Random Ramblings

My new job exposes me to the inner workings of Apple OS X Server on a very intamit basis. Alot of the times I’m doing work that isn’t well documentated or isn’t as quite straight forward as is says in the book. This means I generally have to hand edit configurations in OS X Server. From these experiences I’d like to see the following addressed.

1. Remove bootpd as the DHCP server and replace it with ISC DHCP. I could talk quite litterley talk for days on this issue along. Tftpbooting other OS’s would be easier, (secure) dynamic DNS would make any admin’s life easier.
2. Allow custom configurations of services. Imagine your trying to secure bind in OS X and decide on using views or even just allow replication of 1 or 2 zones. As soon as you goto serveradmin to restart the services it decides to rewrite the configuration. Also add ipv6 localhost zone to the default setup.
3. Create an API for serveradmin. I think the Server Monitor and serveradmin are great utilities for OS X Server but it could be better if the community could add to it with other plugins for other services ( think Mysql, PostgreSQL,oracle,asterisk,etc….).
4. Include sasl tools.. Actually inlcude all tools to any technology that’s used, particularly those that are GPL.. There should be a law against not including debug tools.
5. Remove dashboard,iTunes and quicktime (unless the server is configured for streaming server)for the server installs. This is just extra crap that isn’t needed in a server install and takes up RAM and cpu cycles.

All in all it’s not a big ask. Please Apple. Think about sysadmins

Tags: OS X, Apple // Add Comment »

I’ve being a big fan of ipv6 for 4+ years. I’ve configured a tunnel at home and decided I wanted ipv6 access at work. Having had mastered the tunnel at home thought I’d give 6to4 a work. 8 hours later and I’m still scratching my head. Is 6to4 broken? I’ve tried to configure it manually and via initscripts and nadda. I’d be interested in hearing from anyone that has it work.

Tags: ipv6, Linux // Add Comment »

I’d like to confess my love the queen of radio. For years I’ve listened to Myf soothing voice on my favoured radio triplej, but after see Myf host the top 10 all time favourite albums I’m in love. Black hair Red dress who wouldn’t…

On other news. Work has given me a so call promotion and payrise. The pay-rise was ok but the promotion is too little. I’m going from a lackey to a sysadmin and well they’re lost everyone but me. So by default I am the system Administrator right? well no I’m the “Acting Systems Administrator”. According to sage.org position description of sysadmin I do the job. Fair and simple… So What to do?

TV is progressively getting worst in content and reruns of shit we’re not interested in. Make you wonder why people have to resort to a thing called bittorrent for sanity and some good TV.

Tags: Uncategorized // Add Comment »

It’s been another eventful week with a number of projects I’m working on.

OPIE for Fedora. For those of you playing at home OPIE is One Time Passwords. This allows admins to further secure ssh and general login session by providing users with either a hardware password calculator or a software calculator to provide a one use password . Banks have made this popular with RSA key tokens and plastic looking calculators.

After googling for days I’ve discovered that fedora currently doesn’t have a OPIE server/client or pam libraries to make this possible. Thanks to the good foke at Debian particularly Michael Stone and Freebsd OPIE is well supported and has great active development. Since Debian and Fedora share alot of common code I decided to download the source and patches and give it a whirl. Compiling went well and for all intensive purposes this was a hit. I now have the fun challenge of writing a SPEC file and packaging this up and offer it (once I’ve asked those people that have done the hard work) to you good net folk and maybe a repo or two.

ISC Dhcp on OSX Server. I work quite frequently with OSX Server in office environments and have found the dhcp server that comes with OSX Server lacking in real features compared to ISC dhcp. After googling around on how to get dynamic updates from OSXS DHCP to DNS I came across this great article from MacTroll about ISC DHCP and DNS on Mac OSX Server. This article is great but the only missing is the a dmg/pkg to do the install of ISC DHCP with some nice plist scripts for startup and intergration into the OS.

More googling revealed that Faisal had tried this with reasonable success. Since he not longer maintains this I going to create an updated package with net-boot patches and integrated scripts/install process and see whether this can work well in a production environment.

On the work scene, one of my good colleges is heading to green pastures and leaving us. It said to see good people go. I’m also hunting down a Windows Support Engineer to work with me. I will post here with the P.D when HR draws it up.

Sienaro!

Tags: Uncategorized // Add Comment »

After doing a security audit at work we decided to look at better ssh security other than passwords. DSA keys work but if you lose the key it’s painful. One Time Passwords appeared to the best solution. Having recalled that somewhere I tried to use opie/skey on linux eons ago, I though this could be a really good idea.

However looking for the rpms and/or source that’s recent and updated regularly seemed painful. Certainly isn’t going to work w/o heavy editing with gcc-4*.

Maybe there’s some way of using password and dsa keys together for better security or another solution..

Tags: Uncategorized // Add Comment »

Well again the blog has fallen by the wayside.. All I can say us that I have installed gnome-blog at work where the inspiration hits me the most.

Tags: Uncategorized // Add Comment »

Which OS are You?

Apparently OS/2 is my kinda OS… Maybe I’m not shallow enough for OSX or a religious extremist enough to be a debian person ( You know I’m right!).

So many things since I last blogged. Firstly,

Congrats to the Red Hat People for getting RHEL5 beta out the door. Working on an install right now.

Bluetooth is the strangest creature.. I’m trying setup a bluetooth AP using Fedora and the bluez stack to allow some testing of funambol on non-wireless devices.. Now utopia goal here is to have a backberry accept an IP address from dhcp running on a bluetooth interface. One quick annoyance: it appears that you need to ‘pair’ with a device before you can establish any bnep0 interface and hence configure dhcpd. Now I managed to trick Windows XP into accepting a connection only after giving the interface a static IP. What’s interesting here is that clearly the service of ‘PAN’ is been offered up from the Fedora box but when I go to the bluetooth services tab in the blackberry or my SE K608i the ‘PAN’ service doesn’t appear.

Go Figure?

I have a working install of Jira and Confluence as part of our workflow in IT. Now it works well but I’m finding ‘fringe’ problems with various modules. For instances Confluence as decided not to show a particular page that some quite useful information. Appears fairly simple start a re-index… done.. But wait still know page. Okay… Time to roll you my sleeves and dig into MySQL and see if the data is there. Sure enough the data is there. Well time to add it to the ever growing ‘TODO’ list. One other little challenge with JIRA is timesheets. Unfortunately I’m not at work to post error message but I will catch up with that tomorrow.

RIP Peter Brock. King of the mountain forever. My condolences goes to his family and his current partner who if you look at the media coverage almost didn’t exist.

Huharu…

Tags: Uncategorized // Add Comment »

Farewell Steve, I bagged you in the past but honestly I your a top bloke. Your commitment to animal and land conservation is un-matched.

My heart goes out to Bob who isn’t going to have a father going up. The good news is that it appears that the Australia Zoo is a very large family and I think you’ll get good support.

To all the Irwin Family and Oz Zoo may you take comfort on the amount of people Steve has touch.

Cheers

Tags: Uncategorized // Add Comment »

There’s a point in which you take so much bullshit and work politics and you go..’Nope that’s it *pull up pants* enough is enough’. I’m not just talking about the garden variety (l)users shitting me off, one of the big issues that shows you that no matter how hard you work life here isn’t going to change and it’s time to pull the ejector seat and exit stage left.

On a much better note I’d forgotten how funny Hey Hey It’s Saturday was. I all appears really daggy but shit funny.

Saw the the best comic Make me a sandwich. If you’re a linux/uinix admin you’ll get the joke.

Tags: Uncategorized // Add Comment »

Yesterday was the worst day I’ve had in a long time. One of our switches decided it wanted a holiday , just happened to be the switch that everyone is connected to…. This started at 7:10am (Ugh!) and didn’t resolve to 10am. The only thing I can think of that cause it was the UPS is was connected to died on the weekend, but when I powered up the switch it appeared to work fine… go figure.

Well I’m going the VoIP dance at work. Talk to third party consultants has being entertaining to say the least. I’m seriously considering Ericsson, CISCO. I’d like to talk to someone from Avaya if I could find a reseller/consultant in QLD.

Oh and one last thing 10K for a SQL Server 2005 per CPU is just plain rude.

Syanara!

Tags: General // Add Comment »