Skip to content

Month: March 2017

Namespaces, but “uname -r” says 2.6

In this blog post, RedHat explains how they not only fork codebases, but also Version Numbers, making any RedHat install cryptic and hard to compare against upstream codebases and developments.

A simple things such as

rpm --queryformat="%{name}\t%{version}\n" -qa

may allow you to say something about lesser distros, but not RedHat.

From the article:

 rpm -q --changelog openssl | grep -E --color \
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2014-8176 - invalid free in DTLS buffering code

Just say “no” to this mess.


Hello, I am interviewing people…

Hello, I am Kris (Article about a Twitter meme in english). I was a Database Scalability Engineer at

When interviewing people for my replacement, I have been looking for a “sense of cost” in architectural decision making. I have been giving people rough problem descriptions of what others or I am currently working on, and asked them what they were thinking about the problem.

Since I did not have a solution to the problem yet, my goal was more observing the idea-discovery process and the reasoning about consequences of various approaches in terms of load, toil, network communication and so on, than an actual solution for the problem.

Oh, and I have been a MySQL consultant and database person since 2005, and still google ALTER TABLE syntax.



This blog is running a WordPress, using Ubuntu, Apache and MySQL. So it’s a very basic installation.

I made all this with a tiny Scaleway VM and Ansible. My Goal has been to install this thing without actually having to log into the VM (“Look Mom, no hands!”). Of course, I have been logging into the VM, but that’s mostly for checking things are going well.


App can’t be opened because the identity of the developer cannot be confirmed

Policy Settings can prevent the execution of unsigned binaries.

MacOS can be set to prevent the execution of unsigned binaries. This is done by pushing a security policy to the system, which is then enforced by the SecAssessment subsystem.

Of course, you can still install XCode and compile binaries locally, and even execute them. You can also code in interpreted languages such as the local Python, and call system functions from there, so the policy is only of very limited use in locking down the system.