Profile

Cover photo
Rick Troth
180 followers|53,073 views
AboutPostsPhotosVideos

Stream

Rick Troth

Shared publicly  - 
 
Director Comey asked for public debate on consumer encryption. It might help to frame this highly technical topic in terms lay people can understand. I hope this helps.

http://sirsanta.blogspot.com/2015/07/going-dark.html

Those who favor the right to carry arms will hopefully see a corollary. (Conversely, if you favor strong encryption then you might side with the pro-carry crowd. That wasn't my purpose, but if logic leads you there ... good luck.)

-- R; <><
1

Rick Troth

commented on a video on YouTube.
Shared publicly  - 
 
Great talk. Truly wish I could have been there. Thanks, +Jon Miller, for sharing the link. A good intro to our brave new world.

The good:
 + switch service name and start/stop (better args ordering with 'systemctl' compared to 'service')
 + breaking out of the 0..6 "run levels"
 + tighter resource controls

The not-so-good:
 + assimilating too many functions into one program
 + maintaining content (the journal) in binary form (rather than plain text) see below
 + an RPM/Yum "feel" to the whole design (INIT should be simpler)
 + deceptive claim of logging everything (what happens before SystemD?)
 + replacing non-flaws in prior programs

Switch from text to binary is security through obscurity.
Ask any security professional how secure that is.
Much better to push logging to another host for true "hands off".
And yet, "rsyslog" is still required?

There's a learning curve. No complaints there for true innovation. But some features of programs which SystemD replaces were not broken. Sad that we have to re-learn more than from simply adding a new package.

The presentation has some "ad-hominem attacks" on SysV INIT. In particular, the complexity of INIT scripts is not an inherent fault with SysV INIT.

Others may have reported similar experience: I had no serious delays in booting with SysV INIT. Ironically, I have had noticeable delays when booting with SystemD. Have not investigated why, but interesting since the most public claim of SystemD value is faster boot times.

It's no secret that I don't like SystemD.
Would like to think my objections are more pragmatic than knee jerk.
I honestly believe I would have no problem with it if I could select the traditional arrangement, so the frustration is with the distributors more than with SystemD per se. Wasn't that what we were all about in Linux land? the ability to choose?

-- R; <><
2
Adam Thornton's profile photoDavid L. Craig's profile photoCheyenne Wills's profile photoScott Merrill's profile photo
4 comments
 
I've not been unhappy with systemd.  It's come a long way, and Red Hat has done a lot of work to make that happen.

It's important to remember that systemd is a suite of binaries, one of which is also unfortunately named systemd.  The larger suite does follow the Unix mentality, but the overloaded name can make things confusing.

https://en.wikipedia.org/wiki/Systemd

+Rick Troth `dmesg` still exists on systemd-enabled systems to show you what happens before systemd starts.

systemd isn't perfect, but no software is.  It's a pretty stark example of the decision to write new software rather than try to improve (possibly perceived) deficiencies in other applications.  Whether this was the right decision long-term has yet to be determined; but I'm generally positive toward systemd at this time.

Rick Troth

Shared publicly  - 
 
Got the following from Rick Russel via LinkedIn ...

https://www.youtube.com/watch?v=LWi_ljAIhcM

very
nicely
done
1
1
David L. Craig's profile photo

Rick Troth

Shared publicly  - 
 
Saw this on LinkedIn via Bill Manning ...

"Dance like no one's watching. Encrypt like everyone is."

Some good snippets of wisdom on LI lately. (Or maybe it's just Bill and other luminaries like him in my circle there.)
2

Rick Troth

Shared publicly  - 
 
Got the following from +John Cook via LinkedIn.

https://image-store.slidesharecdn.com/4f89afde-2c26-4f08-a14c-c62001dae7b8-medium.jpeg

Taking risks is risky. But for me, the alternative follows this illustration too closely.
1
1
Dave Taht's profile photo

Rick Troth

Shared publicly  - 
 
Got the following from my friend Paul Geisler. The clip is a fund raiser. The issues described are real.

https://www.youtube.com/watch?v=Yq0HMBQfdI0
1

Rick Troth

Shared publicly  - 
 
Interesting observations about Mozilla.
Interesting correlation with the Linux Foundation.

http://audio.lugradio.org/badvoltage/Bad%20Voltage%201x43.mp3

I do hate blanks in filenames, though.
1
Have him in circles
180 people
Crislaine Aquino's profile photo
Ray Mullins's profile photo
Robert Riegel's profile photo
Muhammad Waqas Saleem's profile photo
Hal DeVore's profile photo
Andrew Troth's profile photo
Betty Miller's profile photo
Steven Southerland's profile photo
Ed Jaffe's profile photo

Rick Troth

Shared publicly  - 
 
"The behavior of interactive traffic (DNS, X11/RDP, ssh, voice and videoconferencing ) are no better than 1999, and in many ways worse."

http://www.internetsociety.org/sites/default/files/pdf/accepted/28_towards_imperceptible_latency.pdf
1
Rick Troth's profile photoAdam Thornton's profile photo
3 comments
 
I'm arguing over what smells to me like a thinly-disguised lament that the unwashed hordes found the Internet.

As in, back in the good old days, only us highly-technically-skilled nerds used the thing, and now we are butthurt because our use-cases are not the use-cases that exploded when everyone and his dog got an Internet-connected smart phone that was way more computer than your expensive workstation of a decade ago.

And the reason for that is, of course, the money is in supporting everyone-and-his-dog-using-this-miraculous-technology-to-send-each-other-video-of-kittens-and-also-their-genitals.  And not in supporting nerds tunneling random protocols over SSH, for instance.

Rick Troth

Shared publicly  - 
 
From the while-you-were-sleeping department, I got this on LI from Rick Russel. Glad he shared the info because it's not a site I would normally watch ... and I didn't (yet) hear this from other channels.

https://hexatomium.github.io/2015/06/26/ms-very-quietly-adds-18-new-trusted-root-certs/

What exactly are they up to??
Microsoft quietly pushes 1817 new trusted root certificates. 26 Jun 2015. Earlier this month, Microsoft has quietly started pushing a bunch of new root certificates to all supported Windows systems. What is concerning is that they did not announce this change in any KB article or advisory, ...
1
David L. Craig's profile photo
 
This should be entertaining.

Rick Troth

commented on a video on YouTube.
Shared publicly  - 
 
Great talk. Excellent points.

Counter point on IPv6:
DO NOT disable IPv6, not even in the name of security.
I've been hearing "disable IPv6" as a security measure for almost a decade. And it's true that we should disable services we don't use. But IPv6 is a more secure place to be (than IPv4). Better to get into IPv6 land now and prepare for the day when we "disable IPv4".

As Craig said, if you're using IPv6 then obviously leave it enabled.
IPv6 is the kind of thing that any self respecting sysadmin should learn ... and use.

It's trivial to render your /etc/sysconfig/ip6tables to match your /etc/sysconfig/iptables. Do so. (Don't have IP Tables? That's a whole nutha discussion. But the concept remains.)
1

Rick Troth

commented on a video on YouTube.
Shared publicly  - 
 
I especially appreciate the observation that other CM (aside from CFE) require dragging along an interpreter, "huge ball of wax".

As an industry, we have lost track of the value of simplicity (and of small size).
1
Jon Miller's profile photo
 
Not entirely... checkout Ansible. Been happy with it... agentless management where running a playbook against multiple machines just means an ssh connection.

Rick Troth

Shared publicly  - 
 
Best summary of the topic, and best advice ...

http://www.happysonship.com/how-god-made-bruce-jenner/
I don't know what to believe about Bruce Jenner's story. All I know is "God shows his love for us in that while we were still sinners, Christ died for us."
1
David Thomas's profile photo
 
Great article, and it highlights a common cause of pain in the world; creating sides.  

I think Red Green said it best: " Remember, I'm pulling for you. We're all in this together."
People
Have him in circles
180 people
Crislaine Aquino's profile photo
Ray Mullins's profile photo
Robert Riegel's profile photo
Muhammad Waqas Saleem's profile photo
Hal DeVore's profile photo
Andrew Troth's profile photo
Betty Miller's profile photo
Steven Southerland's profile photo
Ed Jaffe's profile photo
Work
Occupation
follower of a Jewish carpenter, husband, father, hacker, and wire monkey
Links
YouTube
Contributor to
Story
Tagline
... try to take over the world!
Introduction
I hand-entered Simson Garfinkel's PGP key from the book, sent him an encrypted message, and he replied having successfully decrypted it.


Bragging rights
"Sir Santa" to those who know me well, and only polar after the fact
Basic Information
Gender
Male
Other names
VM Cowboy, Sir Santa