks took part in every game last season, but was not signed by the Steelers looking for someone very athletic in the position.
23rd May 2013 04:42:11
No comments. Link
The NFL Draft will remain at the Radio Best NFL Jerseys
City Music Hall in 2014, sometime in May. The Commissioner of the NFL, Roger Goodell, said that the League is seeing the possibility of moving the Nike 2013 Jerseys
site of the Draft, after 2014, and possibly outside the New York area. "If we want to return to the Draft, back to April, will have to Authentic Nike NFL Jerseys
see other alternatives, other cities and other places," said Goodell in the NFL spring meeting. Goodell confirmed 2013 New Jerseys
that the Draft will be moved to may by calendar problems; It could be from 8 to 10 may or 15 to 17 of the same. The Radio City Music Hall are planning a spring show that could hinder the Draft time for years to come. Goodell said that he does not expect to return to locations in New Professional Soccer Jerseys
York that the League has used in the past.
23rd May 2013 04:41:19
No comments. Link
The Dallas Cowboys Wholesale Jerseys Free Shipping
have been a team with a.500 mark the past two seasons, but the quarterback Tony Romo has said that it is Football Jerseys Wholesale
above the average. "We have been a team of 8-8 the past two years." That does not feel well,"Romo Free Soccer Jerseys
said to reporters via ESPNDallas. "I don't think I was a quarterbacks of 8-8." I do not think that this organization is comfortable Wholesale Nike Jersey
being 8-8. We will do everything possible as coaches and players to change this. I'm going to do everything possible to make sure that does not happen again". A ritual at season breaks are promises in Dallas. Cheap Sport Jerseys
But they have been pure noise.
23rd May 2013 04:40:17
No comments. Link
Sam Bradford was born and raised in Oklahoma. Football Team Jerseys
He lives there so far, lies in the North of Oklahoma City. Bradford was home of packing to integrate the activities organized Nike Sports Clothing
for the St. Louis Rams when a tornado devastated the nearby town of Moore, leaving a trail of death and destruction in his wake. "We were not hit, but only to watch it live on television was really difficult," said Bradford according Nike NFL Jerseys For Sale
to CBSSports.com. "Then, to see the photos that have come out, our prayers are with all those who have been affected by the tornado." "It's really sad. It is difficult to see what happened. Don't you think that that canhappen at home, and then see something like that, in a city and Soccer Jerseys Store
a State that I love so much, it's really hard to see". The tornadoes are part of life in Oklahoma, and this is not the first time that Bradford has been near one. Where To Buy Soccer Jerseys
He remembers when Moore was beaten by another destructive tornado in 1999.
23rd May 2013 04:39:02
No comments. Link
21st May 2013
We've had a self-signed SSL certificate for some time now (four years?) but it was self-signed and thus untrusted by most browsers.
Thanks to a kind donation by dkg we now have a "real" SSL certificate, valid for the next five years.
Installation was carried out in a rush, but I'll do it properly shortly. Any problems shout at me.
Thanks again, Daniel.
Update: I've also fixed the site to use a canonical host name, with the www. prefix now being used globally.
20th May 2013
I've now upgraded a few systems. Mostly painless I think so far. My desktop was running testing all along so it's upgrade was automatic. The first systems I upgraded were a couple of VM clients I use for SSH, not much on them and no X or GUI stuff so that went pretty painlessly.
I next tackled a laptop, and that was mostly okay except that I couldn't connect it to the WiFi after the upgrade or mount a SD card or USB stick. That turned out to be a problem in how the ck_connector was started from PAM. All things considered it's not a very visual upgrade, KDE 4 is mostly evolutionary rather than revolutionary and the same can be said of most desktop applications too.
Once the laptop was completed it was time to do my better half's desktop system. This is the second most critical system there is so it has to be right or I get complained at. As I'd already done one GUI system I was relatively happy to do this one. Couldn't get Plymouth to work but other than that it's all happy. I do rather have a long list of orphaned and old packages to clean out still.
I've now only got two systems to go, both servers, my home sever and my hosted server, both have no GUI on them so the upgrade won't be as traumatic but they do have Dovecot on them which I gather will take some effort to migrate as the old and new configuration formats are quite different. However I've plenty of time to plan for that.
20th May 2013 20:57:15
No comments. Link
Occasionally, someone asks me whether we should encourage use of the --ask-cert-level
option when certifying OpenPGP keys with gpg
. I see no good reason to use this option, and i think we should discourage people from trying to use it. I don't think there is a satisfactory answer to the question "how will specifying the level of identity certification concretely benefit anyone involved?", and i don't see why we should want one.
gpg gets it absolutely right by not asking users this question by default. People should not be enabling this option.
Some background: gpg's --ask-cert-level option allows the user who is making an OpenPGP identity certification to indicate just how sure they are of the identity they are certifying. The user's choice is then mapped into four levels of OpenPGP certification of a User ID and Public-Key packet, which i'll refer to by their signature type identifiers in the OpenPGP spec:
- 0x10: Generic certification
- The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID.
- 0x11: Persona certification
- The issuer of this certification has not done any verification of the claim that the owner of this key is the User ID specified.
- 0x12: Casual certification
- The issuer of this certification has done some casual verification of the claim of identity.
- 0x13: Positive certification
- The issuer of this certification has done substantial verification of the claim of identity.
Most OpenPGP implementations make their "key signatures" as 0x10 certifications. Some implementations can issue 0x11-0x13 certifications, but few differentiate between the types.
By default (if --ask-cert-level is not supplied), gpg issues certificates ("signs keys") using 0x10 (generic) certifications, with the exception of self-sigs, which are made as type 0x13 (positive).
When interpreting certifications, gpg does distinguish between different certifications in one particular way: 0x11 (persona) certifications are ignored; other certifications are not. (users can change this cutoff with the --min-cert-level option, but it's not clear why they would want to do so).
So there is no functional gain in declaring the difference between a "normal" certification and a "positive" one, even if there were a well-defined standard by which to assess the difference between the "generic" and "casual" or "positive" levels; and if you're going to make a "persona" certification, you might as well not make one at all.
And it gets worse: the problem is not just that such an indication is functionally useless; encouraging people to make these kind of assertions actively encourages leaks of a more-detailed social graph than just encouraging everyone to use the default blanket 0x13-for-self-sigs, 0x10-for-everyone-else policy.
A richer public social graph means more data that can feed the ravenous and growing appetite of the advertising-and-surveillance regimes. i find these regimes troubling. I admit that people often leak much more information than this indication of "how well do you know X" via tools like Facebook, but that's no excuse to encourage them to leak still more or to acclimatize people to the idea that the details of their personal relationships should by default be public knowledge.
Lastly, the more we keep the OpenPGP network of identity certifications (a.k.a. the "web of trust") simple, the easier it is to make sensible and comprehensible and predictable inferences from the network about whether a key really does belong to a given user. Minimizing the complexity and difficulty of deciding to make a certification helps people streamline their signing processes and reduces the amount of cognitive overhead people spend just building the network in the first place.
20th May 2013 07:21:35
No comments. Link
15th May 2013
Most OpenPGP User IDs look like this:
Jane Q. Public <email@example.com>
This is clean, clear, and unambiguous.
However, some tools (gpg, enigmail among others) ask the user to provide a "Comment:" field when they are choosing a new User ID (e.g. when making a new key). These UI prompts are evil. The savvy user knows to avoid entering anything in this field, so that they can end up with a User ID like the one above. The user who provides something here (perhaps even something inconsequential like "I like strawberries", due to not being sure what should go in this little box) will instead end up with a User ID like:
Jane Q. Public (I like strawberries) <firstname.lastname@example.org>
This is bad. This means that Jane is asking the people who certify her key+userid to certify whether she actually likes strawberries (how could they know? what if she changes her mind? should they revoke their certifications?) and anywhere that she is referred to by name will include this mention of strawberries. This is not Jane's identity, and it doesn't belong in an OpenPGP User ID packet
Furthermore, since User IDs are atomic, if Jane wants to change the comment field (but leave her name and e-mail address the same), she will instead need to create a new User ID, publish it, get everyone who has certified her old key+userid to certify the key+newuserid, and then revoke the old one.
It is difficult already to help people understand and participate in the certification network that forms that backbone of OpenPGP's so-called "web of trust". These bogus comment fields make an already-difficult task harder. And all because of strawberries!
Tools like enigmail and gpg should not expose the "Comment:" field to users who are generating keys or choosing new User IDs. If they feel it absolutely must be present for some weird corner case that 0.1% of their users will have, they could require that the user enters some sort of "expert mode" before prompting the user to do something that is likely to be a mistake.
There is almost no legitimate reason for anyone to use this field. Let's go through some examples of this people use, taken from some examples i have lying around (identifying marks have been changed to protect the innocent who were duped by this bad UI choice, but you can probably find them on the public keyserver network if you want to hunt around):
- domain repetition
John Q. Public (Debian) <email@example.com>
We know you're with debian already from the @debian.org address. If this is in contrast to your other address (firstname.lastname@example.org) so that people know where to send you debian-related e-mail, this is still not necessary.
Lest you think i'm just calling out debian developers, people with @ubuntu.com addresses and (Ubuntu) comments (as well as @example.edu addresses and (Example University) comments and @example.com addresses and (Example Corp) comments) are out there too.
- nicknames already evident
John Q. Public (Johnny) <email@example.com>
John Q. Public (wackydude) <firstname.lastname@example.org>
Again, the information these comments are providing offers no clear disambiguation from the info already contained in the name and e-mail address, and just muddies the water about what the people who certify this identity should actually be trying to verify before they make their certification.
John Q. Public (Work) <email@example.com>
if John's correspondents know that he works for Example Corp, then "Work" isn't helpful to them, because they already know this as the address that they're writing to him with. If they don't know that, then they probably aren't writing to him at work, so they don't need this comment either. The same problem appears (for example) with literal comments of (School) next to their @example.edu address.
- This is my nth try at this crazy system!
John Q. Public (This is my second key) <firstname.lastname@example.org>
John Q. Public (This is my primary key) <email@example.com>
John Q. Public (No wait really use this one) <firstname.lastname@example.org>
OpenPGP is confusing, and it can be tricky to get it right. We all know :) This is still not part of John's identity. If you want to designate a key as your preferred key, keep it up-to-date, get people to certify it, and revoke or expire your old keys. People who care can look at the timestamps on your keys and tell which ones are the most recent ones. You do have a revocation certificate for your key handy just in case you lose it, right?
- Don't use this key
John Q. Public (Old key, do not use) <email@example.com>
John Q. Public (Please only use this through September 2004) <firstname.lastname@example.org>
This kind of sentiment is better expressed by revoking the key in question or setting an expiration time on the key or User ID self-sig directly. This sentiment is not part of John's identity, and shouldn't be included as though it were.
John Q. Public (none) <email@example.com>
sigh. This is clearly someone getting mixed up by the UI.
- I use strong crypto!
John Q. Public (3092 bits of RSA) <firstname.lastname@example.org>
This comment refers to the strength of the key material, or the algorithms preferred by the user. Since the User ID is associated with the key material already, people who care about this information can get it from the key directly. This is also not part of the user's actual identity.
- "no comment"
John Q. Public (no comment) <email@example.com>
This is actually not uncommon (some keyservers reply "too many matches!"). It shows that the user is witty and can think on their feet (at least once), but it is still not part of the user's identity.
But wait (i hear you say)! I have a special case that actually is a legitimate use of the comment field that cannot be expressed in OpenPGP in any other way!
I'm sure that such cases exist. I've even seen one or two of them. The fact that one or two cases exist does not excuse the fact that that overwhelming majority of these comments in OpenPGP User IDs are a mistake, caused only by bad UI design that prompts people to put something (anything!) in the empty box (or on the command prompt, depending on your preference).
And this mistake is one of the thousand papercuts that inhibits the robust growth of the OpenPGP certification network that some people call the "web of trust". Let's avoid them so we can focus on the other 999 papercuts.
Please don't use comments in your OpenPGP User ID. And if you make a user interface for OpenPGP that prompts the user to decide on a new User ID, please don't include a prompt for "Comment" unless the user has already certified that they are really and truly a special special snowflake.
10th May 2013
Yeah, I could hardly believe it either.
It is modal, it uses Lua for scripting/configuration. It is not yet complete, due to missing features. But as a read-only mail-viewer it works perfectly.
3rd May 2013
Today i saw a billboard on the side of a bus. It was from a cable TV channel, bragging about how well-connected their viewers are (presumably on the internet, social media, blogs, etc).
It shows a smiling, attractive man, with text next to him saying something like "I told 9000 people what smartphone to buy".
What happened here?
- A TV channel bought an ad on the side of a bus
- trying to demonstrate to other advertisers
- about how good their viewers are at providing advertising-by-proxy
- on services that themselves are mostly advertising platforms
- to sell devices that are themselves often used for advertising delivery.
And almost all of these steps count as positive economic activity when we try to measure whether the US economy is healthy.
I am depressed by this tremendous waste of time and effort.
1st May 2013
Needed more disk space, snapshot, added a virtual disk copied /home across, mount, test, remove old /home.
Realized too far into the process it would have been much quicker to clone the disk, and then delete stuff that wasn't /home from the clone.
Deep in my heart that feels wrong to have a disk and its clone living side by side forever more.
Of course in a saner world the virtualization software would just let me extend the disk I was using, and the file system is happy to be extended on the fly, so I wouldn't have needed a reboot. Maybe one day soon, I've already had virtualization add memory of the fly (KVM).
1st May 2013 17:51:33
No comments. Link
It's well known that fail to plan means plan to fail. But when comes to Disk Encryption, I did not see any reasonably planning on disk failure, even though I've googled extensively.
My understanding/impression is that with Full Disk Encryption, even a single bad sector will have a much larger impact than itself and might ruin the whole disk. That's a rather big risk right there, but I haven't found article on how to cope with the problem.
This entry has been truncated read the full entry.
1st May 2013 14:16:17
No comments. Link
30th April 2013
Email to mailing list noted change of status
"The njabl.org DNSBL is in the process of shutting down. On March 1, 2013, the various njabl.org DNSBL zones were all emptied. Any systems configured to use any of the NJABL DNSBL zones should be reconfigured immediately to no longer use the NJABL DNSBL zones.
Today, April 29, 2013, NS for the NJABL DNSBL zones is being pointed into 192.0.2.0/24 (TEST-NET-1) which is unrouted IP space. This will likely cause any systems using the NJABL DNSBL zones to experience long delays in DNS resolution of NJABL DNSBL lookups. This is being done both to sink the DNS query traffic and to hopefully be noticed by the owners/managers of those systems."
And indeed name servers are indeed:
The Squeeze policyd-weight package uses it by default (fixed in Wheezy), but its absence doesn't seem to cause any particular issues with the daemon. Still you probably want to remove it.
Should already be long gone from Spam Assassin rules (life is easier if you keep Spam Assassin up to date!), but I don't use Spam Assassin.
30th April 2013 11:34:58
No comments. Link
24th April 2013
Merely to stop the question being asked again and again.
NYTPROF claims that we have a bottleneck on 's/^\s*|\s*$//g' (I'll believe it when I see it run faster), google knows what to do, on our hardware the two line version below is ~50 times faster.
$x =~ s/^\s+//;
$x =~ s/\s+$//;
String::Util::trim() is only ~35 times faster than the single regular expression but has the advantage of readability, those who prefer code not to look like line noise will find comfort here. http://stackoverflow.com/questions/184590/is-there-a-perl-compatible-regular-expression-to-trim-whitespace-from-both-sides
Exasperated at performance of some automated browser rendering we do, 6 seconds elapse, 0.7 seconds of CPU usages, I finally used strace and found it is calling sleep in the middle of my script.
This led me to the manual page for xvfb-run, which indeed notes it deliberately inserts a three second wait before it runs the command. Once upon a time maybe....
"xvfb-run --wait=0" reduces my run time for screenshot from 6 seconds elapse to 3 seconds elapse. So I still have 2.3 seconds of "idle" time. Some, possibly all, of this is due to slow response from the webserver. Still the first half of my elapse time gave itself up easily.
24th April 2013 15:43:35
No comments. Link
21st April 2013
Previously bought from Vodafone and unlocked a Huawei Ascend G300.
Knew ICS was available, discovered that Huawei have a general purpose ICS version independent of Vodafone, so possibly a chance to lose all the Vodafone breakage (sorry features).
Phone also has had a couple of issues with stability resulting in numerous files in LOST.DIR on both SD cards, so a reinstall was overdue.
[U8815][SoftWare]HUAWEI Ascend G300 firmware(U8815,Android 4.0,V100R001C00B952,General Version) 2012-12-17
Backed up settings via Huawei Allbackup.
Backed up Apps via Huawei Allbackup.
Copied all photos to local disk (and Flickr).
Download and unzip firmware on Debian desktop, copy the dload folder to the root of the additional SD card.
Did the install from SD card under Storage in Gingerbread.
All went well, till I tried to restore "Huawei Allbackup" from its APK file, when it failed to install "Application not installed" (helpful not).
The "AppInstaller" found all the APK files from my old apps that Allbackup had saved, and made short work of reinstalling those I want back, but all the settings are lost till I figure out how to get "Allbackup" working with ICS.
Given I very purposely don't keep anything crucial on the phone, everything is synced (including the photos so I now have 4 copies of them), it is a minor inconvenience to lose the settings (I'll have to cut and paste some account passwords, and lose state in a few games). I'd decided before hand that if this happened I wouldn't back out the change.
The other Huawei app that failed to install from its APK is Huawei FM Radio, which is a minor inconvenience, as I rarely use it, but a bit annoying and I will kick Huawei support as seems odd they left it out of the install in the first place.
Now I just need to master ICS, I just hope it handles unclean shutdown of filesystems better than Gingerbread. Otherwise they'll be another reinstall all too soon.
21st April 2013 01:05:33
No comments. Link
11th April 2013
When I see a number of fake users, or spam comments, from a particular IP address I usually just block it.
As of today I'm now going to block the containing /24 instead.
Life is too short to play whack-a-mole with closely-related IPs.
11th April 2013 18:59:19
No comments. Link
3rd April 2013
Sometime this spring (when it arrives) I will buy a new desktop system. It will probably have two block devices: a traditional SATA large capacity hard drive and a much smaller and faster flash drive.
The theory says that cheap flash drives are much faster and will even probably outlive mechanical spinning disks. Flash systems do slowly go bad so use wear-levelling software in the controller to maximise life. The other problem with flash drives is that they are relatively small, so a larger drive either in the box or on the network is required given how much space life takes up...
I've no plan to join the two drives together with LVM, it seems pointless, instead they will be kept separate and one mounted onto the other. At the moment most of my systems use ext3 except one box which uses ext3 and XFS.
If I install a new box from the Wheezy ISO I'm guessing I'll get ext4 as default. I gather this is the logical upgrade from ext3 until something fancy is really ready and it is not an all singing-dancing next generation filesystem. Does anyone know how it compares with XFS on large disks or flash disks?
I'll probably use ext4 on the flash disk (root & boot file systems) and XFS on the spinning disk (/srv) as it's where I'll dump my media files which aren't small and XFS is supposed to be good for that, unless it's not worth the effort.
2nd April 2013
An hour of my life deciphering why one Windows 2003 server didn't do daylight saving gracefully.
Didn't work as documented - didn't work as per our notes - didn't work as per the GUI, the command line commands didn't work as expected, but the third knowledge base article which said use the registry editor you point and click monkey, and set the various registry settings by hand (KB 816042 but not all of them as you may not want to become as time server) seemed to do the trick. I'll tell you if it really worked in the autumn.
Makes me crave the insanity of "cp ntp.conf /etc/ ; service ntp restart", although a lot of the time these days I go with the default ntp.conf depending where the server is hosted. Although even then I had to tweak the kernel boot parameter for XEN hardware based virtualization servers to enable and use jiffies before time was stable in multiprocessor Squeeze servers.
Oh symptom was that W2K3 box lost one hour when it did its time sync after the daylight saving change, would be correct on reboot, and lose an hour on resyncing later. I presume some insanity caused by the mysteries of XEN. Although only noted on one server, so probably something I didn't do when it was set up.
Some sort of race to the bottom amongst visualization providers, how insanely complicated can we make getting the correct time before they go back to a real server.
2nd April 2013 15:42:57
No comments. Link
27th March 2013
Someone asked me to test the speed of some Devolo 500AV ethernet over mains units I have as compared with some older 200AV units. In preparation I ran a simple test from my desktop box (that I plan to replace) to my server showed a throughput of about 333 MBit/s over a GigE switch. My younger laptop to the same server with a more modern (but still cheap) NIC gets 727 MBit/s to the same server over the same switch.
The desktop is using the common (at the time) Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13) and the skge driver. ethtool reports all is well and that it's running at 1000 Mb/s as expected, but it clearly can't manage that on a simple iperf check.
Now I am planning on replacing the box anyway but just wondered if anyone knows and good tuning tips for Gig Ethernet?
27th March 2013 18:56:12
No comments. Link
22nd March 2013
It's a while since I bought my desktop PC. I tend to keep kit a lot longer than most of the people I know, indeed I still use kit that is older and slower than what some people throw away!
My desktop system is now getting too slow and full. I would never say I'm a good photographer but I do take pictures and the ancient 120 GB drive on my desktop system is full. I've got a lot of that backed up on my home server but even so the drive is just full. It also doesn't have enough memory or CPU grunt to edit a decent sized RAW image in GIMP. It's swapping far too much.
The best thing to do is buy a new box. I think that a 180 GB flash drive for root and a 2 TB hard disk for bulk storage should hold the OS and my pictures for a while. RAM is reasonably cheap so I'll probably go for 16 GiB off the stuff which should allow the system to breath more than it is with just 2 GiB that it has now. Not sure on the CPU, the quad-core AMDs are pretty cheap and come with a decent built in GPU but the twin-core Intels are faster if more expensive.
14th March 2013
The big link, "Search", at the top of the site pages now works.
Quick hack via Lucy::Simple.
The Lucy::Simple module made it trivial to write a simple indexer and search script. Took me only an hour or so, and I've been in bed most of the day!
I may well document the process in the future if there is any interest.
12th March 2013
o.k my name is Brian now lets just put a r in Debian which would be Debrian o.k wanna pronounce it Correctly drop the R say it without the R DEBIAN "simple" isnt it, that is pronounced Correctly NOT debbie-ann "uggg i hate that" anyway i'm an Ubuntu - Fedora Lover but Debian is up there
7th March 2013
Reported issue of not being able to access a file in Drupal6 was due to the .htaccess file preventing access to files of that name (in this case a file name prefix sometimes associated with Subversion).
Easily fixed, but got me wondering how it could have been avoided.
There are several issues. Protecting me from subversion when it isn't in use is rather keen, but I don't mind a little mollycoddling.
However the underlying issue is, I think, treating uploaded files like files which are part of Drupal. Of course subversion could be being used to revision the uploaded files whereever they exist in the file system and it might be a bad idea to serve the revision controlled files associated with them.
Various mechanisms could be used to treat the files as a distinct type of thing from the Drupal application files, but probably for most people storing the files in the database would be perfectly fine, then they would receive similar protection, back-up, (replication?) and handling as other user content in Drupal. Of course someone somewhere will be distributing DVD images using Drupal and think this suggestion nuts.
Being Drupal there is already a module for doing this (dbfm), you just needed to know you wanted it that way first. I'm less clear how Drupal 7 handles this (Storage API?).
Microsoft also have some relevant comments on storing files in databases which make similar points, that treating them like other data may result in greater simplicity which may be more important than other concerns. http://research.microsoft.com/apps/pubs/default.aspx?id=64525
7th March 2013 00:29:13
No comments. Link
6th March 2013
Wrestled OpenCart in anger today for the first time.
Linkchecked a site and our server died under the load, added "--pause=1" to linkchecker - same result.
On inspection of mysql-slow-log it was taking a long time to count the products in a given category (0.43s).
Various people offer the fix of switching off the category counts when I searched, but I figured something was wrong at the database level since a simple count like that should be pretty much instantaneous in a modern database with only ~40,000 records (and three products in the category I was testing). Some sniffing around got me to: https://github.com/opencart/opencart/issues/177
create index iproduct_description_language_id on product_description ( language_id );
create index iproduct_to_category_category_id on product_to_category ( category_id);
Now the problem query has gone from 0.43s to 0.00s - possibly the default precision of the MySQL timer will need addressing as Moore's law continues.
This was day one with OpenCart, this issue doesn't full me with confidence, or did the guy who installed it miss something?
6th March 2013 15:27:24
No comments. Link
Generated by planet1.debian-administration.org.