[CentOS] Fedora change that will probably affect RHEL

Thu Jul 30 19:17:30 UTC 2015
Warren Young <wyml at etr-usa.com>

On Jul 29, 2015, at 6:19 PM, Nathan Duehr <denverpilot at me.com> wrote:
> 
>> On Jul 28, 2015, at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote:
>> 
>> Now we have entrenched commercial interests that get paid more when you get DDoS’d.  I’ll give you one guess what happens in such a world.
> 
> What happens? Folks have to think harder about connecting stuff to a worldwide untrusted, and generally unfiltered network?  One word: “Duh.”

No, what happens is that you call up your ISP to ask them for help blocking off the DDoS attack, and you either get blown off or transferred to their sales department to buy a “solution” to a problem they allow to exist because it brings in extra revenue.

Your ISP could block this kind of thing at its border.  Your ISP could also use their alliances with fellow ISPs to block DDoSes at their source.  They do neither.

>> fail2ban isn’t in the stock package repo for CentOS 7
> 
> Didn’t realize that. Brilliant move, removing it… (rolls eyes at RH)…

It wasn’t removed.  fail2ban has *never* been in the stock CentOS package repos.  It’s always been a third-party thing.

Fedora has it, but that’s not the same thing as saying “Red Hat removed it from RHEL.”

>> When almost everyone is vaccinated, you get an effect called herd immunity, 
> 
> It’s not a disease. It’s someone using their machine for them because they’re too dumb to use a decent password.

What do you think biological parasites are, then, if not fauna using your body to sustain themselves because your body can’t destroy them fast enough?

Computer worms, viruses, and trojans are computer diseases.

> You’re making it sound like the OS should be responsible for dumb people…

Well, I do generally take a libertarian stance on things, but there is a limit on fobbing everything off on personal responsibility.  Society should be able to impose a certain level of sensible limits on some things.

CentOS is our society in this context.  It is the group we choose to be a member of, which sets the ground rules and provides the resources we use.  It is perfectly legitimate for us to decide it should support us better by default.

> the dumber you let them be, the dumber they stay.

How’s that working out in your personal life?  Is Uncle Bob a virus-fighting crusader these days, 20 years after the commercial Internet got started?  Surely all of your relatives are fully trained up by now?

> Let them lose data, and they’ll learn.

And yet, people continue to not do backups, and fail to test the backups they do make.

So, Apple came out with Time Machine, and Microsoft cloned it in Windows 8, calling it File History.

Are these bad features, because people should have known better already?

> Global society hasn’t changed

Go read "The Better Angels of Our Nature”, by Stephen Pinker:

  https://en.wikipedia.org/wiki/The_Better_Angels_of_Our_Nature

There’s plenty to argue with in his conclusions and data, but the book does at least neatly wrap up a huge serving of “the world is a whole lot different today than it once was.” 

> and neither has the network in decades.

Three decades ago, network security was nonexistent.  There were X Window programs that would run an animation from my computer across my screen, then across your screen, and then across all the other screens in the computer lab.  All with zero need to lower any security barriers.  Then we had rlogin, rcp, and completely-insecure NFS.

Two decades ago, best security practice was deny-by-configuration.  Turn off services you aren’t using, use tcpwrappers to block known bad actors, etc.

Then we moved to allow-by-default firewalls, and then to deny-by-default firewalls.  

Now we’re moving toward encrypt-everything and 2FA apps in everyone’s pocket.

No change?!

> Why should the OS change to make people dumber?

Current thinking is that human intelligence hasn’t increased — or decreased! — at all in many thousands of years.

What *has* changed is that the scope of individual expertise has continually shrunk.

I no longer have to know how to knap my own stone axes because I can buy a camp hatchet from Amazon to split the wood I buy at the convenience store on the way to the campground, which has paved roads, an enclosed privy, concrete pads for the picnic tables, and enclosed fire pits with cooking grates.

And we call all of that “primitive living” today!

This would be pure luxury to a Stone Age person, but Computer Age me probably couldn’t reproduce any of it on my own.  I spend my life acquiring expertise in other things.

I should no longer have to do my own arithmetic to figure out what kind of password I should be using for my computers.  The computer is perfectly capable of doing that arithmetic for me.

>>> You can’t “catch the insecure”… hahaha… it’s not a virus.  
>> 
>> Take an unvaccinated child on a long vacation to some 3rd world cesspit, then report back on how that worked out.
> 
> No one reading this list is likely to be “unvaccinated”

You completely missed the Disneyland measles outbreak story, didn’t you?

> The Internet has always been a meritocracy

The Internet hasn’t been a meritocracy since 1993:

  https://en.wikipedia.org/wiki/Eternal_September