[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Sat Nov 19 02:30:22 UTC 2005
Lamar Owen <lowen at pari.edu>

On Friday 18 November 2005 21:02, Preston Crawford wrote:
> Your name is Lamar Odom?

:-)

No, see 
http://siusalukis.collegesports.com/sports/m-baskbl/mtt/owen_lamar01.html

I get e-mail all the time asking about him.  He seems to be a great player, 
too.  Certainly has a good name. :-)

> Every CentOS box I run uses SELinux. Others turn it off. I'm not going
> home steaming mad because someone else doesn't use SELinux. That's the
> issue now. Your reaction. Your overreaction. Your claim that someone
> saying SELinux is too difficult to manage now, on the Internet, should
> cost them a job. That's the issue now because you made it so.

Perhaps you too are overreacting.  That seems to be in line with general list 
atmosphere.  Perhaps I did overreact to a degree; but I'll stand by my 
observations.  The issue for me is not SELinux per se, but the flippantly 
dismissive attitude that 'it's too hard' (say hard while whining...).  Fine; 
my requirements will be too hard.  I work in an environment where assumptions 
are challenged daily, and where one must be eager (not just willing, but 
eager) to learn something new every day (even if that something is the 102nd 
way to do the IT equivalent of ditch-digging; that is, updating those Windows 
boxes to the latest anti-malware junk and fixing the bugs introduced by that 
junk and cleaning off infections because the user disabled the junk or agreed 
to install spyware or such).  

The utterly dismissive attitude, for better or for worse, did get on my 
nerves, and the original poster wasn't getting the answer he needed except by 
going to another list.  Is that not disturbing?

What is so odd is that there is a general atmosphere of overreacting here.  A 
question is made, and 75% of the answers are likely to be 'oh, you don't want 
to do that at all.'

> For the record, I have WEP disabled at home. I just use SSH and MAC
> Address Filtering. Should I get turned down for a job because I don't
> spend hours and hours of my free time trying to get WPA (a technology that
> doesn't yet work properly in my experience) to work with my CentOS-running
> laptop?

If the job was at a wireless internet company, I don't think I would mention 
that tidbit.  Other general jobs, sure, there shouldn't be a problem.  My 
atmosphere is one that requires an open mind to new technologies (like 
hanging an Ethernet Labjack UE9 (labjack.com) off a fiber-connected Ethernet 
switch in the feedbox of a 26m dish 
(http://www.pari.edu/telescopes/RadioTelescopes/26East) and accessing it with 
a python script GUI from halfway around the world, securely (as in Tasmania)) 
to perform thermal calibration (using CentOS, for that matter) (no, the UE9 
is not secure by design).  We think outside the box; I have no use for 
someone who isn't _eager_ to learn new technologies.

> Or do we not sometimes make security decisions based on a triage 
> of the risk and the time and effort required.

Of course we do.  And in triage the most critical injury will get fixed first.  
What is the most critical injury on academic networks today?  Think about it 
a while, as it's not what you think; but rooting a box has a lot to do with 
it, and it's on the inside network typically.
-- 
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu