<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV><BR class="khtml-block-placeholder"></DIV>Priceless :) You just made it to my email quote of the week wall :) <DIV><BR class="khtml-block-placeholder"></DIV><DIV>*laugh*</DIV><DIV><BR><DIV><DIV>On Nov 25, 2005, at 3:09 PM, Peter Farrow wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"> Some you seem to be drowning in the "complex=secure" scenario.<BR> <BR> SELinux adds complexity, the biggest dangers in computer hacking come from within your own network.<BR> <BR> 90% of hacking jobs are in house as the statistics show.<BR> <BR> SELinux makes security complex and bloat like, the same thing that makes Windows insecure, this makes the admin job harder, which will lead to mistakes, which will make it hard to find holes, which will inevitably lead to a less secure system.... QED.<BR> <BR> Perhaps all of you that _LOVE_ SElinux so much should branch off to a new flavour of Linux,<BR> <BR> I propose that you name it BloatOS,<BR> <BR> Just keep it well away from me.<BR> <BR> My boxes have SELinux=disabled on all of them (thats a big number by the way).<BR> <BR> I don't need it, those sysadmins who feel they need to use, sure go ahead and use it, but please don't take the morale high ground saying using it is definately better and more secure, because I find that kind of talk irritating because it is so wrong.<BR> <BR> One thing is for sure, SELinux slows the box down, which perhaps you could start arguing that "aah yes the box is so much slower now, it wil take a hacker longer to get in - hey SElinux really is secure for that reason alone" -- ROTFLOL....<BR> <BR> I think you should rename this thread BloatOS.<BR> <BR> You could then write shell script called "unbloat" or "speedup"<BR> <BR> I propose it contains<BR> <BR> <FONT face="Courier New, Courier, monospace">rpm -e libselinux-1.19.1-7 selinux-policy-targeted-1.17.30-2.110 libselinux-devel-1.19.1-7</FONT><BR> <BR> Maybe that too has some marketing mileage, you could sell this script as a box performance enhancer, <BR> <BR> LOL<BR> <BR> <BR> Les Mikesell wrote:<BR> <BLOCKQUOTE type="cite" cite="mid1132418485.17048.14.camel@les-home.futuresource.com"> <PRE wrap="">On Fri, 2005-11-18 at 22:42, Lamar Owen wrote:
</PRE> <BLOCKQUOTE type="cite"> <PRE wrap="">Maybe I'm wrong, but I think any admin needs to experience having their box
cracked. It will produce the humbleness necessary to the trade, because
overconfidence is dangerous.
</PRE> </BLOCKQUOTE> <PRE wrap="">Yes, but when the box gets cracked _because_ they are using the
latest new thing their distribution added under the guise of
increased security, as happened with ssh a while back, it
also produces the attitude that new stuff should soak a long,
long while in a distribution like fedora before going onto
production boxes. You want to at least wait until the surprises
stop - and I take the flurry of reports of broken apps at
every update as an indication that they haven't stopped yet.
Your analogy to a weapon was a good one. When the experts
tuning the distribution still can't keep it from blowing
up in peoples's faces some of the time, normal people should
keep their distance. When the fedora and Centos lists go
several months without a mysterious app failure caused by
SELinux it will be time to reconsider.
</PRE></BLOCKQUOTE><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">CentOS mailing list</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="mailto:CentOS@centos.org">CentOS@centos.org</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://lists.centos.org/mailman/listinfo/centos">http://lists.centos.org/mailman/listinfo/centos</A></DIV> </BLOCKQUOTE></DIV><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Courier New; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Courier New; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Courier New; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV>Elizabeth Palomino</DIV><DIV><A href="mailto:liz@groupee.com">liz@groupee.com</A></DIV><DIV>Sr. Performance Engineer</DIV><DIV>Groupee</DIV><DIV>(206)283-5999</DIV><DIV>Infopop is now Groupee... Same Company, New Name</DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN></SPAN></SPAN> </DIV><BR></DIV></BODY></HTML>