Tag Archives | merrilug

MerriLUG Notes, 17-April-2008: Dan Walsh & SELinux

Eleven people attended the April meeting of MerriLUG, the Merrimack Valley chapter of the Greater New Hampshire Linux User Group. Heather called the meeting to order at 7:30 PM, noted the that attendees were pretty much The Usual Suspects, and dispensed with the long-winded announcements for new members. http://www.gnhlug.org will tell you all you want to know.

Dan Walsh was the main presenter tonight. Dan had a very special visit from the Demo Gods, just before he was to start. His hard drive decided that his boot partition wasn’t. Never heard of ext3. Ouch. Ever the good showman, he borrowed my laptop, downloaded his presentations from the web, and put on a great show.

Dan mentioned that he’d lost his previous laptop during his recent tour in Europe when it was stolen and that maintaining your home directory encrypted was a Good Idea.

Dan reviewed the history of SELinux and the iterations we saw in Fedora 3 though 8 and RHEL 3 through 5 and what to expect in 9. He talked about the evolution of the policies, the different feature sets available, how the SELinux architecture can meet the stringent requirements of DoD level organizations (with bullet points like: “RHEL5: MSP Policy: EAL4+, LSPP, RBAC” – who wouldn’t be impressed?) to the Significant Others at home who really just want a machine to use the browser on.

Dan showed off the new kiosk policy, xguest, which was essentially a minimal-permissions user (no setuid, no executables in the home directory, no installation abilities, etc.) extended to run FireFox. Perfect when someone wants to borrow your machine for a second! In the default settings (installable in F8 or 9 with sudo yum install xguest), it creates a fairly ‘safe’ user that can’t do a lot of harm and whose directories are temporary RAM-based and vanish when the user logs out. (You can modify it to keep a persistent home to store cookies and bookmarks.) Ideal for a library or public kiosk situations. Yes, the evil minded boys in the room could come up with some work-around exploits, but this is a promising start!

Thanks to Dan for a great presentation under trying circumstances, to Heather and Jim for managing and promoting the meetings, to Martha’s Exchange for providing the facilities, and to all who attended and participated.

UPDATE: Dan’s posted an article to Red Hat Magazine, “Confining the user with SELinux” that covers a lot of material in the presentation, with more detail than my notes and links for further study.

MerriLUG Notes, 20-March-2008

Nine people make it to Thursday’s MerriLUG meeting, held on the very last night of astronomical winter, in this case the third Thursday of March, at Martha’s Exchange in Nashua. As was announced, the meeting was unstructured, informal, social and general conversations. A good time was had by all.

Matt mentioned that he’d recently received the designation of Red Hat Certified Architect, currently the top-tier of RH certification, requiring quite a bit of studying and passing some difficult exams. Congratulations, Matt!

Heather talked about some of the issues with calendaring using Evolution and Mozilla Thunderbird/Lightning, and that lead to a general conversation on the disaster that mankind has made of time zones, daylight savings time, expensive telephone systems that can’t cope, countries that change their minds, and so forth.

Ben was heckled in person, as he showed up. He brought a recent Dell lightweight laptop which he obligingly took apart for us to examine the various peripherals. An attempt at installing 2 Gb of Live Ubuntu onto a 1 Gb memory stick was unsurprisingly unsuccessful. He’s also been trying to get a USB wireless widget to work with Ubuntu. Matt plugged it in and showed it would work with Fedora 8, but then Matt’s an RHCA :).

This lead to a discussion of Network Manager, its strengths and
weaknesses, new features coming soon.

Conversation roamed all over the placing, including:

  • Proper grounding of data center racks.
  • Sprinkler systems.
  • EPO (Emergency Power Off) switches.
  • 50 Hz equipment is not a bargain in 60 Hz countries.
  • Proper lacing of cables.
  • MythTV, HDHomeRuns, TiV0, podcasts
  • the upcoming spam conference at MIT

One fellow, whose name I did not catch (he mentioned he was not good with names; me, neither!) brought along an OLPC and we talked about its engineering genius quite a bit. We didn’t talk much about its retail disaster, thankfully. Beautiful machines!

Kenta and Kevin and Mike also attended and contributed and participated.

Thanks to all for coming and participating, to Jim for arranging and announcing the meeting, to Heather for running the group and to Martha’s for providing the food and beer and facilities. Next month, we hope to have a very exciting meeting, but it’s not yet ready for announcement. Stay tuned, as Heather gave us some hints last night and it sounds very worthwhile!

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.