Month: March 2009

Question about a “Secure Filesystem”

I have just been asked for advice about “secure filesystem” and decided to blog my answers. The first issue is what is meant by “secure filesystem, that could either mean the ability to restrict file access (EG by supporting SE Linux security contexts and using SE Linux for file access control) or the ability to […]


Why Cyrus Sucks

I’m in the middle of migrating a mail server away from the Cyrus mail store [1]. Cyrus provides a POP and IMAP server, a local delivery agent (accepting mail via LMTP). It is widely believed that Cyrus will give better performance than other mail stores, but according to a review by Dovecot and Courier […]


Maildrop, IMAP, and Postfixadmin

I have recently configured my mail server to use IMAP. I started doing this when I was attending so that I could read urgent mail using my EeePC while at the conference and then be able to deal with the more complex stuff using my laptop later on. The next logical step is to […] Mta

I need an LMTP server

I am working on a system where a front-end mail server sends mail to what it considers to be a LDA (Local Delivery Agent) which actually sends mail to a back-end server via LMTP. I can’t remove that fake LDA from the design because it does a bunch of business specific processing along the way. […]


The FAIL Meme

One of the recent poor trends in mailing list discussions is to reply to a message with a comment such as “FAIL” or “EPIC FAIL“. The FAIL meme has been around for a while and actually does some good in some situations, slate has a good article about it [1]. The first example cited in […]


Case Sensitivity and Published Passwords

When I first started running a SE Linux Play Machine [1] I used passwords such as “123456“. Then for a while I had “selinux” but when I created a T-shirt design (see the main Play Machine page for details) I changed the password to “SELINUX” because that is easier to read on a shirt. Unfortunately […]


SE Linux Lenny Status Update

I previously described four levels of SE Linux support on the desktop [1]. Last night I updated my APT repository of SE Linux packages for Lenny (as described on my document about installing SE Linux [2]). I included a new policy package that supports logging in to a graphical session via gdm in either unconfined_t […]


You Have the Right to Not Search My Bag

This afternoon I was in a Safeway/Woolworths store (an Australian supermarket chain) and the lady on the checkout asked to inspect my backpack on the way out. The conversation went as follows: Checkout Lady: Can I inspect your bag? Me: Sure. – I put my backpack on the counter CL: Could you open it for […]


A Police SMS about Fire Risk

My wife and I have each received SMS messages from “Vic.Police” that say: Extreme weather expected tonight (Monday) & tomorrow. High wind & fire risk. Listen to the ABC local radio for emergency update. Do not reply to this message. Presumably the police are trying to contact everyone in Victoria. The problem seems to be […]