[CentOS] Another Fedora decision

Tue Feb 3 19:15:08 UTC 2015
Les Mikesell <lesmikesell at gmail.com>

On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
<galtsev at kicp.uchicago.edu> wrote:
>
>>
>> Yes, computers and the way people access them are pretty much a
>> commodity now.  If you are spending time building something exotic for
>> a common purpose, isn't that a waste?
>
> Do I have to take that people who are not sysadmins themselves just hate
> an existence of sysadmins?

No, I think there are better things for sysadmins to do than fix
settings that should have had better defaults.

>> There are probably still people that take their cars apart to check
>> that they were assembled correctly too.  But that doesn't mean that
>> things should not be shipped with usable defaults.
>>
>
> No, I'm not the driver of my cars, I mean computers. I am a mechanic of
> racing car competition team, my cars go into competition, and the life of
> driver riding it depends on me having taken the whole mechanism apart, and
> making sure nothing breaks and kills driver and hundreds of spectators.

So don't you think it would be a good thing if the thing was built so
it didn't break in the first place? That is, so nobody gets killed
running it as shipped, even it they don't have your magical expertise?

> I really hate these car analogies. They are counter-productive. In your
> eyes my server is indeed a commodity, which I refuse to agree with pretty
> much like I refuse to join ipad generation. My ipad would be commodity,
> but I for one will never trust that ipad and will not originate connection
> to secure box from it.

The point I'm trying to make is that whatever setting you might make
on one computer regarding security would probably be suitable for a
similar computer doing the same job in some other company.  And might
as well have been the default or one of a small range of choices.
And in particular, rate limiting incorrect password attempts and/or
providing notifications about them by default would not be a bad
thing.  Unless there's some reason you need brute-force attacks to
work...

-- 
   Les Mikesell
     lesmikesell at gmail.com