A good sample of home/desktop Linux distributions

www.makeuseof.com/tag/best-linux-distros/

Missing some critical business focused distros…but worth reading.

Advertisements

Manual Work is a Bug

My own personal story:  A long time ago, I was a farm kid on my grandfather’s farm.  The neighboring town decided to outlaw the carbide noise makers (like this one) that we used to keep crows off the corn…at peak harvest.  Understandable, but we would have lost the commercial value of the sweet corn crop for the year.

So 14-year-old me got to be a walking scarecrow for a week, in 100 degree heat and 95+% humidity, with a big straw hat and a gallon jug of water that became disgustingly warm as the day went on.

What I learned from this:

  1. Sometimes you have to take one for the team.
  2. In the long run, there are some tasks that human beings shouldn’t do, that should be automated.  (In this case, I was the stopgap in going *backwards* away from an existing automated solution).  We dropped sweet corn as a crop after that year.
  3. The small family farm is a dead end; the margins are too small to make a decent living, so I was the last of 10 generations of family to work that farm.  It wasn’t practical to aggregate the farm with others, as the state had run two highways through it, but that, as they say, is another story.
  4. Corollary: You have to move on from time to time and refresh your approach if you want to succeed.  This is a good general lesson.

Given this, and my history in software development and IT operations, I wholeheartedly agree with the article below.

Every IT team should have a culture of constant improvement – or movement along the path toward the goal of automating whatever the team feels confident in automating, in ways that are easy to change as conditions change. As the needle moves to the right, the team learns from each other’s experiences, and the system becomes easier to create and safer to operate.

Source: Manual Work is a Bug

Fixing a Baritone Tuning Stability Problem

I really enjoyed this article. Solid thinking and a clear exposition of the details.

Innovation Fascinations

How did I get into baritone guitar? I’m not sure I even remember the motivation accurately. I recall wanting to extend the range of tonal possibilities in my music. For those that don’t know what they sound like, the baritone guitar is featured in the solo on Wichita Lineman. It has a very deep, dark, masculine tone, reminiscent of the Wild West. When distorted, the sound is throaty and testosterone-laden, somewhere between the guitar and the bass guitar. It’s a bit like comparing the viola to the violin. You can create ominous, sombre, emotionally-charged melodies with one. They have a way of gently weeping, if coaxed into it.

There is a growing sub culture of baritone guitar players. Some very famous guitar players have recorded with them, yet it’s still a minority interest. Baritone guitars are sometimes difficult to find, choice is limited and the prices are higher, compared to…

View original post 3,544 more words

Terrible password policies

I just ran into a remarkably bad password entry implementation.
(https://registrationcenter.intel.com/en/accounts/register/)

1) The password I entered didn’t conform to the policy.

2) There’s a separate *link* to go to get the password policy, which is the usual ridiculous coconut headsets pseudo-safe “upper case, lower case, a symbol and a number.”
(HINT: this is NOT safe, it’s just stupid false security. Password hackers are way past the common variants of simple passwords obscured by these changes. This is BAD POLICY).

3) And…the password doesn’t work despite compliance with the policy, so the password checker is broken. I have no idea what would work, and that’s really not my problem.  So bad policy, badly implemented.

If you can’t even get basic password checking right, I don’t trust that you’ve gotten the security of the site right. So I’m stopping right there, and not registering on the site. This is a complete failure of the primary objective of the site.

What password selection requires is proof that the password is resistant to a dictionary attack, and high entropy.  If you don’t know what that means, educate yourself before attempting to implement a password system! Here’s a good example.  And here are the guidelines from NIST with an excellent rationale.

Why should I care about Kubernetes, Docker, and Container Orchestration?

Scott Hanselman wrote a great piece on why you care about containers.  (Yes, *you*).  Kubernetes is not just a fortunate choice in his example, it’s becoming the dominant orchestrator on the market.

Check it out:

A person at work chatted me, commenting on my recent blog posts on the Raspberry Pi Kubernetes Clusters that are being built, and wondered “why should I care about Kubernetes or Docker or any of that stuff?” Great question, and I’m figuring it out myself.

Source: Why should I care about Kubernetes, Docker, and Container Orchestration?

Quick post today: here’s another great opportunity for unlocking the value chain. In this case, literally mining…waste.

Even the plastic will someday be a valuable source of long chain polycarbons. Mark my words.

When we have conquered the disposal/recycling problem for mining, this will really be something.

https://blog.adafruit.com/2018/01/21/this-urban-mining-map-reveals-the-valuables-hiding-in-our-e-waste-mountains/

Best,
Dak

Meltdown and Spectre security vulnerabilities

Sounds like a buddy movie for cheesy anime villains, doesn’t it?

Ugh. Melty cheesy pun not intended, sorry about that.

ANYHOW, please do update your browser on your desktop/laptop/mobile device. The timing attack requires precise time info, which is mostly blocked by changes in browsers in the latest version.  This is very important; while Spectre exploits are not found in the wild yet, you really don’t want malicious Javascript in a rogue web page inspecting *all your other processes for passwords*.

So patch, please.  See my running twitter feed e.g. https://twitter.com/d_a_keldsen/status/952294692300972032 

To see the whole stream, do:

https://twitter.com/search?q=d_a_keldsen%20spectre&src=typd

For those of us who also run servers, the problem is much more extensive. In particular, I worry about containerized apps where the host is shared between tenants.  

The security escalation game continues…

Dak