I’m not a big fan of unmarked links pointing to resources that require an external viewer. The worst of these formats, such as PDFs or the Microsoft Office formats, cause the browser to pretty much halt for a couple of seconds while the viewer is loaded and then change the behaviour of the UI (if you are viewing a PDF in FireFox for example, Ctrl-W will not close that tab) in a way that seems designed to annoy people who know how to use the keyboard. Read on →

From an article called Faster Python grabs programmers: The new version of Python includes a new module that allows system administrators to use small Python programs instead of shell scripts, said Michael McLay, a consultant who is the resident Python expert for the nonprofit Center of Open Source and Government. Shell scripts, written to execute routine system administration tasks, have more security vulnerabilities and offer less feedback when errors occur, McLay said. Read on →

Although it actually sounds pretty fast, when you actually start benchmarking it, Gigabit Ethernet isn’t quite as good a solution as you’d think. As more and more commercial deployments move to using SANs and NAS for online storage and backups it’s increasingly easy to saturate existing LANs. One possible solution as people start to look at 10 and 100Gbps networks is FireEngine (PDF), a set of architecture changes and improvements for Solaris 10. Read on →

Google recently held a short talk in London (they are recruiting for their ‘new’ Dublin office) that covered a couple of interesting topics such as redundancy using commodity technology (LOTS of cheap machines with the same data), how to create rolling brown outs (rooms packed full of 80 1U servers in every rack seems to do it) and how to horizontally scale everything to meet their needs. The one slide that really caught my attention was mostly flippant but makes an important point about the kind of traffic they are dealing with: 1000 queries per second ... Read on →

There has recently been a thread about PHP easter eggs on the webappsec security list. In essence if you call ANY PHP page with certain parameters custom pages will be returned. Here’s an example of the PHP Credits Page. It may seem a little petty to complain about such a small thing in a code-base provided for free but there is a more serious aspect to this, the pages returned vary depending on the version of PHP you run so it’s possible to use this to determine which version the server is running; even if you’ve changed the ServerTokens directive to something more restrictive than the default. Read on →

I wasn’t going to mention this but I’m on dial-up this week and so dog slow down-loading has become an issue for me and this tool might be useful for people in a similar position. The short version is that the packages/Sources file is quite big, down-loading it each day can actually be quite a big hit in terms of bandwidth, apt-dupdate plans to get around this using bzipped diffs rather than re-sending the whole thing. Read on →

This may seem obvious but the number of people that break this simple rule never fails to amaze me. Let’s look at an example, you are meeting with a potential hire and you are discussing salary, as an aside if they are good pay them above the going rate; thats a different post! You make an offer of 30 thousand a year, the other person doesn’t look too impressed. What you should never do (and ignore any uncomfortable silences) is then make another, higher, offer. Read on →

I started out in IT as a developer working on financial systems using VBA, after a very short period of trying to do flexible string manipulation I stumbled on to Perl, Regular Expressions and the Win32::OLE module; I was hooked. About a year later I had the chance to work at a mostly Perl shop (at the tail end of the dotcom boom) and I was exposed to Unix systems, thats when things got interesting for me. Read on →

I’ve heard the name SXIP (pronounced ‘skip’) mentioned on a couple of different privacy forums (and in the Web2.0 coverage) and decided to have a closer look at what it provides. The short version, I promise!, is that SXIP wants to be a single sign-on provider and help with filling out forms based upon your chosen persona. For the longer version of the who, what and how I’d suggest first listening to the IT Conversations SXIP show and then spending five minutes with the SXIP Demo. Read on →

Heres the shell of an idea I’ve been mulling over recently, we all know that compilers on server are bad don’t we? The common wisdom (and this is often disputed by people who use source based systems) is that people shouldn’t be compiling up new versions of software on the production servers. By omitting the compiler suite and required header files you force compilation to occur elsewhere. The second reason, and I’m not so sure about how current this is, is that you deny an attacker an easy way of hiding their tracks. Read on →