Why I Hate Linux

I also hate Linux.  Maybe it’s not Linux in particular, maybe I hate all computer systems when it really comes down to it.  But this is my list of reasons why:

Unix Skills are Special Skills

Sounds like a marketing brochure for the competition, doesn’t it?  Fact of the matter is that right now, I spend entirely too much of my time doing personnel management.  If I can put out a requisition to hire somebody and have them working for me in 3 weeks, then it makes my job that much easier.

This has always been a double-edged sword.  Linux expects that you know what you are doing, even if it’s a dumb thing to do--it's non-judgemental.  Non-Unix systems expect that you will do dumb things and refuses to do them.  I still don’t know which one of these is better.

All-Or-Nothing Admin Privileges

You’re either root or you’re not.  Sudo and selinux aside, this is the basic model that we’ve always had, installed by default.  Anything else is like middleware--yeah, you can connect the dots, but how much time and effort is it going to take?

Project Viability

There are tons of applications out there in the Linux world.  Some are very, very good and very, very viable.  The Linux kernel, apache, and a couple databases come to mind.  That’s easy to point to.  But then there is this seedy underworld of code.  This is software is pure junk.  If I’m not initiated into Freshmeat-foo (ranking, version, vitality, and popularity), then I can’t tell the difference between these two poles of the spectrum.  This means that I cannot assess what my level of risk is (both security and project-wise) when I choose a particular piece of software—was it developed professionally with QA standards and security code review or by a 14-year-old in his parents’ basement?

Speed of Development

As an operations guy, I like slow and steady, as long as vulnerabilities get patched.  With the speed of development that most viable open-source projects have, it is hard to keep up with all the different places that you can get vulnerability notices from.  Usually you get these filtered through the distribution, but then again, you have the same ad-hoc processes.  Like “Black Tuesday” or not, it does make sense in a twisted sort of operational mindset.

Who Is Responsible for Linux Security?

As a business, I put a security contact at each level of the “solution stack”.  I have a counterpart to the CSO, the business owners, the governance framework, the architecture group, the network engineers, the server engineers, and the application engineers.  What is the corresponding structure in the Linux world?  Most major distributions have a security team, but when it comes to the applications themselves, it’s hit and miss.