obfuscurity.
hidden in plain sight

Minor features are still being added to Blogsum. It supports searching by author (effectively treating authors like tags) and the ability to disable comment submissions. There is also readmore support, allowing you to define a portion of an article that should only be seen in full "article view". You simply insert a <!--readmore--> tag where you'd like the "preview mode" to stop.

I'm also adding email notifications for comment submissions. This way you'll know the instant a new comment requires moderation. I should be done with this very soon. The last couple of items on my To-Do list are pagination and cleaning up the template usage. Once these are complete it should be ready for submission to the OpenBSD ports framework.

Update: Email notifications for comment submissions are complete.

OpenBSD's ypldap daemon provides YP maps using an LDAP backend. It was introduced with OpenBSD 4.4 but doesn't seem to have received much exposure within the community. I've been meaning to convert one of our bastion systems from using local accounts to LDAP, mainly for convenience.

The migration went smoothly except for the lack of a netid.byname mapping. Pierre-Yves Ritschard ([email protected]) told me this is high on his to-do list. Without this mapping, sudo is unable to getpwuid(). Therefore, any accounts requiring sudo rights (read: administrators) will need to remain as local accounts until this is resolved.

The vast majority of this write-up was taken almost verbatim from a similar posting at the Helion-Prime Solutions blog. I've filled in some missing bits with regards to the sudo issue as well as ypbind issues over non-broadcast segments.

Read the rest of this story...

When people ask you what you do for a living, do you answer "geek"? While shopping for a new car, is your primary criteria "good, fast, cheap... pick two"? Did you get goosebumps the first time you played with VMware's virtual switching/VLAN support? If so, you might be a perfect fit for our team.

OmniTI is looking for someone with real UNIX chops. We have a passion for what we do and it shows. A typical day in the Ops team is a heaping pile of scalability, smothered with resiliency, and a smattering of optimization. We eat and drink Open Source. We poop cold steel. You will be tempered, and you'll love every minute of it. If this sounds like your sort of thing, shoot me a line so we can talk.

P.S. We're the place your mom warned you about.

Recently I had the opportunity to do an interview for a story on SMB security issues. The conversation reminded me just how easy it is, as a security professional, to paint everything in black and white. Hackers are good or evil. Software is secure or vulnerable. Vendors are responsible or stupid. But this really isn't how businesses operate.

The primary focus of most businesses is to engage in commerce. Often we overlook this basic fact when a company neglects to patch their systems and becomes a target. We argue that if the owner was serious about protecting his money, customers or data he would be more proactive. But do we have all the facts to make this judgment?

Every decision in business carries risks and rewards. Responsible patching seems like a no-brainer. Perhaps the company webserver is used for basic order submissions. No personal or private data is stored locally. Is it really harming anyone if the website gets defaced for a week until the owner's nephew stops by to reinstall it again? Certainly you could argue that the defacement reflects poorly on the business, but again we need to consider the risk vs reward scenario. If it costs less to leave a defaced server running than to call an after-hours professional, is that really a poor decision?

Don't get me wrong, this scenario would drive me nuts. And that's exactly why I'm a geek and not an accountant. On occasion we need to take our blinders off and consider the alternatives. Security is a process, not a moral standard.

Sometimes we all have difficult days. The alarm goes off at 5am for an early start. Traffic is a bitch. Hardware breaks, data corrupts, services lockup, drives fill up and servers crash. Co-workers disagree and people yell. The pager likes the sound of its own voice.

Once in a while, these days happen. We forge through them with a restless eye at the clock, waiting for it to be over. At the conclusion, can we look in the mirror and be proud of our efforts, or is there regret for the should'ves? It's hard to be passionate every day. When the cogs are aligned and the ship runs smoothly, passion stokes our fire and gives flight to new ideas. But a foul day can quickly drain our passion and result in poor judgment and apathy.

I used to play golf a lot. When I worked the graveyard shift, I routinely teed off at the end of my day. While most of the other golfers feared the dreaded sand-trap, I reveled in the opportunity. The chance to easily "save out" and focus on the next hole. Being able to meet these obstacles as opportunities adjusts our perception and can inspire us to greater heights.

I've unofficially kicked off the pre-planning phase of DCBSDCon 2010 for tossing around ideas and informal preparations. If you're interested in becoming an event organizer (think carefully) or sponsor (spend graciously), I'd love to hear from you now. We'll be recruiting event volunteers as the New Year gets closer.

A lot of friends have been asking me when the event will happen. There's a strong possibility that it will be pushed back from February (where the F stands for effing cold) to April. DC weather is much more cooperative during the spring months (cherry blossoms anyone?).

Todd Hoff over at High Scalability takes a look at Reconnoiter. He went through the [currently] arduous task of installing and configuring it manually; setting up checks can be a hairy experience. But the end result seems to justify the initial pain. It's a very exciting (and useful) application that will only get better as the #noit devs continue to hack on it.

As an Ops guy over at OmniTI, I've been fortunate to watch Reconnoiter's incubation process. Theo Schlossnagle is probably one of the smartest guys in this industry and he gets scalability issues. We've batted around ideas about network trend and analysis tools before (e.g. NFDB) so naturally I'm anxious to see where Noit takes us.

I've never claimed to be a prolific hacker. I take much longer to complete a simple piece of code than even your typical hobbyist programmer. I'm easily distracted by shiny objects and WTFs.

Nevertheless, I finally gave in and threw together something resembling a blogging app. There are no fancy features yet, and likely never will be. It currently does about 90% of what I want it to do, which is closer to 2% of what the typical blogging/CMS application is capable of. It's my own KISS approach with a healthy peppering of careful input handling and a simple SQLite backend.

If you've been looking for a small blog application, particularly one designed for running in OpenBSD's default httpd(8) chroot, then Blogsum might be good for you. If not, that's ok too. Let the next guy have his World Domination. I just want to blog some.

This is an in-development version of blogsum. The goal is a simple, secure blogging application that doesn't come with useless knobs or hurdles.

The anti-wordpress.