Sysadmin

Mozilla's IT team is pivoting to a more community-focused approach. Our director of IT, mrz, has been writing extensively about it over the last few weeks.

As you can imagine, the difficult part of this is to balance security with accessibility. We'd like to be open, but we can't give the keys to the kingdom out to anyone who promises to help. The approach we're taking is to treat volunteers as we would part-time employees - post positions, interview, and then supervise to gain trust. This is a fairly common model, actually, for any organization with volunteers and a need for security. Youth programs, for example, generally do an interview and background check with new volunteers, and those volunteers will be paired with senior volunteers or staff for a while.

However, it's a bit cumbersome, both for Mozilla and for potential volunteers. We must design entire positions - ongoing tasks or roles that a volunteer can work on for an extended period of time - and then select a limited number of volunteers to fill those roles. For potential volunteers, an application and interview can mean a long time (weeks?) before they get to do anything hands-on. It also carries the risk that we'd have to turn a qualified volunteer away due to lack of suitable positions.

So what to do?

We need a more fluid way of interacting with potential contributors. Since our bug database is public, we can begin by simply tagging a few bugs that are appropriate for newcomers -- things that don't require sensitive access and are well-encapsulated so they can be completed without extensive knowledge of Mozilla's infrastructure.

Here's the list.

It's a bit short right now. There are a few things that may help:

• We can get better about identifying appropriate tasks and projects and making bugs out of them.
• We can identify a means of giving limited or sandboxed access to a new volunteer.
• Consumers of Mozilla's IT resources can begin tagging bugs, where Mozilla can provide the resources and volunteers can do the heavy lifting - got any ideas?

Google Groups is one place where, IMHO, Google pushes its hegemony too far, making it difficult to use. I wanted to subscribe to puppet-users with my Mozilla address, but since I have a Google account, Groups assumes I want to subscribe with that address. No!

I found the fix with a bit of Googling (some irony there). It involves editing a URL:

http://groups.google.com/group/puppet-users/boxsubscribe?email=email@domain.com

where you'd substitute the name of the group you want for puppet-users and add your email at the end.

I've been working on improving the monitoring of the build slaves at Mozilla. As part of this project, I needed to be able to submit passive check results to the Nagios servers via NSCA during system startup. I'm doing this from a Python script that needs to run on a wide array of systems using whatever random Python is available. We run some oddball stuff, so the common denominator is Python 2.4.

It turns out that there's no Python NSCA library, although there is Net::Nsca in Perl. So, I wrote one, and put it on github: https://github.com/djmitche/pynsca.

At the moment, this only knows XOR, and only does service checks. That's all I need, but hopefully it can be easily expanded to cover other purposes. The one thing I want to avoid is adding mandatory requirements -- this should work, at least in plain-text and XOR modes, on a plain-vanilla Python installation.

By the way, the startup script I'm working on is runslave.py, which includes a modified copy of pynsca and does a number of other housekeeping jobs as well. More on that in a subsequent post.

Amanda joined the IPv6 revolution in November 2006 - all of the BSD-style authentication mechanisms can support IPv6 endpoints. However, it's generally agreed that this was a mistake, and in this post I will talk about why that's the case.

Continue reading "IPv6 and Amanda"

I just upgraded my Macbook to Snow Leopard, and the upgrade has changed the way SSH authentication works. I have set up a system I like quite a bit, now, and thought I would share.

Continue reading "SSH With Snow Leopard"

I've been meaning to get IPv6 set up on my local network for some time. My only practical reason is that Amanda supports IPv6 and I should test that support. It was also a good chance to re-immerse myself in network configuration, and Hurricane Electric has a neat certification process to add some motivation.

Continue reading "IPv6 Configuration"

I saw an interesting post on the Subversion development list a while ago. In part:

This note is to inform you that the Shell Group will be migrating from Windows 2000 to Microsoft's new operating system known as Windows Vista with effect from Q1 2008, and to seek your assistance and support in minimising disruption to users and applications during and after the migration.

The note goes on to request some fairly specific information about the upgrade path for TortiseSVN, the Windows Subversion client. They are the sorts of questions that all IT shops would love to ask all of their vendors, with the expectation of a full and well-researched answer.

As an admin at a small K-12 school, questions of this sort were met with blank stares from vendors. At best, we could get a demo unit, but any sort of analysis of the potential fit of a product (besides the "analysis" the salesmen would do) was simply out of the question for an account of our size. On the other hand, I could usually count on honest assessments from open-source software mailing lists, even if they didn't represent full-scale implementation analyses.

The Shell Group request turns the situation around. Shell Group is a very large client and is probably accustomed to contacting peers like Dell, Aramark, or HBN-AMRO with requests like this. Yet here they are making these requests of a gaggle of developers, none of whom want to be "the main liaison for ALL matters pertaining to Vista compatibility." There were no on-list responses, so I can't say what became of the request.

There's clearly a business need here, but it's not the typical "sell support for open source software" niche. Rather, Shell Group wants a business entity with which they can have a more contractual relationship: one that can get the software certified by Microsoft, make projections as to deliverable dates, and so on. An entity that can answer support calls but does not have significant control of the development community is simply not capable of these things, but neither is a development community without a legally representative organization.

I'm interested to see if this kind of request occurs more often, and what effect it has on the landscape of adoption of OSS in big business.

Continue reading "Open-Source Support?"

Mrs. Zwicky gave a really excellent talk that balanced real research in education, in problem solving, and in systems administration. She teaches systems administration to Navy recruits for a defense contractor, in a tutoring setting. The talk addressed the common belief that problem solving skills are essentially innate and can't be taught. She discussed the problem-solving process in general, using lots of examples (well, "war stories") from systems admin. Finally, she talked about some of the techniques and skills needed to teach problem solving (or anything, really).

These techniques included scaffolding -- building the learners' conceptual understanding by presenting the right tasks, offering the right support, and convincing the learner to talk about the concepts, not just "what do I type". Also included was "spotting", which I assume comes from sports -- the idea here is to make sure that the learner doesn't suffer any horrible consequences from making mistakes.

Continue reading ""Teaching Problem Solving: You Can and You Should" (Elizabeth Zwicky)"

So what better time to inagurate this blog than now, during the keynote to the LISA (Large Installation Systems Administration) conference. It's an interesting general talk about one of the many pressing non-technical issues in this community: DRM and restrictive licensing.

Continue reading "USENIX LISA"