dkg's blog

Articles by Daniel Kahn Gillmor (dkg)

1. TLS Infrastructure frustrations (part 1)

   Prompted by Steve's request for an SSL cert, i'm going to air some grievances i have with the X.509 PKI that tends to go along with SSL and TLS. The current real-world X.509/TLS infrastructure gets in the way of real trusted, secure communication. It favors the creation …

2. apt warnings about missing public keys

   After running apt-get update on a typically-stable mixed etch/sid machine (which also has experimental in the sources list), i'm getting the following warnings from apt:

   W: There are no public key available for the following key IDs:A70DAF536070D3A1W: There are no public key available for the following key IDs …

3. tremor-based alsaplayer?

   Does anyone know of a simple, clean, ALSA-output ogg-vorbis audio player that links (statically or otherwise) against the tremor integer-only vorbis decoder? Here's why i want it:

   I recently got a Linksys NSLU2 which i'm happily running debian etch on (with the sid kernel, thanks a million to the debian …

4. Pros and Cons of secondary MX records

   Many sites use multiple MX records in DNS. But i feel like i'm seeing more and more which just have a single MX record. Why choose the one strategy over the other?

   Given that MTAs are increasingly complicated these days (with various spam filtering techniques), what are some good arguments …

5. Ensuring system updates are actually in use

   I keep my machines all patched with the latest updates from security.debian.org. But sometimes, a simple apt-get update && apt-get dist-upgrade is not enough, particularly when system libraries are being upgraded (e.g. the latest openssl vulnerability, DSA 1173). In this situation, running processes could have loaded copies of …

6. Where does one report bugs in backports?

   initramfs-tools 0.77b\~bpo.1 arrived in sarge-backports recently. It appears to Depend: on klibc-utils (>= 1.4.19-2), but should probably depend on klibc-utils (>= 1.4.19-2\~bpo.1) instead, since it's otherwise uninstallable on a sarge/sarge-backports system.

   Who should i report this problem to? it seems like filing …

7. Methods for testing Linux Software RAID?

   I have several machines with software RAID (both RAID1 and RAID5 configurations), with fairly modern kernels. I want to test the RAID before anything bad happens to the machines for real. What methods do you use to test software RAID on your servers? How do you verify that the kernel …

8. debian testing security Release.gpg broken?

   When i did an apt-get update on a mixed etch/sid system last night (and again this morning), i got a couple errors:

   [0 root@squeak ~]# apt-get update ... Get:3 http://security.debian.org testing/updates Release.gpg                    ...Hit http://security.debian.org testing/updates Release                         Err http://security …

9. looking for a STARTTLS-capable MANAGESIEVE client

   I've got a mailserver running a lightly-patched cyrus21, based on debian sarge.

   The mailserver runs (among other things) timsieved, and all connections are STARTTLS-capable (and enforced). But i'm having trouble finding a useful client that can talk to it properly.

   This entry has been truncated read the full entry.

10. looking at process activity on servers

    The following is just a simple combination of tools that is probably fairly unremarkable. However, i hope some people will find it useful.

    top is good at what it does (showing active processes), but the way the processes jump around in the listings and the way that the process lineage …

« Page 12 / 13 »