![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Learning New Things
Jul. 29th, 2004 05:45 pmSo for the last several months I've been feeling terribly stagnant - many of the computer geeks around me don't exactly have a hard time making me well aware of where my education isn't. Not in any bad way, just that I'm a relatively sucky programmer. Okay, I'm a lousy programmer. I've not spent the last six years of my life learning how to program like a good software engineer, I've spent most of it getting a more holistic understanding of the state of computers. I forgot that for a while, and was wondering what the hell I'd done with six and one quarter years of my life.
This is not one of the more pleasant topics to roam over. Trust me.
I spent the last few days recalling where my strength lies, and drove it home today. My current nightmare is, as ever, consolidation. out of semi-necessity, I'm one of about 8 people managing 70 systems. None of us 'owns' any block of systems - you can't say to me 'Aw, but managing 8.75 systems isn't bad', without getting an ugly look and a few choice words.
So. Consolidation. Consolidated storage is a dream I've got some inroads on but won't happen while I'm working here, thanks to cost. (NFS, the network-based system I've seen, runs on RPC, which is a BAD technology to have access to your I/O queues, trust me). Consolidated authentication, though, is within my reach. I've been learning LDAP, finding it relatively simple. I'm looking at replicating an LDAP server across multiple nodes - for failover redundancy - and looking into using Oracle's infrastructure for the purpose, which includes a Certificate Authority module and some other stuff that'd be rather useful.
Today, I was cursing the fact that I'd lost my SSH key - basically a key I used to avoid having to type my password every time I wanted to log in - when I rebuilt my system, and realizing that managing an SSH key across 70 systems was another nightmare someone had to have solved before. I went and looked around and found PKI and Kerberos, both of which are supported by OpenSSH. And they made sense.
"One day, I looked at the letters on the cage across from me, and I understood them" - Nicodemus, 'The Secret of NIMH'
Maybe I'm getting proud of things which aren't particularly difficult for some, but it all comes down to me realizing, or perhaps remembering, that my experience here isn't just dealing with the low-level programming stuff which so many specialize in, but in integrating these technologies with eachother to create something that resembles a useful and powerful system. Not only that, but I tend to forget (despite so many knuckle-dragging examples here at work) that just being able to wade through the terminology and ideology surrounding large computer programs with a degree of comprehension is an accomplishment.
So yeah. I've come away from about four days of reading (over the last few months when I had a moment) with a strong theoretical understanding of PKI (Public Key Infrastructure, the semimagical hierarchy of 'trust' which our Internet's secure communications runs on), Kerberos (a central authority which hands out tickets indicating that you are who you say you are for the purpose of allowing you to authenticate yourself securely without being stuck using fscking passwords all day), and LDAP (a hierarchical database for directory information, which can easily be tied into authentication schemes, among other things). More importantly, I can see how to tie them together in ways which will make my life easier.... well, at least I would _like_ to tie LDAP and Kerberos together, and see how it could be done, but it doesn't seem to want to, yet...:p\
So yeah, feeling less dumb. Helpful, that.
This is not one of the more pleasant topics to roam over. Trust me.
I spent the last few days recalling where my strength lies, and drove it home today. My current nightmare is, as ever, consolidation. out of semi-necessity, I'm one of about 8 people managing 70 systems. None of us 'owns' any block of systems - you can't say to me 'Aw, but managing 8.75 systems isn't bad', without getting an ugly look and a few choice words.
So. Consolidation. Consolidated storage is a dream I've got some inroads on but won't happen while I'm working here, thanks to cost. (NFS, the network-based system I've seen, runs on RPC, which is a BAD technology to have access to your I/O queues, trust me). Consolidated authentication, though, is within my reach. I've been learning LDAP, finding it relatively simple. I'm looking at replicating an LDAP server across multiple nodes - for failover redundancy - and looking into using Oracle's infrastructure for the purpose, which includes a Certificate Authority module and some other stuff that'd be rather useful.
Today, I was cursing the fact that I'd lost my SSH key - basically a key I used to avoid having to type my password every time I wanted to log in - when I rebuilt my system, and realizing that managing an SSH key across 70 systems was another nightmare someone had to have solved before. I went and looked around and found PKI and Kerberos, both of which are supported by OpenSSH. And they made sense.
"One day, I looked at the letters on the cage across from me, and I understood them" - Nicodemus, 'The Secret of NIMH'
Maybe I'm getting proud of things which aren't particularly difficult for some, but it all comes down to me realizing, or perhaps remembering, that my experience here isn't just dealing with the low-level programming stuff which so many specialize in, but in integrating these technologies with eachother to create something that resembles a useful and powerful system. Not only that, but I tend to forget (despite so many knuckle-dragging examples here at work) that just being able to wade through the terminology and ideology surrounding large computer programs with a degree of comprehension is an accomplishment.
So yeah. I've come away from about four days of reading (over the last few months when I had a moment) with a strong theoretical understanding of PKI (Public Key Infrastructure, the semimagical hierarchy of 'trust' which our Internet's secure communications runs on), Kerberos (a central authority which hands out tickets indicating that you are who you say you are for the purpose of allowing you to authenticate yourself securely without being stuck using fscking passwords all day), and LDAP (a hierarchical database for directory information, which can easily be tied into authentication schemes, among other things). More importantly, I can see how to tie them together in ways which will make my life easier.... well, at least I would _like_ to tie LDAP and Kerberos together, and see how it could be done, but it doesn't seem to want to, yet...:p\
So yeah, feeling less dumb. Helpful, that.
