SLUG Mailing List Archives
Re: [SLUG] Penetration Test
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Penetration Test
- From: Daniel Pittman <daniel@xxxxxxxxxxxx>
- Date: Mon, 02 Nov 2009 10:45:15 +1100
- User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
Rick Phillips <rick@xxxxxxxxxxxxx> writes:
>> First, let me say that I am sorry you didn't appreciate the response, and
>> the implied criticism of your plan. It was absolutely not my intention to
>> offend, but rather to continue to question my own assumptions in the face
>> of someone who disagreed with me.
>> I regret that my statements came across poorly, and left you feeling unhappy.
> Nothing I have seen on the list that you said has made me the slightest bit
> unhappy. Your comments are worthwhile and I appreciate them.
Well, good, I guess. Not that there was something, but that it wasn't me. ;)
> I have a several occasions advised the department of our configuration and
> security configuration but unfortunately, teachers get promoted into
> technical positions and they freely admit they haven't a clue about what I
> am saying. That adds to my difficulties as you can imagine and one has to
> wonder what sort of technology decisions they are making.
Pretty miserable ones, motivated by internal political pressure from various
sources, at a guess. Oh, plus bribery. Never forget the benefits of vendor
bribery in this sort of decision making process.
That is why I figure this is a mostly social problem, not a technical one.
> Thanks again for your very valuable input and my apologies if I insinuated
> that you had upset me. It was a reference to another's comments (see
You didn't suggest it was me; I just looked at the comments and figured the
odds were reasonable because no one else really said anything that could have
triggered that. (...and I missed the "off-list" bit ;)
Anyway, the one last thing I would suggest: you /may/ find it worthwhile to
end up putting the Moodle system on a distinct machine that *doesn't* have any
connection between the two networks.
We both know that it is unlikely to be the problem, but sometimes you have to
do silly things to work around political, or social, restrictions on how you
can get the best job done.
Oh, and I /think/ Moodle runs on Windows; if I, personally, had to go down
that path I would look at running the native Win32 Apache and PHP code.
(Plus, contact the vendor, who probably has good support for that combination,
or possibly a better recommendation.)
I say this because you really care about Moodle, not the Linux part, right?
In that case you may find that, for example, the department are only happy
about Windows as the OS, and care a *lot* less about the Moodle part...
 Typically this is done with the best of intentions, with a lot of effort
to try and get it right, but winds up there. We all would do the same if
we ended up in a similar position, because we would have the same issues
with not knowing what to do when hiring, say, teachers. ;)
 In some cases they may even be right to say that Windows is more secure
*in their organization* than Linux. After all, a badly maintained Linux
machine can easily be less secure than a well maintained Windows server.
✣ Daniel Pittman ✉ daniel@xxxxxxxxxxxx ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.