вторник, 27 сентября 2016 г.

Job: Linux Administrator / DevOps Engineer, Tokyo, Japan (relocation)

Друзья, мы ищем человека себе в команду в Токио. Опыт администрирования Linux, целеустремленность, желание работать в команде и знание английского обязательны, остальному научим.

Вакансия в Токио.

понедельник, 9 марта 2015 г.

Why Linux is not yet ready for Desktop

1. Virus epidemic is still not possible on Linux
Nobody is going to care about making Linux popular until it is possible to spread viruses and trojans on it widely.

2. No nice antivirus software for Linux Desktop available
As viruses are not popular so antivirus companies do not care much about creating something good for it. What a user can trust a system without antivirus?

3. Migrating Linux to new hardware is too easy
Moving to new hardware is as simple as moving your disk drive to another system. No reinstalling software, no reconfiguration, no driver installation. How end-user support companies are going to make money on this? Thus they do not care about making Linux Desktop popular either.

4. Most of software is in on place and freely accessible
There is no software company which can keep users and make them pay without vendor lock-in. Possible with Linux? Absolutely not.

5. Spying on users is very difficult
How can companies inject spyware or adaware while most of software are coming from a distribution repository? There is on easy way. No companies like this.

6. Linux is too customizable
The more freedom to users is given, the less control of them is taken. Less control means less money. No, users do not need freedom.

7. Deep look inside is possible
Allowing looking inside is way too dangerous. What if advanced users can find some stupid bugs? What if the can fix something by themselves? What if they can copy our ideas and user them in their own projects? Users should not have access to source code and modify it. They should not even understand how it works until they purchase for a related course.

8. Encryption out of the box
Many of Linux distributions provide strong system and profile directory encryption out of the box. Neither government nor companies are interested.

Is there anybody who still think that Linux is ready for Desktop after all this? I doubt it.

пятница, 12 декабря 2014 г.

I'm adherent of Copyleft

Some time ago I had a task to choose configuration management system for our Linux machines and came to the battle between Salt and Ansible. While technically these systems are similar, licensing models are different. Salt developers chose Apache license and Ansible stopped on GPL one. As a copyleft lover I shouldn't not even think much and Ansible would be my the only choice. However I decided to dig a bit and Google what other people think.

Ideas I keep in mind when I choose software licensed by copyleft license:
- this software is open
- this software will be open forever (or at least for a long period of time)
- developers and users are motivated to contribute

And generally this works for copyleft licensed software, but this is not a rule.

Coming back to Ansible vs Salt I found Salt community extremely active, friendly and welcoming. And this is the most reliable indicator that this piece of software is going to live long and open life. And thus I choose Salt, I choose community and not the license.

Some links to the topic:
http://ryandlane.com/blog/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/
http://jensrantil.github.io/salt-vs-ansible.html

пятница, 5 сентября 2014 г.

Safe work around to make check_esxi_hardware.py work within normal user

Adding nagios user to the root group (popular work around in the Internet) is a big security hole. I suggest never doing this.

Here is a better work around until VMware fixes 'CIM interaction' permission (which doesn't work at least since 4.0 and up to the recent 5.5):

1) Create a local user 'nagios' on a ESXi host
2) Add a cron job to check and update /etc/security/access.conf
user=nagios; access=/etc/security/access.conf; crontab=/var/spool/cron/crontabs/root; grep $access $crontab > /dev/null || cat << EOF >> $crontab
*/5  *    *   *   *   grep '^+:$user:sfcb$' $access > /dev/null || sed -i '2i +:$user:sfcb' $access
EOF
3) Done!

Now you can use nagios user to check check_esxi_hardware.py, no special roles or permissions are needed.

суббота, 15 марта 2014 г.

Как читать блог Навального и другие заблокированные ресурсы с помощью Tor

Блог Навального на ЖЖ не отрывается с российского диапазона IP-адресов. В интернете можно найти много разных решений и, в частности, использование Tor. При использовании Tor обратите внимание, что по-умолчанию входящая и исходящая ноды выбираются случайным образом, т.е. выходая нода может попасть в список заблокированных. Чтобы избежать этого вы можете ограничить выходные ноды географически, добавив в torrc следующий параметр:
ExitNodes {de}

Параметр "ExitNodes {de}" указывает на использование выходных нод с IP-адресами Германии. Можно указать несколько диапазонов через запятую, например:
ExitNodes {de},{gb},5.78.0.0/16