|
|
I have now got a Debian Xen domU running the strict SE Linux policy that can boot in enforcing mode. I expect that tomorrow I will have it working with full functionality and that I will be able to run another SE Linux Play Machine in the near future.
After getting the strict policy working I want to build a Debian kernel with CONFIG_AUDITSYSCALL and an audit package so that I can audit system calls that an application makes and also so that the auditd can collect the SE Linux log messages. Other people have talked about packaging audit for Debian, hopefully one of them will do it first and save me the effort, but it shouldn’t be too difficult to do if they don’t.
Then I need to investigate some options for training people about SE Linux. As I don’t currently have the bandwidth for serving large files I’m thinking of basing some SE Linux training on Xen images from the jailtime.org repository. My rough plan at the moment is to have people download Xen images, run through them while consulting a web page, and ask questions on an IRC channel. I’m not sure what the demand will be for this but some web pages teaching people about SE Linux will be a useful resource even if the IRC based training doesn’t work out.
Another thing I want to do is to get PolyInstantiated Directories working in Debian. The pam_namespace.so module needed for this is written for a more recent version of PAM, so I might just work on merging the Debian patches with the latest upstream PAM instead of back-porting the module to the ancient Debian PAM.
A few weeks ago Dell advertised new laptops for $849AU, this was a significant development but I didn’t get around to blogging about it. Now I have just discovered that they have a special deal for $799AU for a laptop including delivery! This is an amazing deal and gives you an AMD Sempron 3500 CPU (not a really fast CPU and only 32bit, but it’s faster than the 1.7GHz Pentium-M that is currently satisfying all my requirements for portable computing), 512M of RAM, an 80G hard drive and a 1280×800 display.
It’s far from a high-end laptop (having a lower screen resolution and less RAM than my 3yo Thinkpad) but it will suffice for most things you might want to do on the move apart from running Xen.
The exciting thing about this is that as it’s so cheap that most people will probably choose it in preference to a desktop system – the cheapest desktop system that Dell currently offers as a package is $898. The cheap desktop has a dual-core Athlon64, 1G of RAM, and a 160G hard drive. But for most tasks other than games such things aren’t really required.
Also a local PC company Suntrom has advertised a new Lenovo Thinkpad with a Celeron-M 1.5GHz, 256M of RAM, 1024×768 display, and a 40G hard drive for $799. The Thinkpad has considerably less compute power than the Dell laptop, but it is a bit cheaper. If Lenovo has maintained the Thinkpad quality (while IBM owned the brand Thinkpad was the Rolls-Royce of laptops) then it would probably be the better choice.
On many occasions I have heard people say that they want a laptop computer to save space. When a desktop machine cost $1200 and a laptop cost $3500 that idea was ridiculous. But now that a laptop appears to be the cheapest system in the Dell range on sale in Australia that would be quite a reasonable criteria for purchases. Of course the extra sales of laptops will help fund further laptop technology developments (such as flash storage) that will be of use to those of us who are serious about computing and use laptops they way that they were intended.
I have been “name dropped“. ;)
It seems that I even beat Keith Owens (*) who works in the same office, but maybe Dave hasn’t met him yet…
(*) I can name drop too!
Apparently they are planning a reality TV show that might be named “Kids Nation” where 40 children are allowed to develop their own society for 40 days. The claims are that there is “no parental supervision”, but of course with many TV cameras watching I’m sure that even the most stupid children can work out that there are reasons to behave relatively well. Also I’m sure that they will remove children from the show if it becomes necessary to avoid injury.
It will be interesting to see how well this develops. Maybe it could evolve into a new form of schooling, just leave children alone in a school with lots of security cameras watching them and let them study or not as they wish. It would be cheaper than running a regular high-school, and as there is little scope for providing a worse education than many (most?) high-schools currently provide it should be worth a try.
For a long time I have thought that the premise behind The Lord of the Flies was bogus. I believe that a major contributing factor towards much of the violence that is present in schools is the pointlessness of the entire system. There are very few students who are so stupid that they can’t realise that the education system is failing them. Whenever you put a large number of people in a confined space with nothing useful to do the results will be bad. If a group of students from a violent school were placed on an island without any supplies then I’m sure that they would soon realise that they need to cooperate to stay alive.
Update:
It seems that the Sudbury Valley school implements some ideas similar to mine. They also have a page of links to some other schools that do similar things.
From reading my web stats yesterday it seems that one Planet has polled by blog feed 1693 times over the first 14.25 days of this month. This is about 5 polls per hour. Another Planet has polled my blog 994 times for an average of about 3 hits per hour.
How frequently does it make sense to poll blogs? Speaking for myself I think that waiting an extra 10 minutes to see my latest blog post isn’t going to hurt anyone, and encouraging Planet readers to reload the page so frequently probably isn’t doing them a favour either.
For my own personal Planet installation (which mainly aggregates other Linux Planets for my own personal use) I have it poll the feeds every four hours. For a Planet installation designed for general readership it would make sense to have it poll more frequently. Maybe once every hour or once every half-hour.
When I initially set up my own planet installation I aggregated the entire feed list of Planet Debian and Planet Linux Australia and it generally took between 10 and 30 minutes to poll all the feeds with 20 minutes being common (Planet does not support parallel downloads). So for a moderate sized Planet with frequent polling you might have one poll end after the next cron job for a poll has begun.
It’s a pity that Planet doesn’t support pings. Will the next version do so? I would rather have my blog ping the Planets that I know of that aggregate my content and save thousands of needless polls while also giving a faster update.
Finally if you need a fast response for a dialogue then probably blogs and Planets are not the communication mechanism to use, a mailing list would probably be more appropriate.
Currently I am considering the priority scheme to use for some highly available services running on Linux with Heartbeat.
The Heartbeat system has a number of factors that can be used to determine the weight for running a particular service on a given node. One is the connectivity to other systems determined by ping (every system that is pingable can add a value to the score), one is the number of failures (every failure deducts a value from the total score), one is the weight for staying on the same node (IE if the situation changes and the current node is not the ideal node you might not want to immediately move the service to a different node as that gives some seconds of no service), and one is the preference for each node that may run the service.
For a given node to run a particular service then the score has to be greater than all other nodes and also greater than zero. If all nodes have a score that is zero or less then the service will not run.
Now in the case of a service that repeatedly fails (EG a filesystem mount that relies on a hardware RAID which is not connected) then what should we do? One option is to have the score for running on a particular node be for example 100 times the value that is subtracted on failure. In this case after 100 failures on that node (and an appropriate number of failures on other nodes which are permitted to run the service) it will be disabled. Then the service has to be explicitly re-enabled (or a node rebooted) before it will run again.
The other option would be to have the value that is subtracted on failure be less than a billionth of the score for running on a particular node, so that the service will keep trying to start for the next few hundred years. The up-side of this is that there is less fiddling required, the down-side is that some CPU and disk resources will be kept active in repeatedly starting the service.
Now I have to decide which option to take in this regard, any comments would be appreciated.
Paul Dwerryhouse blogs about mobile phone etiquette.
- Taking excessive calls at a restaurant is annoying, but keep them short and it’s no big deal.
- Strange ring tones are OK as long as people answer their phone. It’s when they decide that they don’t want to answer a call that the entire Avril Lavigne song annoys people. In regard to this issue wearing headphones in public with the volume turned up high enough that everyone else can hear is a much worse problem – which will incidentally deafen the person using the headphones in the long-term as well as annoying everyone else in the short-term.
- I used to work with Paul and we had a colleague who repeatedly chose not to answer his mobile phone because he didn’t want to talk to a particular recruiting agent but refused to say so. Eventually the agent tried calling the office and got to me, I told him “if someone never answers their mobile phone when you call it means that they don’t like you, take a hint and stop calling”. There were fewer unanswered calls after that.
- I have to agree with that, having a phone call in the cinema (or even worse the theatre) is just wrong. If you are on the list for organ transplant (the only time you really MUST have your phone on all the time) then turn the phone to vibrate mode.
- When on the train the range of things that I can do is limited. Rather than waste time I make calls that I don’t have time to make on other occasions. The only exception is when I was in Japan, in respect of their cultural standards I turned my phone off most times when on the train.
- Walking and talking? Unless you are crossing a busy street then why not? People who inappropriately use mobile phones while performing dangerous activities will tend to be weeded out by Darwin. They usually don’t give Darwin Awards for mundane things such as not seeing an oncoming truck while talking on a mobile phone.
- In regard to the issue of whether you have to answer a phone, some people believe that it’s an issue of courtesy to the person who is calling to answer the phone if reasonably possible.
- Whether “call me back” is adequate depends on who is calling. I generally find that when someone leaves such a message they have been correct in their assessment of the value of their call to me. The people who leave such messages are generally the people who’s call I will return on the basis of such a message. Leaving a long voicemail message adds to the profits of the telco used to making the call as well as the telco that maintains the voice-mail box. My 3 voicemail service charges me to receive the messages and I prefer them to be kept short.
- Anyone who thinks that having a fancy phone, car, computer, etc will make them a better person or impress anyone has bigger problems than the choice of a phone. Also if the $600 a year that you might spend on regularly updating your mobile phone makes a significant difference to your savings then you will probably never be able to afford a house either.
- Bluetooth headsets do make you look like an idiot, but they do have some benefits. When doing tech-support it is a real benefit to be able to use both hands for typing. The only reason I don’t have one is that I don’t do tech support enough to justify the expense of buying one or the inconvenience of carrying it everywhere. Note that when you define “tech support” in the most broad sense (which includes helping all your relatives with their computer problems) most computer people do quite a lot of it even if it’s not their job.
E-Week has an article about the popular computer hardware review site Tom’s Hardware (tomshardware.com) being hit by a trojan in a banner advert.
From the article it’s not clear whether a criminal paid for a banner advert under a legitimate business name or compromised the advertising server run by an innocent third-party who paid for advertising on Tom’s Hardware.
But really it doesn’t matter very much for users. The facts that are clear are that Tom’s Hardware is a very reputable site (that I personally visit regularly and recommend highly) that apparently did nothing wrong. Yet Windows users who visited the site who hadn’t applied the latest patches had their systems compromised (and presumably used for other criminal activity). Apparently a month ago there was a patch released for the bug in question.
One thing that has to be noted is that large corporations often don’t apply patches immediately. Spending a month testing a patch before deploying it widely is not uncommon in an enterprise environment. The general thinking in an enterprise is that the employees are almost always prohibited from visiting porn sites, and often prohibited from using forums, and webmail services. With these things prohibited the risk of attack is dramatically reduced. Now there is evidence that even the most reputable sites run by the competent sys-admins can be vulnerable to such attack.
One possible method of alleviating such attacks would be to have sites that are supported by advertising also allow ad-free subscriptions. So if an enterprise wanted to use a site such as Tom’s Hardware without the risk of advert based attack then they could pay for an advert free subscription. I’m sure that it would be easy for an enterprise to pay Tom’s hardware more money than they would ever be likely to get from providing advertising to the employees of that company while still not having any impact on the IT training budget.
But the best solution is that a Windows machine that is used for main desktop work should not be used for web browsing (to any sites). A Linux or Mac OS/X desktop machine could be used for such web browsing with less risk due to having less security holes in the OS. Another option is to use VMWare, Xen, or another virtualisation technology to use a virtual machine for web browsing to make it a lot harder for an attacker to break out and compromise the main environment.
Paul Graham makes some interesting observations about taking risks to achieve career benefits.
One thing he doesn’t mention is that the risks have to match your life situation. If you are 21, living with your parents, and single (typical for a CS graduate) then you should take the riskiest options in terms of your career (apart from working in Iraq of course). If you don’t have much money then you don’t have much to lose. If you live with your parents then you still have accommodation and food even if you have no money. If you have no dependents (SO or children) then there’s nothing compelling you to earn a certain income.
When you get older you may get a mortgage, a SO, and/or children. Also you won’t live with your parents forever. Most career risks that you might want to take aren’t possible if you leave them too late.
Finally if you do something risky such as starting your own company and it doesn’t work out then it’s still going to look good on your CV. If you already have a lot of experience in the industry then the CV improvement may not be worth the time and effort invested in an unsuccessful company.
When I was 22 I (along with two business partners) started an Internet cafe. It went reasonably well (by the standards of small businesses), it lasted for a few years before cheap net access at home killed most of the business. At the time the cafe had to close the ISP side of the business was doing reasonably well and one of my partners bought the operating ISP business. This buy-out caused me to approximately break even out of the entire business which is a lot better than most small businesses do. When I was 26 I moved to London (I have dual nationality, UK and Australian). The experience I had gained from running my own business allowed me to immediately get contract work for large ISPs in Europe.
Most of the risks in my career were ones that I took while living with my parents. At the time I didn’t think through the issues of mortgages etc, my thinking was mostly along the lines of “it could work, I’m bored, so why not?”. ;)
Update: While in the process of writing this blog post I forwarded the URL of a dating service for scientists (sciconnect.com) to some friends. The main page has pictures of single people wearing lab coats and using laptops which I found amusing. I have no idea whether it’s a good service or not, but the pictures on the main page made it worth a look. It seems that I accidentally pasted the wrong URL into my blog post so people who were looking for the Paul Graham article ended up at the dating service instead. But I guess if you are the type of person who reads my blog and who is interested in a link to Paul Graham’s blog and you happen to be single then a dating service for scientists might be of some interest.
Thanks to MJ Ray for pointing out my error.
The current trend in government seems to be to do whatever they want because to do otherwise invites (or fails to prevent) terrorism.
Here are some things that might be done by terrorists which governments should consider banning:
Graffiti – could be used by terrorists to mark locations for attacks or send messages to sleeper cells. It’s already illegal but that doesn’t seem to stop anyone. Send the graffiti “artists” to the same places that they send illegal immigrants.
Spitting in public – could be used for biological warfare (it’s effective at spreading disease).
Putting feet on seats of public transport. Shoes have been used for smuggling explosives on to commercial airline flights and could be used for bio-warfare.
Sticking gum underneath chairs. This is an obvious risk for bio-warfare.
Governments and corporations are banning photography, banning prayer in airports, and speaking in languages other than English. It’s about time that they banned something that is actually bad.
|
|
