[nycbug-talk] A couple of security related questions

Tillman Hodgson tillman
Mon Oct 4 15:33:58 EDT 2004

On Mon, Oct 04, 2004 at 02:09:17PM -0400, Dru wrote:
> That's a cool idea. Anyone either implementing this or seen it implemented 
> out in the wild?

I've both seen it implemented and tried it myself.

It was somewhat unsatisfying because RCS is specific to the local
machine. So I went to CVS.

Which was somewhat unsatisfying because I still had to pull down changes
from each box rather than centrally push them out. So I implemented a
Kerberos realm and used ClusterIt to enable parallel network shells to
do maintenance with.

Which was still somewhat unsatisfying because I have a heterogenous
environment, and the various Unixen do not make centralized
configuration easy.

So I ended up at http://www.infrastructures.org/ and starting poking at
cfengine and other tools like that. The folks there have been working on
this very topic for a long time, and there's a lot of value in having
the dead-ends marked off with warning signs ;-)

Thinking about how to manage a large Unix-but-heterogenous environment
has been a hobby of mine for a long time. It's one of those problem
spaces with endless (and endlessly fascinating) complexity and the best
"90% solutions" are of the simple-and-elegant type. I'm the kind of Unix
geek that sees those types of solutions as a form of art, with their own
intrinsic beauty.

So ... yeah. Side-tracked. Heh.


"Being generous is inborn; being altruistic is a learned perversity.
 No resemblance."
    -- Robert Heinlein

More information about the talk mailing list