LISA ‘05, Day 2
Monday seems to be the day when people arrive. The wireless is up and down, and the diet coke flies off the snack trays during the breaks. I think I had a little bit to drink whiel socializing with attendees at the bar last night; my hang over from last night was a little pounding, but learning new things tends to wake me up a bit.
Today I went to two separate tutorials. The first talk was on Security without Firewalls, by the same speaker from yesterday, Abe Singer. In this talk, Abe made the argument that firewalls are often unnecessary and are really fallout from managerial peer pressure. Who needs firewalls if your network hosts are secure?
The tutorial went on about how you can secure your networks, like using IP entries in your exports file for NFS, using CFengine for change management, and building model hosts for images. Where I felt the talk fell flat was where what I felt were ancient administrative techniques were used, like compiling packages from source (what about vendor patches to ssh?) and using an a read-only NFS server to distribution system binaries (single point of failure, anyone?).
The second talk was part one of two on CFengine entitled Introduction to Host Configuration and Maintenance with Cfengine by the software’s author, Mark Burgess. The talk was spectacular, and answered many of my questions on how the hell CFengine works. It seems like a powerful tool, and I can’t wait to get back into the lab and try it out. Tomorrow’s advanced talk sounds even more interesting.
During the CFengine break, I lucked out and ran into Star from XenSource, and we had a long discussion on what is going on with Xen, and where I could find community resources on it. It was enough for me to post my first BoF: this Wednesday at 7pm. I hope enough people come so I can get more input on creative ways to deploy virtualization into production. I’ve lead a group of cats before when I ran RLUG, so I’m use I can do it with Lisa geeks.