[clue] CentOS new user experience

Mike mikedawg at gmail.com
Thu Dec 24 23:58:55 MST 2015 

So, I tried digging through Red Hat's bugzilla, but I'm guessing most of
the tickets were entered by our TAM. So, from what I can recall, about some
of the tickets, a couple security issues that I can think back, and
remember being solved, in close to less than 24 hours.

Pre-heartbleed/poodle and the like, there was a vulnerability in STARTSSL,
a list of affected products pretty much included just postfix, and was
patched, like same day, or next day. We started thinking about the issue,
and looked to see if cyrus was affected by the same startssl vulnerability,
and it was. RH got right on it, and had it fixed within the day. There was
another instance, back in RHEL 3 days, where the login prompt would change,
based upon the pam module to authenticate; for example, if a user was
trying to auth using the ldap module, the prompt would be different than if
the user was attempting to auth using the kerberos module, and fallback
pam_unix module; the issue was fixed within 2 days, if I remember correctly.

They also helped me troubleshoot some crap, that I should have been better
on, back in the day, with products that weren't owned by Red Hat. For
example, we were working with Trustwave's SIEM, and their control server,
would do a really weird connection attempt, out on port 0, and if it was
blocked (or specifically denied) the server wouldn't start. If it attempted
its connection out, and received an ICMP error message, it would start.
More or less, some simple tcpdump and firewall rule writing, could have
figured it out.

I don't remember all the slightly easier technical issues covered, but I
figure most of them revolved around the satellite product, and creating our
WS based on KS scripts (pre-chef, pre-ansible, but NOT pre-puppet), we used
Satellite to do some of the basic tasks that one would normally use those
products for, nowadays.

That being said, I'm a Fedora user at home, and often enter tickets in RH's
bugzilla for Fedora; and while not supported by Red Hat, they still do work
on the issue, and so on. I can't count the number of tickets I've entered
for Fedora, most of them had been worked on by RH, and that being said,
there were several that weren't.

These are some of the issues coming to the top of my head, but I'm sure
there are a lot more, that I'm just not thinking back to.



On Thu, Dec 24, 2015 at 10:16 PM, David L. Anselmi <anselmi at anselmi.us>
wrote:

> Mike wrote:
>
>> So, I've got a couple comments about this point you made. I am biased (I
>> will explain down below, above my signature), however, I will state, that
>> many times before, working large contracts for my government employer, we
>> did call on RH support, for unclassified issues, and they were able to
>> help
>> us remedy them. Back in my government days, I'd say 50% of the issues
>> revolved around security flaws/problems, and 50% other technical problems,
>> and once we got our shop more secure, we moved to 25% security related
>> issues, to 75% technical problems. So, to contradict what was said, as
>> quoted above, yes, I got meaningful support from paying RH. I also worked
>> with Red Hat on several occasions in the public space, when I worked for
>> an
>> extremely large hosting provider (anyone remember Savvis?), and they
>> helped
>> me with several technical issues. I have yet to run into the problem
>> described above, with all my dealings, I've ever had with Red Hat.
>>
>
> Can you give an example of a security problem and a technical problem you
> had and how RH solved it?  Perhaps where you were impressed that RH did
> something you didn't expect to help you.  I'd like to understand your story
> better.
>
> I haven't been in a position to call RH support so I don't have any
> firsthand examples of failures.  But I've pretty well always been able to
> find my own answers to any issues I've had so "support" doesn't seem very
> valuable to me.  By contrast, the systems I work on now have great
> community and corporate support--but they're also really important to the
> business and really expensive.
>
> Congrats on the new gig.  I hope you really enjoy it.  When you run across
> things that make you say "hey, that's good to know" make a note of them and
> come talk at one of our meetings.
>
> Dave
>



-- 
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20151224/a3490554/attachment-0001.html

More information about the clue mailing list