Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:Fire them (Score 3, Informative) 276

You can fully divide the admin task with selinux like having 1 admin who can disable selinux ( or rather "update the policy" ), and having another doing operational stuff ( like logging as root ). So technically, the first one can disable protection for the 2nd one, but cannot do much by itself. And with protected physical access, you can pretty much have a rather locked down system. Not protected against 2 rogue admins, of course, but being protected against 1 is already better than most systems.

And regarding environment where SELinux is used ( besides targeted ), you can take a look at the openshift service from RH, they do use it a lot to separate users. But you are right that for most people, using more than targeted policy is a bit overkill, since people do not care that much about security ( and when they do care enough to not disable selinux, firewall and everything that make stuff so hard ).

Comment Re:B-O-O H-O-O. (Score 1) 419

Bash is slow.
Also, bash is not a real language. You will start talking about programming in bash when it will have a proper namespacing system, because even php got namespace support.

Not to mention the need for forking a gigantic amount of software as soon as you want to make anything relevant such as parsing output of any others process, because bash is also unable to understand any complex data structure.

That's a fine language for those whose programming is not a job, and for small software, but as soon as you talk something more critical like the boot of a modern system, bash is holding change, due to various problem ( like a total lack of testing framework, and a given the fact that no one wrote one, lack of will to write one from the whole community of bash aficionados ). Any kind of network operations is just a hack, trying to put everything under the unix pipeline model ( like the whole /dev/tcp/ stuff that Debian disabled ).

Systemd unit file are vastly more easier to edit and go straight to the point, you declare the binary and it fucking take care of the rest. That's why we invented computers, to do stuff, not to force us to do their work.

Comment Re:Why Crowdfunding ? (Score 1) 104

So in this case, this is showing that there is almost no one that want it, since there is less than 10000 persons who pledged money for that. That's a bit sad, i would have pledged if I didn't changed my phone just before ( ie, if Canonical did communicate in the open, I would for sure waited a bit more, but I guess that 1 person wouldn't have changed much ).

Comment Re: Doesn't make sense (Score 1) 182

Sure, and admins do not need to make sure the OS is properly funded, cause everything come for free and most of them have so much time to contribute.

And of course, admins do not need any training, do not need to have certified hardware cause they can perfectly guess what is working just by looking on specifications. And of course, none of them never read the documentation, nor call the support for complex problems, because all admins are experts in every possible domain.

Comment Re:And it's still not as good as Ubuntu or Debian. (Score 1) 202

To be honest, you need more than just a puppet recipe to make a mail server. There is several how to because everybody has a different view on what to use. Dovecot, cyrus, ldap/mysql/simple user, postfix/exim/sendmail, what spam filtering, how, etc, etc. People are asking what module they should use to do this or that, and everybody is replicating module because the current one do not work like they want. So the issue is not solved, it just moved elsewhere.

The live spin are made using kickstart. So someone could already use that to replicate the setup, and there was some proposal to use ansible on the fedora-devel ist, not sure how far this went.

Comment Re:Will it be as broken as Fedora? (Score 3, Informative) 118

You can try openstack on Fedora, or look at RDO ( ).

And Fedora is as broken as the community make it broken. If there is no one to make bug reports, triage them, make QA, then yeah, this slip. There is lots of way to help on this part, from giving karma to update testing and testing prerelease.

Comment Re:Show what an inferior OpenStack might look like (Score 3, Informative) 118

I am sure that your company policy should include "do not use Technology preview on production servers". If it doesn't, then I suggest to add it, and then complain that using RHEL do not have the packages you need, if you want to switch to Debian. That would be much more smoother. than trying to blame the vendor for your lack of clue regarding what is supported and what is not ( especially when comparing to Ubuntu, where you do not even have the guarantee that Mark will not change his mind and just stop the project, or focus it on something else, like they did on the desktop, on bzr, and several stuff )

Comment Re:This was even a question? (Score 1) 192

Your analogy is totally wrong. That's more :

- here is a list of stuff, we will do our best to support, but you have no guarantee on anything
and the other
- here is a list of stuff, we plan to guarantee this. Also, as we know that you may want to plan and deploy the technology for testing in advance, so here is a preview for testing, we wait on your feedback, but that's too new to guarantee much.

That you have a business case do not change much. People have business case for lots of stuff, that doesn't mean this can done or supported in the long term.

In the end, you can turn that as much as you want, you seem to just rant because you have no one to blame for your lack of understanding of the current documented policy.

Slashdot Top Deals

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling