noexec on /dev/shm

Thu Dec 16 20:50:00 UTC 2010

On Thu, Dec 16, 2010 at 08:16:53PM +0100, Miloslav Trmač wrote:
> Casey Dahlin píše v Čt 16. 12. 2010 v 11:19 -0500:
> > On Thu, Dec 16, 2010 at 12:27:34PM +0000, Richard W.M. Jones wrote:
> > > What you don't understand is that you are throwing away the experience
> > > and knowledge of thousands of Unix system administrators.  Almost of
> > > all of them do not even read this mailing list.
> > > 
> > > Rich.
> > 
> > I hate this argument.
> > 
> > The "experience and knowledge" claim applies to everything we could possibly
> > change.
> > 
> > Change.\nIs.\nGoing.\nTo.\nHappen.
> 
> That's a too black-and-white view.  Of course there is and will be
> change - what would we all be doing here if there were nothing to
> change, after all?  The thing that needs to be appreciate is that every
> change has _costs_ on the user-base.
> 

I think the view I was presented with was too black-and-white. Richard began
with essentially "change is bad." I responded. You've really wholly replaced
the argument I was reacting to. Which is a good thing. The conversation should
have begun here.

> I can't quickly find out good numbers on the number of server users of
> Fedora and Fedora-derived distributions; based on
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=18728&forum=14 ,
> let's stipulate that there are 1,000,000 installations (which is almost
> certainly a huge understatement), with 10 servers per administrator on
> average, so 100,000 Linux system administrators.  Better numbers would be
> welcome.
> 

http://fedoraproject.org/wiki/Statistics

That's the best we have.

> Especially minor changes that don't bring any measurable benefit
> (perhaps making the system "cleaner" or making programmer's life more
> convenient) but require time from each user to adapt are better
> abandoned than implemented.
> 	Mirek

Measurable != significant. Great programmers and architects have an instinct
for something called "defect avoidance." You can't measure it, since the unit
would be "number of bugs/bug-related outages and problems which never
happened." Depending on your instincts on what that value might be, "cleaner"
could be the single most important thing to improve in the entire distro. You
can guess my own instincts on the subject.

This sort of immeasurability is everywhere in computing. Its what causes most
major corporate security breaches ("well, we haven't had a security breach in
awhile, I guess we don't need to spend so much on a security team.") Its what
spawned the desperate rationalization "all software has bugs," which is an
excuse to not have to measure how well you avoid putting bugs in the code. For
my part, I believe in trying to write software that can't break, even if I'm
not always successful. Part of that effort is ripping off anything that's
loose. If its purpose is questionable, or its exposed in a semantically iffy
way, it needs to be ripped out.

--CJD