O’Reilly: Managing Mission-Critical Domains and DNS

It’s been a while since I looked forward to a book, but this one by Mark Jeftovic of easydns.com looks pretty interesting:

What’s amusing is that Amazon lists it as #1 in “Hot New Releases in Unix DNS & Bind.” Unsurprisingly, it’s also the only title in that category. :)

shop.oreilly.com: Managing Mission-Critical Domains and DNS
amazon.com: Managing Mission-Critical Domains and DNS

Posted in Cloud, Open Source, Tech | Leave a comment

Drones and ADS-B

DJI Phantom Drone

AvWeb has a very interesting article on possible Google involvement with drones and ADS-B.

For those new to ADS-B, at a high level it is digital beacon that must be installed on all airliners world-wide, and in the USA all airplanes by 2020. The cost is borne by the airplane operator, and ranges from $5,000 for a small plane to $1 million or more for an airliner, including avionics and installation costs.

“ADS-B out” is the digital transmitter, and “ADS-B in” is the digital reception of weather and ATC data.

Since $5,000+ is a lot of money for something that doesn’t make you fly better, if the FAA decides to impose ADS-B on drones, then a big outside player like Google or Amazon will have to design/manufacture low cost versions to make drones cost-effective. Like an order of magnitude cheaper, or even two.

One of the commenters has an interesting question, “Just how many airborne ADS-B devices can the FAA’s ground-bound infrastructure handle at one time? The answer to that question may frame the response that we can expect from the agency… Seriously.”

FAA allows AIG to use drones for insurance inspections
DJI: A Chinese firm has taken the lead in commercial drones

wikipedia: Traffic collision avoidance system

Posted in Tech, Toys | Leave a comment

SVLUG: Daniel Klopp on Docker

Linux Penguin LogoAt Silicon Valley Users Group (SVLUG) tonite, Daniel Klopp, Senior Technical Consultant, Taos Consulting, gave an intermediate talk on “Docker.”

He had some really informative and detailed slides on using Docker, especially his cgroup commands samples.

Some of the interesting things he mentioned were:

  1. cgroups are nested
  2. Docker currently has a limit of 127 “layers”, with prior layers appearing to be read-only to the current layer
  3. Docker is high-level enough to run on multiple operating systems, including both linux and windows

Daniel Klopp

Daniel Klopp

One attendee mentioned that a work-around for the insecure nature of Docker is to combine it with SELinux, though that will involve a fair amount of work.

Over 400 people RSVPed on a related Meetup, and over 150 people attended, a record for this decade.

Pasta Spread

Great turnout!

Pasta Spread

Salad, meat lasagna, pasta alfredo, veggie lasagna from Taos!

Thanks to Taos for providing food for all. Taos has job postings for sys admin, network admin, devops and help desk IT persons.

Thanks to Symantec once again for hosting the event.

Posted in API Programming, Cloud, Linux, Open Source, Tech, User Groups | Leave a comment

IFR Magazine: Danger Below MDA?

AvWeb has a chilling reprint from IFR Magazine on US airlines intentionally descending below the approach plate MDA …

“Flight inspection noted that a GPWS alert was received at the reported location if the aircraft continued to follow the published Vertical Descent Angle (VDA) below MDA. The airline (and several others) reported that it was their SOP to do so, pointing to the benefits of stabilized approaches and the use of a continuous descent angle.”

(In layman’s terms, often an airplane is supposed to descend from the clouds, level out, then fly at the FAA minimum descent altitude until the runway is in sight. Airlines admitted they were continuously descending almost into obstructions every day to avoid leveling out first – completely crazy.)

Descending below the MDA into terrain would void insurance policies and likely result in the airline company folding.

In the Polish state visit to Russia accident, the captain similarly made up his own approach procedure. He descended below MDA and used an on-board radar altimeter over uneven terrain at treetop height. The resulting crash killed 1/3 of their government and military leaders.

Posted in Tech | Leave a comment

Why Can’t ISPs Handle SPF Records?

I’m always appalled when I need to setup a Sender Policy Framework (SPF) record using ISP zone file editors.

It took ThePlanet (now owned by IBM/SoftLayer) 5 years to fix their web interface to handle valid SPF records (re-edit and save) – and that’s *after* I reported the bug.

I had to make an official visit to their CEO as their #109th largest customer to actually get somebody to look at the ticket. Their engineering staff was in disbelief, until they actually tested it and said, “Oops!” :)

GoDaddy currently has 3 oddities in their new and classic DNS zone editor web programs:

  1. the SPF wizard does not show double quotes, required for records with spaces, as all SPF records have. It silently inserts the quotes, doubling them if you also add them, causing an invalid record.
  2. their SPF wizard wildly flails around, making the longest SPF records I’ve ever seen. That means problems, like more DNS lookups and possibly truncation issues
  3. it refuses to allow domain names in the left-hand column, forcing the origin (@ symbol). That works for most people, but I hope you’re not the exception.

Can you spot more bugs? :)

Register.com’s new zone editor UI for their partner site, rcomexpress.com, removed the TTL option. The default is now 60 minutes, with no way to change that. I have a feeling they wanted to make a mobile-friendly simpler UI.


  • Regarding #3, for those people not familiar with SPF, rules apply to domain names and subdomain names, usually mydomain.com or mail.mydomain.com, the latter of which @ will not match.
  • SPF clients match the SPF or TXT record with the FQDN in the Return-Path header. If you don’t want to add a SPF record for each host (like www0 and www1), then email server masquerading can be used. In sendmail, that’s

openspf.org: Common mistakes when creating an SPF record

Posted in Open Source, Tech | Leave a comment