Preface: My wife and I are planning to home school.
I picked up some fourth and fifth grade readers at an antique store about a year ago, all of which readers dating from the thirties and forties. All of them have the student reading literature and doing composition the likes of which I didn't reach with my 1980's public education until high school.
It's debates like this drivel-- whether high tech better facilitates the pathetic education that we're giving kids-- that make me really happy that we're home schooling.
I have a pretty nasty script that hacks it together. I wrote it after reading the Bash Prompt HOWTO and visiting a Bash themes site that has since been haxx0red. There are more good example prompts, though, at this site. Here's my script, base 64 encoded (sorry, but uuencoding is not conducive to slashposting):
I put together the Mac part of Miami U's network client CD, and both the Mac and PC distributions feature NAI's anti-virus software installers. We sell this CD at the university bookstore and distribute it for free to all on-campus residents. The installers and documentation highly recommend installing anti-virus software, but it is not technically or policy-wise mandatory. The NAI workstation software may be configured to periodically download newer versions of itself, but it does not report back any findings to a central server.
I'm also serving on Miami's committee to review responses to a university-wide email server RFP. Server-based anti-virus software was listed in our RFP as a strong preference. Most vendors included with their proposals referrals to third party anti-virus filters that could be shimmed into their email solutions.
I have also recommended that we investigate a virus filter for our Internet borders, and I think my suggestion was taken seriously. The biggest speedbump down that road, I imagine, is going to be funding. Border filters are not cheap.
Finally, I can say that our Support Desk has had an explosion in virus-related calls over the last few years. I believe I heard one of the SD managers say that viruses are now their biggest source of calls.
There are two major things that must be upgraded in order to get 32-bit UID's, and you've got one of them already. The other is the C library. The Linux 2.4 kernel has support for 32-bit UID's, but all the executables on your system are linked against a C library which must also know about big UID's.
32-bit UID's are supported in version 2.2 of the GNU C library. Red Hat Linux 7 will provide you with glibc 2.1.92, which, after upgrading to a 2.4 kernel, does the trick just fine. I tried out 32-bit UID support with the first publically available RH7 beta, and it worked like a charm.
Miami University is shelling out big bucks to purchase and roll out Campus Pipeline without banner ads. I'm not sure, and, it seems neither are the implementors, what the real value of the product is. Whenever I ask why we've spent so much money on a Sun Ultra Enterprise server with gigs of memory and hundreds of gigs of disk, all I hear back is, "Well, it lets you check your email over the web."
I dunno, but it seems like Hotmail might do just as well.
Novell Directory Services, or eDirectory, is a distributed, replicable, hierarchical directory database, which currently runs with full functionality on NetWare (administered and managed almost exclusively from MS Windows), with plenty of functionality (or so the glossies imply) on Solaris and Linux. In the past, NDS has been accessed mostly from Windows clients through Novell Directory Access Protocol (NDAP), something that looks darn similar to Lightweight Directory Access Protocol (LDAP, a subset of the heavy X.500's Directory Access Protocol). Novell used to provide an LDAP gateway to the NDS, which would send your LDAP request through NDAP to the NDS, and then the answer would come back through NDAP, through the LDAP gateway, and back to you. Novell's eDirectory now lets you hit NDS directly through LDAP, so LDAP is now a true peer to NDAP.
I've played with NDS for Solaris before, and it's pretty slick. Here at Miami U, we've got one or two replicas of a test NDS tree, and we just made our Solaris machine another replica of that tree. All user attributes like shell and home directory are stored as NDS attributes (part of the installation involved extending the NDS schema to allow for Unix attributes). We're pretty excited about this, because any given client of ours has at least five or six different passwords to remember; consolidating directories is a must at this point.
Novell also has a product in Golden Master right now called NetWare NFS Services 3.0. This is another gateway-type thingy that provides NIS and NFS services. I haven't played with this one yet, but it sounds promising.
The problem I'm running into is that Linux doesn't support 32-bit UID's. Miami has on the order of 30,000 clients to support, so we decided to start numbering UID's at the next highest order of magnitude, 100,000. Well, Linux can't see UID's bigger than 65,535, so we must either re-do all our UID's (big, big, big pain in the tochus, as thousands of these UID's are currently in use), abandon universal UID's and the ability to NFS share data across platforms, or wait until Linux gets big UID support. I've read that the recent 2.3 kernels actually support large UID's but we've still got to wait for glibc 2.2. There have been hacks, but I really don't want an enterprise depending on Joe's hack.
A freshmeat search will let you know where to find TripWire. It's a utility that keeps track of various aspects of files (size, permissions, checksums) and alerts you when files have changed. It's a bit of a pain to set up initially, as you want some files to remain exactly the same (/bin/ls), some files to change content but not permissions (/etc/passwd), and some files you just don't care about (/tmp/*). Figuring out how much stuff you want to keep track of takes a lot of time, but when you're done, you can build a database of exactly how all your important files are supposed to look. Once you've done that, you can set TripWire to run periodically, mailing you any deltas.
Here at Miami U., we run TripWire on just about all of our production platforms. If we do get hacked, we should know about it within minutes.
One more note; TripWire recently went commercial. I've noticed their licensing has become much less free over the last year or two, to the point that you can only get the 2.0 version as a "Red Hat Linux binary" without forking over about $500(US). They've still got their Academic Source Release available for free download from their website.
Slashdot Mirror
Preface: My wife and I are planning to home school.
I picked up some fourth and fifth grade readers at an antique store about a year ago, all of which readers dating from the thirties and forties. All of them have the student reading literature and doing composition the likes of which I didn't reach with my 1980's public education until high school.
It's debates like this drivel-- whether high tech better facilitates the pathetic education that we're giving kids-- that make me really happy that we're home schooling.
I wanna get off.
Nyah nyah!
Mine looks sorta like this, with some color added:
-[hynfiecl@xenos:~]--- ---[2001/07/06-11:05:42]-$
I have a pretty nasty script that hacks it together. I wrote it after reading the Bash Prompt HOWTO and visiting a Bash themes site that has since been haxx0red. There are more good example prompts, though, at this site. Here's my script, base 64 encoded (sorry, but uuencoding is not conducive to slashposting):
IyEvYmluL2Jhc2gKCmZ1bmN0aW9uIF9wcm9tcHQgewoJbG9jYXSIKCWxvY2FsICAgICBibGFjaz0iXFsbWzA7MzBtXF0iCglsb
OzM0bVxdIgoJbG9jYWwgICAgIGdyZWVuPSJcWxtbMDszMm1cX
XFsbWzA7MzZtXF0iCglsb2NhbCAgICAgICByZWQ9IlxbG1swO
cGxlPSJcWxtbMDszNW1cXSIKCWxvY2FsICAgICBicm93bj0iX
ICAgIGdyZXk9IlxbG1swOzM3bVxdIgoJbG9jYWwgICBka19nc
Y2FsICAgbHRfYmx1ZT0iXFsbWzE7MzRtXF0iCglsb2NhbCAgb
IgoJbG9jYWwgICBsdF9jeWFuPSJcWxtbMTszNm1cXSIKCWxvY
MzFtXF0iCglsb2NhbCBsdF9wdXJwbGU9IlxbG1sxOzM1bVxdI
WxtbMTszM21cXSIKCWxvY2FsICAgICB3aGl0ZT0iXFsbWzE7M
ZXY9IlxbG1s1bVxdIgoKCWxvY2FsIEg9JG5vbmUkYmxhY2sKC
JE0KCWxvY2FsIFQ9JG5vbmUkZ3JleQoJbG9jYWwgUD0kVAoJb
IiRESVNQTEFZIiA9ICc6MC4wJyBdCgl0aGVuCgkJbG9jYWwgR
CWxvY2FsIEI9IsAiCgkJbG9jYWwgTD0itCIKCQlsb2NhbCBSP
Ii0iCgkJbG9jYWwgQT0iICIKCQlsb2NhbCBCPSIgIgoJCWxvY
XSIKCWZpCgoJaWYgWyAtbiAiJEJBU0hfVkVSU0lORk8iIF0KC
JHtBfSR7RH0ke0x9JHtUfVx1JHtQfUAke1R9XGgke1B9OiR7V
fSR7Un0ke0R9JHtEfSR7RH1cCiQoX3Byb21wdF9tb3ZlX3JpZ
ZV9sZWZ0IDI1KVwKJHtIfSR7RH0ke0R9JHtEfSR7TH1cClwkK
e1R9JW0ke1B9LyR7VH0lZCR7UH0tJHtUfSVIJHtQfToke1R9J
fSR7Un0ke0R9XApcblwKJHtIfSR7Qn0ke25vbmV9XCQgXAoiC
fXske1R9XHUke1B9QCR7VH1caCR7UH06JHtUfVwke1BXRH0ke
cmlnaHQgMTMyKSQoX3Byb21wdF9tb3ZlX2xlZnQgMjApXAoke
JVkke1B9LyR7VH0lbSR7UH0vJHtUfSVkJHtQfS0ke1R9JUgke
XCIpXAoke0h9fVwKXG5cCiR7SH17JHtncmV5fVwkJHtIfX1cC
CVBTMj0iXAokKF9wcm9tcHRfcG9zX3NhdmUpJChfcHJvbXB0X
KF9wcm9tcHRfbW92ZV9yaWdodCAxMzIpXAoke0x9tFwKJChfc
fcAke019JHtEfSR7SH0oXAokKF9wcm9tcHRfcG9zX3NhdmUpJ
MTMyKSQoX3Byb21wdF9tb3ZlX2xlZnQgMilcCiR7SH0pJHtNf
X3Bvc19sb2FkKVwKJHtOfSBcCiIKCWV4cG9ydCBQUzIKCWV4c
dW5jdGlvbiBfcHJvbXB0X21vdmVfdG8gewoJZWNobyAiXFsbW
bgp9CgpmdW5jdGlvbiBfcHJvbXB0X21vdmVfdXAgewoJZWNob
cm4KfQoKZnVuY3Rpb24gX3Byb21wdF9tb3ZlX2Rvd24gewoJZ
ZXR1cm4KfQoKZnVuY3Rpb24gX3Byb21wdF9tb3ZlX3JpZ2h0I
IgoJcmV0dXJuCn0KCmZ1bmN0aW9uIF9wcm9tcHRfbW92ZV9sZ
RFxdIgoJcmV0dXJuCn0KCmZ1bmN0aW9uIF9wcm9tcHRfcG9zX
XSIKCXJldHVybgp9CgpmdW5jdGlvbiBfcHJvbXB0X3Bvc19sb
CglyZXR1cm4KfQoKZnVuY3Rpb24gX3Byb21wdF9jbGVhcl9zY
XF0iCglyZXR1cm4KfQoKZnVuY3Rpb24gX3Byb21wdF9jbGVhc
S1xdIgoJcmV0dXJuCn0KCmZ1bmN0aW9uIF9wcm9tcHRfY2hhc
ICAgICAgMCAgIDEgICAyICAgMyAgIDQgICA1ICAgNiAgIDcgI
IGQgICBlICAgZiAKICAweDAwOiAKICAweDEwOiAKICAweDIwO
ICAgJSAgICYgICAnICAgKCAgICkgICAqICAgKyAgICwgICAtI
ICAgMSAgIDIgICAzICAgNCAgIDUgICA2ICAgNyAgIDggICA5I
ICA/IAogIDB4NDA6ICAgQCAgIEEgICBCICAgQyAgIEQgICBFI
ICBLICAgTCAgIE0gICBOICAgTyAKICAweDUwOiAgIFAgICBRI
ICBXICAgWCAgIFkgICBaICAgWyAgIFwgICBdICAgXiAgIF8gC
ICAgYyAgIGQgICBlICAgZiAgIGcgICBoICAgaSAgIGogICBrI
eDcwOiAgIHAgICBxICAgciAgIHMgICB0ICAgdSAgIHYgICB3I
ICB9ICAgfiAgICAKICAweDgwOiAgIIAgICCBICAggiAgIIMgI
MDogICAgICAgiSAgIIogICCLICAgjCAgIAogIDB4YTA6ICAgo
ICAgpiAgIKcgICCoICAgqSAgIKogICCrICAgrCAgIK0gICCuI
ICAgsiAgILMgICC0ICAgtSAgILYgICC3ICAguCAgILkgICC6I
CiAgMHhjMDogICDAICAgwSAgIMIgICDDICAgxCAgIMUgICDGI
ICDMICAgzSAgIM4gICDPIAogIDB4ZDA6ICAg0CAgINEgICDSI
ICDYICAg2SAgINogICDbICAg3CAgIN0gICDeICAg3yAKICAwe
ICDkICAg5SAgIOYgICDnICAg6CAgIOkgICDqICAg6yAgIOwgI
ICDwICAg8SAgIPIgICDzICAg9CAgIPUgICD2ICAg9yAgIPggI
IP4gICD/IApFT0YKCXJldHVybgp9CgpfcHJvbXB0ICRURVJNC
I put together the Mac part of Miami U's network client CD, and both the Mac and PC distributions feature NAI's anti-virus software installers. We sell this CD at the university bookstore and distribute it for free to all on-campus residents. The installers and documentation highly recommend installing anti-virus software, but it is not technically or policy-wise mandatory. The NAI workstation software may be configured to periodically download newer versions of itself, but it does not report back any findings to a central server.
I'm also serving on Miami's committee to review responses to a university-wide email server RFP. Server-based anti-virus software was listed in our RFP as a strong preference. Most vendors included with their proposals referrals to third party anti-virus filters that could be shimmed into their email solutions.
I have also recommended that we investigate a virus filter for our Internet borders, and I think my suggestion was taken seriously. The biggest speedbump down that road, I imagine, is going to be funding. Border filters are not cheap.
Finally, I can say that our Support Desk has had an explosion in virus-related calls over the last few years. I believe I heard one of the SD managers say that viruses are now their biggest source of calls.
There are two major things that must be upgraded in order to get 32-bit UID's, and you've got one of them already. The other is the C library. The Linux 2.4 kernel has support for 32-bit UID's, but all the executables on your system are linked against a C library which must also know about big UID's.
32-bit UID's are supported in version 2.2 of the GNU C library. Red Hat Linux 7 will provide you with glibc 2.1.92, which, after upgrading to a 2.4 kernel, does the trick just fine. I tried out 32-bit UID support with the first publically available RH7 beta, and it worked like a charm.
Miami University is shelling out big bucks to purchase and roll out Campus Pipeline without banner ads. I'm not sure, and, it seems neither are the implementors, what the real value of the product is. Whenever I ask why we've spent so much money on a Sun Ultra Enterprise server with gigs of memory and hundreds of gigs of disk, all I hear back is, "Well, it lets you check your email over the web."
I dunno, but it seems like Hotmail might do just as well.
Novell Directory Services, or eDirectory, is a distributed, replicable, hierarchical directory database, which currently runs with full functionality on NetWare (administered and managed almost exclusively from MS Windows), with plenty of functionality (or so the glossies imply) on Solaris and Linux. In the past, NDS has been accessed mostly from Windows clients through Novell Directory Access Protocol (NDAP), something that looks darn similar to Lightweight Directory Access Protocol (LDAP, a subset of the heavy X.500's Directory Access Protocol). Novell used to provide an LDAP gateway to the NDS, which would send your LDAP request through NDAP to the NDS, and then the answer would come back through NDAP, through the LDAP gateway, and back to you. Novell's eDirectory now lets you hit NDS directly through LDAP, so LDAP is now a true peer to NDAP.
I've played with NDS for Solaris before, and it's pretty slick. Here at Miami U, we've got one or two replicas of a test NDS tree, and we just made our Solaris machine another replica of that tree. All user attributes like shell and home directory are stored as NDS attributes (part of the installation involved extending the NDS schema to allow for Unix attributes). We're pretty excited about this, because any given client of ours has at least five or six different passwords to remember; consolidating directories is a must at this point.
Novell also has a product in Golden Master right now called NetWare NFS Services 3.0. This is another gateway-type thingy that provides NIS and NFS services. I haven't played with this one yet, but it sounds promising.
The problem I'm running into is that Linux doesn't support 32-bit UID's. Miami has on the order of 30,000 clients to support, so we decided to start numbering UID's at the next highest order of magnitude, 100,000. Well, Linux can't see UID's bigger than 65,535, so we must either re-do all our UID's (big, big, big pain in the tochus, as thousands of these UID's are currently in use), abandon universal UID's and the ability to NFS share data across platforms, or wait until Linux gets big UID support. I've read that the recent 2.3 kernels actually support large UID's but we've still got to wait for glibc 2.2. There have been hacks, but I really don't want an enterprise depending on Joe's hack.
GREETINGS PROFESSOR FALCON
A freshmeat search will let you know where to find TripWire. It's a utility that keeps track of various aspects of files (size, permissions, checksums) and alerts you when files have changed. It's a bit of a pain to set up initially, as you want some files to remain exactly the same (/bin/ls), some files to change content but not permissions (/etc/passwd), and some files you just don't care about (/tmp/*). Figuring out how much stuff you want to keep track of takes a lot of time, but when you're done, you can build a database of exactly how all your important files are supposed to look. Once you've done that, you can set TripWire to run periodically, mailing you any deltas.
Here at Miami U., we run TripWire on just about all of our production platforms. If we do get hacked, we should know about it within minutes.
One more note; TripWire recently went commercial. I've noticed their licensing has become much less free over the last year or two, to the point that you can only get the 2.0 version as a "Red Hat Linux binary" without forking over about $500(US). They've still got their Academic Source Release available for free download from their website.
clayton
raul's Debian logo
Lucent logo
Inferno logo