Date: Mon, 20 Jun 2016 20:58:18 -0400 From: Zaphod Beeblebrox <zbeeble@gmail.com> To: Chris Watson <bsdunix44@gmail.com> Cc: freebsd-fs <freebsd-fs@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: The small installations network filesystem and users. Message-ID: <CACpH0MfYAe4JG5r3QmZ7B9jZWR3DTf-Hfb8Xrq1JiKdGpG5i0Q@mail.gmail.com> In-Reply-To: <9BB7E8B3-EC0E-457E-B2B2-FB80B1CF02B0@gmail.com> References: <CACpH0MdJ0YjtB-H5h-7u%2BdC%2BbbjVhN-Y7ejM7u7W-SL01qC3aA@mail.gmail.com> <9BB7E8B3-EC0E-457E-B2B2-FB80B1CF02B0@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 20, 2016 at 6:11 PM, Chris Watson <bsdunix44@gmail.com> wrote: > I'm glad you brought this up. I wanted to but I've heard it before on the > lists and realize that there is this disconnect between the developers > doing the actual work to implement these things and the end users. > > [...] > > There was a photo from bsdcan this year of a "sysadmin spotting" shirt. If > you read the text on it you actually begin to see how systemic and > difficult actually using and configuring most software is. It's probably a > good reason most developers use macs. In addition to better HW support. I'm > not sure what the solution to this is. I think it would be great if beta > testers and the developers had a closer connection and issues were handles > in a timely manner. But in a volunteer project I get why that is > unreasonable. But I mean go through the bug database and you can see PRs > that are years old. I don't know. I just know I'm getting to old to spend > all day beating my head against software to get it working. Honestly if I > have to spend over an hour reading crap docs all over the net because your > manpage make no sense or is vague, trying to configure the software, your > software sucks and I'm rm'ing it. I recently went through this with > opensmtpd. I went right back to postfix. And all over something as simple > or should be as simple as mail aliases! > > Not exactly where I expected this post to go, but for the record, I was at BSDCan this year. When I can get my head around something, I have submitted patches (ethernet drivers, netgraph, softupdate bugs (back-in-the-day), many ports and a few userland utilities). I'm not exactly a user who chucks things and installs linux. I even run a full on ADSL-providing ISP on FreeBSD without help from any non-FreeBSD product other than my core switch. That-all-said, authentication is a possible huge win. I was recently involved in a deployment of ubuntu that included LDAP and even though it was a mess, it eventually was hammered into working. Ubuntu and the implementation were not my choice, but you do-what-you're-told when someone else is paying the bill. Honestly, I don't know how I would have pitched FreeBSD there. Not even ubuntu itself had LDAP right. It was a combination of third parties. Even with that gigantic head start, LDAP was a bear --- but AFAICT, LDAP is _required_ for NFSv4 deployments. Now, LDAP without Winblows is slightly less of a bear, _but_ Maybe this dovetails with a subtext at BSDCan's keysigning BOF: that many projects risk irrelevance with their complexity. It's not that I believe complex setups are bad. But simple things need be simple. I have 3 machines at home (for instance) and a cluster of 8 machines in colo (run the ISP). On my 3 machines at home, I run NFSv3 because it works and I can get it setup. I'd like to run NFSv4 because then my windows machines would look at it, but I run SMB instead (v3, no less) because it roughly works. So at home... I have three machines and a fairly liberal hacking time budget. I have failed at LDAP several times. I'm back to copying the master.password file around because that works. I don't like it, but it works. It seems like the breakeven for LDAP effort vs. scp master.password is somewhere around 50 machines. -ish. I realize the real problem is that authentication has become more complex in the world since networks can't be trusted. I have to wonder if we're getting back closer to that now with all the tunneling on wifi and campus networks. Sigh. I'm starting to feel like this whole post has no purpose.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACpH0MfYAe4JG5r3QmZ7B9jZWR3DTf-Hfb8Xrq1JiKdGpG5i0Q>