I have a routine that runs every 15 minutes on my home machine and polls other of my servers and collates the results. Once or twice a day one of my machines, at linode, was refusing to talk. It wasn’t causing a problem since the data is replicated and the system catches up, but it was annoying. Digging around, the machine looked like it was working normally. But I found, in one log, that the machine had a load average of over 30 when the problem happens.
This post contains a lot of code, presented as close as possible to the code ChatGPT gave me. I’m including it here so people can see how good or bad they think it is. Where necessary I modified the code to make it work, but it’s as close as possible. All this code makes the post look longer than it is. If you’re not interested in the code then you can just skip over it and just read my words :-)
When I was using a Mac as my media center player I liked that you could “remote desktop” into it; basically VNC and got the existing desktop. This meant I could use my local keyboard and monitor to control the machine that was 20ft away across the room from me, in the odd case where the command line wasn’t sufficient. As MacOS went on these occurrences got more frequent… as did the BROKENNESS of the VNC server; I would frequently just get a black screen.
Back in 2018 I was asked about whether someone should become a Unix specialist. In a similar vein, I saw a question on LinkedIn that asked whether someone should become a generalist or a front-end specialist or a back-end specialist. Of course I had opinions :-) This is an extended take on my quick reply to the LinkedIn question. Let’s scope this a bit better I think, first, we need to think slightly wider than “front/backend”.
Leaving twitter And my social media footprint shrinks; I’ve closed my twitter account, mostly ‘cos there’s very little left there to read. Yesterday there were only 5 or 6 new posts on the “Following” feed (I never used the algorithmic feed); 90% of the likes my posts got were bots. It really was the text equivalent of a post-apocalyptic wasteland with howling winds. I had always been careful about what accounts I followed, so the extreme views that are reportedly on that platform rarely impinged on my consciousness; on the occasions I did click on a tweet it became clear that many of the replies were bots and misinformation or just plain hatred (“never read the comments!
So 5 years ago today was the day I told my boss I wasn’t going to come into the office for a while, and would work from home. Because I didn’t feel comfortable. The company had made a plan; they were going to split the office into two groups who would come in alternate weeks. The idea was to reduce occupancy. However I’d been seeing more and more in the news how bad COVID could be and I didn’t want to risk being on the train for an hour each way as well as being in the office.
Secure messaging A common question I get asked is “what secure messaging app do you use?” and the answer of “none” gets some surprised looks; how can I be in cyber security if I don’t use secure messaging? The answer is “convenience”, with a side of “risk analysis”. Back when Signal (on Android) did both secure messaging and SMS in the same app then I used this. When they removed this (because people might send insecure messages by mistake) I stopped using it.
I recently saw a posting on LinkedIn that said something like “with zero trust we can consider all access as privileged access”. While this could be considered true, I also made the same argument 15+ years ago before zero trust was a thing people cared about; my argument was “if I can login to a server then I can run commands, impact applications (eg chew up CPU), fork bomb, etc; surely that means all access is privileged”.
This post may seem odd for this blog; after all, why would anyone be interested in my screwdrivers? After all, someone like Project Farm did a scientific(ish) comparison of various things and gives you a lot more data than I ever could. But we’re all human, and sometimes a subjective opinion is valuable. And as people know, I have opinions :-) This may seem long but if you just want my opinions on the LTT drivers then skip to the bottom.
There’s a theme going around that you should create secure products, not buy security products. And, as far as it goes, this is… Well, actually it’s not good. My initial response was “Why not both?” We need to secure the products we develop. There’s no doubt about that. And we need to mitigate mistakes. How do we do this? Spoiler… security products :-) In response to this I got a message “If you have secure products, you do not need security products.
