Is SE Linux only for Linux?

August 31, 2007 | etbe

I have just been asked for advice on whether SE Linux is Linux specific, and therefore whether code related to SE Linux should always be stored with other Linux specific code instead of being in the main branch of certain free software projects.

One example of SE Linux access controls being implemented on a different OS is the work to port SE Linux to Mac OS/X. Here is a paper on the topic presented at the SE Linux Symposium 2007, and the main site is at http://sedarwin.org. One thing I have been doing is trying to get some friends interested in doing similar work for GNU Hurd (there are some similarities between Darwin and HURD so the work done on Mac OS/X “Darwin” will help the HURD effort). I believe that The HURD has the potential to offer significant security benefits due to the micro-kernel design. One significant problem area in computer security is kernel security flaws, if the kernel can be split into a set of independent processes that run with minimal privileges then the scope of such problems is dramatically decreased – and the possibility of upgrading parts of a kernel on a live machine is provided. As people such as Linus point out there is a performance overhead to micro-kernels, but most machines are idle most of the time anyway. I believe that reliability and security are more important than getting the last 10% of system performance for most machines. The success of Xen is evidence that features other than maximum performance are desired.

Another example of SE Linux access controls on a non-Linux platform is the MAC framework in the TrustedBSD project. This implements SE Linux access controls on top of FreeBSD. From reading the documentation it seems that the amount of changes required to the SE Linux code base for implementation on TrustedBSD was significantly smaller than the changes required for Darwin.

Sun is also apparently considering adding type-enforcement to Solaris. It’s yet to be seen whether this happens and if so whether it is compatible with SE Linux.

So it seems that a significant portion of the SE Linux code base is portable, and in particular the user-space code should port well. The interfaces for and methods labelling files etc should port well between platforms. Therefore I recommend not having SE Linux code split into Linux specific trees and instead having a compile option to enable SE Linux support.

Hydrogen Powered Cars Will Never Work

August 28, 2007 | etbe

One of the most important issues for a commodity fuel for vehicles is that it be convenient and safe to transport. For quite a while LP Gas has been available as a cheaper car fuel. Even with increasing petrol prices it’s acceptance is well below 100% due to extra expense in storing the fuel (high pressure and more insulation are required), the more expensive technology in the engine to heat the fuel before injecting it into the engine, and the extreme difficulty in creating something as convenient as a Jerry Can for transporting LPG.

LPG is mostly comprised of Propane and Butane. Propane has the lower boiling point of -42.09C. Hydrogen however has a boiling point of -252.87C and therefore is much more difficult to store and transport.

The next problem with hydrogen as a fuel is that it has a very low density. The energy density per volume of liquid hydrogen is 10.1MJ/L while the energy density of petrol/gasoline is 34.6MJ/L. Not only is liquid hydrogen difficult to transport but the vessels you transport it in need to be 3.4 times the size! Having a 3.4x larger fuel tank in a car may not be a huge obstacle, but then there is the issue of trucks used to transport it to fuel stations which are already at maximum size so the truck fleet will need to be 3.4x larger with more people driving them etc.

Once these problems are solved there are a variety of safety issues. Hydrogen burns with an almost invisible flame, sustains a fire when at a concentration of between 4% and 75% of the air and ignites at a low temperature. For an explosion you need a concentration of between 18.3% and 59%. I won’t risk promoting foolish behaviour by describing details, but when younger I have performed experiments with ethanol and witnessed experiments with petrol that demonstrate that they are both far less dangerous. Page 22 of this document by the US Bureau of Transportation and Statistics gives more information about the fire risks posed by hydrogen fuel. Page 35 of the same document describes fuel cells as being 45% efficient and an internal combustion engine for methane gas as being 30% efficient thus giving overall efficiencies of 33% and 29.5% respectively. Of course using an Atkinson Cycle engine will give a significant efficiency benefit over an Otto Cycle engine and outweigh this. Also it should be noted that fuel cells tend to require expensive materials such as Platinum in their manufacture.

Hydrogen is promoted by clean-coal advocates (not that any form of coal power is clean) and the nuclear industry (electrolysis is one way of using a huge amount of electricity). But there are many better options for powering cars that are available right now at minimal cost, these include bio-Diesel, ethanol, and plug-in hybrid or electric vehicles.

Never IRC as Root

August 27, 2007 | etbe

Ben Fowler blogs about the issues related to running IRC as root. Google searches for (irc client exploit) and (irc client “buffer overflow”) give a number of interesting web pages. Many of the exploits require the user to perform an action that’s slightly unusual, but why take a chance?

The advice to not run as root while generally sensible (run everything with minimum privileges as much as possible) is IMHO not very useful in recent times (and probably was never very useful). Generally when a user is worried about system compromise they are not worried about attackers having direct hardware access, the ability to corrupt system files, etc. They are worried that the attacker might read their email and access other personal files.

Therefore the instruction should be “don’t run IRC as root or as any account that has access to data which is important to you“. It’s not difficult to start an X-term that runs “exec su – ircuser irc” or “ssh -t ircuser@localhost irc“. Note that the -t option is required for ssh to make it allocate a pty even when receiving a command to run. Note also that in the case of su you need the exec option so that if the irc client is compromised and tries to perform a ioctl(0, TIOCSTI… based attack then it won’t succeed.

In any of these methods make sure that X access is not granted. Until we get Security Enhanced X working in a viable manner any process that can display an X window on your screen can own you totally. There are of course relatively safe ways of doing X, I have previously documented how to configure the Xephyr X server (replacement for Xnest) to allow a process with a different security context to safely display a graphical window on your desktop.

Generally I recommend not using a graphical X client on an untrusted network (IE anything other than an Intranet IRC server). I prefer to do my IRC in an account that’s not even on a machine that I care about and have it run screen so I can disconnect and re-connect from anywhere in the world.

When I first got SE Linux in Debian to be useful (when I could boot and run all programs without problem) I logged on to some IRC channels related to Debian with the security context of root:user_r:user_t. I admit that my actions in this regard could possibly be described as trolling, but I wanted to demonstrate what SE Linux can do. Unfortunately of the many people who told me off for logging in to IRC as root, none of them wanted to hear an explanation of why user_r is safe in this regard. I expect that most of them were running their IRC client in the same Unix account that was used for their email etc (and probably most of them had GPG keys accessible from such an account).

Sigh, it’s so easy to run IRC as a different user – in fact it’s probably the easiest of all network client programs to run in such a manner. There’s no reason not to.

Does Having Fewer Rules Inspire Hard Work?

August 26, 2007 | etbe

I was recently talking to a client about the lack of guidelines for acceptable personal use of office resources in his company. He rejected the suggestion that he provide any real rules or guidelines (apart from some old rules that most employees were not aware of and of which there was no procedure to remind them to periodically read). He said that he only wanted to hire motivated people who wanted to work, and that people who need rules should work elsewhere.

The results of his approach seem reasonable, everyone who works for him works really hard. In return his attitudes towards employees are more relaxed than most employers, among other things he is very supportive of employees who desire career opportunities greater than his company can offer.

I have been wondering whether rules alone can make people lose interest in working, or whether it’s the type of person who doesn’t want to impose rules that inspires hard work.

My experience is that when working for people who have a rule-free environment I tend tend to work really hard, and that when working for companies that have lots of rules I find it difficult enough to get out of bed in the morning – let alone become motivated to do any work.

I am interested to see comments from other people, both workers and managers. Is my experience common in this regard?

Designing Computers for Small Business

August 25, 2007 | etbe

Dell just sent me a letter advertising their new Vostro line “especially for small business“. They say “we listened, then we listened some more” and explain that it’s based on feedback from people in small companies. The problem (which should be familiar to everyone who has ever done any consulting work) is that people don’t ask for what they need! Ask someone what they want in a computer system and the first thing that they will ask for is a fast CPU and a low price, the colour of the box will probably be higher on their priority list than the option of a backup.

Dell have proved this by advertising their small business machines by advertising cheap desktop machines for small business use.

Here is a list of the features that I consider essential in small business systems (based on my experience working for dozens of small companies):
Reliable operation. Using a relatively inexpensive machine as both a desktop machine and a server for the company network is very common in companies with less than 10 people. The Dell PowerEdge Tower systems are reasonably cheap (as little as $800AU – $100 more than a low-end Vostro in the base configuration, although the Vostro includes a bundled monitor). The PowerEdge machines have ECC RAM as a standard feature (avoids data loss due to memory errors) and can be delivered with hardware RAID support (SATA-2 or SAS) and a variety of backup options. A low-end tower PowerEdge server with 250G of hardware SATA RAID-1, a 160G removable disk for backup, and an extra gigabit-ethernet port costs $2015. Such a machine would do really well as a server for a small company while also being quite good as a desk-side workstation (the cooling fans would probably be louder than on most workstations but the money saved would be worth-while for most small businesses). If Dell was to promote PowerEdge tower machines (maybe under the label “Vostro Servers”) it would be good for customers and should be profitable for them.

The next thing that Dell should consider is a laptop with ECC RAM. Many small businesses start out as a sole trader with a laptop. Data loss on such a machine would be catastrophic. At the design stage ECC RAM would not be difficult to add – if there was a company that produced such RAM (I expect that Dell could purchase enough volume to drive the creation of new memory modules).

Another laptop issue is the reliability of mass storage. Laptops tend to get dropped and hard drives tend to break when dropped. Lenovo sells a “ThinkPad Serial ATA Hard Drive Bay Adapter” which allows two hard drives in a Thinkpad which could be used for RAID-1 (if you don’t want a built-in DVD drive). I chose to use regular backups instead of buying the extra hardware for RAID-1 but it would be good if other companies offered such options – especially when promoting their products to small businesses (who often don’t do regular backups). Even Lenovo could improve things in regard to their potential RAID-1 support in Thinkpads by promoting this feature (instead of just having the hardware listed as an optional extra with no mention of why you would want it) and offering a default install with RAID-1. Better still would be hot-swap RAID-1 in a laptop (which would be quite easy to do if the expansion bay was changed to use USB as it’s method of connection). Of course RAID-1 only covers you in the case where the drop is only enough to destroy one disk or if it causes partial damage to both disks but doesn’t destroy the same section of data on both disks.

The next big thing for laptops will be flash storage. One of the major advantages of flash is that it’s almost impossible to destroy it by dropping it. I would rather have my important data on a flash storage than a hard drive (it also saves electricity and therefore makes the battery last longer). The option of having flash as the primary storage device and a hard drive for files that are larger and less important would be useful to most small businesses. Of course hardly any small business owners will ask for this, they will probably ask for a machine that has a fast CPU.

Sometimes when developing a product you have to design something with the features that customers need and get the sales and marketting people to convince the customer of the benefits of the features. Even though the number of people who understand the technology and will jump at the opportunity to buy good things (such as me) is rather small, the number of people who can understand once it’s explained to them is quite significant. I’m sure that if Dell released a new line of computers with the slogan “reliable machines that don’t lose your data” instead of “good-looking new machines” then they would get some interest.

After writing this post but before publication time I happened to be speaking to the owner of a small business on the topic of choice of computers for a company such as his. He seemed convinced of the benefits of a better machine to replace his current desktop PC that is running as a server (it’s yet to be seen whether he considers the benefit to be worth the cost).

I wonder if Matt Domsch reads my blog…

The Start of My Computer Career

August 23, 2007 | etbe

When I was about 11 years old I decided that I wanted a career related to computers. My first computer was the TEC-1 single-board Z80 based kit computer from Talking Electronics magazine (see the photo below). I think that I built this when I was 10.

The computer is 16cm high and 25cm wide. The six seven segment displays are the only built-in output device (there were optional kits for other output devices). The keypad has the hexadecimal number keys, an “ad” button for entering addresses, a “go” button for executing programs, and “+” and “–” keys for incrementing and decrementing the address. Below the reset button (labelled “R“) you will see the optional function key (of which I can’t remember the purpose). Programming this computer required entering the hexadecimal code on the keypad with the “+” and “–” keys being the main method of editing (the “ad” key was used to jump to a different section of RAM). In editing mode the first four seven-segment displays showed the address (the Z80 could only address 64K of RAM) and the other two showed the memory contents (the word size was one byte). In terms of user-friendlyness it was probably about equal to punched cards – apart from the lack of non-volatile storage (unless you built the optional NVRAM kit).

My TEC-1 has 2K of RAM (the 83251R chip is equivalent to an Intel 16kilo-bit 6116 static RAM chip) and 2K of ROM (the chip with the orange sticker labeled Mon1 is a 2716 EPROM – 16kilo-bit).

Not long after that my parents bought the first serious computer for the family, a Microbee Z80 based system with a tape drive that used a monochrome monitor of resolution approximately equal to CGA and which had either 16K or 32K of RAM (I can’t recall). The next family computer was a Microbee Premium series 128K which is probably the same model as the one depicted on the Microbee Wikipedia page (a serious omission of the Wikipedia page is that it has no picture of the box containing the PSU and the floppy drives for the Premium Series). My first published article in a computer magazine was when I was about 15 years old and I wrote a long email on a Fidonet echo (mailing list) reviewing a 3rd party update to the CP/M system for the Premium Series Microbee and was surprised by having it published in the Microbee club magazine (in those days we didn’t bother much about copyright so no-one asked for my permission before publishing).

I wonder if starting with computers at such an age is typical for people who now contribute to free software development. I think it would be interesting to see some blog posts from other people in the community about how old they were when they started with computers and what type of computer they started with.

I also wonder about the correlation between the age of starting with computers and career success in the computer industry. One significant benefit of starting early was that I could learn things that would be useful for my career in later decades while other children were wasting time studying what teachers told them to study. It also meant that in later years of high-school I could relax knowing that I could get straight B’s without effort which was more than was required to enter a CS degree program at that time. Until half-way through year 12 I tried to avoid ever doing home-work at home – home-time was computer time! Do you think that the age at which you chose your career significantly affected your success? If so in what way?

If you were asked for advice by parents as to when their child should be given it’s first computer what age would you suggest? Unfortunately I usually get asked for advice about such things by people who have children aged 16+ (which is way too late IMHO).

Update: Dbenn recently gave a talk to his son’s primary school about computers and he used the TEC-1 as an example. They are still in use!

LED Headlights in Audi Sports Car

August 23, 2007 | etbe

It’s interesting to see that Audi is releasing a car with LEDs for all lights including the headlights. This is being promoted as an environmental benefit, however a quick google search revealed that my Volkswagen Passat apparently takes 55W headlights (giving a total of 110W of electricity used). Even allowing for some inefficiency in the alternator this would make a very small impact on the fuel use of a engine rated at 140KW. The Audi in question is the R8 (wikipedia link because the Audi web site is badly broken) and has a 300KW engine…

A simple implementation of LED headlights will do some good for plug-in hybrid cars and all-electric vehicles where saving power is more important – when the technology filters down to cheaper vehicles. Also one possible use for the technology is to dim the headlights by turning off some of the LEDs in the bank (according to the LED Wikipedia page it is currently impossible to create a single LED that takes more than 1W of power, so a bank of LEDs would be used). Currently you have a choice of using “parking lights” or “head-lights” when driving, and when driving just before sun-set or at night in the city (where the street lights are bright) you need head-lights to allow other drivers to clearly see you but don’t need them as bright as they have to be when driving at night in the country. So a range of levels of luminosity could be effectively used in headlights to increase efficiency in some situations and increase light levels in others.

According to the Luminous efficiency Wikipedia page current LEDs are up to three times as efficient as quartz halogen incandescent globes and future developments are likely to increase that to six times the efficiency. Combine that with more effective use of headlights to provide the light at the location and level that’s needed and the result could be using at little as 10% of the electricity for headlights on average!

Another thing that I would like to see is the Adaptive Headlights feature of the better BMWs (which I referenced in a previous post about the BM 5 and 7 series) implemented in a cheaper and more reliable manner. The feature in question is that the headlights will turn when driving around a corner to show the road ahead instead of just shining off the edge of the corner. Implementing such a feature with incandescent lights is difficult because they have to be physically turned and moving parts tend to break (which increases maintenance costs and decreases the overall reliability of the vehicle). An obvious alternate design is to have a set of LEDs pointing in different directions and which LEDs get power would determine where the light goes (this would also react faster than physically moving a light). Once LED headlights become common the Adaptive Headlights feature could be implemented in the cheapest cars on the road with minimal extra cost – currently it’s a feature that would be expensive to implement and would increase the sale price of a small car and probably the service price too.

SE Linux vs chroot

August 22, 2007 | etbe

A question that is often asked is whether to use SE Linux or a chroot to restrict a program.

In Unix chroot is a way of running a program with a restricted set of directories available (it used to be merely a sub-tree but with bind mounts it can be any arbitrary set of directory trees). A chroot can be implemented in a daemon (it can call the chroot(2) system call before it drops it’s privileges) or by a shell script (through the chroot(8) utility). The disadvantages of a chroot are that root can escape from it, a chroot process can see the existence of non-chroot processes (ps and similar programs work in the same way in all chroot environments), and inter-process communication is not prevented. One solution to this is to have an enhanced chroot environment (which typically requires a kernel patch) where the chrooted processes can not run ps without restriction and have other limits applied to what they are permitted to do (there are several kernel patches that implement such restrictions). In the early days of SE Linux development I implemented similar functionality in SE Linux policy (here is the paper I presented at Linux Kongress 2002).

Configuring a chroot environment is inconvenient. If it is configured in the traditional manner (copying files to the chroot instead of bind mounting the directories) then old versions may exist in the chroot after new versions with security fixes have been installed in the main environment.

SE Linux provides better security than a typical chroot environment by controlling all interaction between processes. It provides more flexibility than an enhanced chroot environment by being configured entirely by policy and not requiring a kernel recompile to change the way it works.

I believe that the correct thing to do is to cease using chroot entirely and use SE Linux instead.

Music Videos

August 22, 2007 | etbe

I’ve been thinking about music videos recently while compiling a list of my favourite videos of all time. It seems that YouTube has changed things through the re-mixes of videos and the ability of anyone to publish for a mass-market (although without the possibility of directly making money from it).

Also today all new PCs (and most PCs that are in use) are capable of being used for video editing and the compute power needed for 80’s and 90’s quality special effects is also commonly available (in most cases good art doesn’t need more technical quality than that). So anyone can produce videos (and a quick search of YouTube reveals that many people are producing videos for their favourite songs).

I think that we need a music video for the Free Software Song. One possibility is to base it on the 1984 Apple advert (because it’s the free software community that is opposing Big Brother not Apple). I think it would be good to have multiple versions of the Free Software Song (with matching videos), there could be the version for young children, the Hip-Hop version, the Punk version, etc. Also I think that there is potential for the creation of other songs for the free software community.

One possible way of doing this would be to have a contest for producing music and videos. Maybe a conference such as LCA or OLS could have the judging for such a contest. I would be prepared to donate some money towards the prize pool and I’m sure that other individuals and organisations would also be prepared to do so. If I get some positive feedback on this idea I’ll investigate how to run such a contest.

Here are my favourite videos of the moment. Please let me know of any videos that you think I would like based on this list.

Placebo:
- Infra-Red – I love the Haxor ants (I Lied to You – We Are the Enemy says the CEO), I first saw that idea in the book City by Clifford D. Simak’s
- A Song to Say Goodbye – strange and sad. Like much good art it can be interpreted in several ways.
- Pure Morning – strange video that seems to have nothing to do with the music, but still good
- Slave to the Wage – interesting and not strange by Placebo standards. I’ve recently decided that I don’t like working in a corporate environment so I can relate to this.
Smashing Pumpkins:
Ava Adore, interesting way of changing scenes, and a very artistic and strange video (matches the song)
Duran Duran (who incidentally named their group after a character in Barbarella: Queen of the Galaxy – strangely the spelling is different though):
- Come Undone, interesting aquarium scenes
- Too Much Information – they should re-do this and include a reference to the Internet in the lyrics. ;)
- Wild Boys – Mad Max 3 as a film clip
UNKLE:
- Eye for an Eye – strange and disturbing, as any serious art that is related to war must be
- Rabbit in Your Headlights – surprising end, I wonder if anyone was injured trying to emulate this clip
Nine Inch Nails:
Head Like a Hole, strange and a bit bizarre at times. Not the greatest of my favourite clips but the music makes up for it.
Queen:
- I Want to Break Free, strangely amusing and very artistic
Chemical Brothers:
- Let Forever Be – my favourite clip of all time. Fractally weird, you can watch it dozens of times and still be missing things.
- Setting Sun – the world would be a better place if more cops could dance like that! Also is it just me or does the drummer guy look like a Narn from Babylon 5?
- Out of Control – surprise ending. I would appreciate it if someone who knows the non-English language (probably Spanish) in the clip could point me to a translation.
- Star Guitar – a real work of art but no plot and I didn’t enjoy the music, I recommend watching it once
- The Golden Path – I used to wonder whether office work was really so grim in the 60s and 70s, but then I worked for a financial company recently…
Fat Boy Slim:
Praise You – why can’t reality TV be this good?
Falco:
Rock Me Amadeus – let’s represent two totally diffent cultures (bikers and Austraian high society) in a film clip, silly but amusing
Madonna:
Like A Prayer – I wonder how many racist organizations banned that
A-Ha:
Take On Me – mixing multiple art forms (in this case film and animation) can work really well. Beat Kill Bill to the idea by a couple of decades.
Robert Palmer:
Simply Irresistable – pity that they didn’t hire more women who can dance or at least put the dancers in front of the models. It’s interesting to note that one of the models appears to be actually playing a guitar.
Garbage:
- MegaTokyo and Temptation Waits mash-up.
- Push It – one of the strangest videos I’ve seen
Michael Jackson:
Billie Jean – class is timeless.

Suggestions and Thanks

August 21, 2007 | etbe

One problem with the blog space is that there is a lot of negativity. Many people seem to think that if they don’t like a blog post then the thing to do is to write a post complaining about it – or even worse a complaint that lacks specific details to such an extent that the subject of the complaint would be unable to change their writing in response. The absolute worst thing to do is to post a complaint in a forum that the blog author is unlikely to read – which would be a pointless whinge that benefits no-one.

Of course an alternate way for the recipient to taking such complaints as suggested by Paul Graham is “you’re on the right track when people complain that you’re unqualified, or that you’ve done something inappropriate” and “if they’re driven to such empty forms of complaint, that means you’ve probably done something good” (Paul was talking about writing essays not blogs, but I’m pretty sure that he intended it to apply to blogs too). If you want to actually get a blog author (or probably any author) to make a change in their material in response to your comments then trying to avoid empty complaints is a good idea. Another useful point Paul makes in the same essay is ““Inappropriate” is the null criticism. It’s merely the adjective form of “I don’t like it.”” – something that’s worth considering given the common criticism of particular blog content as being “inappropriate” for an aggregation feed that is syndicating it. Before criticising blog posts you should consider that badly written criticism may result in more of whatever it is that you object to.

If you find some specific objective problem in the content or presentation of a blog the first thing to do is to determine the correct way of notifying the author. I believe that it’s a good idea for the author to have an about page which either has a mailto URL or a web form for sending feedback, I have a mailto on my about page – (here’s the link). Another possible method of contact is a comment on a blog post, if it’s an issue for multiple posts on the blog then writing a comment on the most recent post will do (unless of course it’s a comment about the comment system being broken). For those who are new to blogging, the blog author has full control over what happens to comments. If they decide that your comment about the blog color scheme doesn’t belong on a post about C programming then they can respond to the comment in the way that they think best (making a change or not and maybe sending you an email about it) and then delete the comment if they wish.

If there is an issue that occurs on multiple blogs then a good option is to write a post about the general concept as I did in the case of column width in blogs where I wrote about one blog as an example of a problem that affects many blogs. I also described how I fixed my own blog in this regard (in sufficient detail to allow others to do the same). Note that most blogs have some degree of support for Linkback so any time you link to someone else’s blog post they will usually get notified in some way.

On my blog I have a page for future posts where I invite comments from readers as to what I plan to write about next. Someone who prefers that I not write about topic A could write a comment requesting that I write about topic B instead. WordPress supports pages as a separate type of item to posts. A post is a dated entry while pages are not sorted in date order and in most themes are displayed prominently on the front page (mine are displayed at the top). I suggest that other bloggers consider doing something comparable.

One thing I considered is running a wiki page for the future posts. One of the problems with a wiki page is that I would need to maintain my own private list which is separate, while a page with comments allows only me to edit the page in response to comments and then use the page as my own to-do list. I may experiment with such a wiki page at some future time. One possibility that might be worth considering is a wiki for post requests for any blog that is syndicated by a Planet. For example a wiki related to Planet Debian might request a post about running Debian on the latest SPARC systems, the first blogger to write a post on this topic could then remove the entry from the wish-list (maybe adding the URL to a list of satisfied requests). If the person who made the original request wanted a more detailed post covering some specific area they could then add such a request to the wish-list page. If I get positive feedback on this idea I’ll create the wiki pages and add a few requests for articles that would interest me to start it up.

Finally to encourage the production of content that you enjoy reading I suggest publicly thanking people who write posts that you consider to be particularly good. One way of thanking people is to cite their posts in articles on your own blog (taking care to include a link to at least one page to increase their Technorati rank) or web site. Another is to include a periodic (I suggest monthly at most) links post that contains URLs of blog posts you like along with brief descriptions of the content. If you really like a post then thank the author by not only giving a links with a description (to encourage other people to read it) but also describe why you think it’s a great post. Also if recommending a blog make sure you give a feed URL so that anyone who wants to subscribe can do it as easily as possible (particularly for the blogs with a bad HTML layout).

Here are some recent blog posts that I particularly liked:

Security Anti-Pattern: Path based access control from Joshua Brindle (feed). A fairly strong criticism of path based access control (as used in AppArmor). I’d have written something about this myself but Joshua did it so well that there’s no need. His post about Status Quo Encapsulation is also a good read. It’s a pity that Joshua doesn’t write more than two posts a month.
Federico’s post about concrete for housing. Some technical data and some good pictures. (feed)
Tim Connor’s blog posts about Australian politics (feed), particularly this post about interest rates (especially his latest comment). It’s a pity that Livejournal seems to offer no good options for searching and the comment in question has broken links. I would be happy to offer advice if Tim wanted to switch to a self-hosted WordPress installation (as would some other bloggers who are members of our local LUG).

Here are some blogs that I read regularly:

Problogger (feed), I don’t think that I’ll be a full-time blogger in the forseeable future, but his posts have lots of good ideas for anyone who wants to blog effectively. I particulaly appreciate the short posts with simple suggestions.
Mega Tokyo (feed) – A manga comic on the web. The amusing portrayal of computer gaming fanatics will probably remind most people in the computer industry of some of their friends.
Defence and the National Interest (feed). The most interesting part of this (and the only reason I regularly read it) is the blog of William S. Lind (titled On War. William writes some very insightful posts about military strategy and tactics but some things about politics will offend most people who aren’t white Christian conservatives.
It’s a pity that there is not a more traditional blog feed for the data, the individual archives contain all posts and there seems to be no possibility of viewing the posts for the last month (for people who read it regularly in a browser and don’t use an RSS feed) and no search functionality built in.
WorseThanFailure.com (was TheDailyWTF.com) (feed) subtitled Curious Perversions in Information Technology. Many amusing anecdotes that illustrate how IT projects can go wrong. This is useful for education, amusement, and as a threat (if you do THAT then we could submit to WorseThanFailure.com).
XKCD – a stick-figure web comic, often criticised for the drawing quality by people who just don’t get it, some people read comics for amusement and insightful commentry not drawings. It’s yet another example of content beating presentation when there’s a level playing field.

Finally I don’t read it myself, but CuteOverload.com is a good site to refer people to when they claim that the Internet is too nasty for children – the Internet has lots of pictures of cute animals!

etbe – Russell Coker

Linux, politics, and other interesting things

Tag Archives: Best Posts