You know, I didn't even really get a boss with a clue. The boss that was let go recently (for being a fly in the ointment of the new VP) was originally a UNIX tech who worked his way up. My current boss was a DBA at one point, but years and years ago. Thing is, though, she trusts her staff generally (and can tell when someone's bullshitting her). So there are probably cases where if no one said anything to her, she wouldn't know something was important... but she gets CERT advisories just like the rest of us, etc.
Only security, eh? I hope you are not responsible for major systems is all I can say. You might not like command line flags, but... come on. How can security be totally invisible to the person supposedly managing the system?
I defer to those with more SELinux-fu than me (apparently not you -- no offense), but is it even possible for an application to not be compatible, period, with SELinux? I'm under the impression that it's not -- that would almost be like saying that an app required all of its files to be chmoded 777 in order to run. That may be the easy way out, but there is certainly a more restrictive set of permissions that would work (for example, I doubt there are any binaries that need the permission to write to themselves as they run).
Something you may not be thinking about -- understanding where you need your permissions on your systems is something that I'd personally recommend REGARDLESS of SELinux.
Just because you don't know how to do something doesn't make it broken. There are additions to almost all of the common GNU fileutils that support SELinux. You could alias them in.profile or equivalent if you wanted, like many distros do with -i on rm, etc.
Of course, it sounds like many of your uses don't call for it, but really, what's next? Saying "I yelled at the PC to copy my files -- it didn't. Until they work this out, I consider it broken."
Walk into your boss and tell them that you've decided to trade security for time (if indeed you're talking about multiuser systems here). My boss would tell me "sorry, that's not your call."
SELinux is NOT one step above yanking the power cord -- how did this get moderated so high?
One needs to put their foot down and do their job. That includes making the system as secure as reasonably possible. If that's the amount of time it takes, that's the amount of time it takes. I'd rather take the high ground than make excuses later on.
I agree. This REALLY bothers me from a Sysadmin chair. It's clear that that feature was placed there in order to help you secure your system -- turning it off ought to be grounds for a reprimand from above. You wouldn't leave telnet open to the world in this day and age, so why would you turn off SELinux on a system that used it? At the very least, assigning files to the same context that contains the privileges that you need is something that does not take months to configure, but makes many of the problems go away.
I run a ColdFusion server with SELinux enabled (permissive yet, but I'm getting there)... that is a bit of a challenge, but it protects me from questions later, like "why was that privilege escalation possible?"
It's not even censorship when the company has come out and apologized for going too far.
Hell, it's the internet -- sometimes internet connectivity goes down, sometimes websites go down. If a website is life or death, someone needs to reevaluate their support structure. If it isn't, then stop using emotional bullshit words for something that is really just what it is: a company making a mistake and screwing up your access to a service you paid for, and deal with it without putting your emotional baggage into a simple customer service complaint.
It's a little pathetic, frankly, that so many are up in arms. There are serious real-life situaitons where shit like this happens all the time (no fly lists that you can't get off of, voting blacklists, etc. ad nauseum) and there is no outcry from these jokers.
Fandom is a hobby, right? A fucking hobby. It is clear that LiveJournal has realized they screwed up and are working to solve the problem. I very infrequently get such full explanations for problems from ISP's or the like. LiveJournal and FastMail are probably the only two, in fact. Verizon and the rest can't be bothered and really don't care about your problems.
I sympathize with them... they are a rather small company with a huge userbase to deal with, and they are human. Mistakes are often made when major searches for bad content are conducted, and clearly they fucked this one up. What bothers me is that you have these pathetic simps complaining that "Oh, I was so hurt and confused when my LJ was suspended." Jesus, write support a note and take a walk for 30 mins -- no one dies if an LJ account is suspended. If they screw you too many times, go someplace else... but the whole idea that a few days without an account (LJ is always crediting people when there is even the smallest outage, many of which I don't even notice) is like some major cause for alarm, and sounds like therapy for some of these folks, is really just lamer than lame.
I have a theory on this one, using SMS quite a bit myself: I can't freaking hear people on the cell phone. They are so shitty at actually making calls, especially if there's anything like wind going on around you, or you're on a train, that it just makes more sense for me to send 10 SMS that the person will definitely receive and understand rather than try to go "hello, hello, what?" for the same amount of time, annoying the shit out of everyone around me in the process.
Sending a kid that won't eat the dinner he's been cooked to sleep with no food is not a form of abuse. What are you supposed to do, make him what he wants? My parents never did and I came out fine. If he's hungry, he'll eat what he's been cooked.
There are a lot of differences here... working for the military is NOT like working in an office. Also, your office is not controlling your internet access while you're "off duty" at the office. I mean, I know the military is also not like being back in a civilian area and that internet access might be limited, but... c'mon, haven't these guys suffered enough without having their YouTube access fucked with?
It is questionable, and to my knowledge, probably done very very few places for that reason. If someone is in their home being attacked, the attacker could certainly calmly answer the phone and explain the situation.
I've had this happen more than once to me, except I know exactly how it happened. Most of the exchanges in my neighborhood start with 9 (939, 935, etc.) and at that time you didn't have to dial the area code. Mistakenly dialing a 9 out of habit and then hanging up because you messed up, and then hanging up again because you were impatient and didn't hang up for long enough will result in a 911 call. Once the police were at the house for it -- after that, I was more careful.
Slashdot Mirror
You know, I didn't even really get a boss with a clue. The boss that was let go recently (for being a fly in the ointment of the new VP) was originally a UNIX tech who worked his way up. My current boss was a DBA at one point, but years and years ago. Thing is, though, she trusts her staff generally (and can tell when someone's bullshitting her). So there are probably cases where if no one said anything to her, she wouldn't know something was important... but she gets CERT advisories just like the rest of us, etc.
Only security, eh? I hope you are not responsible for major systems is all I can say. You might not like command line flags, but... come on. How can security be totally invisible to the person supposedly managing the system?
Wouldn't that be a sign that it's time to get a better distro than to disable security features? :)
I defer to those with more SELinux-fu than me (apparently not you -- no offense), but is it even possible for an application to not be compatible, period, with SELinux? I'm under the impression that it's not -- that would almost be like saying that an app required all of its files to be chmoded 777 in order to run. That may be the easy way out, but there is certainly a more restrictive set of permissions that would work (for example, I doubt there are any binaries that need the permission to write to themselves as they run).
Undocumented you say? I think not.
Something you may not be thinking about -- understanding where you need your permissions on your systems is something that I'd personally recommend REGARDLESS of SELinux.
Just because you don't know how to do something doesn't make it broken. There are additions to almost all of the common GNU fileutils that support SELinux. You could alias them in .profile or equivalent if you wanted, like many distros do with -i on rm, etc.
Of course, it sounds like many of your uses don't call for it, but really, what's next? Saying "I yelled at the PC to copy my files -- it didn't. Until they work this out, I consider it broken."
Walk into your boss and tell them that you've decided to trade security for time (if indeed you're talking about multiuser systems here). My boss would tell me "sorry, that's not your call."
SELinux is NOT one step above yanking the power cord -- how did this get moderated so high?
I know, I must be new here.
I'm not sure that it's at all worth it on a single-user system that is isolated from risky populations by firewalls, etc.
I don't use it on my personal laptop... actually, that makes me wonder -- I don't know, does Ubuntu even use it by default?
One needs to put their foot down and do their job. That includes making the system as secure as reasonably possible. If that's the amount of time it takes, that's the amount of time it takes. I'd rather take the high ground than make excuses later on.
I agree. This REALLY bothers me from a Sysadmin chair. It's clear that that feature was placed there in order to help you secure your system -- turning it off ought to be grounds for a reprimand from above. You wouldn't leave telnet open to the world in this day and age, so why would you turn off SELinux on a system that used it? At the very least, assigning files to the same context that contains the privileges that you need is something that does not take months to configure, but makes many of the problems go away.
I run a ColdFusion server with SELinux enabled (permissive yet, but I'm getting there)... that is a bit of a challenge, but it protects me from questions later, like "why was that privilege escalation possible?"
It's not even censorship when the company has come out and apologized for going too far.
Hell, it's the internet -- sometimes internet connectivity goes down, sometimes websites go down. If a website is life or death, someone needs to reevaluate their support structure. If it isn't, then stop using emotional bullshit words for something that is really just what it is: a company making a mistake and screwing up your access to a service you paid for, and deal with it without putting your emotional baggage into a simple customer service complaint.
It's a little pathetic, frankly, that so many are up in arms. There are serious real-life situaitons where shit like this happens all the time (no fly lists that you can't get off of, voting blacklists, etc. ad nauseum) and there is no outcry from these jokers.
Fandom is a hobby, right? A fucking hobby. It is clear that LiveJournal has realized they screwed up and are working to solve the problem. I very infrequently get such full explanations for problems from ISP's or the like. LiveJournal and FastMail are probably the only two, in fact. Verizon and the rest can't be bothered and really don't care about your problems.
I sympathize with them... they are a rather small company with a huge userbase to deal with, and they are human. Mistakes are often made when major searches for bad content are conducted, and clearly they fucked this one up. What bothers me is that you have these pathetic simps complaining that "Oh, I was so hurt and confused when my LJ was suspended." Jesus, write support a note and take a walk for 30 mins -- no one dies if an LJ account is suspended. If they screw you too many times, go someplace else... but the whole idea that a few days without an account (LJ is always crediting people when there is even the smallest outage, many of which I don't even notice) is like some major cause for alarm, and sounds like therapy for some of these folks, is really just lamer than lame.
If it's anything like the Treo, just use any of your run-of-the-mill productivity apps... you'll be restarting the whole device in short order. ;)
You know there are signs all over NJ that escalators that are not moving are not to be used as stairs and that it is dangerous? This one mystifies me.
Do you still have one? A software update is due out next week or thereabouts.
I have a theory on this one, using SMS quite a bit myself: I can't freaking hear people on the cell phone. They are so shitty at actually making calls, especially if there's anything like wind going on around you, or you're on a train, that it just makes more sense for me to send 10 SMS that the person will definitely receive and understand rather than try to go "hello, hello, what?" for the same amount of time, annoying the shit out of everyone around me in the process.
Anyone who wants actual IMAP e-mail rather than some shitty web interface (if you've chosen your ISP wisely, that is)?
Can it with the "hippie liberal" epithets. I'm a liberal and I don't agree with the person you're arguing against. Calling names is a waste of time.
That's not true.
Sending a kid that won't eat the dinner he's been cooked to sleep with no food is not a form of abuse. What are you supposed to do, make him what he wants? My parents never did and I came out fine. If he's hungry, he'll eat what he's been cooked.
My internet is 768Kbit DSL and flash is really no big deal.
Incidentally, I've been told the expression is "out in the styx" by a wise older gentleman. Who knew!
There are a lot of differences here... working for the military is NOT like working in an office. Also, your office is not controlling your internet access while you're "off duty" at the office. I mean, I know the military is also not like being back in a civilian area and that internet access might be limited, but... c'mon, haven't these guys suffered enough without having their YouTube access fucked with?
It is questionable, and to my knowledge, probably done very very few places for that reason. If someone is in their home being attacked, the attacker could certainly calmly answer the phone and explain the situation.
I'd like to highlight the "used to work" part. ;)
I've had this happen more than once to me, except I know exactly how it happened. Most of the exchanges in my neighborhood start with 9 (939, 935, etc.) and at that time you didn't have to dial the area code. Mistakenly dialing a 9 out of habit and then hanging up because you messed up, and then hanging up again because you were impatient and didn't hang up for long enough will result in a 911 call. Once the police were at the house for it -- after that, I was more careful.
Finding a magnet might not be such a swell idea when talking about a credit card with a magnetic stripe.