see nerd) blog — centos 7 proxy bork

I’ve slowly realised that Centos 7 (and presumingly its equivalent, RedHat) has a major screw up, which makes it unusable, for me at least, in a work environment. There appears to be no mechanism to set proxy credentials.

In Centos 6, using Gnome, they were simple to set. You go to proxy settings in IPv4 under networking, click on the Details button, and fill in the information. It worked.

But in Centos 7, in the proxy settings, there is no details button. I can find no mechanism to enter the credentials.

Now, initially, I presumed the problem was with Gnome 3, given its reputation, so reinstalled Centos 7 with KDE. But that has the same error. Worse, neither proxy setting dialogues provide help documentation. In both cases, the Find function finds no reference whatsoever to authentication or credentials. That’s a very propagandist attitude: to attempt to deny a major fuck up by pretending the problem doesn’t exist. It suggests untrustworthiness from naïvity.

I’m used to OpenBSD, so I expect a high standard of documentation, so perhaps I shouldn’t be surprised that the documentation here is relatively dire: I can’t really expect it to get to OpenBSD standards. All the same, it should be far better than it is. They could at least catch up with Microsoft, where the necessary information will be findable, but hidden in some obscure burrow with lots of similar documents that each contain another obscure, but irrelevant, sparkle of information.

I went as far as a google search on this problem, and found two answers. The first said that Centos 7 will ask for the credentials if it needs them. That’s plain wrong: I had a Centos 7 installation that failed to update for two months: I was never asked for proxy credentials when I attempted an update. Worse, it lied about the problem, and said there were no updates when in fact it couldn’t see them. Had it told the truth I’d have investigate the problem, rather than leaving it with the surprised belief that Centos weren’t so hot at maintenance. The lie meant that Centos 7 system was unpatched and insecure. As toddlers’ discover with the game of boo, just because you can’t see someone doesn’t mean they can’t see you.

The other thing I found is a suggestion that one has to set proxy authentication for each application. If this is true, it’s bonkers. Instead of keeping passwords in one central, secure place, you have to make dozens of copies in dozens of files and applications and depend on all of them being well–written and secure too, and keep repeating the exercise as you discover another application that needs access to the net.

Now, I’m not that familiar with Centos 7 GUI settings. As I’ve said, I’m using to using OpenBSD, and that I’ve always used from the command line: it’s more powerful, quick, and effective, but not pretty. It’s perfectly possible that you can set the central proxy credentials in Centos 7 in some other place, but the UI designers have collectively screwed up both the interface and the documentation by not revealing where.

They might have done an Apple. If they can’t make that part of the interface look pretty, they take it out, so you can’t do whatever that part is supposed to do. But even Apple leave essential components in, even if ugly. Anyway, I doubt that’s the case: it’s hardly a difficult and unusual task, to display a dialogue box asking for a user name and password.

So, the best case is that the GUI is shamefully designed, but doesn’t mean the OS is unusable. I just need to find where to set those dratted credentials.

Still, Centos isn’t the only Linux. I’ll keep using Centos 6 at home, but it looks like I need to look at the alternatives. Linux has always been full of alternatives, some excellent, some dismal, many in between. I used to use, and was happy with, SuSE. I found Ubuntu from a few years ago to be a disaster on stilts, but perhaps they’ve sorted themselves out. And there are many more to consider.

But the real kicker is this: I’m interested in Centos, and by implication Red Hat, partially because I’m evaluating it at work for a big project. If this problem with proxy credentials doesn’t go away, then security patching is going to be problematic, at best, making Centos 7 unsuitable for that project. That’s not good.

ancient front