Wednesday, June 19, 2013

Trying to Tame Selinux

If you have ever had to fight with Selinux, you know how annoying it can be. In my experience, Selinux is a good layer of security if you have a good knowledge of what your applications can do. A good example would be a DNS or e-mail server, because the code and features they offer barely change.

On the other hand, trying to use Selinux with a complex system like a web application can be a drama unless it is integrated in the development cycle, that will not happen.  These kind of applications change constantly and it requires effort and time to keep the policies updated, without taking into account that the developers will press you because they just want to get things done. As a result, many sysadmins will get pissed off and will opt to simply disable Selinux to have an easy life.

The video below is a presentation that took place in the Red Hat Summit in 2012 and introduces Selinux in REHL 6.

Monday, June 10, 2013

Nothing to hide? The surveillance state

Many Europeans are familiars with laws tailored against our privacy. Here is common that any ISP or phone provider has to keep all their data three years in case the state needs it for a prosecution. Furthermore, more and more news confirm that many states are using state financed trojans to spy on their citizens.

Last week PRISM hit the news with a bit scandal . The big American service providers cooperating with the NSA to spy on their citizens!.  Of course this reminds me the Chaos Communication Congress that took place in Berlin in 2008, with the motto Nothing to Hide.

If you are a good buddy, why trying to protect your privacy? You haven't done anything wrong, do you? :)

Here is the link to the 25c3 keynote.