After some gentle ribbing from friends about the lack of updates to this blog I’ve realised that it is indeed time to get back in the saddle. I apologise in advance for the disconnected nature of this post.
So work is almost a green-field site in that while they have quite a few systems in production they are all being managed in a piece-meal fashion. I’ve been free to specify a standard linux build (CentOS4) and whatever management systems I want. Now that my new server is in place I can start setting up cfengine.
Given that these systems represent a fresh start I decided to leave SElinux turned on (at $ORK-1 we turned it off because it objected strongly to the way we had things set up). This has lead to a fairly arduous learning process. The upside is that I now mostly understand it but I probably hate it. The fact that the SElinux policy is monolithic makes things hard to manage. I’m not sure how I’ll deal with this as the systems get more complex. I’ll probably end up building a selinux-policy-wesc package and try and ignore the ugliness.
In other security related news I’ve finally gotten around to learning about PAM. It’s strange but mesmerizingly powerful. Together with mod_auth_pam you can get apache logins to do very strange things. Now if only someone would write a PAM module for Shibboleth.
It’s the little things that are annoying me. Like that fact that someone has walked off with the case keys for my two Sun V880 servers.
We have no backups. Nothing to see here, move along.
My shiny iAudio X5 is now running rockbox. It is fantastic. Browse by ID3 tags. List files by date. Revolutionary!
I shall be giving a lightning talk on Grid Computing at LugRadio Live 2006. If you happen to be attending, prepare to be be informed and entertained.
The ramble endeth here..
Welcome back, didn’t mean to badger. :)\
Re: the mp3 player, at least they left the option of patching in functionality which they should have implemented themselves, eh?