Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Comment Correct link for buying the book (Score 4, Informative) 83

by Saint Aardvark (#46326797) Attached to: Book Review: Sudo Mastery: User Access Control For Real People

Hi all -- I submitted this review, but it looks like something ate the link for the book. Here's where to buy it:

I believe the Amazon link gives the author a few more shekels, but he makes the most money from the first link; details from his website's page on this book.

Submission + - Book Review: "Sudo Mastery: User Access Control for Real People" (tiltedwindmillpress.com)

Submitted by Saint Aardvark
Saint Aardvark writes: Disclaimer: I got a free copy of this book because I was a technical reviewer for it. Disclaimer to the disclaimer: I totally would have paid for this book anyway. Final disclaimer: a shorter version of this review appeared on Amazon.com.

If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:
  1. Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
  2. Make sure you're in the wheel group.
  3. Profit!

Okay, so you can now run any command as root. Awesome! But not everyone is as careful as you are (or at least, as you like to think you are). If you're a sysadmin, you need to stop people from shooting themselves in the foot. (Might also want to stop yourself from self-inflicted gunshot wounds.) There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form (sue me), and my eyes would glaze over. And so I'd go back to putting some small number of people in the "wheel" group, and letting them run sudo, and cleaning up the occasional mess afterward.

Fortunately, Michael W. Lucas has written "Sudo Mastery: User Access Control for Real People". If his name sounds familiar, there's a reason for that: he's been cranking out excellent technical books for a long time, on everything from FreeBSD to Cisco routers to DNSSEC. He just, like, does this: he takes deep, involved subjects that you don't even know you need to know more about, and he makes them understandable. It's a good trick, and we're lucky he's turned his attention to sudo.

The book clocks in at 144 pages (print version), and it's packed with information from start to finish. Lucas starts with the why and how of sudo, explaining why you need to know it and how sudo protects you. He moves on to the syntax; it's kind of a bear at first, but Chapter 2, "sudo and sudoers", takes care of that nicely. Have you locked yourself out of sudo with a poor edit? I have; I've even managed to do it on many machines, all at once, by distributing that edit with CFEngine. Lucas covers this in Chapter 3, "Editing and Testing Sudoers", a chapter that would have saved my butt. By the time you've added a few entries, you're probably ready for Chapter 4, "Lists and Aliases".

sudo has lots of ways to avoid repeating yourself, and I picked up a few tricks from this chapter I didn't know about — including that sudo can run commands as users other than root. Need to restart Tomcat as the tomcat user? There's a sudoers line for that. I'm ashamed to admit that I didn't know this.

There is a lot more in this book, too. You can override sudo defaults for different commands or users (you can change the lecture text; maybe sometimes there *is* a technical solution for a social problem...). You can stuff sudo directives into LDAP and stop copying files around. You can edit files with sudoedit. You can record people's sudo commands, and play them back using sudoreplay. The list goes on.

Sounds like a lot, doesn't it? It is. But the book flies by, because Lucas is a good writer: he packs a lot of information into the pages while remaining engaging and funny. The anecdotes are informative, the banter is witty, and there's no dry or boring to be found anywhere.

Shortcomings: Maybe you don't like humour in your tech books; if so, you could pass this up, but man, you'd be missing out. There wasn't an index in the EPUB version I got, which I always miss. Other than that: I'm mad Lucas didn't write this book ten years ago.

Score: 10 out of 10. If you're a Linux or Unix sysadmin, you need this book; it's just that simple.

Where to buy:

  • You can buy the ebook version from Lucas himself.
  • You can also buy the ebook or a dead-tree version from Amazon.com.

Submission + - Apache CloudStack 4.2.0 released (apache.org) 2

Submitted by ke4qqq
ke4qqq writes: This release represents over six months of work from the Apache CloudStack community with 57 new and 29 improved features being provided. Many new features incorporate contributions from major corporations and support for industry standards. New integrated support of the Cisco UCS compute chassis, LXC, SolidFire storage arrays, and the S3 storage protocol are just a few of the features available in this release.
Transportation

Richard Branson Plans Orbital Spaceships For Virgin Galactic 177

Posted by timothy from the ignore-the-weight dept.
Velcroman1 writes "Following the historic first rocket-powered flight of its SpaceShipTwo vehicle, Virgin Galactic plans to build a fleet of spaceships and begin ferrying hundreds of tourists into space in 2014. And then? A whole new kind of spacecraft, Sir Richard Branson said. 'We'll be building orbital spaceships after that,' Branson told Fox News Tuesday, 'so that people who want to go for a week or two can.' Assuming the cost is on the same scale, would you pay a few hundred grand for a few weeks in orbit?"
Firefox

Emscripten and New Javascript Engine Bring Unreal Engine To Firefox 124

Posted by Unknown Lamer from the cycle-is-nearly-complete dept.
MojoKid writes "There's no doubt that gaming on the Web has improved dramatically in recent years, but Mozilla believes it has developed new technology that will deliver a big leap in what browser-based gaming can become. The company developed a highly-optimized version of Javascript that's designed to 'supercharge' a game's code to deliver near-native performance. And now that innovation has enabled Mozilla to bring Epic's Unreal Engine 3 to the browser. As a sort of proof of concept, Mozilla debuted this BananaBread game demo that was built using WebGL, Emscripten, and the new JavaScript version called 'asm.js.' Mozilla says that it's working with the likes of EA, Disney, and ZeptoLab to optimize games for the mobile Web, as well." Emscripten was previously used to port Doom to the browser.

Comment Tito presenting paper on *crewed* flight in March (Score 5, Informative) 97

by Saint Aardvark (#42973953) Attached to: Millionaire Plans Mission To Mars In 2018

From http://www.newspacejournal.com/2013/02/21/new-insights-on-that-private-crewed-mars-mission/:

This publication obtained a copy of the paper Tito et al. plan to present at the conference, discussing a crewed free-return Mars mission that would fly by Mars, but not go into orbit around the planet or land on it. This 501-day mission would launch in January 2018, using a modified SpaceX Dragon spacecraft launched on a Falcon Heavy rocket. According to the paper, existing environmental control and life support system (ECLSS) technologies would allow such a spacecraft to support two people for the mission, although in Spartan condition. âoeCrew comfort is limited to survival needs only. For example, sponge baths are acceptable, with no need for showers,â the paper states.

The IEEE Aerospace Conference is in March -- next month. That's pretty interesting timing.

Comment Re:Sort of past its sell date (Score 4, Informative) 40

by Saint Aardvark (#42619977) Attached to: A Chat With USENIX Community Manager Rikki Endsley (Video)

I respectfully disagree. I've been to four LISA conferences (sysadmin conference run by USENIX) since 2006, and I see very little that is comparable; there are the various LOPSA conferences (LOPSA-EAST, Cascadia IT Conference), but they're simply not at LISA's scale. Want to hang out with a thousand other sysadmins? Get training from Ted T'so on recovering borked disks? See what Google is up to -- or the small IT shop at the university down the coast with 1/20000th the budget? There's simply nothing else out there that matches it.

As for the rest of the conferences, all I know is the summaries I've read in ;login: and the material that I've watched/listened to on their website. (And btw, HUGE kudos to USENIX to opening access to their proceedings, talks and papers.) But at the very least, they make damned interesting reading, and have made me very curious about things that are going on outside my narrow focus.

I don't have the breadth of experience you do; I concentrate on system administration because I love it, and I've been doing it less than ten years. I'm definitely an interested amateur (at best) when it comes to topics like security, or file systems, or OS design. But I'm always surprised how much of USENIX conference material touches on areas of interest or direct relevance to me, and at the very least browsing their papers is a wonderful introduction to some research and work I'd miss otherwise. I'm sure (with the exception of LISA) there are more focused conferences, or better known ones (DefCon is one that springs to mind). But I can't agree that USENIX is "past its sell date".

(And in passing, thanks very kindly for all the work you've done for the Open Source/Free Software community. Kinda boggles my mind that I'm debating you...)
Space

Supermassive Black Hole Destroying Proto Star System 67

Posted by Unknown Lamer from the sucks-to-live-there dept.
astroengine writes "A new analysis of recent observations finds evidence for a protoplanetary disk around a red dwarf star plunging in the direction of the supermassive black hole at the center of our galaxy. Ruth Murray-Clay and Avi Loeb of the Harvard-Smithsonian Center for Astrophysics did the theoretical work. Stefan Gillessen of the Max-Planck-Institute for Extraterrestrial Physics made the observations using the European Southern Observatory's Very Large Telescope. The red dwarf star will make its closest approach in the summer of 2013, hurtling only 270 billion miles from black hole. (Or roughly 54 solar system diameters, as measured from the furthest edge of the Kuiper belt.) It won't get sucked into the black hole, but it will be flung back along its elliptical orbit out to a distance of a little more than 1/10 light-years."
Canada

Submission + - Canadian bureacracy can't answer simple question: What's this study with NASA? (ottawacitizen.com)

Submitted by
Saint Aardvark
Saint Aardvark writes: "It seemed like a pretty simple question about a pretty cool topic: an Ottawa newspaper wanted to ask Canada's National Research Council about a joint study with NASA on tracking falling snow in Canada. Conventional radar can see where it's falling, but not the amount — so NASA, in collaboration with the NRC, Environment Canada and a few universities, arranged flights through falling snow to analyse readings with different instruments. But when they contacted the NRC to get the Canadian angle, "it took a small army of staffers— 11 of them by our count — to decide how to answer, and dozens of emails back and forth to circulate the Citizen’s request, discuss its motivation, develop their response, and “massage” its text." No interview was given: "I am not convinced we need an interview. A few lines are fine. Please let me see them first," says one civil servant in the NRC emails obtained by the newspaper under the Access to Information act. By the time the NRC finally sorted out a boring, technical response, the newspaper had already called up a NASA scientist and got all the info they asked for; it took about 15 minutes."

Submission + - Canadian Music Industry wants SOPA-style blocking added to bill C-11 (michaelgeist.ca)

Submitted by MrKevvy
MrKevvy writes: Michael Geist writes:

"Yesterday the Canadian Music Publishers Association added to the demand list by pulling out the SOPA playbook and calling for website blocking provisions. Implausibly describing the demand as a "technical amendment", the CMPA argued that Internet providers take an active role in shaping the Internet traffic on their systems and therefore it wants to "create a positive obligation for service providers to prevent the use of their services to infringe copyright by offshore sites." If the actual wording is as broad as the proposal (the CMPA acknowledged that it has an alternate, more limited version), this would open the door to blocking thousands of legitimate sites. The CMPA admitted that the proposal bears a similarity to SOPA and PIPA, but argued that it was narrower than the controversial U.S. bills."
Canada

Submission + - Canada's online surveillance bill: Section 34 "opens door to Big Brother" (www.cbc.ca)

Submitted by Saint Aardvark
Saint Aardvark writes: Canada's proposed online surveillance bill looked bad enough when it was introduced, but it gets worse: Section 34 allows access to any telco place or equipment, and to any information contained there — with no restrictions, no warrants, and no review. From the article: "Note that such all-encompassing searches require no warrant, and don't even have to be in the context of a criminal investigation. Ostensibly, the purpose is to ensure that the ISP is complying with the requirements of the act — but nothing in the section restricts the inspector to examining or seizing only information bearing upon that issue. It's still "any" information whatsoever." You can read Section 34 here.

Slashdot Top Deals

BLISS is ignorance.

Close