Archive for March, 2009

Downgrading LDAP

March 25th, 2009 7 comments

About a month ago, this gem was posted in IRC;

Now, if LDAP (and in particular OpenLDAP) wasn’t such a stinking pile of crap we’d have used that instead, but unfortunately it is. Perhaps we should move the passwd file into Hesiod some day too…

The author explains, in essence, why he ended up storing user/groups in DNS. This is a completely horrible hack, but somewhat understandable. Having fought with OpenLDAP in the past, I can see how this kind of thing happens. It is possible to bludgeon OpenLDAP into some resemblance of usefulness, and get it to perform satisfactorily once you’ve twiddled the indexes in just the right way. It might even update it’s slaves if you ask it nicely and sacrifice a chicken under a blue moon…

And then you upgrade and it falls over again and you have to relearn and rewrite all the configuration files and reimport all the data. Meanwhile, the Kerberos server that you built four years ago is still ticking along without a hint of problems, and all you really want to do is keep the account information for twenty odd users and groups on your local LAN in concurrent state across a bunch of servers and workstations. How hard should that be?

The solution I’m pushing around in my ~/play directory is called Suds (Simple Unix/User Directory Service). In essence, it’s a telnet interface to a cdb database that returns records that look very similar to what you find in /etc/passwd and /etc/group with the addition of a realm and timestamp field. There is no authentication, except some basic options to limit access via subnet. Write access is via the filesystem on the server. To facilitate the easy creation of slaves, sending UPDATE:timestamp to the server will return all the records changed since that update.

The system won’t support storing passwords, since Kerberos, RADIUS, and ssh keys already do a much better job. The idea isn’t to replace LDAP, but to provide a simpler alternative for administrators of small networks with between about five and fifty users/hosts.

The prototype server code is about 40 lines of bad python, and I’m currently trying to hack together an NSS module, which will hopefully support SRV records to simplify deployment.


Categories: Tech Tags: , , ,

HP Mini 1000 – Further Impressions

March 3rd, 2009 8 comments

Having had my HP Mini 1000 (or technically, a 1004TU) for about a couple of months now, I thought I’d write up some of my impressions that turn up after the initial “Ooh! Shiny!” aspect has worn off. Some of these I touched on in my original post.

Firstly, I do like the machine, and the keyboard is nice to type on. It’s the first thing that people notice, and several people have commented on getting a similar model solely because of the keyboard. What they don’t notice is the lack of back light, luminescent keys glyphs, or anything that lets you use it in the dark. Immediately after that observation, everyone complains that the mousepad buttons are weird – though the layout frees up space, and I’m used to it now – and that they keep hitting the touch pad when trying to type – which I also still do after two months.

After a bit of fluffing, it appears that HP will send me my cash back. This is good, because frankly, I think the initial price I saw it for (NZD$900) is over priced. It’s good, but it’s not that good. What follows now is a list of my gripes that are only mitigated by the fact that I got it for a steal during a boxing day sale at 20% off ($720 minus a further $100 via cash back). These issues aren’t enough to make me chuck it on trademe, and go buy something else, but they are annoying, and worth noting for anyone thinking of buying one.

In the normal course of events, such as putting the device in a bag, it’s possible for the screen to touch the keyboard. This leaves marks on the screen, which is bad. To alleviate this problem, the unit comes with this weird cloth thing that you need to put between the screen and the keyboard when you close it. Naturally, you will lose this cloth, repeatedly. A couple of rubber stops at the top of the screen would have fixed this, but clearly HP has decided short term sales aesthetics must override the long term usability of not having a smudged grid pattern permanently etched into the screen.

The battery just scrapes in at three hours. This is high enough to be useful, but low enough to be annoying. In addition, it takes about as long to recharge, which is also frustrating.

The sound volume is all kinds of weird. It’s impossible to hear anything until the volume is cranked up to about 85%, and then the volume rises rapidly. This weirdness actually prompted me to hunt down the volume control resolution in gconf (/apps/gnome_settings_daemon/volume_step), and may have caused temporary deafness a couple of times.

The bizarre ports configuration is where this netbook really falls down. The combination 3.5mm head/microphone jack means that I can’t use my regular headset for skype. and the built in microphone is rubbish. The obvious solution is to use bluetooth, but HP clearly felt that it was important to get that extra 50 cents they saved by removing bluetooth from my model. Of course, it’s possible to use a USB bluetooth module, but this takes away one of the two precious external USB ports. There is a third one, but that’s recessed a good 3cm into the case simply so HP can ream you once more for their propriety-but-not-really HP Mobile Drive, which is really just a generic USB drive with some extra plastic on it. Rounding off this lazy rendition of embrace and extend is the expansion port on the left side, which, in theory – supports power, USB, VGA, and audio, thus allowing a docking station of sorts.
Except that I still can’t buy cables for it. So, I have no VGA out, or docking capability.
They even managed to screw up the camera.

Finally, the screen tilts back just far enough to make it virtually impossible to use while crashed out on a couch. Words cannot express how much this disappoints me.

Finally, the ethernet is kind of buggy. If it’s not plugged in when you turn the device on then, you don’t have ethernet. If you then unplug said ethernet cable, the kernel panics and the whole machine locks up. Awesome.

Don’t get me wrong – I’m happy with my purchase, but only because I managed to get it at such a low price. If I’d paid the full price of $900 or so, I’d be feeling somewhat ripped right now.

Categories: Tech Tags: , ,