Somewhere out there!

DRBL is a fat-client method for Linux. In contrast to the thin client method of LTSP.

Will have to investigate how their scripts work.

As some people might have notice, my spelling is usually really bad. Unfortunately the only WordPress spell check plug-in that is available requires a recompile of php on Debian in order to get the pspell module installed. Given that php is often getting security releases, I prefer just to use the standard packages.

Along comes firefox to the rescue. The extension module SpellBound is da bomb.

Discovered QEMU today.

After a quick apt-get install qemu I was able to run a quick test successfully:

nic@thunder:/vol/nfs/lode/other/bsd/openbsd/3.4$ qemu-fast -fda floppy34.fs


At the moment, I’m running my openbsd dev machine on an old Tecra 8100 (P3-600) laptop. I use this to compile sources for my flashboot based routers. Qemu both seems like a easier mechanism than boches to test these images, plus a method to retire that laptop to some other use and centralise the openbsd dev work to another machine. I’ve tried this previously on vmware, but it was never reliable. make world would always throw sig-11 faults.

Supposedly Qemu (non fast version) has about an 8 time slow down. My dual 2.4Ghz Xeon would be perfect.

The ideal I searching for though is not quite there. I’d love to be able to run openbsd and linux side by side on my colo machine. Let openbsd/pf+altq deal with the firewall and traffic management, and have linux provide the application server. I was hoping that Xen might do this job, but I don’t think quite there yet.

I’ll have to do some testing with the bsdjail patch. Seems like a good lightweight mechanism which is more powerful than chroot.

Great discussion on the the physics behind traffic jams.

One of the crazy things about driving in Auckland is that I find it is common to see a grandmother with kids in the back seat running red lights. In one case, I had a “grandma with kid car” next to me, she was speeding up for a yellow. Then she saw a police car about to enter the intersection from the cross direction. She had more than enough time to stop, but it was obvious that without the cop, she’d have run that red light.

The most annoying about driving in Auckland are the drivers that get onto the motorway, pull straight into the right (fast) lane and sit on 90. Its like they prefer cars overtaking them on the left. Transit NZ should start putting “Keep Left” signs on the motorway.

I think there is a shortage of “smart motorist” in Auckland.

While we are on this topic, I have this one comment. More roads do not mean less congestion. They simply mean bigger car parks for when the population of the town has increased and the balance between car ownership vs no public transport infrastructure meets needing to work on the other side of town.

xargs is one of things that every unix admin should have in their tool box. Here is a nice discussion of its various uses.

Unix Review: v12, i06: Using the xargs Command

While hunting down a method to change the reply intro line I happened upon these useful Thunderbird sites:

• Mozilla Thunderbird: A Guide for the Perplexed
• Mail and News
• autorewrap

Friend of mine has link about ssh cipher performance: Re: scp performance degredation [ssh v3.4p1->3.7.1p2].

I decided to do a little testing myself and also investigate the quality of the faster cipher arcfour. On my fastest machine I got the following:


The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
rc4 86255.62k 96272.68k 98883.16k 99605.50k 99732.14k
blowfish cbc 75916.65k 79648.83k 80403.46k 80449.88k 79721.81k
aes-128 cbc 54782.74k 54678.14k 57183.66k 58120.19k 58985.13k
aes-192 cbc 49034.38k 49320.66k 50517.33k 51222.53k 51874.47k
aes-256 cbc 43276.53k 43586.47k 45194.24k 45731.50k 46268.42k


Doing a quick google search on the quality of arcfour I discovered the following reference.

There are a number of other encryption methods (“ciphers”) supported in the ssh distribution, but they are not compiled in unless explicitly requested. These include “Arcfour” (which has a security problem when used with the version 1.5 protocol), “DES” with 56 bit key (which is trivially crackable on modern hardware), and “none” (which is only provided for testing purposes, and introduces multiple security vulnerabilities if enabled).

I did some quick real world tests on my local lan and got these following results:

nic@thunder:~$ scp -c arcfour rails_setup.mov lode:
rails_setup.mov 100% 23MB 7.5MB/s 00:03
nic@thunder:~$ scp -c blowfish rails_setup.mov lode:
rails_setup.mov 100% 23MB 7.5MB/s 00:03
nic@thunder:~$ scp rails_setup.mov lode:
rails_setup.mov 100% 23MB 5.7MB/s 00:04
nic@thunder:~$ scp -c aes256-cbc rails_setup.mov lode:
rails_setup.mov 100% 23MB 4.5MB/s 00:05


Overall it looks like blowfish is a good choice for performance and security. On standard Debian ssh defaults to aes128-cbc. I figure though in most WAN situations you are limited by the size of your pipe, and cipher security is more important.

OpenVPN is a great product. The new upcomming 2.0 release is a definite step forward. When you have some Road Warriors running windows, this product: OpenVPN GUI for Windows is the way to go. Makes life very easier.

One of my vague plans involves tunneling NX over openvpn to provide secure mobile desktops from my colo server.

IMMS is an intelligent playlist plug-in for XMMS that tracks your listening patterns and dynamically adapts to your taste. Has some clever frequency analysis, combined with skip counts. I’ll review it after I’ve used it for a while.

Best thing it’s as simple as “apt-get install imms”.

A nice thing about this application is this list of useful addons.