Post #200,522
3/25/05 5:14:27 PM
|
If you know that it is the issue
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
|
Post #200,524
3/25/05 5:23:06 PM
|
The old chestnut about the retired guru
After weeks fighting with a problem on an antique mainframe that just couldn't be replaced yet, manager finally calls in the retured guru who had built it. Offers a virtual blank check to come fix their problem. He comes in, spends five minutes looking at logfiles, takes a piece of chalk and marks an X on one of the boards. Tells them, "Replace that."
It works. He sends them a bill for $50,000. Manager complains that he was only there for five minutes, and besides, he'd need to itemize that just a bit to get it through accounting. Guru sends a new bill: chalk, one (1) piece, $5; knowing where to apply it, $49,995.
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #200,532
3/25/05 5:34:22 PM
|
Nah
Note: I've heard the same story applied to a screwdriver.
In this case, there is a HUGE amount of information available about Selinux, and Fedora core in particular. This guy just doesn't want to read or learn.
|
Post #200,537
3/25/05 6:07:36 PM
|
You're being an asshole. Inappropriately.
Because you know a lot about system administration, and think that system administration is important, it annoys you to no end to encounter technically competent people who haven't bothered to become administrators. But if you only set up a machine every few years, should you really have to expect to become a sysadmin? Particularly when using a product that is marketed as being for end users.
Reality check. I look at that situation and think that on my machine I'd be more likely to be in his boat than in yours. And I note that he did figure out his answer. Sure, it took him 3 hours, but I could well see it taking me as long to figure it out. And the intermediate things that he did are things that I'd expect to try.
Sure, the incident wouldn't inspire me to hire him as a sysadmin. Or to ask him to install a new server. But that isn't what he does for a living.
The straw poll that he did of his office is telling. Of a group of programmers working on Linux, most don't know what Selinux is, and have no idea how it might impact Apache. If a group of sysadmins had similar ignorance, I'd get worried. But that's about what I'd expect from programmers. (For the record, I can't say that I've ever dealt with Selinux, and I have no real idea what it does.)
Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
|
Post #200,540
3/25/05 6:18:30 PM
|
Oh boy, I've insulted a saint
OK, MAYBE I was a bit harsh.
And MAYBE he hit several of my hot spots, within a couple of minutes.
And PROBABLY he would kick my ass in a Perl competition.
But I'm not an admin either. Greg is an admin, not me.
And he IS a whiner, with that wanting those 3 hours back.
But I accept he is probably smarter than me, so either I am less than a moron, or he is not.
|
Post #200,542
3/25/05 6:28:03 PM
|
How many machines have you installed/tweaked lately?
You may not consider yourself a sysadmin. But there are a lot of people who are called sysadmins that do less of it than you do.
Now consider the point of view of a person who has installed 3 machines in the last 5 years. (I may have installed a fourth, I forget. I don't know what he has done.) Compared to that person (me) you're pretty much an expert sysadmin.
System administration is learnable. But I don't expect people who don't do it to know how to do it.
Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
|
Post #200,543
3/25/05 6:43:34 PM
|
And now you've hit another of my hot buttons
System administration is learnable. But I don't expect people who don't do it to know how to do it.
Try to apply that concept to any other profession, escpecially ones that can cause harm. And you see how silly it is.
Electrical wiring is learnable. But I don't expect people who don't do it to know how to do it.
Then they shouldn't rewire their front yard light and whine about their house burning down.
This guy slapped a system together and put it on the web. If it is his home box, and he does not have a firewall, he'll be owned in a day or so anyway. And then he'll be spewing spam or be a hacker bounce box, to the detriment of the rest of us.
Yeah, it's a drop in the bucket, but dammit, he should know better!
So it's even worse when someone this smart does crap like this!
|
Post #200,548
3/25/05 7:27:37 PM
|
That's getting to be like a game
Will I win anything?
First, for the record, I know that dws knows why firewalls are a good thing, but I have no idea whether he's using one. I suspect he is, but I have no proof either way.
Let's take your electrical wiring example. While it is true that for installing wires you should have someone who knows what they are doing, consumer electrical products do not need an electrition. For instance most people expect to be able to change their own lightbulbs. And that expectation generally works out OK, but doesn't.
The same should apply in computing. But doesn't because we don't hold manufacturers of consumer computing products liable for the damage caused by malfunctions. (So they're engineered for convenience, not for safety.) The result is that, as you say, if you put a machine on the internet, it gets owned pretty fast. Generally if you put up a firewall and a machine, it gets owned more slowly, but that isn't perfect. And if you really want to be safe, you need it monitored by a sysadmin who is tracking exploits and reacting to them appropriately.
In fact the last personal computer sold which really could safely be directly put on the internet by consumers was Mac OS 9. (The security record of OS 9 was significantly better than OpenBSD. OS 10 is OK as far as Unix systems go, but nothing compared to OS 9.)
Anyways the fact is that personal webservers on the internet tend to be set up, a firewall often is put in front of it, and then they are not monitored very well. I agree that this is not ideal. However if people really want to have something for personal use, I don't think that it is unreasonable either.
I keep my personal machine behind a firewall that nobody can reach. It is moderately irritating to not have my own server to put stuff on, but I know that I wouldn't use it much if I had one out there. If I was going to put something online, then I'd be likely to go with OpenBSD because it comes the closest to my ideal of putting something up and forgetting about it.
Others have different needs. (Obviously so, or else you'd see a lot more OpenBSD facing the internet and less Linux.)
Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
|
Post #200,577
3/26/05 4:03:41 AM
|
Re: And now you've hit another of my hot buttons
How did you get from "didn't know about SELinux" to "must have thrown together a box haphazardly and soon the h4x0rz will 0wn it"?
The box is behind NAT with three ports forwarded to it (HTTP, HTTPS, and SSH), has its own iptables firwewall (with extra holes punched for Samba on the in-house subnet), has most of the crap that Fedora ships with turned off (except SELinux, know that I know that it is), and gets nightly updates via yum.
If you want to make a case that I'm incompetent, there's plently of info available without your having to make stuff up.
|
Post #200,578
3/26/05 4:14:09 AM
|
3rd(?) Post and...
...ICLRPD
If you want to make a case that I'm incompetent, there's plenty of info available without your having to make stuff up.
Welcome aboard!
Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
|
Post #200,589
3/26/05 10:02:43 AM
|
Reading for comprehension
I said "if", not "must".
Note: Since I've pretty much put my foot in my mouth, insulted a saint who is also someone Ben obviously looks up too, which means in the tech world I am probably but an ant in comparison to, I'm salvaging what little dignity I have left.
|
Post #200,594
3/26/05 10:53:51 AM
|
AHHHhhhh.
You had some dignity left?
After someone ripped you a completely new one last July?
No, Barry you don't need dignity, you have machismo as your tool. Dignity would just get in the way.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Military Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
Post #200,595
3/26/05 10:57:47 AM
|
Machismo?
Wimpy little me?
You must have me confused with someone else.
I once had a girlfriend describe my general appearance / mannerisms as feline.
I took it as a complement.
|
Post #200,607
3/26/05 12:04:01 PM
|
But can you wear boots?
Shrek 2 reference, for those who missed it.
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #200,611
3/26/05 12:21:16 PM
3/26/05 12:22:42 PM
|
How did you get an 'NT' flag?
Test - so see if this keeps the nt and has no history.
Nope.
Edited by broomberg
March 26, 2005, 12:22:16 PM EST
Edited by broomberg
March 26, 2005, 12:22:42 PM EST
|
Post #200,613
3/26/05 12:27:44 PM
3/26/05 7:33:57 PM
|
Easy.
|
Post #200,660
3/26/05 6:18:42 PM
|
arrg let him figger it out himself!!
All tribal myths are true, for a given value of "true" Terry Pratchett
[link|http://boxleys.blogspot.com/|http://boxleys.blogspot.com/]
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 48 years. meep
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|
Post #200,667
3/26/05 7:33:25 PM
|
A boxley blog? Somehow, I don't think that's a good thing..
OK, I'd do the edit thingy...
Cheers,
Scott.
|
Post #200,671
3/26/05 7:37:16 PM
|
easy blog, just link back to here
All tribal myths are true, for a given value of "true" Terry Pratchett
[link|http://boxleys.blogspot.com/|http://boxleys.blogspot.com/]
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 48 years. meep
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|
Post #200,563
3/25/05 10:03:56 PM
|
No, no he isn't. He's being realistic.
And yes, I can't believe I am agreeing with him, but Because you know a lot about system administration, and think that system administration is important, it annoys you to no end to encounter technically competent people who haven't bothered to become administrators. But if you only set up a machine every few years, should you really have to expect to become a sysadmin? Particularly when using a product that is marketed as being for end users. No, Fedora is not and never will be for end-users. System administration *IS NOT* a once every 2-3 years thing, even for one machine. Something can easily be said that lack of a "maintainer" for any machine can cause unexpected result. I remember a certain person that had an md RAID setup that just puked. Not really because of his lack pof skills, but mainly because he is not a System Admin. Should he have had a modicum of regular attention to factors that could have been noticed by aperson with even simple administrative skills beyond installing and updating, the whole shnanigans could have been more likely avoided. Even the fact he was mis-identifying key components in the machine itself. So, do you still argue this arguement? I would suspect that someone Depending on this type of thing for personal gain, you'd think a small investment could really make a BIG difference. -- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Military Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
Post #200,567
3/25/05 11:40:35 PM
3/26/05 5:15:41 PM
|
Why yes, I do
Of course I remember the incident that you're referring to. However you've misremembered some particulars.
First of all, what additional skills would have prevented the problem? Drives fail. Until they fail, you don't know that they will. A drive failed and I noticed. A certain experienced sysadmin talked to me about it and said that he'd had similar disks of a similar vintage fail recently.
Secondly I lost no data. Did I go through stress? Yes. Would that have been less if I was an experienced sysadmin? Of course. Could even an experienced sysadmin have made the configuration mistake resulting in only one drive being bootable? Apparently one did. But the end result is hardly an unmitigated disaster.
Thirdly it is easy to say that it would be good for me to have skills that I do not have. It is also somewhat impractical for me to aquire them. I find that technical skills need practice to perfect. I'm never going to become a decent sysadmin unless I get practice, preferably practice on multiple machines with the opportunity to try different things out. In fact I'm not going to get anywhere mediocre without that. (As long as I only have machines that I care about, I'm never going to try stuff that might be risky, and I won't gain critical skills...) Where do you suggest that I get that practice? At work? We have people hired for that job, and my volunteering would not be a good use of anyone's time. At home? I don't have room for more machines, nor do I have much interest, my time is already occupied and I have no desire to invest money on practice equipment. Unless all of those change, I'm not about to become a sysadmin.
Oh, I'm not saying that I won't become somewhat better than I am - that isn't hard - but I'm not about to become significantly better.
Fourth, and related to the last point, even if I aquired those skills, they would tend to rust fairly quickly. I remember what happened when I installed an Apple ][ emulator. I couldn't remember how to use it. My fingers had forgotten the commands. Well the same is true of system administration, if you don't use it you lose it. Furthermore computers are constantly changing, you need to invest some energy on an ongoing basis to keep up to date with new technologies and improvements in old ones.
Fifth there is the question of how much I would gain by aquiring sysadmin skills. What it takes is fairly clear, it takes a fair amount of reading and tinkering, then constant work keeping up with what is changing in the computer world. What I gain is the ability to better handle the occasional disaster. So by spending a lot of time constantly doing what I'm not currently good at I'll gain the ability to do what I'm not currently good at when I notice that I need it. Which is every year or three. And even then I'm fully aware that I could lose everything that I have on my computer and not miss it that much. Thus putting the effort out doesn't really seem worth it.
Now if I really needed to be a sysadmin, I would be one. Also if I found tinkering to be fun, I would be one as well. But I don't find tinkering with my machine (or machines in general) to be fun. Nobody really depends on my having any skill in doing so. And so I don't see the point in my gaining that skillset.
Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Edited by ben_tilly
March 26, 2005, 05:15:41 PM EST
|
Post #200,608
3/26/05 12:04:39 PM
|
And why should we believe you?
You don't even know that fourth comes after third.
:-P
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #200,612
3/26/05 12:24:12 PM
|
Or there is no such thing as 2 5ths in an ordered list!
Unless we are ordering booze.
|
Post #200,623
3/26/05 1:32:19 PM
|
/me ROTFLMAO
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Military Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
Post #200,642
3/26/05 5:16:00 PM
|
Gah
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
|
Post #200,668
3/26/05 7:34:54 PM
|
I liked the original version better. ;-j
|
Post #200,658
3/26/05 6:14:53 PM
|
Did he find the problem?
Yes, should he whine about 3 hours lost? No because he just added to his personal pool of knowledge. Did he do the next step of informing co-workers of the work around? Yes, so he meets the requirements of a team member. Barry is calling him on his whining not his skill. I spent all day thursday on what turned out to be a disagreement of a commonly understood computer term , shit happens you figure it out, you share the knowledge and get on with it.
thanx,
bill
All tribal myths are true, for a given value of "true" Terry Pratchett
[link|http://boxleys.blogspot.com/|http://boxleys.blogspot.com/]
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 48 years. meep
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|
Post #200,580
3/26/05 5:59:05 AM
3/26/05 6:06:19 AM
|
During the Fedora install process...
You're given the choice of how you'd like SELinux set up: off, warn on potentially unsafe activity, or deny unsafe activity. The 'warn' option, IIRC, is the default; if you choose to have it outright deny stuff, the installer tells you up-front that this is likely to prevent certain programs from working and that if you encounter problems you should turn off SELinux. \r\n\r\n Looking at screenshots of the install, it looks like this only comes up when you do a custom installation. Which, really, is the only sane way to install Fedora. --\r\nYou cooin' with my bird?
\r\n[link|http://www.shtuff.us/|shtuff]
|
