[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables logging to console-- help! [RANT WARNING]

On Thu, May 01, 2003 at 10:34:06PM -0600, Jamin W. Collins wrote:
> First, google is your friend.  Second, search the archives.
> In /etc/init.d/klogd, add the following:
>    KLOGD="-c 4"
> Then restart it.

<begin rant>
Yes, Google is my friend -- as a fairly new Debian user -- so much so
that my friends and family have begun to wonder where I have gone; the
hours and hours I spend with Google and similar mechanisms every day
have made me into a virtual hermit.

I know from Jamin's perspective as a regular answer-er on this List he's
right to point out that this was an FAQ. But I'd like to offer another
perspective. The perspective of new users of software systems, be they
productivity applications or OS packagings, shouldn't be dismissed, IMO.
I've argued about this over and over on the Cygwin List (I "migrated"
from Cygwin to Debian, in a sense) because of that Lists's tendency to
dismiss nearly every inquiry as an unwelcome breach of List protocols.
"Debian-User" isn't nearly like that, but a similar principle is still
very much applicable. Anyway, they got used to my rants over at cygwin,
as I suppose Debian-Users will. So no need to pay me much heed.

It took about 5 weeks of netfilter scrambling my ttys before I found out
about the syslog fix. This is a sign of a very rough packaging job, it
is too raw for new users. Yet every new user is going to hear "you
better run a firewall! You'll get hacked! You have to care about
security" -- over and over again. I know that Debian is the distro for
Gurus, the "user-unfriendly" darling of the initiated elite. it's just
that in my present flush of enthusiasm for the quality and flexibility
of Debian, I want *everyone* -- my wife, my mother -- to be running
Debian. I can see it isn't going to happen anytime soon. But I can
dream, OK?

What would have made sense to me is to have netfilter come with
documentation that makes it hard to miss the news about how to send the
LOG chatter away from the console. And to offer to modify the right file
so that this happens at install / configuration time. Instead, the
default is that appropriate to a hyper-knowledgeable career sysadmin --
and I get it, many users here and everywhere, of Debian, ARE sysadmins
overseeing systems serving 10s or 100s of users -- and this default is to
leave netfilter in "show me everything" mode with the presumption that
the admin will already know how to turn that off when s/he's finished
testing the setup.

These kinds of presumptions and defaults are found in myriad software
packaged for Debian. It's just that sometimes I install a package and
see that "this g(uy|al) did it just right". There's a sensitivity to what
defaults will make sense to average users that some packages (and their
packagers)  _have_, and some lack. Seeing it done well and thoughtfully,
with extra care to polishing the piece, makes me notice the lack in all
the others.
</end rant>

   Soren Andersen
GnuPG public key fingerprint:  BD26 A5D8 D781 C96B 9936  310F 0573 A3D9 4E24 4EA6

Reply to: