Bsd jail and Linux
I’ll have to do some testing with the bsdjail patch. Seems like a good lightweight mechanism which is more powerful than chroot.
Permalink Comments off
I’ll have to do some testing with the bsdjail patch. Seems like a good lightweight mechanism which is more powerful than chroot.
Permalink Comments off
Great discussion on the the physics behind traffic jams.
One of the crazy things about driving in Auckland is that I find it is common to see a grandmother with kids in the back seat running red lights. In one case, I had a “grandma with kid car” next to me, she was speeding up for a yellow. Then she saw a police car about to enter the intersection from the cross direction. She had more than enough time to stop, but it was obvious that without the cop, she’d have run that red light.
The most annoying about driving in Auckland are the drivers that get onto the motorway, pull straight into the right (fast) lane and sit on 90. Its like they prefer cars overtaking them on the left. Transit NZ should start putting “Keep Left” signs on the motorway.
I think there is a shortage of “smart motorist” in Auckland.
While we are on this topic, I have this one comment. More roads do not mean less congestion. They simply mean bigger car parks for when the population of the town has increased and the balance between car ownership vs no public transport infrastructure meets needing to work on the other side of town.
xargs is one of things that every unix admin should have in their tool box. Here is a nice discussion of its various uses.
Unix Review: v12, i06: Using the xargs Command
Permalink Comments off
While hunting down a method to change the reply intro line I happened upon these useful Thunderbird sites:
Permalink Comments off
Friend of mine has link about ssh cipher performance: Re: scp performance degredation [ssh v3.4p1->3.7.1p2].
I decided to do a little testing myself and also investigate the quality of the faster cipher arcfour. On my fastest machine I got the following:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
rc4 86255.62k 96272.68k 98883.16k 99605.50k 99732.14k
blowfish cbc 75916.65k 79648.83k 80403.46k 80449.88k 79721.81k
aes-128 cbc 54782.74k 54678.14k 57183.66k 58120.19k 58985.13k
aes-192 cbc 49034.38k 49320.66k 50517.33k 51222.53k 51874.47k
aes-256 cbc 43276.53k 43586.47k 45194.24k 45731.50k 46268.42k
Doing a quick google search on the quality of arcfour I discovered the following reference.
There are a number of other encryption methods (“ciphers”) supported in the ssh distribution, but they are not compiled in unless explicitly requested. These include “Arcfour” (which has a security problem when used with the version 1.5 protocol), “DES” with 56 bit key (which is trivially crackable on modern hardware), and “none” (which is only provided for testing purposes, and introduces multiple security vulnerabilities if enabled).
I did some quick real world tests on my local lan and got these following results:
nic@thunder:~$ scp -c arcfour rails_setup.mov lode:
rails_setup.mov 100% 23MB 7.5MB/s 00:03
nic@thunder:~$ scp -c blowfish rails_setup.mov lode:
rails_setup.mov 100% 23MB 7.5MB/s 00:03
nic@thunder:~$ scp rails_setup.mov lode:
rails_setup.mov 100% 23MB 5.7MB/s 00:04
nic@thunder:~$ scp -c aes256-cbc rails_setup.mov lode:
rails_setup.mov 100% 23MB 4.5MB/s 00:05
Overall it looks like blowfish is a good choice for performance and security. On standard Debian ssh defaults to aes128-cbc. I figure though in most WAN situations you are limited by the size of your pipe, and cipher security is more important.
OpenVPN is a great product. The new upcomming 2.0 release is a definite step forward. When you have some Road Warriors running windows, this product: OpenVPN GUI for Windows is the way to go. Makes life very easier.
One of my vague plans involves tunneling NX over openvpn to provide secure mobile desktops from my colo server.
Permalink Comments off
IMMS is an intelligent playlist plug-in for XMMS that tracks your listening patterns and dynamically adapts to your taste. Has some clever frequency analysis, combined with skip counts. I’ll review it after I’ve used it for a while.
Best thing it’s as simple as “apt-get install imms”.
A nice thing about this application is this list of useful addons.
Permalink Comments off
Simon Willison discusses a neat method for dealing with the internet password problem: The bookmarklet solution to the password problem.
Personally I’ve have a small set of passwords I use for many of my internet accounts. Its hard to tell at the start of use whether an internet account might become important. Then laziness dictates that I don’t replace them at a later stage.
This method for generating a “unique password” which is easy to remember for each site is an excellent method for increasing overall security.
Permalink Comments off
New kdm (3.3) in unstable fails source /etc/X11/Xsession and thus ssh-agent. Here’s the bug report with a work around:
Debian Bug report logs – #265865 – kdm doesn’t use common modular Xsession from xfree86-common.
Permalink Comments off
LCD monitor prices are finally coming back to sanity. So its time to make an investment in my eyes. I find after a day looking at my Philips 109P that my eyes can often be quite tired. Conversely when back when I used my Toshiba Tecra 8100 everyday I found the 14″ LCD screen very easy to look at.
There are a few choices out there. The many thing is getting something with a fast response time, so if I want I can fire up Half-Life 2 or whatever and have an enjoyable game. The other thing to decided is monitor size, 19″ or 20″? That of course is a cost decision, certainly the price difference between the 17″ and 19″ is such now that the 19″ is the better buy. I’m used though to using 1600×1200 with a large font on my CRT monitor and of the that I’d need a 20.1″ LCD. Question is, should I pay the 1K more for that 1″?
Read the rest of this entry »
Permalink Comments off