[Wolves] Nsa using linux

Shane M. Coughlan shane at shaneland.co.uk
Fri Aug 25 13:34:15 BST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Peter Cannon wrote:
> On Friday 25 August 2006 12:18, Shane M. Coughlan wrote:
>> SELinux and AppArmor are not the same.  AppArmor is less granular and
>> focuses on simplicity for the end user.  SELinux is focused on ensuring
>> that applications act in the way you want them to act.
> 
> They are the same its just they go about it in different ways. Simplicity is 
> what everyone wants, it is the those who insist on complicated methods that 
> are holding back Linux exposure to the business community.

Simplicity is not the end goal of security.  In certain environments it
is impossible to accomplish a simple button to make the security problem
go away.  An example are those environments that have multiple possible
configurations (like web server access) and require the user to decide
how things will work.

> I often wonder if people deliberately make it 'Difficult' in an attempt to 
> protect their fiefdoms?

No.  The NSA made SELinux at great cost but released it freely.  Some
aspects were covered by patents (from commercial technology included)
but the system is public domain.

> My personal opinion is that For the Home User it is not needed.

True.  At least, it's not needed as a full system.  It's too powerful
and too complex.  It's just overkill.

> PeteC: who gets pissed off when he cant do what HE wants to do on his OWN 
> machine! Oh and why should he spend hours 'Training some bloody security 
> feature' when I'm already spending hours trying to get sodding applications 
> to run.

One tool cannot apply to every situation.  Many tools try to.  It's a
mess.  We all get a headache from it.

Personally, I think we need a little more usability and less esoteric
features and extensions.

Shane

- --
Shane Martin Coughlan
e: shane at opendawn.com
m: +447773180107 (UK) +353862262570 (Ire)
w: www.opendawn.com
- ---
OpenPGP: http://www.opendawn.com/shane/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iQCVAwUBRO7uOdwG3M95JPpzAQhNtwQAmHDFHKbEkzB5rnxsmbmgy+fyHSz6IuKO
QqCEFHg2mfdKu18pENlReNPH8jOSjNoak426ArYiGh/omVM968Dv9VLuhgq+TRZQ
eSFI52Z0ApPPNtOc8d3OzdhgBT3Jwy1FFQ8MCqGGBa7lSdYP7NeCphmtcP4H2+Br
EfPnYNIfblU=
=G7LF
-----END PGP SIGNATURE-----



More information about the Wolves mailing list