Leapdragon 2016 - Aron Hsiao Was Here

I think it may be time for Fedora and I  §

to part ways, maybe next time I upgrade from F12 to something else. I’ve just had it with the excessively locked down defaults. It’s taken me a week to get my system back together after the upgrade, and 90 percent of that time has been spent actively fighting SELinux, PolicyKit, and other security-oriented nonsense.

I understand shipping with defaults that draw a strong barrier or line between “inside” and “outside,” i.e. locking down network ports. But I’m just not cool with having to track down and change security policies so that I can access my own video card from the console (i.e. get my desktop to work on my own screen).

USB flash drives? Locked out. Scanner? Locked out. Virtual machine? Locked out. Desktop graphics? Locked out.

No, I don’t suppose it’s an undoable task to either edit group memberships or an xorg.conf file or udev rules to give myself permission to use my own display from my own console.

But it’s fucking stupid in a “desktop” and “user-oriented” Linux distribution. No user wants to be locked out of his or her own USB ports and 3D graphics hardware at the console and by default.

That’s just madness. Someone inside Fedora has teh terror of teh h4x0rz and is going nuts. Next you’ll be locked out of the keyboard by default unless you connect a VT100 to a serial console via RS232 and login to a sandboxed/jailed area to pass a quiz about VAXen hardware and the personal lives of Kernighan and Ritchie in order to be given a chance to enter a 200 character password to unlock the keyboard so that you can hack for four days blind to unlock the screen so that you can log in and start trying to unlock your own god damned WiFi card so that you can visit Ubuntu and download that instead before you lose your mind.

Oh, and the SELinux notifications (also on by default) to the tune of 200-500 per hour notifying me of stuff like the fact that someone pressed a key and Linux can’t be sure of who it was because computers don’t have eyes or artificial intelligence either? NOT HELPFUL.

Get your shit together, Fedora security policy people. I think I remember reading that Fedora doesn’t actually have a security policy, that it’s an ad-hoc process up to package maintainers, who each try to implement security on the assumption that nobody else will. Now may be the time, Fedora people, to come up with a security policy so that people like me that have been with this basic system, version-by-version, since Red Hat 4 (and have written multiple books about them) don’t bolt for other distributions.

Post a Comment

Your email is kept private. Required fields are marked *

eighteen + 20 =