Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Unix IT Linux

New Year's Resolutions For *nix SysAdmins (cyberciti.biz) 242

An anonymous reader writes: A new year, with old systems. It is time to break bad old habits and develop good new ones. This list talks about new years resolutions for Linux and Unix sysadmins. List includes turning on 2FA on all services, making peace with systemd, installing free SSL/TLS certificates, avoiding laptops with horrible screens or wireless whitelist in BIOS, building Linux gaming rig and more. What resolutions are on your list regarding sysadmin or IT work in 2016?
This discussion has been archived. No new comments can be posted.

New Year's Resolutions For *nix SysAdmins

Comments Filter:
  • by Anonymous Coward

    is 4k baby!

  • by greenfruitsalad ( 2008354 ) on Friday January 01, 2016 @03:26AM (#51220567)

    maybe i should finally do dnssec. i've been planning to do it for about 5 years.

    • by Lennie ( 16154 )

      It's better to do it now than 5 years ago. Because it's easier to so now.

      Also for mailservers like Postfix they now support the use of DNSSEC+DANE-TLS-certificates:
      http://www.postfix.org/TLS_REA... [postfix.org]

      This means: encrypted SMTP connections between mailservers and man-in-the-middle is not possible.

      • by alantus ( 882150 )
        The big problem is the lack of support from so many TLDs [icann.org].
      • by laffer1 ( 701823 )

        Is it automated to generate new keys yet? My biggest issue with setting up DNSSEC was remembering to update it before the old keys expire. If I forget on a webserver, I could just install a new cert and go on. If I forget on a domain, no one with a cached entry can access it.

    • by AmiMoJo ( 196126 )

      I aim to be fully encrypted, and offer secure versions of all services. Even local NTP on my LAN.

      That includes texts and phone calls.

  • Propaganda (Score:5, Funny)

    by Anonymous Coward on Friday January 01, 2016 @03:40AM (#51220595)

    "making peace with systemd" Might as well make peace with terrorists.

    • by Z00L00K ( 682162 ) on Friday January 01, 2016 @05:35AM (#51220787) Homepage Journal

      No peace until systemd is dead.

  • make peace? (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Friday January 01, 2016 @04:23AM (#51220653)

    systemd was thrust upon everyone and you want us to accept it just because? how about this: document the code, document the interfaces, solidify the ABI, make the code portable, do a security audit instead of trying to force me to use systemd!

    my resolution is to uproot systemd's tendrils from an otherwise decent operating system.

    • by AmiMoJo ( 196126 )

      Security audit systemd... Because init scripts are already secure and we wouldn't want to replace them with something that hasn't been audited!

      • by rl117 ( 110595 )

        Seriously, have you even thought about this in any depth?

        What's more safe and secure, many tens of thousands of lines of C running in PID0 with root privs, or interpreted scripts each running as root or with reduced privs in their own separate process?

        It's obviously the latter. The only compiled code is the shell interpreter, which is well tested and used all over the place with root privs already. And the shell scripts being run are trusted. Now, you can argue all the other points about the downsides of

  • In particularly one that is trying to destroy all that is good and proper like systemd? Making peace with it would be stupid!

  • ... are not in my future.
  • making peace with systemd, .... building Linux gaming rig

  • by fahrbot-bot ( 874524 ) on Friday January 01, 2016 @12:11PM (#51221799)

    New Year's Resolutions For *nix SysAdmins

    After 30 years as an admin and systems programmer, finally find out what that damn asterisk stands for.

  • by RR ( 64484 )

    I strongly disagree with his recommendation for DNS. That’s because I want to spread DNSSEC.

    The problem with services like Amazon Route 53 is they generate DNS records dynamically. That means they need the signing key to be online, on the DNS load balancer, and they don’t bother to do so. If you really need your DNS to be globally distributed (How many people actually look for your domain, anyway? How many times is the answer cached on Google public DNS already?), you should look into CloudFlare [cloudflare.com]

  • by dltaylor ( 7510 ) on Friday January 01, 2016 @07:00PM (#51224105)

    No competent administrator would run something as arcane, unreliable, and fragile as systemd on a server, given any sort of choice.

    Goals for 2016?: remove those last few linux boxen and migrate the services to *BSD (Open is my choice, but it does have some lag on drivers; have to brush up on writing those, I guess).

By working faithfully eight hours a day, you may eventually get to be boss and work twelve. -- Robert Frost

Working...