In the spirit of “the best way to get a correct answer is to post an obviously wrong answer on USENET”, I hereby present the most efficient method of mass-alteration of LDAP user entities I can think of.

You probably shouldn’t do this.

• Is it plugged in?
• At both ends?
• Does the other end work with something else?
• Are all the power switches on? Including the one on the strip, the one on the back, and the one that’s not connected?
• Is DNS working?
• Are you out of disk space?
• Are you out of inodes?
• Where are the logs?
• What do the logs say?
• Have you ever gotten it to work before?

This entry brought to you by being out of disk space, a day after I asked for more disk space as a precautionary measure.

Email disclaimers are stupid and they make your company look stupid.

The only email disclaimer that seems to have any legal effect whatsoever is when a lawyer says “This email does not create a client confidentiality relationship.” All others are completely bogus. The lawyer one is almost bogus, since it is a reminder that should not be needed – but apparently a lot of people get confused easily. Law is like that.

A common feature of bogus disclaimers is that they tell the reader that if they aren’t the proper recipient, they should stop reading immediately. You know, at the end of the email. Very clever.

I found a dubious improvement today: a company sent me an email with a disclaimer that was referenced via a URL. So: you get to the bottom of the email, find a link to a disclaimer, and then click on it to go retrieve it and read it. The punchline: “you are prohibited from reading this email”.

Great work, people. Your mission is done.

Who do you trust? And do you trust them indefinitely far into the future?

If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.

In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.

Since this class of bug just bit me, I figured I would write it up in the nearly futile hope that it might prevent me from making it again.

This bug is most often evident when we have a software stack that has varying levels of configuration available in each layer, ranging from simple components that are either installed or not to complex components with configuration stored in files.

Today’s example is my home theater computer, which has these relevant layers:

One of my kids wanted a new computer badly enough to pay for most of it, and I have been wanting to upgrade the main house server for a year or so. Parts for both arrived this week.

forked-daapd is an audio streaming server and webclient for same; it offers compatibility with:

The scientific method goes boing.

1. Form a question.
2. Observe evidence.
3. Form hypotheses.
4. Create experiments.
5. Observe results.
6. Compare hypotheses.
7. Be critical.

The scientific method runs off the rails in step 2 and explodes into uncertainty in step 3. It turns out that observing evidence is rarely easy or straightforward: it’s a great big universe, and we’re all really puny. And “forming hypotheses” is synonymous with “make guesses” – potentially educated, informed guesses, but still a creative process that is likely to baffle AI for decades to come.

That brings us to today’s problem: why does Netflix hate me?

Work asks that I bring home an Apple laptop so that I maintain some sort of fluency with the systems that the majority of our employees use. For the last while this has been a 2011 MacBook Pro with 20GB of RAM and an SSD. The keyboard finally sputtered its way to an unusable state (most of the modifier keys, shift/ctrl/alt/command/option/super/meta/hyper…) were unpredictably triggering or failing to trigger) and I asked for a replacement.

“Whatever has a functioning escape key, please.”

So they signed out a 2015 MacBookPro to me. It has 8GB of RAM (not upgradable) and an SSD (ditto).

If you have a Linux system that was using systemd as its init system, and you changed it to something else, and now nearly everything is incredibly slow:

Remove libnss-systemd; check for and remove systemd options from /etc/nsswitch.conf.

As you will no doubt recall, that config controls the methods that the system uses for various lookups. Most things are files, which is to say the system should look in the appropriate config files. hosts is usually files followed by DNS. If you have Kerberos or LDAP or some other networked signon system, this is where it would be configured.

Who knew that systemd wanted control of that, too? Not I.

Suppose that you are sending out email to all of your customers, letting them know about a thing that you are sure they will want to know about. Then you decide to send it from a fake email address, one named “no reply” or similar. You have immediately eliminated a route for your customers to ask you questions about your thing.

What was the point of your announcement if not to generate interest in the thing? Don’t do that.

Send your announcement from an account that routes into your customer support ticket system (you do have one, right? if you have more than five customers, you need a ticketing system) and prepare your customer support staff with a list of answers to likely questions, and a way for them to contact the experts on the thing.

Every time you close a method of contact, you lose an opportunity to talk to your customers. If you don’t want to talk to your customers, maybe you shouldn’t be sending them email at all.

The Google Nexus 6P was an excellent phone, until it developed severe battery issues when it was about a year old. Google did me the courtesy of replacing it with the Pixel XL, which was a reasonably good phone until two years in, when it developed moderate battery issues which …

Centralized facilities are easier to manage. Centralized facilities are easier to control.

Distributed facilities are harder to manage, harder to control.

Centralized facilities need expensive, difficult redundancies to maintain function during a partial outage. Distributed facilities need coordination.

Centralized is cheaper than distributed if you don’t pay for the things that can make it reliable.

I was chatting (via work’s internal chat system) to a coworker, answering a question when the CFO came in and got my attention. I swivelled my head and greeted her while finishing my response.

“Were you really typing just then?” she inquired.

“Yes, until I dropped my train of thought when you came in.”

I’m not a classical touch-typist; I mostly use six fingers or so, and I don’t really keep them over the home row – rather, I have two or three hand positions that I can feel properly, and that’s where I type from. My speed would probably be improved if I practiced proper touch-typing, but on the other hand, maybe I would lose my ability to type the arcane symbols of computer incantations that are not so common in the mainstream typing systems.

Do learn some form of typing; it’s ever so much more convenient for getting your thoughts out.