Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 09 2016


The Eternal systemd Discussion and Implications for System Administration

Recently we had a power outage at one of our sites. A construction site brought down a power line, and the subsequent efforts to repair the damage took the power company longer than the UPS could handle. So all systems shut down cleanly. After the power was back most servers restarted automatically. Two servers were missing. A manual inspection revealed that they hung still in the init phase. According to the logs on the screen systemd was trying to unlock the encrypted harddrives (with a key stored on an external storage media, accessible by the init system). The system were rebooted in Debian 8 System V init mode, and they started immediately. No hangs, no errors, nothing. All systems go, as it should be.

Out of frustration this tweet went out to the world. Unsurprisingly comments about the init system religious war came as reply.

We did not report the error on the servers to the developers for a simple reason. systemd is advertised as a drop in replacement for System V init scripts. It clearly anything but a drop in replacement. If you have to do a migration from System V to systemd, then it is not a drop in replacement. Furthermore everything necessary to get these two servers up and running is stored in their /etc/crypttab and /etc/fstab. It is not really hard to unlock a LUKS-encrypted partition. Even a shell script can do this.

So to cut the bashing short, here is the message: If you want to see your software deployed, do not anger the users (or the sysadmins) using it. We have ditched a lot of software applications, because of misguided development processes. We will replace Debian with Devuan as a lesson from this episode. We already replaced a lot of window managers, because of the ever increasing feature creep, cruft, and bloat. Do not go this way when developing software. Focus!

July 30 2015


Windows 10 is not suitable for business use

Windows 10 is released and Microsoft® rolling it out worldwide. Of course, the new operating system has many great features, which make life and possibly even work easier. Unfortunately, to use it you have to consent to the new Terms of Use, which involve a number of risks for companies. One should therefore think carefully about whereto apply Windows 10. Especially in sensitive areas, the handling of customer data and confidentiality agreements, we strongly advise against it.

  • Windows 10 transfers data to Microsoft® servers by default. This includes information like visited websites, bookmarks,names and access to applications, websites, hot-spots and wireless networks used.
  • Windows 10 generates for each account on each device a unique identification for the purpose of tracking by third parties and for the creation of user profiles.
  • When using the Bitlocker disk encryption for Windows 10 the key to recovery is saved on an Microsoft® OneDrive account. You hand out the key to your own data.
  • Windows 10 collects information about connected devices, software data and associated networks. This data also gets transmitted to external servers for further analysis.
  • After activation Cortana, the Windows 10 language assistant, collects data from your user profile, media files, alarms, personal calendar, screen lock times, websites you’ve visited, online purchases, Bing searches and voice records. Personal contacts, appointments and voice records are passed on to unknown servers.
  • Microsoft reserves the right to use personal data, to save it and to pass it on to third parties - including personal emails, private communication and all personal files.

These Terms of Use render it impossible to use Windows 10 for business. To use Windows 10 means to break any non-disclosure agreement and any contract which governs the disclosure and processing of customer data by third parties. This is also true if suppliers are running Windows 10. Also any business communication is disclosed to third parties.
We strongly recommend to look for alternatives and not to process any sensitive information such as customer data or the like with Windows 10 systems.

June 12 2015


Fanny and Stella: the young men who shocked Victorian England

The gripping story of the trial that shook Victorian England – a tale of cross-dressing, cross-examinations and the invention of camp, shortlisted for the Stonewall Awards 2013 (Writer of the Year) and for the 2013 Green Carnation Prize.

Neil McKenna, the award-winning author and journalist, is known for initiating the campaign for gay law reform in the Isle of Man and for leading the fight against Clause 25.

This event is part of the Lesbian, Gay, Bisexual, Transgender and Queer or Questioning (LGBTQ) History Month at The National Archives.

Warning: the following material may not be suitable for all listeners.

June 07 2015


June 05 2015


Arts and Inspiration Day at The National Archives 2014: Music and lyrics

Jo Pugh reveals the music, lyrics and poetry lurking in diverse records, from Thomas Byrd’s pupil, John Bull to songs from Second World War prisoner of war camps.

Arts and Inspiration Day is a free event for students thinking of future PhD study which introduces the research potential of The National Archives’ collection. This event was held on 17 November 2014.


Arts and Inspiration Day at The National Archives 2014: Maps and plans

Rose Mitchell reveals the maps and plans held at The National Archives.

Arts and Inspiration Day is a free event for students thinking of future PhD study which introduces the research potential of The National Archives’ collection. This event was held on 17 November 2014.


Arts and Inspiration Day at The National Archives 2014: Propaganda

Simon Demissie looks at Propaganda through the records held at The National Archives, including the wartime posters in INF 3 and the 1970s ‘Protect and Survive’ Public Information Films.

Arts and Inspiration Day is a free event for students thinking of future PhD study which introduces the research potential of The National Archives’ collection. This event was held on 17 November 2014.

Watch the Public Information Films, Action after warnings and Casualties, produced by Richard Taylor Cartoons, with chilling narration by Patrick Allen.


Arts and Inspiration Day at The National Archives 2014: Design history and material culture

Julie Halls discusses design history and material culture as a potential area for research.

Arts and Inspiration Day is a free event for students thinking of future PhD study which introduces the research potential of The National Archives’ collection. This event was held on 17 November 2014.

May 29 2015


Portillo’s State Secrets

Researcher Tommy Norton introduces some of the 30 documents featured in the BBC 2 ten-part television series, Portillo’s State Secrets. He also talks about the background to the series.

Originally a journalist on local newspapers and magazines, Tommy spent four years in The National Archives’ press office. He is now an independent reesearcher.

May 26 2015


Fixing Logjam by changing Diffie-Hellman parameters

You have probably heard of the Logjam attack against the TLS protocol. It affects TLS configurations with forward secrecy that use the same prime numbers for Diffie-Hellman key exchange. You also may use a low security prime number. The research team that has published information about the Logjam attack estimates that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Unfortunately 1024 bit primes are common in a lot of server software.

Using Diffie-Hellman key exchange should be done with prime numbers equal 2048 bit and above. Postfix allows you to use individual parameter sets. Sysadmins should consult the Guide to Deploying Diffie-Hellman for TLS.

For Apache users out there, try to run at least version 2.4.7 or better. If this is not an option, you can wait for the release of 2.2.30 and compile it with LibreSSL or use it with OpenSSL 0.9.8a (or later version). Compiling Apache 2.2.x with LibreSSL requires you to remove the ENGINE_CTRL_CHIL_SET_FORKCHECK macro in modules/ssl/ssl_engine_init.c. Furthermore you need to remove the reference to the compress_meth member of the SSL_SESSION structure. The reference can be found in modules/ssl/ssl_engine_vars.c beginning in line 838. Actually you can remove the whole if (pSession] {…} section. LibreSSL has removed support for compression due to security reasons. Lastly you have to remove references to the RAND_EGD PRNG (reference can be found in modules/ssl/ssl_engine_rand.c, look for HAVE_SSL_RAND_EGD and remove these sections).

May 22 2015


Writer of the month: Helen Castor on Joan of Arc

Helen Castor in conversation, discussing her new book, Joan of Arc: A history. Find out more about Helen Castor on her website.

This podcast was recorded live as part of the Writer of the month series, which broadens awareness of historical records and their uses for writers. We apologise for any intermittent reduction in sound quality.

May 17 2015


May 10 2015


May 07 2015


Web site moved to HTTPS-only

The web site has moved to HTTPS. All HTTP links are converted to HTTPS by using redirects sent by the Apache web server. The transition should be transparent and work with all modern browsers. Please make sure you use a browser that is capable of TLS v1.2 since we do not support older protocols any more.

Our site also supports HTTP Strict Transport Security (HSTS) which instructs the browser how to handle content delivered from our servers.

Enjoy the encryption!

May 03 2015


April 26 2015


April 05 2015


March 29 2015


March 27 2015


Tracing railway ancestors

The National Archives holds a vast collection of railway related material, a legacy passed down by hundreds of railway companies which operated in all corners of the UK from 1825 to 1947. Much of this material provides opportunities for local and family historians to discover something new about the history of their ancestors and the areas in which they lived. This talk provides an overview of the railway records held here at Kew, and explores the different sources for tracing railway workers amongst these records.

Chris Heather is currently the Transport Records Specialist in the Advice and Records Knowledge department at The National Archives. He has a particular interest in railway records and family history. Previously he specialised in records of criminals and transportation to Australia.

March 13 2015


Big Ideas: Rapid response collecting

Rapid Response Collecting is a new strand to the V&A's collecting activity – one that is responsive to global events, situating design in immediate relation to moments of political, economic and social change. Corinna Gardner explores how an IKEA toy wolf, a set of Christian Louboutin shoes in five shades of ‘nude', the world's first 3D-printed gun, the mobile game, Flappy Bird, and an all-female LEGO set raise questions of globalisation, mass manufacture, demography and the law.

Corinna Gardner is curator of contemporary product design at the Victoria and Albert Museum. Corinna has worked with colleagues to introduce rapid response collecting as a new strand to the museum's collecting activities. Corinna is also co-curating the forthcoming V&A exhibition, All of This Belongs to You, opening on 1 April 2015.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!