You are here

mejd's blog

The new computer

Well I getting the new computer going. I didn't do a straight migration from the old machine as I had been planning. The new machine (a dell Vostro 220) needs a fairly new kernel and I just didn't feel like debootstrapping from a live CD. That was my original plan, but it was looking to be such a pain, and wouldn't work with the CD's I had burned, and I could get started with a Lenny netinst CD almost right away and let the thing run overnight without supervision. Of course now I have a load of work getting things straight so a night saved wasn't such a great economy. Copying over the home directory was easy enough but I still haven't got all the dpkg selections from the old machine downloaded yet. My download speeds are lousy. I am installing software piecemeal.


I am helping to give a talk at my sailing club in the new year. It is entitled 'Sailing Resources in the New Millenium' --- I love how cheesy the name is. It is to introduce the grey brigade at our club to all the cool sailing related things on the web. To this end I have set up an account on delicious to share links with my fellow presenters. Trouble is I am the only one doing anything. People just don't seem to like these tools. Sigh.

HOWTO: mirror several drupal installs from a single source

Most web server applications are constrained by their design to mix upstream source together with local configuration and possibly local storage all together in the same directory hierarchy. This clearly creates maintenance problems, which each project deals with in its own fashion. Modern web servers are more than sophisticated enough to merge the web visible hierarchy of urls from several different root directories, so the ideal solution to this problem is not to have it in the first place --- namely, by keeping upstream and local source well separated on disk. But historical baggage and coding conventions lock us into situations which are less than ideal. It's the system administrators job to deal with it anyway.

And a Dell Too

So I ordered the Dell yesterday. Not the notebook but an ordinary black box. The little machine for fun and the desktop for work. It was a good price, C$359 for a low end Core 2 Duo box --- strictly business, 2GB RAM, 160 GB disc, DVD reader, wired ethernet, plethora of USB, basic onboard graphics, basic audio, a keyboard and that's it.

So I bought an Acer Aspire One

Yes, I liked the dell, but the Acer had great reviews, was selling C$299 with Linux, and I all I had to do was walk into the Future Shop and lay down cash and it was mine. The clincher was that the Linux version was cheaper than the Windows version. To get the same specs on the dell machine I would have paid more for the Windows version then I would have for the linux version --- dell discounts Windows boxes so much that it is almost always the cheaper alternative, despite the nominal C$30 premium for Windows.

New Computer Time?

The dell mini looks very cool.

Lua is a Nice Little Language

Don't know why I've overlooked it before. I had read that it was a language associated with Second Life and primarily intersting because of its multithreaded support. Well I have always hated multiprocessors and their get, and assuming this was something like like a Java scripting language gave it a miss. A big mistake, it doesn't support multiprocessing but rather coroutines which are a favourite of mine. I have added a lua to my compendium of implementations of the sieve of eratosthenes.

Google's New Browser

Google's Chrome web browser is very good.
...The browser is rock solid. Very much release quality. I am using it to write this post. Highly recommended.

So I've bought a new Drupal book

The book is "Pro Drupal Development --- 2nd Ed." It's time I learned how this blog really works. I'm thinking of a drupal module to replicate the functionality of gitweb. That way I can get rid of my static projects page.

An Easy Defence against Dan Kaminsky's DNS attack

So Dan Kaminsky's attack really isn't that sophisticated after all. It's not a birthday attack --- per request (on unpatched servers) it still requires throwing 2^15 spoofed packets at the server before the real reply arrives for a reasonable expectation of success. Getting that many packets on target in time is difficult. The weakness is in the way recursive (i.e. caching) name server accepts in-baliwick glue records thrown at it for any domain that kind-of looks like it belongs. Each potential in-baliwick name becomes a potential point of attack so there is a very broad front for a mass spoofing session to attack. Each point could alone reliably defend against many packets but with a small chance of failure across a very broad front a storm of packets still leads to a quick failure (about 2^16 points of request and spoofed packets to match). However, by making a recursive name server instead throw away those in-baliwick responses and only accept glue when it (subsequently) is actually asking for the A record for an in-baliwick name-server a mass attack is suddenly collapsed to a single and more easily defended attack.


Subscribe to RSS - mejd's blog