Compulsively Obsessive.
Building manageable infrastructures.
Intel, Adobe plan a chicken in every pot, Flash on every HDTV
Move over, Eee: Android now running on HP Mini-Note 2133
MSI unveils ultra-thin X-Slim 320, fits snugly into manila envelope
Nano-powered "FreeStyle" netbook hands-on
Minoru 3D Webcam ships this week, still looks freaky
Wisair's Wireless USB Display Adapter Set coming soon for $129
Helpless: A New Tilt-Shift Time-Lapse Video by Keith Loutit
Useless Monkey Webcam Smiles and Cheers You On [Cute]
WorkBay Chair Helps Keep Annoying Workmates At Bay [From The Desks Of Agoraphobes]
Sonic Chair Now Includes Touchscreen iMac [Apple]
Socket Deer: Antlers For Your Outlets [Outlet Antlers]
Gmail Gets a Built-in PDF Reader, Lets You Avoid Acrobat Reader [Gmail]
OLPC Ad Goes For the Jugular With Child Laborers, Child Prostitutes, Child Warriors [Olpc]
Tilt-Shift Photography On the iPhone, Sorry Starving Artists [IPhone Apps]
Huge Hole Found on Earth's Magnetic Field, Run Around In Panic Now [Nasa]
Macabre Plush Toys Are Perfect Xmas Gift for Future Psychokillers [Bloody Xmas]
How to Re-Enable Unlock and Jailbreak in Mac OS X 10.5.6 [IPhone]
Grow your own bioluminescent algae
Quartz Composer and Cruise Control status
Sunay Tripathi's Solaris Networking Blog
Merry Christmas from Chiron Beta Prime
Google's Native Client... the next ActiveX?
kenai.com - xVM Server Project site
58% Spam Drop from one colo shutdown
Xenomips - a Xen friendly domU version of Dynamips - Emulate a Cisco 7200
Debian and Android dual-boot on the G1
Sipper (SIPr) - a SIP testing framework in ruby
DBslayer - a SQL abstraction layer using JSON
Fingerworks keyboard in a MacBookPro
The Phoenix BIOS hypervisor is Xen
Do you live in a Constitution-Free zone?
Puppet presentation at NYCOSUG this month
XenSmartIO - Infiniband IO for Xen
Starting with b100, OpenSolaris has virtual consoles
OpenSolaris testfarm build server interface now available
Firefox M9 Fenric - Maemo alpha
SystemZ - aka Sirius - a port of OpenSolaris to IBM System Z mainframe OS running in z/VM mode
Solaris and ZFS on a Dell 2950, tweaking notes
Early Access Windows PV drivers for xVM
Economics: The Theory of Interstellar Trade
The Financial Crisis: What Happened and What's Next?
Cisco to run Windows 2008 on their appliance virtually for services
Packetfence: an OpenSource Network Access Control system
persist.js - an alternative to gears
Chinese building "impossible" EM drive
COMSTAR SMTF - solaris FC, SAS, and iSCSI targets
Flexiscale - yet another control panel?
RightScale - cloud control panels?
Criticial ESXi remote vulnerability in openwsman
Microsoft FUD on VMWare: vmwarecostswaytoomuch.com
nmap builds zenmap topology maps
Don't forget about BarCampTampaBay
The LHC accelerates, and that's what it's all about.
Sun's launch of xVM, live webinar
Microsoft to give away Hyper-V for free, live migration by 2010
Ubuntu's Intrepid Ibex will be followed by Jaunty Jackalope
Why Xen traps negative segment offsets
Rails 2.1.1 more REXML bug fixes
Indiana OS2008.03 RN3 released - based on nv_b96
Skype Mobile Phone (Not in the US)
Youtube gets closed captioning support
Getting xVM to work on OpenSolaris 2008.05
How a VoIP E911 call is handled
MonetDB - a column based RDBMS, ideal for time series data
VMfaq's comparison of virtual storage IO
Xen and Solaris, a log of experience.
OpenSolaris CR#6654713 - 32G limit bug stemmed from bad USB hardware? Perhaps fixed?
OpenSolaris CommonArrayManager
Sharity-Light - smbfs derived samba clone
Drizzle, a thin mysql, generating buzz
VMWare to offer ESX hypervisor for free
Fan, the programming language.
Blackberry Thunder with Haptics keyboard
iPhone App Store Live Walkthrough now available
Overclocking tool for the Mac Pro
ADO.NET Entity Framework (Microsoft's new ORM) given a non-confidence vote by beta testers
Ruby interpreter flaws make the case for JRuby
AdvFS - Tru64 filesystem ported to Linux
OpenSolaris 2005.05 repository update to b91 - follow these instructions carefully
SXCE can ZFS install as of b90
Vertebra: EngineYard's Next Generation Cloud Computing Platform
Skype 4.0 beta overhauls video chat
Mozilla org receives traditional IE cake
Toyota Prius to go entirely Electric
Bill Gates steps down permanently for philanthropic activities
Men write code from Mars, Women write more helpful code from Venus
DRBD LVM Xen = Bug. A rather nasty one at that.
Intel unveils Ct as an extension for C/C to encourage threaded programming for multiple cores
VMWare ThinApp - Run any Windows app on any version of Windows
JRuby-Rack <-- a JRuby port of Rack
Rack <-- a lighter cousin to Merb, fully threaded and no Mutex.
Solaris Cluster Express (SCX) 6/08 released.
Changing solaris' default password hashing
Texas based service provider explosion affects 9,000 servers and 7,500 customers.
Jruby on Rails on Tomcat deployed as as WAR file
42 more of the best Linux games
Use Google's cached ajax libraries
Arduino microcontroller with OS/X
The metasploit page describing the full impact of the poor RNG.
Holger Bert's blog post on the openssl RNG fiasco
Cayac - Cherokee MySQL PHP5 phpMyAdmin
ZFS very slow under an xVM kernel
Dynamically editing libvirt xml configs while a VM is running to redefine reboot flags.
Chronoton - the time travelling robot who's best friend is a talking pie game
Rietveld - Google's code review tool
Opensource multitouch displays
Ono - an efficient way to locate nearby peers
Solaris CIFS integrated AD with ZFS acls
Samba Winbind and ZFS acl working together
Why's unholy Ruby to Python .pyc compiler
OpenSolaris 2008.05 final ISO image
Twitter abandoning Ruby on Rails
HP makes memory from a once-theoretical circuit
Setting Up an OpenSolaris NAS Box: Father-Son Bonding - The Video
Linux kernel Xen self-ballooning patch
Coolstack - Yet another group of solaris packages
SFE - Spec Files Extra - or, solaris's ports system
ksplice - live linux kernel patching
ZFS-102-A.pkg - binary package build of newer ZFS for Mac
Changing boot flags for a solaris domU guest
callflow - SIP callflow diagram generator
sdedit - quick sequence diagram editor
Milax - The OpenSolaris Small Live CD
Big Nerd Ranch on Windows/Linux/Leopard single signon
Sun touts big plans for OpenSolars as first release nears
Heroku - EC2 based Rails hosting.
Meadowcourt's compiled WindowsXenPV driver, v0.8.8, as built from win-pvdrivers.hg repo
Network Solutions hijacks all customer's unused subdomains
ZFS speed bump: set zfs_nocacheflush = 1
We Don't Use Software That Costs Money Here
Hubble - a PlanetLab realtime Internet "blackhole" monitor
Citrix price jumps on rumors of potential IBM/Cisco bidding ware
TechCrunch labs on their AppEngine deployment
pash - because powershell was too cool to let microsoft keep to itself
Brazil migrates 430 thousand boting machines to Linux
The Machine Emulator - TME can emulate a sparc4 with OBP
Google releases new GCC linker
Automatic generation of peephole superoptimizers
Xen.org Trademark Policy for Review
SXCE b85 has problems booting under Xen 3.2
VNRP == opensolaris quagga rbridges crossbow xVM
problems reprobing iscsi devices with solaris 10
LSI MegaRAID SAS/Dell PERC5 driver for Solaris
dm-band block IO bandwidth controller
Dojo.storage - Google Gears workalike?
ooma.com - free phone service after you buy their device
Hacking defibrilators shockingly easy
Microsoft working with Eclipse.
Pentagon attack last June stole an "amazing amount" of data
Solaris and Solaris Cluster on HP ProLiant Servers
Apple Introduces new MacBook and MacBook Pro models
Sun leaks 6-core Xeon, Nehalem details
Xen and Solaris - a journal of sorts
How to save the world with ZFS and 12 USB sticks
Xvm: a summary of creation of various Xen domU
OpenSolaris b82 comes with CoolStack
Dilber PHB on Virtualization Consultants
Sun xVM Ops Center GA v1.0 tomorrow
KernelTrap on the 2.6.23 Xen merge
IETF XMPP/SIMPLE Interworking Draft
PSYCed - IRC/XMPP server that gateways transparently between both
OTR - Off The Record, Homepage. IM Encryption.
SIPE - Pidgin plugin for SIP/SIMPLE with Microsoft LCS compatibility hacks
Price Waterhouse Cooper's Global Cable Map
Solaris Windows iSCSI speedup disabling NAGLE
OpenSolaris Storage Developer Wish List
Nexenta Builder - build your own Nexenta based distribution
Microsoft to acquire SideKick maker Danger
Linux Kernel 2.6.23-2.6.24 vmsplice local root exploit
The evolution of Tech Company logos
Mindstorms NXT Rubiks Cube Solver
Cut four undersea cables, shame on you, cut a fifth, also shame on you
Koha - OpenSource Integrated Library System
SIPE - SIP Exchange protocol - or, how to get Pidgin to talk to Microsoft Live Communication Server
Amazon SimpleDB written in Erlang
Xen DR7 and CR4 Registers Multiple Local DoS vulnerabilities
XMLPulse - parse xen dom0/domu stats
The rist of the FOSS spinmeister
Smartphones patented - lawsuits immediately filed
H-Sphere cross-platform hosting control-panel
Mystery infestation strikes Linux/Apache web sites
GNU/Solaris - When the fun begins
KDE goes cross platform with Windows and Mac/OSX support.
Microsoft prints get-out-of-jail card for Vista Home
Tsung - an erlang based multi-protocol distributed load testing tool
Microsoft relents, ban on vista virtualization is lifted
Hyperic podcast talking smack with Luke KAnies of Puppet
The Mysql storage engines, and when they are appropriate.
MADOCA - Message And Database Oriented Control Architecture
SMP Xen HVM Windows guests need timer_mode=1
James Randi is coming to Tampa
Information Of Those Who Appealed Watch List Compromised
Tata Nano - $2500 world's cheapest car
Air Travel with Spare Batteries? Check the changes to what is permitted starting tomorrow.
Open Configuration and Management Layer
FiveRuns RM-Manage - rails project monitoring
VLDB - Very Large Data Base Endowment Inc - nonprofit
Elastix - a more friendly Trixbox fork
A Glimpse and a Hook - a take on resumes
Xirrus - LISA used 7 arrays to provide WiFi
dopd - an easier way to keep drbd primary/secondaries in sync
OpenSIM - run your own SecondLife grid.
$4million in hardware lost in London data center heist
iscsi block device script for /etc/xen/scripts
Quaqua - Aqua look and feel widgets for jvm
Chimps beat humans in memory tests.
Level 3 needs technicians with FIREBALLS
10 steps to close down an open society
Longer flights to avoid air traffic control charges
News release from Six Apart about LJ sale to SUP
Optimus keyboard is finally available
pkgGen and logGen and Packagemaker - repackage os/x packages to deploy
Jumpbox.com - virtual appliances
TelegraphCQ - barkeley database research - adaptive dataflow capture, combine, analyze
UK loses CD of private info on 25million citizens
Solaris Automatic Migration opensourced
AVS ZFS Demo <-- replicated ZFS pool
Xen Virtualization book not yet published for sell on Amazon
Phoenix BIOS releasing its own hypervisor
Andrew Warfield's other publications
Parallax - managing storage for a million virtual machines, from the Xen guys at Cambridge
Kepler project - GRID scientific workflow engine
Google Code Map/Reduce mini lectures
What 24 would have been like in 1994.
WaterRoof - Mac OS/X Firewall Manager
10 reasons why Oracle databases run best on VMWare
Google Caja - allow scripts in a 3rd party context
Xen Windows PV drivers - opensource mercurial repository
QuickSilver - opensourced 11/06/07
Running a large farm of heavily modified MailScanner instances for high-volume customers exposes a number of problems when dealing with spammers.
Recently, some of the more irritating spammers appear to be leaning on bounces for delivery from reputable sources rather than proxies or direct delivery from botnets. For this kind of spammer, connecting to your load balanced cluster and delivering 10,000 messages in a single SMTP conversation isn't out of the ordinary.
For most customers, you verify the recipients enumerated to make sure each one exists for delivery before accepting the messages.
If your customer doesn't want to to reject any received mail for their domain for whatever reason (argh!), but just want you to identify spam for them and ship it off to a spam jail so their (broken) mail system won't choke on the volume, you end up queueing up every one of those 10,000 messages to process - wether there is a real person to receive it or not.
It might help in this instance to use the greylisting trick of initially returning a "temporary error" for each incoming message. Blind spammers simply don't seem to want to re-send a temporarily rejected message. Real mail servers don't have this problem, and happily retry 5-15 minutes later without issue.
If your customer also doesn't understand the value of greylisting, and is adamant against rejecting mail for whatever reason, you're stuck in a rather messy position. All mail must be accepted, queued, and processed.
This means, across your farm of hundreds of mailscanner servers, you end up with a handful of servers chewing through 10,000+ message backlogs, and the rest of the servers in your cluster are chewing through _nothing. After moving those queue files between servers for a while, you realize that you're losing the battle....
That is, unless you're clever.
Enter: the greypit.
The idea behind greypitting is to try and balance incoming messages across your load balanced cluster of mail servers.
It would be nice to accept only the first N messages in an SMTP connection. Once the limit is reached, simply return a "temporary failure" to the remote MTA. Actual RFC valid MTAs will give up and attempt to retry in the near future (5-15 minutes).
Greylisting is the act of returining these temporary failures immediately, but recording the IP/senders/recipients triplet and accepting the messages when they are resent. A greypit keeps no triplet, and accepts the first N messages without interfering at all.
The fun bit here: the spammers ignore the SMTP return codes. They happily continue to blindly hammer away sending message after message, each which is being rejected with a temporary failure.
So, after the first "temporary failure" result, what if we start to sleep a given number of second for each successive MAIL FROM: beyond the initial limit of 10 messages (in addition to not accepting those messages for delivery)? The spammers get a taste of tarpit.
The cluster now balances evenly. Only 10 messages from that evil spammer actually make it through to be scanned, the remainder cause the spammer to tarpit themselves into oblivion.
So, here is the Sendmail Milter source for a little project I call greypit:
greypit.c - v1.0 C daemon source.
To build the daemon, link with libmilter and libpthread:
gcc -o greypit greypit.c -lmilter -lpthread
You will also need to add a line to sendmail.mc to use this milter:
INPUT_MAIL_FILTER(`greypit', `S=local:/var/run/greypit/sock, F=')
And create the /var/run/greypit directory for the socket.
Simple. Elegant. Hacktastik. But it works.