I'm in the middle of putting an LDAP infrastructure together, and rolling it out to 40-odd Solaris boxes for user authentication, NFS auto mounts, sudo and all that good stuff. Our consultant/contractor/architect worships at the alter of the Sun gods, so OpenDS 1.2.0 was his choice of LDAP server. Not a bad choice, to be honest - it's a piece of piss to set up and get multiple servers multi-master replicating, and it's Free.
All was tickety-boo until a week ago.

First up, all 4 replicating LDAP servers hung overnight. This locked out the admin team from half of our machines until I got into work and poked them back into life. No errors in the logs, nothing weird going on, just hung Java processes and no logins. Brought down 2 of the instances and upgraded the other two to OpenDS 2.0 so hopefully that should be the end of that. Hopefully. Maybe.

Then today, I'm happily LDAPing away when I ran an ldapmodify to change the UID of the user that runs out monitoring software. LDIF imported, no problem, except I'd run the ldapmodify binding as the user I was modifying, not the Directory Manager. Alarm bells went off in my head - users shouldn't be able to modify their own UID numbers. I tried it again, using 0 as the UID, and sure enough it turns out that anyone that could authenticate to LDAP could also change their UID so that they were running as root. Fuck me very hard indeed. A very swift google tipped up an ACL to add to stop this, as well as a whole load of other possible nightmares.

Next, while messing with the ACLs for the UID problem, it occurred to me that the 'proxy' user could see everyone's passwords in the directory. This is by design, since we're using proxy authentication on our Solaris hosts (which means user passwords aren't sent over the network in plaintext), but it also means that anyone logged into any LDAP-enabled Sun box can search for and list everyone in the directory's passwords with a simple 'ldaplist -l passwd'. The passwords are encrypted, but the old-skool Unix 'crypt' isn't exactly what you'd call military grade protection. Shit.
To get round this, I'm currently beating my head against the brick wall of TLS/SSL so we can remove the need for a proxy user. The tools supplied with OpenDS work fine, but the native Solaris stuff won't go near the self-signed certificates we're using (either that or I'm Doing It Wrong, I'm not entirely sure yet). I've given up for the night, but it looks like I'm going to have to generate CA certificates, then regenerate and sign all the certs for the LDAP servers, then import them, then import the CA and server certs into the LDAP config on the clients, then see if the native Solaris stuff works with them, then re-run ldapclient on all the clients. Arse.

I don't get paid enough for this.

While we're at it...
"...speaking at the government's C&binet conference..."
C&binet? Candbinet? What's a candbinet? Jesus. These idiots couldn't even come up with a name that makes sense, never mind some reasonable policies.

Hat-tip to an Anonymous Coward at Slashdot who simply posted: "Lord Fondlebum of Boy".

Do it. Do it now. OM NOM NOM NOM.

And don't forget to tip your delivery guy.

Things of note:
1) When your dentist goes "Hmmm." during a procedure, and invites one of his colleagues to join the ongoing mouth-party, this is not, I am told, cause for alarm. Contrary to the prevailing advice, I chose to become entirely (albeit very quietly) alarmed.
2) Your Dental Specialist may hide the various implements of healing behind his or her back until just before they are to be used. These implements may or may not include:
Large syringes
Well-worn pliars
Blood-filled suction tubes
I'm not entirely certain that this behaviour is normal, however. The furtive yet swift nature in which my dentists work leads me to believe that I've stumbled on a clique of ninja health professionals. I'm expecting a re-enactment of the Shimabara rebellion at the next check-up.
3) Rinsing the resulting casm in your jaw with salt-water according to instruction is entirely ineffective; expect to poke about in there with a toothpick to retrieve horrifying globs of matter, lest your breath become the subject of future Germanic fairy tales.

That's my experience anyway. Your milage may, as ever, vary.

While we're on the subject, check this out. Awesome.

* - Yeah, I'm fucking hilarious.

I don't know what they're made of, but they won't burn without continuous provocation. Sinister.

Having trouble? Can't see your storage? Does your 'cfgadm -al' output look like this:

c11     fc-fabric    connected    unconfigured   unknown

Yeah, me too. Turns out the Emulex cards are a bit shy. You can poke them into life with the following:

luxadm -e forcelip /dev/cfg/c11

Change the c11 to whatever the device ID is for your card.

Tread carefully fellow admins - don't do this on an HBA that's already handling mounted storage - it resets all the ports on the loop, so you might lose sight of your storage for a second or two.

Never had to do any of this with QLogic cards...

FEMALE PREFERRED -
SHOULD BE TALL AND
VERY STRONG AS YOU
WILL HAVE TO CARRY
A SIZEABLE CASE - BUT
THAT IS 50% OF WHAT
I'M PAYING YOU FOR.

What's going on here? What's the other 50% of what (s)he's paying you for? What's in the case? Guesses in the comments, if you would.

Now, I fucking hate flying. Sitting in an aluminium tube (1mm thick! No, I'm not joking!), 6 miles up, doing 500mph, features prominently on my list of Things I Don't Like Doing. It's really pretty high on that list. Just above 'flying' on the list, though, is 'sitting in a GNER shithole-on-rails for 5 hours next to a cantankerous old twat that complains every time he hears the slightest "tsss" from my headphones', so I'll risk the potential explosive-decompression 30,000 foot free-fall inferno death, thanks.

Anyway, all the motherboard connections have changed since the Athlon XP days, so I'm having to replace pretty much everything. Here's the run-down:
Intel Core 2 Duo E7400 Processor
Asus P5QL SE S775 Motherboard
2GB Kingston RAM
NVidia 9500GT 1GB Video Card
250GB Seagate Barracuda Hard Drive
Akasa Ultra Quiet 460w Power Supply
I'm keeping my Lian Li case, the two CD/DVD drives, and my trusty Trinifuckinghugetron Sun monitor (1600x1200 of glorious ).

Total: 300 quid delivered. None too shabby. Can't really afford it, but still, none too shabby. Yes, the video card's weak and 2GB RAM isn't that much these days, but Unreal 2004 is about the most graphics intensive game I play, and Linux is pretty light on RAM. Hell, the old machine only had 1/2GB RAM and a GeForce 5200, fortheloveofgod.

Exactly a year ago, when I first moved in, my heavy-as-fuck blinds came off their hilariously flimsy mounts and attempted to remove my right arm on the way down. That time my shoulder popped out and back in again, resulting in only temporary pain and resentment.
On Saturday night, exactly the same thing happened, but the pain and resentment has persisted. A mortal blow was also delivered to my long-suffering dragon tree, and my equally long-suffering speakers have received injuries that may require plastic surgery.

Balls to the tree and speakers, though. My shoulder's gubbed, so I'm heading to the venerable family GP to demand satisfaction. Or whatever he recommends. The mouse-to-keyboard-and-back arm-rotation is now accompanied by a painful 'clunk', so I'm slightly concerned that this might end up being a real problem what with my profession and all. I can see it putting a dent in my sex life anyway, if you know what I mean. And I think you do.

It's probably worth noting that both of my shoulders are what I believe is termed unstable, so this was going to happen sooner or later. Actually, my knee used to do the same pop-out-and-back routine as well so I'm guessing it's congenital, and therefore my parents' fault more than my flat's. (If you want to experience pain and panic in equal and very large doses, I can recommend trying to straighten out a partially dislocated knee every time - popped shoulders are a definitely piece of piss in comparison.)

On a lighter note, the Sub was all kinds of excellent on Saturday (before the attempted dismemberment) - Domenic's back from Barcelona for good, and he's chucking around some fine quality House.

Oh, how the stupid does so burn.

Why do parents of small children refer to themselves in the third person?

Why do I have to fill out a 14 page document to ask for some disk space from the guy who sits at the desk right behind me?

Idiots. That's why.