http://blog.icann.org/2008/02/recovering-ipv4-address-space/

ARIN recovered a /8 in 2007. It's unlikely they'll get any more back. I know that doesn't sound much, but the amount of effort involved in getting address space back means that it is probably not worth it. Who pays for getting the company to move their addresses? How long will it take? I wouldn't be surprised if the legal wrangling took a long time to sort things out. Given that we're using about one /8 per month, it won't help that much even if we could get a few blocks back.

Take a read of http://www.potaroo.net/tools/ipv4/index.html to see the rate at which ipv4 addresses are being allocated, along with their predictions for the future. There's a lot there, but it's worth reading at least a bit of it :)

A while back, I wondered how their prediction changed over time so started logging it. The results of that are at http://atchoo.org/ipv4/

Yes, I do want access to the desktops. If I have to, I'll try VNC, but my experience of it has been that it's horribly slow to use, even over 100Mb. I can use Dameware to control machines of users that have dialed in from home, and it's still more than quick enough. It also has nice features like auto-reconnect that'll keep pinging a rebooting machine and automatically connect back up to it as soon as it's available.

I'm still not sure we're talking about the same usage... :) NX gives you the ability to have a graphical desktop much like Windows Remote Desktop. Any number of people can use it at once on the same machine. It does not give you the ability to control the session of an already logged in user in the same way as Remote Assistance (iirc) works. I don't know about dialup use, but I've used NX over low hundreds of k/s connections without any bother.

Cheers,
Roger

I think you're stuck on a lot of those points, alas. This are my answers to selected questions, bearing in mind that I'm not a proper admin, even though I do look after 20 machines or so at work.

> I want to enforce the installation of updates

You could add a cron entry for root to install updates at a specified time each day and grab the updates from the repository that you run. Your repository can be in addition to the normal distro repositories, so you don't need to replicate everything.

> **Group Policy Software Deployment**

I don't think there is anything exactly as you describe, but there are tools that allow running of commands at multiple machines in parallel - I've never looked into this myself, but I believe they might be "cluster ssh" or "parallel ssh" or something similar. This bit is pure speculation, but I'd imagine that one of those, coupled with adding/removing machines to netgroups would look vaguely like what you describe.

> **Roaming Home Folders**

I imagine you're going to get lots of replies here saying "just use nfs!", and I'd be inclined to go with that myself. The usual way this is handled in my experience is to have the home directories on a remote server and that auto mounted with nfs when you log on to a machine. This sounds like what you describe apart from the part with a profile being copied to the local machine. I'm not sure I understand the benefit of that, could you clarify?

> **Preventing access to Executables**

As others have mentioned, you can mount anything with the "noexec" flag and nothing can be executed on that partition/network mount (is that what you meant by removing the execute flag? I wasn't sure whether you meant the execute flag on the file itself). As you're the only person with the ability to install software, bingo, they can only run what you want. If you want more fine grained control, looking into something like selinux would do it, along with a significant amount of hassle.

> **Remote Support**

Agreed, VNC is a bit clunky. I use nomachine nx for remote access and it's the bees knees. This doesn't let you connect to an existing user session if that's what you mean by "remote access to any users desktop" though.

> Do you really need separate partitions for all these things?

On a user machine, not really. It can be useful at times though. Our machines at work typically have 20GB root partition for the OS, ?GB of swap and then the rest is set aside for installs of the *big* commercial apps that we use and temporary simulation data and the like. This partition is preserved during OS upgrades, so we don't have to reinstall which is nice. Essentially I'm saying 20GB (or more if you want, obviously it won't hurt too much to increase that) and an amount for swap is all you need, assuming your home directories are on the network.

I hope that answers some of your questions. I'll be interested to see what other people write as well!

Cheers,

Roger

How about a link for those of us that do have matlab? I like unbelievably cool things :)

Someone may be inclined to port it to something more portable as well (although that's unlikely to be me at this point).

hg has both a revision number and a changeset id. The revision number is human readable and useful within a particular repo. The changeset id is unique across repos, the same as git does.

Hmm, I don't get that on any of the Linux / Solaris machines I've just tried.

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1

I've also had 5.0 and 4.7.