Wouter wrote an interesting post about names. I wonder how many people know me as Russell SELinux…
|
||||||
|
Ulrich Drepper has written a good web page about text relocation which is most often noticed as execmod failures reported when running SE Linux. When an AVC message reports a failure of execmod against a shared object it means that the object has text relocations (the shared object code writes to code that it executes to fix up addresses). This is due to being compiled without -fPIC or -fpic. The command eu-findtextrel (from the elfutils package) when run with a parameter of the shared object in question will tell you which functions were compiled without -fpic or -fPIC. The module in question must be recompiled with -fpic or -fPIC to generate the correct code. Without SE Linux it’s still a bug to compile a shared object without position independent code, so any shared object which can’t run under SE Linux because of execmod will probably have problems in other situations anyway (maybe only on certain architectures). One of the benefits of Xen is that it allows a machine to be easily rebooted. Remote console and remote power management technologies are either expensive or implemented on the motherboards of expensive machines. With Xen the virtual machines can be managed without such expense and also with less effort. This raises immediate possibilities for training sys-admins. One problem with training system administrators is that they need to have servers to administer and the mentor needs to be able to easily access them and fix them when they become unbootable. Xen makes these problems easy to solve on cheap hardware. Monash University has for many years had a machine named Yoyo which is used for training sys-admins. It’s not expected to be up as much as machines that are run by experienced sys-admins (hence the name) but I expect it would still have better uptime than a lot of corporate servers. Unfortunately until recently there were no options available to people who weren’t Monash students for learning about system administration. To solve this I want to run some sys-admin training with a server. My plan is to set up a machine running Xen at a server room and provide a basic Debian install in a domU. I will then give the root password to a small group of trustworthy people (who I have known for some time or who are local and can be verified) and start the training. My plan is to set up a mailing list for emergency communication on one of my servers and have the trainees set one up for regular use on the domU. I will provide DNS secondary service and have an NS record for yoyo.coker.com.au point at the machine in question so the first task for them would be to run a DNS server. I won’t have unlimited bandwidth so I will track the bandwidth use from the dom0, and I will use the dom0 to make backups of the system via LVM snapshots. The terms of service etc will be mostly copied from the Monash machine. Please let me know if you have any suggestions for how to run this. Hopefully this will work out and other people will want to do the same. If you run such a machine then please add a comment to this post with the URL for information on it. Recently I had someone call my mobile phone asking whether I wanted to change phone providers. I asked them if they could hold the line – then I put my phone down and went back to work. It took over eight minutes before they hung up on me. Next time someone phone-spams you try to beat that record, please post a comment on this blog entry if you can beat eight minutes and twenty seconds of dead-air. The call might have lasted longer if I had periodically picked up the phone and said “I’m almost ready“. It’s something I may test in the future. One of the most obvious (and yet most common) computer security mistakes is to take input from an untrusted (and potentially hostile) source. A classic example of this is in Windows Vista where audio output from the system speakers can be taken as input to the speech recognition system. According to the BBC article an MS representative said “it would be unlikely the user would not be in the room to hear the file with malicious instructions being played“. It seems that according to MS it’s OK for your computer security to be breached, just as long as you are around to witness it! On a Debian mailing list someone claimed that it was inconvenient to use ssh tunneling for sending and receiving email due to the issue of broken connections. On my source-dump blog I have posted an entry with xinetd configuration for doing this in a reliable manner. service smtps
{
disable = no
socket_type = stream
wait = no
user = USER
server = /usr/bin/ssh
server_args = USER@HOST -C /home/USER/bin/localsmtp
bind = 127.0.0.1
}
service pop2
{
disable = no
socket_type = stream
wait = no
user = USER
server = /usr/bin/ssh
server_args = USER@HOST -C /home/USER/bin/localpop
bind = 127.0.0.1
}
I have the above in my xinetd configuration to automatically generate ssh tunnels. I configure my MUA to talk to localhost on the pop2 port for POP connections to my real POP server and I configure Postfix (my local MTA) to relay all mail through localhost on the smtps port with the directive “relayhost = 127.0.0.1:465“. The localpop script contains the command “nc 127.0.0.1 110” and the localsmtp script contains the command “nc 127.0.0.1 25“. I use the localpop and localsmtp scripts so that if I change anything on the server end then I can easily adjust the scripts without reconfiguring the workstations that relay their mail. I suggested in a previous blog entry that conferences should provide computers that speakers can use for their presentations. The reason for this is that getting one computer working with the beamer in each room is an easy task, while getting the laptop of every speaker to work is much more difficult. It seems that my idea has been rejected by almost everyone who read it, so I’ll document some tips for getting a laptop working. SZ: Pixels Physical Refresh *0 1400 x 1050 ( 474mm x 356mm ) *50 4 640 x 480 ( 474mm x 356mm ) 50 5 800 x 600 ( 474mm x 356mm ) 50 6 1024 x 768 ( 474mm x 356mm ) 50 8 1280 x 960 ( 474mm x 356mm ) 50 9 1280 x 1024 ( 474mm x 356mm ) 50 Firstly there is the command xrandr which can be used to change the resolution without logging out. Above are the most useful lines produced by running xrandr with no options on my Thinkpad T41p. The left column is the index to the list of resolutions. For example I run xrandr -s 9 to use mode 1280×1024 and xrandr -s 0 to use mode 1400×1050. This takes much less time than editing an X config file! The next thing to note is that my Thinkpad has a refresh rate of 50Hz, apparently most beamers expect at least 60Hz, this explains why I have had ongoing problems in getting my Thinkpad to correctly work for presentations for the entire time that I have owned it. If you own such a Thinkpad then I recommend that you just bring another laptop to do your presentation on the assumption that the display possibly won’t work and probably won’t work properly! I had developed this habit anyway after repeated problems in getting my Thinkpad working (occurring on a number of occasions in several countries). It’s good to now know the reason for this (thanks Keith). When setting the resolution there are often tweaks that can be used. For example in my talk for the Debian Miniconf of LCA 2007 I used mode 800×600 (I think – Keith set it up and I didn’t look closely after verifying that things basically worked). Even though the beamer didn’t have good support for a low refresh rate it worked when the resolution was low enough. Fortunately the xrandr program allows changing resolution fast enough that all 13 resolutions could be attempted in about a minute. The support for better display detection and configuration is steadily improving. Hopefully this year the problems will be solved (which means that for the Debian and RHEL releases in 2008 the problem will be solved). A possible work-around is to use Xephyr (the replacement for Xnest). In a previous blog entry I described how to get Xephyr going for use by Xen images. It seems to be a common symptom of display synchronization problems that the edges of the screen will be clipped. The most common work-around for this is to not use the full-screen mode of OpenOffice – which means that instead of having a small amount of text clipped there is a large amount of OpenOffice menus etc on the screen. As Xephyr accepts any resolution it should not be difficult to arrange for it to use 98% of the screen space and then run the presentation full-screen in the Xephyr window. This will be particularly useful for programs such as MagicPoint (my favorite presentation program) which don’t support a windowed mode of operation. If you have any other suggestions on how to solve or work around display problems with laptops then please leave comments. Recently someone asked me for advice on what they can do to improve their career without getting a degree. I have performed a quick poll of some people I know and found that for experienced people there seems to be little need for a degree. People who have extensive experience but no degree report no problems in finding work, and employers don’t report any reluctance to hire someone who has the skills but no degree. One thing that a degree is very good for is making a career jump. This is most notable when you get your first professional job, school results and references from part-time work don’t help and a degree is a massive benefit. But if you have proven your abilities in the field then most employers will be more interested in checking references and the interview process than in qualifications. If you are only interested in getting a job that is one level above where you are at the moment then lacking a degree should not be a problem. Another possibility for someone who lacks a degree is certification such as the Linux Professional Institute (LPI) provides and the Red Hat Certified Engineer (RHCE). One advantage of the RHCE certification is that it is based on fixing misconfigured Linux systems, no theoretical questions, just the type of work that real sys-admins do for their job – this means that people who do badly in traditional exams can be expected to do well, and it also means that the RHCE certification accurately depicts real skills in fixing problems (and it should therefore be more valuable to employers). The LPI exams can be taken by anyone, but to sit for an RHCE you have to be sponsored by an employer. There are ways of getting career benefits without strictly going upwards. One way of doing this is to move to a region where the pay scales are different. Some years ago I moved from Melbourne, Australia to London to increase my salary. When in London I did work that was a lot less challenging and was paid considerably better for doing so. One thing I discovered is that in London Australians were widely admired for working really hard, I don’t think that Australians work harder than British people on average, but people who will move to the other side of the world to advance their career are generally prepared to work hard! If you spend some time working in another region and then decide to return home you will probably find that employers are more interested in hiring you for what you have learned in another region. Whether you actually learn things that are of value to potential employers when working in another country is debatable, it probably depends on the individual. But when applying for a job you want to make the most of every opportunity that is available – if someone wants to hire you for the special skills you learned in another country then that’s OK. ;) Another possibility is moving to a different industry sector. Some industries have career bottlenecks at different levels. If there is no possibility of moving upwards in the area where you work then getting a job with the same skill requirements in a different industry might open up more opportunities. An example of this is working as a sys-admin in a medium sized company that is not IT based. If you are the only sys-admin in the company then there is no possibility of promotion, moving from such a company to an ISP (or other IT based company) would then give the possibility of becoming a senior sys-admin, team leader, or even the manager of the ops team (if management is your thing). A final option that few people consider is becoming a contractor. Contractors tend to earn significantly more than permanent employees when they do the same work (so becoming a contractor provides a significant immediate benefit) and as the duration of contracts is usually small there is less attention paid to degrees etc (what does it matter if the contractor will only be there for three months?). Of course most contracts last significantly longer than the initial term, some contractors end up working in the same position for 10 years or more! There are some down-sides to being a contractor, one is that they get less interesting work (offering someone a choice of projects if they become a permanent employee or the project that is deemed to be least interesting if they insist on being a contractor is not uncommon). Another down-side to being a contractor is the way that contractors are used. The ideal way of running a company is to have mostly permanent employees and to use contractors for special skills, short-term projects, and for emergencies when they can’t hire permanent employees. When a company has almost no permanent employees it usually means that something is going badly wrong. This means that if you select a random contract role there is a good chance that it will be one where things are going badly wrong. The money from contracting is good, but it can be depressing when projects fail. While attending LCA it occurred to me that the lecture notes from all the talks that I have given lack a copyright notice. So I now retrospectively license my lecture notes in the manner that probably matches what everyone was already doing. The Creative Commons web site has a form to allow you to easily choose a license. So I have chosen the below license, it applies to all lecture notes currently on my web site and all that I publish in future unless they contain special notice of different license conditions. Update: From now on I am releasing all lecture notes under a non-commercial share-alike license. I had previously not given a specific license to the content on my blog – now I am specifically licensing it under a non-commercial share-alike license. This means (among other things) that you may not put my content on a web page that contains Google AdWords or any other similar advertising.
|
||||||
