Alex L. Mauer <hawke athawkesnest dot net>
I'm too lazy to try to write any of this, but it would be cool. If anyone has any pointers on this stuff, please let me know!
Conflicting UID numbers are really annoying. I want to be able to add a user to my local machine without having to worry about that number being in use elsewhere on the network. Some of the ideas from LDAP are pretty good . . . the hierarchical stuff. uid=hawke, dc=hawkesnest,dc=net is great! But that has to go back to a number. Bleah. It's actually fine to go back to a number, exclusively for permissions on a local computer . . . but when exporting a filesystem or a user list it should be based on a username and domain. Hierarchical, DNS domain. Not that flat-name-space NT domain crap.
My machines should all know that while they are part of hawkesnest.net, and therefore mail from me should be <hawke at hawkenest dot net>, not <hawke at drowelf dot hawkesnest dot net>. My machines should be able to know where the mail server is (MX records maybe?) and send mail through them, and either use <hawke at hawkesnest dot net> for the email address, or the mail server should know to translate <hawke at drowelf dot hawkesnest dot net> to <hawke at hawkesnest dot net> on its own. Not saying that this is not possible to do now, just that it should be the default mode of operation.
The fact that root can become anyone else kinda knocks a big hole in NFS security. Anything at all that is shared read-write can be read and written by anyone. Kinda defeats permissions. And when you're using DHCP, the host-based authentication is totally useless. Dynamic DNS updates are a start, but since the NFS server seems to only look up the hostnames at startup, that means that anytime a computer changes its IP, you have to restart the NFS server. Bleah.
Update: 2003-03-11: I found the Self-Certifying File System. Seems to be pretty much exactly what I'm looking for. Not sure if it can do remote mounting with no authentication, like for a public share; but since I'm talking about secure file sharing, that's really a non-issue. Plus, since the example given in the documentation does just that, I guess it is possible. I'll have to look into it.
This is an area where I'm a litte bit hazy. Feel free to hit me with a clue-by-four. <hawke at hawkesnest dot net>
GPG is the way to go here. All the way. GPG public keys stored in LDAP for all users at a site (so others can look them up). GPG host keys too, as well as user keys (presumably the host key would be root's key, since no one should be using root for normal use anyway, and being root would give one the ability to work with keys easily with no extra features needed). So the “host key” would have a GPG key description like “Alex L. Mauer (drowelf.hawkesnest.net) <root@drowelf.hawkesnest.net> These could be used for IPSEC, encrypted NFS, ssh, ssl, TLS,what have you. SSH should use GPG keys too, since gpg's key management is about a zillion times better than ssh's. Encryption of loopback filesystems should be based on GPG too.
OK . . . there's a bunch of people out there with a huge amount of hard drive space going unused, yes? And it would rock to be able to use that space, yes? So . . . in the spirit of the various distributed computing systems . . . each system would have a pool of hard drive space that it would be willing to let others use . . . say all the free space remaining, except for 10% of the total drive. There could also be several bases for determining what computers it's willing to share with, e.g. Any computer with a ping of n, any computer on the same subnet, any computer within the same domain . . whatever! Anyway . . . so, these computers connect to a local master server to advertise their disk space. Local masters can be set up and run by anyone. The biggest problem that I see with this is when a node is disconnected (shutdown, destroyed etc.) Big potential for data loss. So, there has to be some redundancy. It would/should work like this . . . any time somebody writes to a file, the master server finds two computers (or any configurable number, really) with enough space exported for the file. As the file expands, it may need to be moved to a different set of compueters. When there is not enough exported space available to fit the file size and redundancy requirements, the file system is out of space. Actually out of space for a file of that size . . . once that file is as large as possible, a new smaller file could still be created. Of course, all network traffic would be encrypted using GPG. So would all files.
Update: 2002-11-26: I've found the Distributed Decentralized File Backup System. It seems pretty close to what I'm looking for. "a tolerant, compressed, distributed file system. Win9x, Linux, FreeBSD, and *nix systems with spare drive space can allocate chunks for use by the backup system." Except for the "for use by the backup system" part. I'd rather have it allocated to a network storage pool. Too bad it seems to be dead. :-( Too bad I suck at programming and have not the vaguest clue where to start.
That about says it.
That's about all I really wish Linux had, at the moment.