New story: Savaged by Systemd

Yesterday, I put a short story up as an ebook. This was a wild experiment that I wrote on a whim.

When I say “wild experiment,” I don’t mean I decided to play with tenses and point of view. No, I decided to spend one day writing a lunatic piece, something that I’ve never written . . . → Read More: New story: Savaged by Systemd

“Hi, I’m jkh and I’m a d**k”

I don’t do guest posts here. This blog is my private soapbox. You want to scream into the void? Go get your own soapbox.

Yesterday, I was privy to a private email message discussing a topic I care deeply about. I contacted the author and said “You really need to make this public and give . . . → Read More: “Hi, I’m jkh and I’m a d**k”

See Me in 2016

I have two more public appearances in 2016.

October 7-8, I’ll be at Ohio LinuxFest. They’ve asked me to speak on Introducing ZFS.

November 8, mug.org has invited me to talk about PAM. This is election day in the United States, so the talk is on how PAM is Un-American.

Sadly, family commitments prevent me . . . → Read More: See Me in 2016

Cover reveal for “PAM Mastery”

For the first Tilted Windmill Press tech books, I elected to create covers from photographs. Some went over well, some less so.

For the FreeBSD Mastery books, I persuaded Eddie Sharam to create parodies of classic art. It’s far more expensive than photos, but reaction has been positive.

PAM Mastery is almost ready to go . . . → Read More: Cover reveal for “PAM Mastery”

Installing and Using Tarsnap for Fun and Profit

Well, “profit” is a strong word. Maybe “not losing money” would be a better description. Perhaps even “not screwing over readers.”

I back up my personal stuff with a combination of snapshots, tarballs, rsync, and sneakernet. This is fine for my email and my personal web site. Chances are, if all four of my backup . . . → Read More: Installing and Using Tarsnap for Fun and Profit

ifup-local on bridge members on CentOS

I run a bunch of CentOS 6 physical servers as QEMU virtualization devices. These hosts have two NICs, one for management and one for virtual machine bridges.

When you use Linux for virtualization, it’s important to increase the amount of memory for network transmit and receive buffers. You also need to disable GSO and TSO, . . . → Read More: ifup-local on bridge members on CentOS

iptables and ipsets

I’m dragging my work environment from “artisan system administration” to mass-managed servers. Part of this is rationalizing, updating, and centralizing management of packet filter rules on individual hosts. Like many environments, I have a list of “management IP addresses” with unlimited access to every host. Managing this is trivial on a BSD machine, thanks to . . . → Read More: iptables and ipsets

Easy Security Project: standalone ssh-ldap-helper

I’ve been waiting for quite a while for an official way to centrally manage user authentication keys in OpenSSH. If you have a dozen servers, copying authorized_keys files around is a pain. If you have more than that, it’s really really painful. The OpenSSH guys have had good reasons for not wanting to link LDAP . . . → Read More: Easy Security Project: standalone ssh-ldap-helper

SolusVM KVM offline migration with shared storage

I’m building a new virtualization cloud with SolusVM, KVM, and a bit of Xen (to make use of older hardware). Each machine has its own hard disk, but it only holds the local operating system. All virtual machines reside on cheap iSCSI storage, so I can easily migrate VMs from one compute node to another. . . . → Read More: SolusVM KVM offline migration with shared storage

How to Lose your Job with SSH, part 1

A less sensational title for this post would have been “SSH Remote Forwarding,” but that’s not nearly as fun.

I used to be responsible for one of the few entry points into a global network. The company had actual manufacturing secrets — their products included various machines of war. We had internal firewalls to protect . . . → Read More: How to Lose your Job with SSH, part 1