On Tue, 2005-11-29 at 17:20, Bryan J. Smith wrote:
> > Heh... Our business is selling streaming data services,
> > mostly over the internet and from an assortment of
> > distributed servers, so you can guess how I feel about
> > that.
>
> Huh? Just because I do _not_ set a "default gateway" on a
> system does _not_ mean they can't reach the Internet. Quite
> the opposite! If anything, I'm ensuring _how_ they reach and
> _what_ they reach on the Internet. ;->
The 'what' is the problem. If our sales person want to
demo a product that connects on 6 different ports to
places that aren't known until the first connection
is established, will it work?
> No offense, but at this point, I'm starting to question your
> technical reasoning (let alone Internet security fundamentals
> ;-). You see only 1 way to do something, and then make
> assumptions on what is and isn't possible based on them.
I didn't design the product, but I've had to help make
it work in places that don't use a default gateway.
It's not pretty.
> I have _nothing_ against people who find something that works
> for them. But I have something against people who think it's
> the only way, or no other way could possible be better.
The reason there are other ways is that none of them
are perfect. There's nothing wrong with understanding
the flaws and tradeoffs of each.
> > Bottom line is it has to be easier than typing the command
> > line once with the proxy info on it and subsequently
> > recalling it from command history or I probably won't
> change.
>
> How about exporting an environmental variable in your
> /etc/rc.d/rc.local?
Generally I don't want applications to use a proxy
unless I know they are going to download the same big
files as other systems. Otherwise it slows things down
slightly and has no benefit.
> And atop of that, why not just download updates on 1 system,
> then redistribute them from it's cache instead -- _after_
> you've tested that they work?
That's a reasonable approach, but takes an extra step and
unless the same programs are installed everywhere the
1st system may not have all the others need.
> At this point, I don't know if you're really interested in
> anything that would make your life easier, you just want the
> way you know -- you have continually argued to be "best" and
> nothing else could be -- to work. And until you get that
> from the CentOS developers on this, or any other issue that
> seems to be an issue at the upstream provider, we will hear
> about it on this list.
I'm not demanding solutions, but if people don't consider
the problems there won't ever be any solutions.
> > Actually I seldom even type it the first time - I usually
> ssh
> > in after installing a new box and paste the command from
> > another window on a different machine.
>
> Again, do you get paid by the hour? You certainly must. ;->
> If I do anything more than a few times, it's scripted.
It's a one-line command. How does making it a script
help? You have to spend the time to create the script
and then it takes just as long to type it's name as
the command itself - or recall it from history.
--
Les Mikesell
lesmikesell at gmail.com