From owner-freebsd-fs@freebsd.org Tue Jun 21 00:58:19 2016 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD441A7AA39; Tue, 21 Jun 2016 00:58:19 +0000 (UTC) (envelope-from zbeeble@gmail.com) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6D91713D9; Tue, 21 Jun 2016 00:58:19 +0000 (UTC) (envelope-from zbeeble@gmail.com) Received: by mail-yw0-x230.google.com with SMTP id i12so1035353ywa.1; Mon, 20 Jun 2016 17:58:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BlkcvIv/mNI6Yc7HidWq/8qV8OyrMptLR56uH23xosI=; b=D/UipZ2CdGHVURfkoIMxt8xOqKi3x8c+YHw2jmJwfvk0t4GLxl7jJ/95Z3MIqRzFWJ UVDRGEgITHVZILUqPqGrecjmo+whIJmSFVCACaAI6JuB4ElJ+HHS4TwU0LvLE0PuFbtJ EswAyPDF3vrvC3E6VoUQvpM/u/FXpWT5wtlR/kO/6Ic/kfyN0AG/IH4eazF1/bkaopRT +RuqfFVk9hHJeBFVm6wnf86UXGnvLr2KFw83dr65rCFnRIHZn0Stjzz2nU/QPaOjrY6W LlOrTnEaqKiQ5QdAUXwnTzEaCKI9UbZjoRbiFhw5FJhRu/ARlTMzwPFsJmzXoS18EtUn kp2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BlkcvIv/mNI6Yc7HidWq/8qV8OyrMptLR56uH23xosI=; b=CNwfCFuE60GSZzVWtBSkNCzPAKELTs7DXzIazV+gr8aZ6/PnooC8YO/AO4yn5gtiTX 9IodCmvyRNEsUe3afw4EOnjsap+L7flQ2eQZG8vBvwH8a6SdAZrtOJCDNZJDcxz9/qmc srbho8kx8/zXTIgiUDRnPfYnpabKY0XZuaYq8hcSb3mbwezFiPATUqxPb0UDg/qkctlU YrdmeBspL2+wgkvERmX4MvPlFPFhG1bAzJrkd3zs46FiLJzEpCzMSuWFfA1K8opaQW8P LioggofBK56j69axvqVHzCpkD6G4O+dVDHNkhV0TCOB9//l0O1QmB+c/gBcUnM8s4Td0 AXIg== X-Gm-Message-State: ALyK8tK/lTVXHjkwR69YeDdzS0ZLMCDEqgRB0gFccEwmIv24gGmqjmhK2bmxL2GpIhLh+6kT+nEUjKNwL7jkZw== X-Received: by 10.129.145.136 with SMTP id i130mr5702225ywg.1.1466470698674; Mon, 20 Jun 2016 17:58:18 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.27.130 with HTTP; Mon, 20 Jun 2016 17:58:18 -0700 (PDT) In-Reply-To: <9BB7E8B3-EC0E-457E-B2B2-FB80B1CF02B0@gmail.com> References: <9BB7E8B3-EC0E-457E-B2B2-FB80B1CF02B0@gmail.com> From: Zaphod Beeblebrox Date: Mon, 20 Jun 2016 20:58:18 -0400 Message-ID: Subject: Re: The small installations network filesystem and users. To: Chris Watson Cc: freebsd-fs , FreeBSD Hackers Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2016 00:58:19 -0000 On Mon, Jun 20, 2016 at 6:11 PM, Chris Watson wrote: > I'm glad you brought this up. I wanted to but I've heard it before on the > lists and realize that there is this disconnect between the developers > doing the actual work to implement these things and the end users. > > [...] > > There was a photo from bsdcan this year of a "sysadmin spotting" shirt. If > you read the text on it you actually begin to see how systemic and > difficult actually using and configuring most software is. It's probably a > good reason most developers use macs. In addition to better HW support. I'm > not sure what the solution to this is. I think it would be great if beta > testers and the developers had a closer connection and issues were handles > in a timely manner. But in a volunteer project I get why that is > unreasonable. But I mean go through the bug database and you can see PRs > that are years old. I don't know. I just know I'm getting to old to spend > all day beating my head against software to get it working. Honestly if I > have to spend over an hour reading crap docs all over the net because your > manpage make no sense or is vague, trying to configure the software, your > software sucks and I'm rm'ing it. I recently went through this with > opensmtpd. I went right back to postfix. And all over something as simple > or should be as simple as mail aliases! > > Not exactly where I expected this post to go, but for the record, I was at BSDCan this year. When I can get my head around something, I have submitted patches (ethernet drivers, netgraph, softupdate bugs (back-in-the-day), many ports and a few userland utilities). I'm not exactly a user who chucks things and installs linux. I even run a full on ADSL-providing ISP on FreeBSD without help from any non-FreeBSD product other than my core switch. That-all-said, authentication is a possible huge win. I was recently involved in a deployment of ubuntu that included LDAP and even though it was a mess, it eventually was hammered into working. Ubuntu and the implementation were not my choice, but you do-what-you're-told when someone else is paying the bill. Honestly, I don't know how I would have pitched FreeBSD there. Not even ubuntu itself had LDAP right. It was a combination of third parties. Even with that gigantic head start, LDAP was a bear --- but AFAICT, LDAP is _required_ for NFSv4 deployments. Now, LDAP without Winblows is slightly less of a bear, _but_ Maybe this dovetails with a subtext at BSDCan's keysigning BOF: that many projects risk irrelevance with their complexity. It's not that I believe complex setups are bad. But simple things need be simple. I have 3 machines at home (for instance) and a cluster of 8 machines in colo (run the ISP). On my 3 machines at home, I run NFSv3 because it works and I can get it setup. I'd like to run NFSv4 because then my windows machines would look at it, but I run SMB instead (v3, no less) because it roughly works. So at home... I have three machines and a fairly liberal hacking time budget. I have failed at LDAP several times. I'm back to copying the master.password file around because that works. I don't like it, but it works. It seems like the breakeven for LDAP effort vs. scp master.password is somewhere around 50 machines. -ish. I realize the real problem is that authentication has become more complex in the world since networks can't be trusted. I have to wonder if we're getting back closer to that now with all the tunneling on wifi and campus networks. Sigh. I'm starting to feel like this whole post has no purpose.