Yenya's World

Mon, 15 Nov 2010

DNSSEC Problems

In July, I have written about DNSSEC tools. Our zone is still not signed yet, but I have at least enabled DNSSEC valiadtion on our recursive servers at that time, asked the maintainer of the muni.cz domain about the DNSSEC enrollment process, and suggested we should discuss it further.

I have got no reply for several weeks, and then he suddenly replied: "I have signed the muni.cz domain". Evening before this e-mail, our recursive servers stopped resolving even names from our own subdomain, fi.muni.cz. It was a major service disruption (the whole IS MU cluster disintegrated, etc.). I was on a holiday, so my colleagues just switched off the DNSSEC processing altogether. I did not have time to look into this problem until last week. I have tried to reenable DNSSEC, and the same problem appeared. Part of the DNS queries just got dropped. Digging into this further (thanks, Dan!) I have discovered that one out of three authoritative DNS servers for muni.cz (ns.ces.net) has DNSSEC disabled. So 1/3 of the queries were replied to without signatures, and got dropped by validating resolvers.

The morale of the story is:

Do you use validating resolvers, my dear lazyweb? And are all your zones signed?

Section: /computers (RSS feed) | Permanent link | 0 writebacks

Fri, 05 Nov 2010

C++ Frequently Questioned Answers

As many of you probably know, I am not very fond of C++. Recently I've came across an excellent set of texts, which explicitly name many faults of this language.

Let me point you to a great means of procrastination document: C++ Frequently Questioned Answers. It tries to provide alternative answers to questions from C++ FAQ, describing how faulty the design of C++ is. It is quite a long text, so if you are in a hurry, the main points are summarized in Defective C++.

It is not very happy read, especially if you have already used C++ for some bigger project. I wonder how e.g. KDE can survive using C++. For what kinds of projects would you use C++? I think plain old C is better for the system and performance critical stuff, with some interpreted language like Perl or Python for everything else.

Section: /computers (RSS feed) | Permanent link | 16 writebacks

Tue, 02 Nov 2010

Fedora 14

I have been using Fedora 14 on my laptop since Friday and on both my work and home workstations since yesterday, and so far I have not ran into any serious problem.

The only nontrivial problem was to upgrade from the experimental version of TeXlive (maintained by Jindřich Nový, thanks!) to packages of the same version, built for F14 (on one of the computers I simply did "rpm -e --nodeps `rpm -qa | grep texlive | fgrep .f12.`", then installed the texlive-f14-release package with Jindřicȟ's repository info, and finally re-installed TeXlive from this repository.

It is a shame that systemd has made it into F14 as a preview only. It looks like a cool piece of technology, at least for the desktop use.

Recently there has been exactly zero development in the area of multiseat, but for me it remains in the "mostly working" state (using xdm instead of gdm, using system-wide PulseAudio, manually binding keyboards and mice to the appropriate seats in xorg.conf, and automatic mounting of pluggable disks on one seat only because of lacking ConsoleKit support), which is acceptable for me.

Anyway, keep up the good work, Fedora team! So far this is the best release in several years (if not the best ever).

Section: /computers (RSS feed) | Permanent link | 0 writebacks

About:

Yenya's World: Linux and beyond - Yenya's blog.

Links:

RSS feed

Jan "Yenya" Kasprzak

The main page of this blog

Categories:

Archive:

Blog roll:

alphabetically :-)