[CentOS] SELinux threads, cynicism, one-upmanship, etc.
lowen at pari.edu
Sat Nov 19 02:30:22 UTC 2005
On Friday 18 November 2005 21:02, Preston Crawford wrote:
> Your name is Lamar Odom?
I get e-mail all the time asking about him. He seems to be a great player,
too. Certainly has a good name. :-)
> Every CentOS box I run uses SELinux. Others turn it off. I'm not going
> home steaming mad because someone else doesn't use SELinux. That's the
> issue now. Your reaction. Your overreaction. Your claim that someone
> saying SELinux is too difficult to manage now, on the Internet, should
> cost them a job. That's the issue now because you made it so.
Perhaps you too are overreacting. That seems to be in line with general list
atmosphere. Perhaps I did overreact to a degree; but I'll stand by my
observations. The issue for me is not SELinux per se, but the flippantly
dismissive attitude that 'it's too hard' (say hard while whining...). Fine;
my requirements will be too hard. I work in an environment where assumptions
are challenged daily, and where one must be eager (not just willing, but
eager) to learn something new every day (even if that something is the 102nd
way to do the IT equivalent of ditch-digging; that is, updating those Windows
boxes to the latest anti-malware junk and fixing the bugs introduced by that
junk and cleaning off infections because the user disabled the junk or agreed
to install spyware or such).
The utterly dismissive attitude, for better or for worse, did get on my
nerves, and the original poster wasn't getting the answer he needed except by
going to another list. Is that not disturbing?
What is so odd is that there is a general atmosphere of overreacting here. A
question is made, and 75% of the answers are likely to be 'oh, you don't want
to do that at all.'
> For the record, I have WEP disabled at home. I just use SSH and MAC
> Address Filtering. Should I get turned down for a job because I don't
> spend hours and hours of my free time trying to get WPA (a technology that
> doesn't yet work properly in my experience) to work with my CentOS-running
If the job was at a wireless internet company, I don't think I would mention
that tidbit. Other general jobs, sure, there shouldn't be a problem. My
atmosphere is one that requires an open mind to new technologies (like
hanging an Ethernet Labjack UE9 (labjack.com) off a fiber-connected Ethernet
switch in the feedbox of a 26m dish
(http://www.pari.edu/telescopes/RadioTelescopes/26East) and accessing it with
a python script GUI from halfway around the world, securely (as in Tasmania))
to perform thermal calibration (using CentOS, for that matter) (no, the UE9
is not secure by design). We think outside the box; I have no use for
someone who isn't _eager_ to learn new technologies.
> Or do we not sometimes make security decisions based on a triage
> of the risk and the time and effort required.
Of course we do. And in triage the most critical injury will get fixed first.
What is the most critical injury on academic networks today? Think about it
a while, as it's not what you think; but rooting a box has a lot to do with
it, and it's on the inside network typically.
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
More information about the CentOS