Bart Silverstrim wrote:
On Nov 9, 2006, at 2:40 PM, Daniel J McDonald wrote:
On Thu, 2006-11-09 at 10:24 -0500, Bart Silverstrim wrote:
On Nov 7, 2006, at 6:48 PM, Jim Redman wrote:
Chris,
Christopher X. Candreva wrote:
On Tue, 7 Nov 2006, Jim Redman wrote:
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
very little tweaking. That is important to me - I manage about 20 linux
servers, but my primary responsibility is 196 routers and firewalls.
I'm not ignorant of the build process - I learned how to build SRPM's
working with this package - I merely don't have the time to mess with
it. So, I understand the sentiment.
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought.
I personally think that's a poor attitude. Clueless newbies are
important too. I personally will dump a project that takes too long to
get working at all. As long as I can see progress it will keep my
interest.
Cluelessness is one thing. Willful cluelessness is another. There is a
difference.
What you're talking about is hassle...if it's too much hassle, you move
on to something else. That's fine and dandy. But there are many many
many people who are using, for example, ClamAV without throwing a fit
because there's too much in the conf file to set up.
The distinction is you can get frustrated and ask for help, or you can
get frustrated and bitch about it rather than read the comments in the
conf file. There's a lot, it can be tedious to a degree, but you're not
having to go through source code to figure out how to get it to work. I
have found that *overall*, with all the different distros out there, it
is impossible to come up with a one-size-fits-all solution but the
config files and guides for installation and configuration on the
Internet are enough that you need not invest a lifetime to getting this
one project working.
As I've said in other posts, the problem (as I see it) isn't necessarily
that he's clueless, or a newbie. It's the attitude he approached the
group with, the attitude of "I don't know anything and want to stay
ignorant. You should make it so I can stay ignorant but get this to
work." This is something that can easily ruffle some feathers,
especially when so many in the group have started in that position but
learned how to get it to work. It's also shocking for a sysadmin to
declare that they want to stay ignorant of the equipment they're
using..."I want to be a rocket scientist, but don't want to take that
nasty physics stuff...you should make it easier!"
I understand completely what you are saying and also agree with it.
However, regardless of how clueless the rocket scientist wants to remain
(which, yes, is a poor attitude), IF there is room for improvement or IF
some part of the process CAN be made easier, shouldnt it? This has
nothing to do with the fact that he wants to remain ignorant. It really
seems as if everyone read that part and COMPLETELY missed what he was
really trying to say and instead focused on blasting the guy because of
his willingness to remain ignorant.
For example, the Hobbitmonitor project is buried deep on my todo list -
There are about 15 "post release" patches that have to be individually
applied in a certain order, and I have yet to get it right and have it
compile. So I ignore it, and think "If I ever get about 4 hours of
un-interrupted time, I'm going to tackle that beast". Of course, I
don't have 4 hours, so it just gets deeper on the pile, and I never get
my monitoring server built, and I never am able to contribute back to
the project by helping other clueless newbies...
Then cut it loose.
This seems to be a hard concept...similar problems crop up, and my
response is something along the lines of, "Well, your company isn't
hiring enough to properly staff your department or manage the staff
properly...if it were truly important, you'd get the time. So either
suffer with the lack of XYZ, or have them hire more people, or move to
another company that does respect their IT department's role more."
"Well, that's not realistic..." "Well, then it sounds like you are
going with A, suffer the lack of XYZ. Accept it, quit complaining."
<crickets...>
I'm not saying every project requires you to cut off fingers and chant
voodoo incantations to work. I'm just saying that ClamAV isn't rocket
science, there are some problems, and your average sysadmin should be
able to go through a conf file to configure it and be able to get it to
integrate with most MTA's using docs on the Internet with relatively
little energy lost. I am tired of the couch sysadmin running mail
servers using a black box approach, relaying spam or implementing poor
security because they're too damn lazy to actually figure out what
running a mail server means, and when someone comes along saying that
they have problems XYZ the "real" sysadmin takes their advice and learns
what is happening while the couch sysadmin ignores it or complains it's
their mail server vendor's fault because they didn't make it simple
enough to just run the installer and ignore.
AHA!. This seems to be it. Everyone is pissed off at shitty admins!
So forget the fact that they actually might have a valid point one day,
lets just insult them and tell them they are stupid and ignore anything
that comes out of their mouths. Im sorry for whoever feels this way.
Life must be very frustrating for you. Im done here.
Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
