On 05/20/2013 02:48 AM, Christopher Samuel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 13/05/13 03:55, Lux, Jim (337C) wrote: > >> It starts to look like significant capital equipment, with only >> authorized service, compliance with corporate/institutional IT >> security rules: Do you have all your patches up to date? > > I guess that depends on whether your system is exposed to the outside > world I'd say. > >> Are you running the institutional virus checker?. > > I once helped out a group of people in the mid 2000's who ran into > just that issue - their organisations ITSEC SOPs mandated they run a > virus checker once a day on their HPC cluster.
A long ... long time ago, on a blog far, far away (http://scalability.org/?p=628) , I groused about what I called "IT clusters". These were clusters designed and built by IT folks, not HPC folks. Run the way IT folks would run it. Not the way HPC folks would run it. Makes the IT crowd happy. End users? Not so much ... > Fortunately the blessed virus checker had a Linux version, but > unfortunately their fileserver was AIX. So they ended up running it > on the management node over NFS. > > It wasn't a problem for a while until they had built up a reasonably > amount of data (did I mention this was for bioinfomatics amongst other > things?) and it started taking more than 24 hours to run it once. > You can see where this is going can't you? > > Anyway, after a couple of management node meltdowns they managed to > get their IT security folks to accept that perhaps they could get away > with compiling ClamAV for AIX and running it on the file server itself > where it could do minimal damage... I hate to say this is the algorithm, but I've seen it so ... many ... times ... 1) set something up (don't bring in them thar expensive experts, do it yourself) 2) run it until you run into problems 3) call in one of them thar expensive experts, but only for a short time, to analyze what we are doing, and make suggestions 4) implement only the least cost (if any implemented at all) recommendations. 5) Goto 2. This won't change until there is a change in thinking, which either means an enlightened group/manager/VP, or the barrier to doing the right thing leaves/gets promoted into another position outside of the loop/... Momentum is very easy in an IT group. Virus checkers? Sure, run them everywhere. Even where they aren't needed. Because its policy, thats why. Few of them take the step back, ask "why do we need virus checkers", and start to work on solving the real problem (using vulnerable and poorly designed systems). Solving problems is great. Finding, thinking about, and solving the right problems is even better. -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics, Inc. email: land...@scalableinformatics.com web : http://scalableinformatics.com http://scalableinformatics.com/siflash phone: +1 734 786 8423 x121 fax : +1 866 888 3112 cell : +1 734 612 4615 _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
