Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> The 'what' is the problem. If our sales person want to
> demo a product that connects on 6 different ports to
> places that aren't known until the first connection
> is established, will it work?
If I setup the proxy to allow all access by default, such as
I would in such a situation, then yes. But I do _not_ let
just any port out the firewall.
> I didn't design the product, but I've had to help make
> it work in places that don't use a default gateway.
> It's not pretty.
If people would make such security considerations in the
first place, the Internet would be a lot safer. The problem
is not the networks, but the apps.
> The reason there are other ways is that none of them
> are perfect. There's nothing wrong with understanding
> the flaws and tradeoffs of each.
That was my point!
So why were you so hell-bent on talking about how something
must work only one way? And you continually discarded
countless suggestions from others, and even more from myself,
as if they were not options?
> Generally I don't want applications to use a proxy
> unless I know they are going to download the same big
> files as other systems. Otherwise it slows things down
> slightly and has no benefit.
No benefit?!?!?! Security???
> That's a reasonable approach, but takes an extra step and
> unless the same programs are installed everywhere the
> 1st system may not have all the others need.
But it would _still_ cache the programs that are similar, as
well as they test at least on the "common" system. Even you
mentioned "testing," so I'm now even more curious how you're
managing these systems?!
> I'm not demanding solutions, but if people don't consider
> the problems there won't ever be any solutions.
Not the solution you explicitly want, as you seem to want to
consider no others, or their merits for that matter.
> It's a one-line command. How does making it a script
> help?
First off, you're aruging that 1 command is easy to do on a
lot of systems. So how difficult is it to make a 1 line
change to yum.conf? Could you please _stick_ with something,
instead of just arguing however it may favor your viewpoint
at any given moment?
Secondly, you're forgetting that you're SSH'ing into systems,
etc... All those manual steps -- launch the terminal, etc...
-- for _each_ system.
Having all systems automagically pull from the same
configuration server would mean you make a change in 1 place,
and then it is pulled by all other systems.
If you only have a half dozen or so systems, then just select
one user's system at the client as the configuration
management server. You then run 1 command to say the change
has been implemented, and it gets copied into the
configuration management repository for all other systems to
grab.
> You have to spend the time to create the script
> and then it takes just as long to type it's name as
> the command itself - or recall it from history.
The time spent to setup a basic configuration management
setup is tiny -- especially for multiple systems. It is
certainly less time than to launch a terminal, SSH into each
one and hit the up arrow on a regular basis.
As I said, I am really starting to question many things at
this point. But you keep on at it.
--
Bryan J. Smith | Sent from Yahoo Mail
mailto:b.j.smith@xxxxxxxx | (please excuse any
http://thebs413.blogspot.com/ | missing headers)
