Become a fan of Slashdot on Facebook


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment SJVN? (Score 1) 108

Steven J. Vaughan-Nichols, here's an advice for you. When you go over 3 initials, maybe it's time to take a cue from The Church of Jesus Christ of Latter-Days Saints and pick the 3 most significant letters (LDS) as your usual initials.

Comment Re:All the data means all the data (Score 1) 303

But the media does in fact skew to the Right.

I know, isn't that a travesty? It's already 5am on the East Coast and yet so far there's been no stories making fun of Trump and sweeping Clinton's lies under the rug. I hope the NYT, The View or Bill Maher will step in soon to fix that. Can't let the right-winger get away with it.

Comment Re:Pile it on.. (Score 1) 303

There is clear pandering to black people in the DNC

And it's a patronizing pandering, like how the Catholic Church is now paying attention to its followers in poor countries because their religion took a nosedive in developed ones - they had to give them a pope but made sure he didn't look too much non-European. Sounds familiar?

Comment Re:Julian's victim (Score 0, Flamebait) 303

his "crime"

Of course there's been no "crime". It's a well-known fact that once a woman goes home with a man, it constitutes a blank check for him to do as he pleases with her, including fucking her wihout a condom while she's passed out. That's essentially the same logic used by ISIS freedom fighters who marry women for an hour so they can fuck and sodomize them until they get tired of them and then divorce them to let their band of brothers have their turn. No "crime" there.

Comment Re: Julian's victim (Score 1, Troll) 303

Get your facts straight.

18 November 2010

Stockholm District Court approves a request to detain Mr Assange for questioning on suspicion of rape, sexual molestation and unlawful coercion. Ms Nye says he has not been available for questioning.

13 August 2015

Swedish prosecutors drop their investigation into one accusation of sexual molestation and one of unlawful coercion against Mr Assange because they have run out of time to question him. The more serious allegation of rape is not due to expire until 2020.

He's hiding from Swedish justice and has fought extradition, that's why he hasn't been "charged". He's another Roman Polanski, without the excuse of having his pregnant wife stabbed to death by homeless cult members.

The guy is a rapist and a coward.

Comment Re:Yeah, so? (Score 1) 70

Next time you want to make shit up and mix in your own guesswork, make sure a simple Wikipedia search doesn't prove you wrong.

The vast majority of scholars who write on the subject agree that Jesus existed, although scholars differ about the beliefs and teachings of Jesus as well as the accuracy of the biblical accounts, and the only two events subject to "almost universal assent" are that Jesus was baptized by John the Baptist and was crucified by the order of the Roman Prefect Pontius Pilate

When you're done trying to impress people with your shallow understanding of things, look into the work of Bart Ehrman. He wrote a bunch of books on this topic and it's truly fascinating, even for people (like me) who are not religious. His stuff is mostly academic, not dogmatic.

Comment Re:RHEL - CentOS - Docker (Score 1) 538

Selinux does get somewhat easier, unless you constantly deal with new products/stacks/requirements.

Let's say you finally know inside out the rules that will let tomcat access files from a NFS share; the following day some team will have a project that relies on a "paster serve" web server, and by the time you figured that one out, someone else will come up with a problem with npm. Or with git clones done from within a php web service. Or rsync called in a ssh session initiated from a Ruby app. The fun never ends.

audit2allow can help when you have to fix something right away, but it doesn't really make for easily repeatable recipes unless you have enough time/patience to filter. Often there's a frustrating mix of booleans and labels to figure out, and if you're not careful you break other stuff.

So we ended up setting it to permissive in dev and enforcing in test/prod, and we warn project managers about the hardening process that is required when leaving dev. It works ok.

As for the differences between RHEL and CentOS when it comes to Selinux, there's a few things but only if you use special stuff from Red Hat like RHSC or gluster. Otherwise I'm fairly confident it works the same because once we have a recipe for a specific team we bake it in Ansible playbooks. And so far it hasn't been required to make special rules according to the distro, only the version (CentOS7 -> RHEL7, etc).

When it comes to versions, I would say that the biggest annoyance has been slight differences between all the cloud providers and hypervisors we use. Also the need to track down minor releases and how compatible they are (RHEL 7.2 vs centOS 7.15, etc). We have a good integration of our cmdb and Ansible inventory but sometimes it's difficult to figure out why something breaks on allegedly compatible versions.

Comment Re:Yeah, so? (Score -1, Troll) 70

There is ample historical evidence that Jesus did exist. Much is known about him, including the fact that he had brothers.

The fact that he was or wasn't God and/or his son has not been established yet, though. I guess that is part of the mystery, like the actual role of Al Gore in inventing the internet or in fighting global warming.

Comment Re:Systemd the distro (Score 1) 538

I used to work with a DBA like that. The more the performance went down, the more "optimization" scripts he ran continuously. He talked a good game with management so he got away with it for a long time, even if the databases were delivering less i/o than a floppy disk (which he blamed on "bad sql written by incompetent developers" - which he refused to code review of course).

Then he threw a tantrum and left, and the first thing I did was kill all his optimization scripts. Instantly the databases started blasting data at speed never seen during the DBA reign.

There are not a lot of people with enough clout to get rid of this systemd crap. I hope one of them will take the mike at some point and save us all.

Comment Re:SystemD? (Score 1) 538

What systemd does is not "manage itself". What it does is replace things that are not broken and that are well documented by a big brother service that some dude think is better. And just like wizards or frameworks or other gizmo it works ok as long as you stay in the narrow path of supported scenarios.

I've always loved the freedom of Linux but really it's heading real fast to the same philosophy as Windows and OSX (i.e the "we know what's best" approach) and it sucks.

Comment RHEL - CentOS - Docker (Score 1) 538

Many orgs pay for RHEL licenses on mission-critical boxes and a sample of their own servers, then run CentOS on fleet boxes. OTOH, people working in densely virtualized environments might consider the hypervisors the critical ones and be willing to pay for them, getting unlimited VM guest licenses for free with it.

We've had that discussion at work, with the pro-RHEL arguing that since prod machines would be RHEL, dev and test machines should be too in order to avoid bad surprises down the road. We even considered having the full-blown hardening done already in dev to make sure our friends the developers didn't do something that wouldn't work in prod. Turns out this approach causes a huge dip in productivity, especially when chasing those mysterious selinux denials. Exciting the first few times because you feel like you're "doing the rigth thing" but soon enough you get a nosebleed just by typing semanage. Ansible helps a lot, but only once you've got the right recipe.

So we opted for dev=CentOS and everything else hardened RHEL. Of course this led to a bad case of "vm sprawling", going from 25-30 to 1000+ in 6 months. Then we looked at the average machine and noticed the app/vm ratio was very low, almost 1:1. So we started looking at mega-docker hosts for those use cases and it's been a blessing. When used properly to containerize an app, docker is very low maintenance, and the upgrade path is a lot smoother. And you can pile lots of containers on a same host.

We're still in early stages but already we shaved 200 vm. Less updates, less problems, less everything.

Slashdot Top Deals

The steady state of disks is full. -- Ken Thompson