Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
439
hpr_transcripts/hpr3299.txt
Normal file
439
hpr_transcripts/hpr3299.txt
Normal file
@@ -0,0 +1,439 @@
|
||||
Episode: 3299
|
||||
Title: HPR3299: Linux Inlaws S01E26: Make your Linux harder
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3299/hpr3299.mp3
|
||||
Transcribed: 2025-10-24 20:25:50
|
||||
|
||||
---
|
||||
|
||||
This is Haka Public Radio Episode 3294, made at 25th of March 2021, to main show in entitled,
|
||||
Lilux Inlon, S-Nero 1-E26. Make your Lilux harder and in part of the series,
|
||||
Lilux Inlon, it is hosted by Monochrome, and in about 50 minutes long, and carry the next
|
||||
implicit flag. The summary is ever wanted to know about Apama and the C-Lilux.
|
||||
And this is your show.
|
||||
This episode of HPR is brought to you by AnanasThost.com.
|
||||
Get 15% discount on all shared hosting with the offer code HPR15, that's HPR15.
|
||||
Better web hosting that's honest and fair at AnanasThost.com.
|
||||
This is Lilux Inlon, a podcast on topics around free and open-source software, any associated
|
||||
contraband, communism, the revolution in general, and whatever else, fans is critical.
|
||||
Please note that this and other episodes may contain strong language, offensive humor,
|
||||
and other certainly not politically correct language. You have been warned.
|
||||
Our parents insisted on this disclaimer. Happy mum?
|
||||
That's the content is not suitable for consumption in the workplace, especially when played back
|
||||
on a speaker in an open-plan office or similar environments. Any miners under the age of 35,
|
||||
or any pets including fluffy little killer bunnies, you trusted GuyDog unless on speed,
|
||||
and Q-T-Rexes or other associated dinosaurs.
|
||||
Martin, how are things?
|
||||
Yeah, very well Chris, how are you?
|
||||
Drinking a hazy jane from BrewDog, BrewDog, if you're listening, if you want to spawn this show,
|
||||
please get in touch. The address is Sponsors at Lilux Inlon, study you.
|
||||
Yes, we are open to suggestions, BrewDog, and yes, this is free promo, no, I really like it,
|
||||
do you know BrewDog?
|
||||
It's okay.
|
||||
Full disclosure, Martin is a drinker of real air, camera, exactly.
|
||||
Camera, if you're listening, Martin is one of your strongest supporters on Birmingham.
|
||||
Need to say if you want to sponsor us, or Martin anyway, the address is Sponsors at Lilux Inlon,
|
||||
study you. For the few people that do not like real airs, there are alternatives, of course,
|
||||
available too, like New England IPAs, as a matter of fact, that's something right now.
|
||||
And in contrast to real airs, of course, these England IPAs would be served very close to
|
||||
freezing point as an eight degree centigrade. As a real air drinker, prefer their beer on 20 degrees,
|
||||
as in just room temperature or something.
|
||||
Sorry, I'm sorry, Martin, this is what I learned when I visited the country.
|
||||
Maybe not in England.
|
||||
They don't like ale if they serve at 20 degrees in Germany.
|
||||
No, no, they don't, Martin, they only do this in the UK.
|
||||
I don't feel which century you went to the UK.
|
||||
As a matter of fact, this one.
|
||||
Okay, but this is not a show of real air drinkers.
|
||||
I still want a piece that I call beer, but this is entirely reserved for the grumpy old photos.
|
||||
Okay, I know, sorry, this episode is actually about something very important,
|
||||
namely security in Linux.
|
||||
So Martin, why don't you get us started?
|
||||
Yeah, so I know, I know someone who started this for a profession, I'm trying to show why.
|
||||
He appears to be on the show as well, so I think he's going to be a good candidate for this.
|
||||
Okay, but yeah, I mean, it's not, it's security is obviously not limited to Linux, right?
|
||||
Any system you're going to run is going to need security, including macOS, Windows,
|
||||
any operating system of your choice.
|
||||
Windows, I keep assuming you are, I mean, this is debatable, right?
|
||||
If you're not exposing your computer to the internet, then you probably don't do that.
|
||||
I'm fine running this, but if the strange operator says yes, indeed, so yeah.
|
||||
But this is not a show about bashing Windows, this is rather something called Linux in-laws,
|
||||
which is of course, as the name suggests, about something about Linux.
|
||||
Okay, Martin, what do you know about security in Linux?
|
||||
Security in Linux, well, it bends, okay, so obviously you have your users, your users have privileges
|
||||
and so on, and then you have route to us, all the privileges in the world.
|
||||
You're not running anything as routes ever.
|
||||
Unless you're using two frameworks called abnormal or SE Linux.
|
||||
Oh, yes, SE Linux, yes.
|
||||
Because in that case, in that case, especially if you're running these two frameworks in
|
||||
enforcing mode, and we're going to cover that in a minute, routes cannot do everything,
|
||||
like in ordinary Linux systems, where you, where we're, where we're, where we're,
|
||||
where we're as Martin, right, so it can do everything.
|
||||
So while we are on the subject of SE Linux, most software packages I've come across that need
|
||||
to be installed, we cry, I see the next to be turn off. Interesting. Would you like a comment?
|
||||
A comment? Yes, and that case don't use them in production. That will
|
||||
be a recommendation of this. No, I mean, thank you for this, that's about it.
|
||||
I thought we didn't want to go down the, I must not have thought we didn't want to go down
|
||||
this commercial route. Let's leave that product, right? No, Martin, why would that be poor design
|
||||
if you have to turn off SE Linux if you want to run that software?
|
||||
Well, it's, so there is obviously off and there is off during install, right, which
|
||||
those are the two kind of distinctions to make, I think.
|
||||
Well, off during install is probably okay, but before we go into these details, let's cover some
|
||||
of the basics. Good idea. Do you know what discretionary access control is?
|
||||
So that's, that's really leaving it up to the user to define his, that the privileges to his
|
||||
objects, whether they're files or ports or whatever they are, right? Hence, yes, go ahead, Simon.
|
||||
Yeah, so with any system security comes down to all the points of access, which is
|
||||
files, ports, what else do we have? Networking. So at all these levels, yeah, you
|
||||
and in discretionary access control, you define it yourself, right? Anyway, but why don't you go into
|
||||
a bit more of a deep dive on this? More than happy to. As the name indicates, it's actually at the
|
||||
discretion of the user to define any protection on objects. And the typical ACLs, the access
|
||||
controllers that you find in ordinary Linux and unique systems, like RWX for owner group and others,
|
||||
as in world, are probably the best known example for this. Any user that creates a fire can
|
||||
subsequently, because he's the owner of this, set these ACLs as he or she or she sees fit,
|
||||
whereas in contrast to this something called Mac, as a mandatory access control, is normally
|
||||
only reserved for certain administrative users to set. In contrast to DAC, a Mac is enforced
|
||||
and we'll see this one we discussed the prevailing to frameworks as an up armor as well as as
|
||||
in Linux. And cannot be changed typically by the owner of set object. So if you create a file,
|
||||
if you're just using DAC as in discretionary access control, of course, you can modify as the ACLs.
|
||||
In that case, you need being the creator of this file, you can allow additional access,
|
||||
writing, reading, executing, that sort of thing for this particular object. In contrast to this,
|
||||
if you're using a mandatory access control, a system administrator does this for you,
|
||||
are you yourself do not necessarily have the permission to change these access types?
|
||||
That's the most important thing here. Yeah, so I guess as an example, would you consider
|
||||
ports underneath a thousand as a mandatory access control example? This is enforced by the
|
||||
very rudimentary Mac, yes. But this is kind of security by definition, right? Because
|
||||
this is this is basically where Unix comes from. Only services that are below a thousand,
|
||||
1025, I think, even, which are normally run by loot because otherwise they won't be able to access
|
||||
these ports can do so. And the user process is confined to the remaining port range.
|
||||
So essentially, it's a very kind of brute, I wouldn't say brute force, but rather rudimentary Mac
|
||||
by implied by the kernel design, let's put it this way, or by the history of the kernel design.
|
||||
Yeah, indeed. I mean, you can obviously still set the permissions on a, well, actually,
|
||||
you know, okay, so this comes back to the non-user ability to set access on a
|
||||
on a program for a portness. By the way, did you know actually that
|
||||
owner user programs can circumvent this? Yes, but not by themselves, right? You have to
|
||||
have we to be able to enable that. Yeah, or you have to actually set a capability in order to do so.
|
||||
Yeah, but that's exactly what that's beyond the scope of this episode. So let's go back to
|
||||
mandatory access control and discretionary access control. Okay, what is also important is probably
|
||||
a little bit of history of historical background in this context. Martin, do you know what the
|
||||
Linux security more in your architecture is? I probably know as well. This is what we call good
|
||||
preparation for Linux in our episode. And Martin, of course, gets full score for no, no, no,
|
||||
Joe jokes aside, jokes aside. I mean, it's a bit special. You're security studies, by the way.
|
||||
Does Martin does has matter for you? I wonder. No, I'm just curious. This is for anyone out there
|
||||
wanting to take up two weekends through to the pregnancy, no worries.
|
||||
No, it's. Say again, what's he calling in your certification?
|
||||
I quite a few of them actually. Well, the security on obviously. Security quite a few too. So
|
||||
and this is what LinkedIn for is for rather. It's good to my LinkedIn page. You'll find
|
||||
are you sure there's a made up? No, they're not. That's what most people do on LinkedIn.
|
||||
It's a certain Martin, this comes to mind.
|
||||
That's a certain question when it comes to mind. Okay. So next time you come,
|
||||
Martin, I have the unaltered PDFs to prove it. So the words.
|
||||
Okay, back to the LSM. A bit of history, a little bit of history here. The LSM was first introduced
|
||||
about nearly 20 years ago when some people thought that Linux in in addition to the then prevailing
|
||||
discretionary access control, i.e. stuff that was coming directly from Unix and friends
|
||||
would need a more enhanced approach to security. So LSM was born due to the idea that
|
||||
no specific framework would be incorporated in the kernel, but rather the kernel would contain
|
||||
hooks. And this is basically where it gets it gets interesting. The kernel would contain hooks
|
||||
that would then allow a policy framework or simply a framework, which is orthogonal to the kernel
|
||||
to be invoked when certain access to certain objects would be done by a user and entity,
|
||||
like process. So let's use an example example. If you open a file, ordinary Linux,
|
||||
you have a process opening that file with that process. There is typically a user idea associated
|
||||
based on the ACLs of this file. The kernel can check if you are allowed to access the file and if so
|
||||
in what capacity can you access the data that file? Can you read it? Can you write it? Or can you
|
||||
even execute the kernel as a file, depending on what's stored in it? In contrast to this,
|
||||
the LSM facilitates the following. If a user wants to access a file, the LSM typically takes a look at
|
||||
the file and then goes back to the policy framework or to the framework, which then can check
|
||||
based on profiles in that armor and what this is we're going to cover in a minute,
|
||||
or something called policies in SC Linux, whether that process in addition to the DAG
|
||||
defined for this object is allowed to access this object. So this is the main difference between
|
||||
ordinary Linux and the LSM enables. The idea was of course that each separation of concerns
|
||||
essentially the kernel would implement these hooks and then the the framework running
|
||||
on top of the kernel would implement the MAC mechanisms as in the mandatory x-control mechanisms
|
||||
independent of any kernel implementation. That would give an additional level of flexibility
|
||||
for any framework being implemented to to realize mandatory access control.
|
||||
Let's go into two examples for more typical mandatory access controls. Something called
|
||||
app armor and SC Linux. What do you know about SC Linux modern? It's very annoying.
|
||||
Spot on and it was actually developed by something called the NSA.
|
||||
About 20 years ago, I was a little bit more complicated because the NSA funded a government project
|
||||
and this government project basically then had the for initial implementation of SC Linux.
|
||||
At his kind of intention or well, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, for aim,
|
||||
let's put it this way. Okay, so what and the interesting bit of course about SC Linux
|
||||
is that something called Android has been using this for at least the last four major versions
|
||||
as the main security framework. Particular manufacturers like like Samsung do a
|
||||
an enhanced version of it in the Samsung, for example, calls it nox, but at the end of the day
|
||||
when it boils down to is is essentially slightly modified as the Linux implementation protecting
|
||||
the smartphone. Cool, that sounds good. Okay, you want to, sorry, for those of us running Android of course.
|
||||
Well, what else is there? You can of course run iOS. It's quite a few Apple users have.
|
||||
Yes. So why don't you walk us through a high level overview of SL Linux?
|
||||
Can do if you like. Yeah, well, it's a bunch of patches right to the kernel
|
||||
implementing the vendor checks as control things.
|
||||
Well, the NSA has done. Yeah, I'm sorry, go ahead.
|
||||
You're enforcing or mandatory and what else can what else is the element? Is there an option?
|
||||
Oh, I miss it.
|
||||
I miss it. Thank you. Yes, I think you're welcome.
|
||||
Yeah, so those are the three main settings for OSC as you may mix memory. Yes.
|
||||
Yeah, so what else would you like to know? What typical entities SL Linux can define?
|
||||
Well, it's about policies, isn't it? Yes. There's the main difference between one of the main
|
||||
differences that put it this way between something called AppArmor and SL Linux is of course,
|
||||
but of course, but rather is that SL Linux could define something like a role-based
|
||||
access control model, also known as an R-back. AppArmor does it slightly different,
|
||||
but maybe it's good idea to define what an R-back is first. Yeah.
|
||||
That's right. Yeah.
|
||||
Yeah, a role-based access control model basically has users, roles,
|
||||
and the relationships between these entity defined, and also basically then based on the
|
||||
combination of user roles, defines the access rights or the user rights to certain entities.
|
||||
Imagine Martin you're running a brothel, right? A brothel that has more than two branches.
|
||||
But yeah, I'm sure you can shed some light on this here.
|
||||
I'm just using that as an example. Martin probably would use a cartel, but
|
||||
the difference are negligible, so don't worry about it. So imagine Martin you're running a brothel,
|
||||
you have about 10 branches, the brothels, of course, let's start with the users.
|
||||
Oh, sorry, let's start with the roles, rather, which is one of my interesting. So each and every
|
||||
entity in this brothel context would have a certain role, like you would have
|
||||
dams of negligible factions. You would probably have admins of running that brothel.
|
||||
You maybe have optional pimps, taking care of the promotion of set brothel, and of course,
|
||||
you would have something called. Yeah, you would have Martin, exactly.
|
||||
My you would have Martin to do it. And of course Martin, you would have most
|
||||
importantly, because otherwise you wouldn't be running a brothel, you would have punters, right?
|
||||
I assume so, yeah. But I mean, without punters as a customer, running a brothel probably
|
||||
would doesn't make much sense. So these are the roles that you have. And of course, you may have
|
||||
also subsequent roles in terms of you would have super dams of negligible factions, i.e. VIP.
|
||||
What's what I'm looking for hookers? Exactly. Like VIP hookers that are only accessible by VIP
|
||||
punters, as in they have to have a certain status, they should have spent enough though with the
|
||||
brothel to reach that status. Ordinary punters wouldn't have access to these VIP hookers. And ordinary
|
||||
punters need to say are not the VIP punters themselves, unless they pre-qualify or they qualify
|
||||
for this role. Users then would be people associated with these roles. So you would have Joe
|
||||
though, you would have Martin Visser, you would have Donald Trump just using three random examples
|
||||
being punters. You would have, and by the way, Martin Femke rings a bell, right? Because she came
|
||||
up with that example. Apparently that's basically how she implement the whole thing back in the day.
|
||||
She's the Colonel developer. Oh, okay. No, she's not. No, she's just run to brothel too.
|
||||
Femke, that, that, that, full disclosure of people, listeners, if you go back a cup of episodes,
|
||||
you know what Femke is all about. The next three modules, yeah.
|
||||
Okay. Okay. And going back to the, to the, to the, to the users, and then you would have
|
||||
games of negotiable affection like Femke, what else comes to mind? Grown you, probably.
|
||||
And Chivon, okay, to use to Irish names, purely made up, of course. Then you would have a
|
||||
couple of pimps, and then you would have ethnic stuff running this. So the idea is that, for
|
||||
example, in this completely made up context, a punter can only access ordinary, they, or can,
|
||||
or can, can, or can only make use of ordinary names of affection, because a normal punter hasn't
|
||||
reached this VIP status yet. Only a, if Joe Dow, or Donald Trump spends enough money, he's
|
||||
being promoted to VIP punter, and can access the VIP names. So this is essentially the role-based
|
||||
access control model in terms of uniform roles, uniform instantiations of these roles called
|
||||
users, and you define access mechanisms, i.e. getting together with, with the, with the name of
|
||||
negotiable affection, or paying or self-flatists. Any questions? Yes, I do have a question on this.
|
||||
So what you're saying is if you're a Linux user, and you pay enough money, then you can elevate
|
||||
yourself to root. Linux is a little problem. Linux, Linux is a little brothel, right?
|
||||
What? You were downfall. Last class, how much I checked anyway. This is just an example. It doesn't
|
||||
necessarily relate to the Linux, to the Linux kernel as such. I was just using this as a,
|
||||
as a, as a, as a, as a, as a, as a scene setting, scene resetting, scene resetting for something
|
||||
called the role-based access control model i.e. these are the typical entities you would find in
|
||||
an hour back. You have the roles, you have the users, and you have the access control that
|
||||
these users, that these roles define, exactly. Yeah, the, the, the main difference, I guess, that
|
||||
says being able to elevate yourself to a different, um, status, right? As a user.
|
||||
In terms of privileges. Normally, this is done for you as part of a Mac.
|
||||
Yes, indeed. So your, your role, your role and your associated privileges are fixed
|
||||
unless changed by another party, right? This is exactly the nature of a Mac, yes.
|
||||
Okay. Okay. Going, going back, going back to the, to the SLA Linux. So essentially what,
|
||||
what SLA Linux does, it defines a role-based access control model. Users are normally ordinary Linux
|
||||
users, and then the role would be a definition of something like admin staff, ordinary users,
|
||||
and all the rest of them. And there's also something called a type in SLA Linux, which is an entity
|
||||
that can be associated with a process. In that case, a type or domain, as it is also known,
|
||||
defines how a subject, which is in turn the user, or representing the user, can access an object.
|
||||
And an object in SLA Linux in contrast to AppMR can be anything. It can be a database,
|
||||
it can be a socket, it can be a port, it can be also an entity representing an X window system,
|
||||
which is quite comprehensive in contrast to something called AppMR. Right.
|
||||
And there's quite a few differences with AppMR. Yes. And then you have something called policies,
|
||||
and the policies essentially define how roles, users, and types relate. Our policies define
|
||||
the way users, our processes, started by users, can access a certain object in a running Linux system.
|
||||
And we won't go full disclosure, I'm sorry, full disclosure, yes. We won't go through the technical
|
||||
details of each and every framework, because this way to comprehensive as a Linux alone
|
||||
is quite powerful, and also as Martin already pointed out, quite complex. A full coverage probably
|
||||
would stretch this episode way into a couple of hours. So we will leave it at that, of course.
|
||||
Only two. Maybe three or four. Of course. The show notes will contain pointers to the relevant
|
||||
documentation. Yes. So in terms of AppMR, is the biggest difference with SE Linux that you
|
||||
are, the programs are the objects of security abilities, or have I understood that?
|
||||
To an extent, let's put it this way. The type that is defined as a Linux can also actually reflect
|
||||
to an object, in that case, it's not bound to a user, but rather specifies how any entity can
|
||||
access this object in what way. So it's actually a two-pronged approach. You have a process
|
||||
that wants to access a certain object, and then you have policies, just covering a full object
|
||||
in terms of being valid across roads, like a default. Let's put it this way.
|
||||
The details are quite intrinsic and complex. So as I said, in this context, very important.
|
||||
SE Linux has a great wiki that gives you a very comprehensive introduction to the subject
|
||||
without getting lost in the details. Let's put it this way. Of course, the links would be in the
|
||||
show notes. And most importantly, SE Linux and contrast AppMR defines actually modified utilities
|
||||
to examples, LS and PS. If you specify a minus Z with both commands, you actually get what is
|
||||
known as a label. Yes, Z, exactly. Sorry, Z in American English, Z in British English.
|
||||
And this command-on option, or flag, gives you basically prints out the label, which is a
|
||||
combination of the entities that I just explained. Okay, that's useful.
|
||||
Right. Why don't you tell us a bit more about AppMR?
|
||||
It's you, Sonsosa, and Ubuntu, and there's wiki.
|
||||
That should be sufficient.
|
||||
Is this, this is not running on the envelope? No, it's not. No, the jokes aside. In contrast to
|
||||
SL Linux, AppMR is less complex, let's put it this way, but also less powerful.
|
||||
The equivalent of a policy in SL Linux is something called a profile, and there's also the
|
||||
main difference that typically a profile is associated with files. Martin, that's plan 9,
|
||||
ring about, plan 9, cloud 9 does. No, plan 9. There was a movie called plan 9,
|
||||
from outer space. It doesn't think about? No, I should not need plan it then.
|
||||
No, it does plan 9 in terms of operating system, fling about.
|
||||
No, it doesn't. Okay. You heard about, you heard about an operating system called
|
||||
Unix. They agree, they agree. They agree. Why do a few people who implemented the original
|
||||
Unix, the original Unix operating system, i.e. system 5, continued on to something called plan 9.
|
||||
And plan 9, in contrast to the original Unix, had an important property, and a guy called
|
||||
Linnestow was essentially just stole it or bought it and never gave it back. Each and every entity
|
||||
in plan 9 can be expressed as a path of file. You'd see this, actually, if you take a look at
|
||||
modern Linuxes, where you have something called a process file. That directly comes from plan 9.
|
||||
And the idea behind app armor is actually to, apart from a few exceptions,
|
||||
like, for example, TCP network traffic, to treat everything pretty much as file.
|
||||
Okay, so profiles, which, again, are the definition of how a user slash process can access an
|
||||
object slash slash file, are just basically relating, as I said, to mostly two files.
|
||||
Yep. And this is one of the main differences, where SE Linnest has quite a comprehensive
|
||||
role-based access control model. App armor keeps things simple. For example, it doesn't define
|
||||
a full role-based access control model, but rather it just defines how users or processes
|
||||
can access in the majority of cases files. So, if you want to do a full
|
||||
R-back for app armor, actually, you have to combine PAM as the pluggable authentication module system,
|
||||
typically found in the Linux with app armor, because that only did only that combination
|
||||
gives you a full R-back. Okay. Hmm, where you say it's limited to Ubuntu and Susie.
|
||||
This would be the two prominent distributions that use it. Full details are on the app armor
|
||||
project side, also reference in the show notes. Okay, so why did they go to app armor?
|
||||
We'd better ask Mark Schalworth, jokes aside. No, they didn't on the show. I feel listening, yeah.
|
||||
Mark, there was a mail that I sent to you last August. You never replied. Anyway, it doesn't matter.
|
||||
Both frameworks have their pros and cons. App armor profiles are inherently easier to maintain,
|
||||
but also less complex. In contrast to this, distributions like rat heads, like centro S,
|
||||
like what's called scientific Linux, prefer the complexity and the power fullness of
|
||||
SNLs over app armor. Needless to say, both frameworks are available on the majority of Linux
|
||||
distributions, more often than not as part of standard repositories. So as usual with open source
|
||||
software, you are free to choose as you see fit. Both frameworks have their advantages and disadvantages.
|
||||
It's just the case that some distributions prefer as a Linux, some distributions prefer app armor.
|
||||
Well, it sounds like app armor is limited to only a few.
|
||||
Well, the main difference basically being that app armor doesn't define a full-road base access
|
||||
control model, where it doesn't have the choice if it's not available on, say, a centerway store
|
||||
of adaptor. It is. Okay. You just have to install it. No, no, sorry. It's just that certain
|
||||
distributions have a preference for one or the other. Okay.
|
||||
And funny enough, actually, I think open source is the only RPM-based distribution that
|
||||
prefers app armor. Of course, there might be wrong listeners. If you have different views,
|
||||
the email addresses feedback at Linux.edu. Okay. So I think there's that cover of the differences
|
||||
between the two. A full comprehensive discussion probably would take up at least a couple of hours,
|
||||
so we leave it at that, I suppose. Okay. But so, are there any other LSM implementations
|
||||
you'll have? There might be, but I think app armor and reserve would be the two more,
|
||||
yeah, most prominent ones that you see in the wild being used on a daily basis.
|
||||
Okay. Cool. I mean, I don't know many deployments, many redheads or center-ass deployments in
|
||||
production, that is, that you do not use at least some simplified SE implementation in terms of
|
||||
policies. Yeah. Yeah. I mean, for example, full disclosure, the website or sorry, the server behind
|
||||
something called the Linux use group in Frankfurt is running center as seven. And of course,
|
||||
has an as a Linux implementation in terms of a comprehensive set of policies modified for this
|
||||
web server. Okay. So how long did that take you to set up? We have two admins running this. Yens did
|
||||
most of the work. Yens, cool if you're listening full marks. Okay. Well, I suppose a couple of weekends.
|
||||
Let's put it this way. Right. I mean, essentially, it's a standard implementation plus
|
||||
modified for the particular for the particular piece of software that we run the back one,
|
||||
for example, as our CMS, we use more and more in. Okay. So any advice for any listeners out there
|
||||
indeed. Take a look at both frameworks. Take a good look at the at the at the at the documentation
|
||||
because both of them can be quite powerful. As usual, basically, it's the use case that drives that
|
||||
decision. If you need, I mean, both frameworks have a certain level of flexibility, because without
|
||||
saying, if you want to have something easy to set up flexible, easy to maintain, and with lower
|
||||
implementation effort, but confined in functionality, take a look at up armor. If you're not afraid
|
||||
of steep learning curves, complexity, but much more power in terms of the exact definition
|
||||
of security that you use case is looking for. Take a look at SL Linux. Yeah, that makes sense.
|
||||
So in your Webster example, would you need that complexity?
|
||||
That's overdrive a little bit more than just a Webster. So that quite a few other components
|
||||
installed on this, including, for example, main maintenance and all the rest of it.
|
||||
And it's running center S. So the decision was taken, basically, to remain with SL Linux because
|
||||
it's a standard Rbeck framework running on top of center S. Okay.
|
||||
Any closing thoughts on this, Martin? Well, to me, for my limited Linux,
|
||||
his admin activities, I think,
|
||||
a really good use case I'd go with that armor, isn't it? A deficiency that can be corrected,
|
||||
of course, given enough time. Yeah, this is quite an interesting concept, isn't it, time?
|
||||
The good news is Martin, it has been run for a while. It has been run for a while, but it's also limited
|
||||
in, it's in a month. Not limited in a month, but limited in a month for there's mortals
|
||||
amongst us. Indeed. The trouble is, of course, time will outlive the two of us easily.
|
||||
Yes, it's quite good about that. It has been since its invention, I suppose.
|
||||
Yeah, they designed that one quite well. Who is, who is they, Martin, explain?
|
||||
Well, the great time inventor. Who's this? I don't know, you tell me.
|
||||
I don't know. I'm sorry, I can't help you.
|
||||
Okay. Okay. This is it. Yeah, that's good. Okay. In that case, we should probably move on
|
||||
to the feedback, which we haven't done for a while, but now it's the time to catch on up to
|
||||
with by, I don't know. Okay. Kevin O'Brien writes in, and that's been a while because I think
|
||||
that feedback, that back, that's back to January. In case you've heard this feedback for Chris
|
||||
that shows me we haven't done it yet. Kevin O'Brien's back on the 29th of January. I'll
|
||||
love the show, great show, and I'm promoting it on my social media. Kevin, Kevin, well done.
|
||||
Please do continue to listen. We are available on the major podcasting networks. We, of course,
|
||||
are available on Hacker Public Radio. We are not confined in contact to other software
|
||||
podcasts or something called SoundClouds. I might add. This is a proprietary podcast
|
||||
platform, I think. Okay. David and Thomas, if you're listening, it's a free word, go for it.
|
||||
Yeah. Okay. Then the next feedback. Yes. Yes. Read this one out, Martin. Please.
|
||||
Claudio, thanks for the invite. I'll have my agent contact for you. Claudio,
|
||||
call it star, ragazzo. Claudio, if you're listening, we would really like to have you on the show.
|
||||
Indeed. If you're so inclined, please get in touch. The email address is feedback at Linux
|
||||
in-laws.au. And with this, I think it's now time for the boxes. Okay. Which is, of course, the
|
||||
pick of the one. Yeah, pick off. Thank you, Martin. Pick off the week. Yes. I should know this
|
||||
because I came up with it. What can you do? Okay, Martin, what's the pick of the week?
|
||||
It's a movie called Man Down. Okay. Which is a, yeah, it's quite a, it's a gripping story.
|
||||
It's really well written, I think, in terms of storyline.
|
||||
Which, I mean, two minds, whether to talk about it or not, because if I do, then it gives the whole
|
||||
plot away. So the final description does contain, or the following teaser does, the may contain
|
||||
spoilers. Yes, yes. Okay. Fair enough. Go ahead, Martin. Sorry. Yeah. Go ahead. Okay. So it's really,
|
||||
as you're starting in the future and what it comes down to is someone is living in a reality,
|
||||
in an alternate reality, the way he sees it. So based on events that have happened in this past,
|
||||
and then slowly the story unfolds, and that's the reality turns out to be a little bit different,
|
||||
and that's not to say too much, but it, sorry, it comes together at the end, really, in terms of
|
||||
the two storylines converging, which is, it's very well done, I think, in that way.
|
||||
Um, well worth a watch. And man down, this is what a drama teacher gets a wake-up call when
|
||||
his girlfriend leaves him. No. No, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, I am
|
||||
DBA trip originally. Yeah. Which is involved in it. When was it, when, when was it released?
|
||||
Quite recent, I think. Okay. Let me check that for you. In the meantime, why do you not tell us
|
||||
about your pox? Yes. My pox is actually a TV series called The Midnight Grospoil.
|
||||
How can I put this? It's the rage with younger people. Let's put it this way. Without giving
|
||||
a, without giving too much away. Essentially, it's about, it's about a bloke, specifically
|
||||
using British English term here. It's about a bloke living, living on the planet and who's
|
||||
able to travel to other planets. And the, the, the plot of each and every episode is that he
|
||||
meets through some time-traveling machine or whatever, whatever that gadget is called. He meets
|
||||
quite a few other beings on this planet. And while the, while the planets disintegrate of the
|
||||
cause of an episode, they discuss most philosophical and other topics of great importance.
|
||||
The fun part is, of course, you see all, all things strange happening while the
|
||||
discusper is ataric subjects. It's rated quite highly on IMDB, if that's anything to go by.
|
||||
And the fun, I mean, this description sounds rather dry. And I'm not going to go into the
|
||||
details because that will spoil the whole fun. But if you have a chance to, to, to watch it,
|
||||
just go for it, just amazing. So this is a movie or series, sorry? It's a TV series. Right.
|
||||
If you, it debuted to last year in 2020, where can people find this TV?
|
||||
You will find links in the show notes. Okay. And I mean, if you're into quirky,
|
||||
animated, by the way, this is animated, this is not kind of for, I'm, I'm really people doing
|
||||
that series. If you're into quirky, animated, sci-fi, funny on the funny side, just don't miss it.
|
||||
Entipoxys Martin. Entipoxys. Yeah. Nothing, nothing for me this week, really.
|
||||
Not even GPU-based databases. No, no, hey. Okay. Well, I guess they, they sort of
|
||||
pale in significance compared to quantum computers, but they're not by the way.
|
||||
I think they're stuck on the way there.
|
||||
Okay. What about your antipoxidant? It's, it's a beer called Corona.
|
||||
No, that was a joke. Corona virus, if you're listening.
|
||||
No, seriously, we had it. We just had it. Do yourself a favor and vanish.
|
||||
Seriously, just go away. No traces, no phone calls, nothing. Just disappear.
|
||||
It's enough. It's over. What we could do, actually, with the money is currently being spent on
|
||||
vaccines. I will, I won't, I won't even go near imagining it. I mean, you're talking about five
|
||||
star vacations, including... Well, I mean, there's a blow and all the rest of it.
|
||||
If we're talking about money, that could be spent better. There's a number of people in the world
|
||||
that could be, help accountable for this one. Jeff and Elon, if you're listening,
|
||||
yes. That will be my antipoxidant, antipoxidant of the week, yes.
|
||||
Very good. Very good. Okay. Okay. Of course, closing your marks, of course, we can be found on
|
||||
Hacker Public Radio, where we will continue to broadcast or to, to upload the show to,
|
||||
can, if you're listening, thank you. Thank you, Ken. Yes, Mr. Fallon, we do appreciate your,
|
||||
your hosting services, capabilities, whatever you want to call it. We will be on Hacker Public
|
||||
Radio until we say so otherwise. And if feedback, please, also, if you have topics for upcoming shows,
|
||||
so we don't have to think of the crap ourselves that we talk about, please be free, claw your
|
||||
not to get in touch with us at feedback at Linux in law study you. Yeah, well, we do have a number
|
||||
of interviews lined up, don't we? So that's, that's quite nice. Something to look forward to. Yes.
|
||||
With Alan Tesla, sorry, Alan, what's his name again, Jeff and other people? Maybe.
|
||||
Any particular Alan? No, just saying randomly, I don't know.
|
||||
And if we can, and if we can find the gray farts, we actually might dig up, what's his name again?
|
||||
Nikita Tesla? Nikita Tesla? Yes. That's what I'm trying to show for which purpose.
|
||||
We crossed that bridge mark when we come to it. I think we can leave it there.
|
||||
This is, if you know where Mr. Tesla is buried, please get in touch and feedback.
|
||||
And with that, I thank for listening and looking forward to have you on the next episode in terms
|
||||
of listen to it too. Bye. Bye. This is the Linux in laws. You come for the knowledge, but stay
|
||||
for the madness. Thank you for listening. This podcast is licensed under the latest version of
|
||||
the creative comments license type attribution share like credits for the intro music go to blue
|
||||
for the songs of the market to twin flames for their peace called the flow used for the second
|
||||
intros and finally to select your ground for the songs we just use by the dark side. You find
|
||||
these and other dd's licensed under cc hmando a website dedicated to liberate the music industry
|
||||
from choking copyright legislation and other crap concepts.
|
||||
You've been listening to hecka public radio at hecka public radio dot org. We are a community podcast
|
||||
network that releases shows every weekday Monday through Friday. Today's show, like all our shows,
|
||||
was contributed by an hbr listener like yourself. If you ever thought of recording a podcast,
|
||||
then click on our contribute link to find out how easy it really is. Hecka public radio was
|
||||
founded by the digital dog pound and the infonomican computer club and it's part of the binary
|
||||
revolution at binwreff.com. If you have comments on today's show, please email the host directly,
|
||||
leave a comment on the website or record a follow up episode yourself. Unless otherwise status,
|
||||
today's show is released on the creative comments attribution share like 3.0 license
|
||||
Reference in New Issue
Block a user