Aug 11 2025 sytemctl start auditd

By chance, while wireframing and writing stuff to put up this site¹, I found Cory Doctorow's post on the Memex method and blogging, and one part of it triggered a memory of a related, and relevant, post. He credits the coining of blog to Peter Merholz, aka peterme, making a contraction of "web log," an online version of a ship's log. That made me recall sitting in a secure facility at a managed security service provider, where I worked on a SIEM dealing with lots of computer logs, and coming across a post by Tiit Hallas, History and irony of logging (in) tracing the concept of logging back to a nautical tool: the chip log. A wooden chip was attached to a knotted line, thrown overboard, and the number of knots that unspooled in a given time measured the ship's speed. Besides this etymology, it also gave us the term "knots" as a unit of speed and established the essential practice of keeping a logbook to record a journey's data.

I was fascinated. I could picture this ancient tool unspooling into the ocean, with my imagination's ear misapplying the sound of my mouse wheel infinite scrolling through screenfuls of events. Just as a ship's log evolved from a simple record of speed into a comprehensive journal, computer logs had become critical for everything from system diagnostics to security audits. And the raw measurements of a chip log were just the start; so much more value came from metadata -- additional context like time, date and weather that gives the data meaning. Even better, the logbooks enriched the data. Hallas references Matthew Fontaine Maury, an American Confederate naval commander who took a library of thousands of ships' logbooks and synthesized their metadata to make definitive charts of ocean currents and winds. His work put together evidence that solidified the theory of the existence of the Northwest Passage.

This is where Doctorow's "Memex Method" comes in, and also deviates. The key difference is in the purpose of the log.

In nautical and computer logging, the primary goal is retrieval and analysis. A ship's log is created with the explicit purpose of being referenced later for navigation, and a computer log is generated to be analyzed for troubleshooting or security. It does no good to collect these and never refer to them, except for regulatory compliance requirements, aka checkbox security.

Doctorow's 20-some years of blog posts are a running record and history of technology news and his perspectives, available for retrieval and analysis, but it's also actually an end in itself for him. While he of course uses his archive as reference for later work (his daily output and richly detailed recollections are incredible), he also notes the value even if a specific entry is never revisited. Writing for an audience "fixes the moment more durably in your memory," he writes. The value isn't just in the potential for later review, but in the immediate cognitive benefits of organizing and articulating a thought. The posts are a mental exercise that strengthens the brain's ability to synthesize information, regardless of whether a particular entry is ever revisited.

Check out both posts. They're good, and very different. And for a cool look at how chip logs work, see this video.