Subject Re: [IB-Architect] Re: Some thoughts on IB and security
Author Jim Starkey
At 02:18 PM 4/28/00 -0600, Tim Uckun wrote:
>

> bind and woila rpmfind actually locaes, downloads and installs the latest
>version bind. I have never used any other OS which made it so easy to not
>only install but upgrade software. All and all I find using RPMs much
>easier then downloading/unzipping/installing/rebooting cycle of windows.
>


I know we're drifting a little, but as the more or less official
non-Interbase official, I want to set standards and expectations.

My experience with Apache: I wanted to cut over from an old
Slackware Linux with NCSA to a Redhat 6.1 on a shiney new
el cheapo PC. Did the server install, and Apache was there.
No complaint. But my cgi script didn't work. I beat my head
against the wall. I even read the on-line docs. The sample
config files says:

Do NOT simply read the instructions in here without understanding
what they do. They're only here as hints or reminders. If you
are unsure consult the online docs. You have been warned.

The online docs told me to insert an option line in "the appropriate
place." Grrrr. A $39.95 trip to Borders. The book was useful. It
told me what to do any why (like I cared?). It didn't work. After
I set a few more things and set protections to "nobody" (intuitive,
right?) it worked.

Later I wanted to write a "module" that connected to an application
server. Simple? The online docs for writing a module consists of
a seven page note than was both incomplete and inaccurate. So
I installed the source and went at it. Bad experience, all in all.

Redhat doesn't ship the Apache control program. I sent mail to
Redhat support (I like suffering). I also found they had an update,
which I downloaded and installed. It trashed my configuration
file and put stuff in different directories. I found where they
had hidden my original config file and diffed it against their
new sample. Totally different files. They had an opportunity
to make an arbitrary change and ran with it. So I got to start
over. Growl. Three days later I got mail from Redhat support
(sic). They said it was unnecessary but might be on the kit
somewhere and if not I could try www.apache.org . Thanks, guys.

I'm a developer. It is an absolute business requirement that my
product work with Apache. So I stuck with. If it had been Interbase,
I would have found another database system.

Interbase, out of the can, should do the right thing without
prompting 99% of the time. The online docs should handle the
rest. The glorious multi-generation structure should stay invisible
unless a user has a sincerely interest in learning how it works.

If we decided to use loadable authentication managers, they should
probably default to a bundled manager that piggybacks on OS
security. That's more than enough to get started. If somebody
cares, they can reads the docs. Until they care, however, it
should do the obvious thing.

>
> elational databases are counterintuitive
>by nature. I guess it's the same with web servers and samba too. These are
>complicated things and as I tell my clients frequently it's a miracle it
>works in the first place. They don't and probably never will understand
>normalization, indexing, nulls etc.

If you want counter-intuitive, try CODASYL. Relational databases
were really simple until the moronic SQL committee started screwing
things up. They're much simpler if you ignore the implementation
crocks that screw up the model.

As implementors, the rule is to stop screwing up the implementation
make the things just work. If the optimizer is busted, fix it,
don't invent plans. Design the beast so its insenstive to selectivities
(it mostly is -- you guys are barking up the wrong tree).

And don't use Apache as a model for goodness if you want to
avoid tirades!!!


[Samba is great. Borders has 7 Samba books, one three inches
thick. Samba emulates one mouse click on Windows. Big win
for Gates. Big loss for mankind.]

Jim Starkey