TheRegister has an informative, and pretty short, article on MS NAP, a technology that should help keep networks clear of worm activity by requiring all machines to have up-to-date patching and anti-virus before the network equipment will let them play with others. Now lets gloss over the more obvious question, how do you get a machine on the network for the first time, as it’s simple, the kind of company that actually needs this will have a patch management system in place for new builds (maybe just something like MS SUS) to bootstrap the process. Read on →

I’ve done my time in the first person trenches, from Single player Wolfenstein, all the way to Halflife and its expansion packs along with a diversion into multi-player Jedi Knight 2 (If you played online I probably kicked your arse :)) and the early Doom games hold a warm place in my nostalgia but lets face it, a Doom movie was always going to be bad. The script writer, David Callahan, has made a couple of comments online, the full Doom Screenwriters open letter is available but I quite like the Penny Arcade Doom Movie Strip which summarises the article quite nicely. Read on →

Because if you have a good one you won’t realise how good they are until you get a complete doozy. A while ago i had the luck to work for a very insightful manager, lets call him Mike (his parents did). It took him about an hour to figure me out and from then on he played me masterfully, always the right amount of trust to ensure i was confident about my work but with enough challenge to both make me think about what i was doing and push me into giving more than the pay rate warranted. Read on →

In a previous post about blacklisting IP ranges used by China I stated why I feel it’s a valid approach. I think I should clarify my own actions when it comes to things like this. Any servers that are owned and admined by me alone (Bytemark Virtual machines, friends servers etc) have a number of deny rules in place to drop connections to a number of important ports (SSH, SSL etc) to reduce the attack vectors provided by the servers. Read on →

Heres my feature request for Gmail, a service I’m mostly happy with. It’d be nice if you could set up read only access to your inbox, or even designated ‘labels’ that you could limit by either assigning a password or allowing full (read) access to everyone. I pipe quite a few mailing lists into my GMail account and I’d like the ability to give certain people read access to anything labled as security. Read on →

Quite soon the Chinese government won’t have to try to censor the net. The western world will just filter off all the traffic coming from China, doing the job much more efficiently. The above quote came from a Slashdot article on China and its Relation With Spam. I don’t normally read the comments on Slashdot articles but I had a hunch some of the posts to this one would be quite extreme; SPAM is one thing that drives most geeks nuts. Read on →

Firstly I need to try and get on to the VMWare beta program instead of only reading about the neat new changes from articles like Flexbetas Inside VMWare Workstation 5.0 Beta. Secondly I’d like to get my hands on this release for two main reasons, firstly the ability to stop and start groups of machines at once would make testing certain sets of machines (webserver and database server used by it for storage) a lot nicer. Read on →

Although it actually sounds pretty fast, when you actually start benchmarking it, Gigabit Ethernet isn’t quite as good a solution as you’d think. As more and more commercial deployments move to using SANs and NAS for online storage and backups it’s increasingly easy to saturate existing LANs. One possible solution as people start to look at 10 and 100Gbps networks is FireEngine (PDF), a set of architecture changes and improvements for Solaris 10. Read on →

I’m not a big fan of unmarked links pointing to resources that require an external viewer. The worst of these formats, such as PDFs or the Microsoft Office formats, cause the browser to pretty much halt for a couple of seconds while the viewer is loaded and then change the behaviour of the UI (if you are viewing a PDF in FireFox for example, Ctrl-W will not close that tab) in a way that seems designed to annoy people who know how to use the keyboard. Read on →

From an article called Faster Python grabs programmers: The new version of Python includes a new module that allows system administrators to use small Python programs instead of shell scripts, said Michael McLay, a consultant who is the resident Python expert for the nonprofit Center of Open Source and Government. Shell scripts, written to execute routine system administration tasks, have more security vulnerabilities and offer less feedback when errors occur, McLay said. Read on →