Forward looking to FC2 final and SELinux

Jef Spaleta jspaleta at princeton.edu
Wed Apr 7 02:15:04 UTC 2004


Jesse Keating wrote:

> So, it's not a matter of have SELinux in the distro or not, it's a >
matter of usability and exposing the RIGHT option to the end user.  >
Much like other advanced features are hidden from the (to borrow 
> Jef "I have a big middle name" Spaleta's phrase) average meathead, >
SELinux should be not exactly hidden, but just disabled by 
> default.  It would go a long way toward making the distro 
> desireable.

While deftly skirting publicly positioning myself on the should selinux
be defaulted to on. I thought i'd take a moment to clear up
my definition of "meathead" which i think is being used incorrectly
in this situation. Meatheads are those people who deliberately choose
to not use the defaults without having an appropriate understanding of
the consequences. They will do things like go out of their way to enable
even hidden options just because they read a one page 12 step howto,
that doesn't make an effort to explain how badly things can go and makes
no effort to educate beyond the best case situation. 

Meatheads tweak their systems...but do not learn anything about their
systems until after the noticed it has gone horribly wrong and have no
idea when exactly it went horribly wrong during the 100 or so specific
tweaks they performed.  

In my lonely and opinionated world view.... meatheads are a completely
different subgroup than the AT user that ESR likes to wax eloquent
about. AT's or as I like to call them... office and home professionals,
want to get tasks done sane defaults and other usability and utility
issues should be designed with them in mind.
As much as I want to learn and understand about the inner-workings of
the tools I use, i know normal people don't have nearly anywhere the
same comprehension fetish that I have. My general rule is... if its
something I want as a feature to make my life easier..its clearly NOT a
good idea for office and home professional userbase.

Meatheads are a complete contrast with the office and home professional
group that Aunt T is a member of. They obsess over detailed featuritis
compared to enhanced general usability and work flow...and yet they can
not be considered technically proficient (yet) because they have not
learned basic troubleshooting skills when doing clearly advanced and
experimental tweaking...skills like skimming documentation that comes
with the software before screwing around.
</rant off>
 

So in this situation...defaulting selinux to off in the installer..isn't
going to protect meatheads, but it will probably protect the office and
home professionals, since they will more likely than not need to install
3rd party applications, if selinux continues to have trouble with tasks
like that. Identifying critical,frequent, and infrequent computing
activities that the office and home professional userbase need to do to
accomplish routine tasks and how selinux interferes with those
activities will probably go a long way to estimating the impact selinux
is going to have on that part of the userbase.  And I know, that my
personal use patterns diverge wildly from what an office and home
professional user would be expecting to do every day or week or month or
whatever, so i joyful expect problems with fc2 with selinux on or off.

-jef"bug day email next...after i get a soda"spaleta





More information about the fedora-devel-list mailing list