Bill Jonas on Mon, 18 Sep 2000 20:17:13 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] apt-get / rpm freshmeat article


On Mon, 18 Sep 2000, Michael W. Ryan wrote:

>I agree.  A distribution should be proactive in that area, no matter who
>the intended userbase is.  I also think that one needs to define "secure".
>As an example (a little extreme), I find that my firewall requires a
>different example of "secure" than a desktop system.

True.  I've heard, actually, that MandrakeSoft is quite good in this
area, allowing you to choose the level of security you want on a sliding
scale from "Cracker's Paradise" to "I've Got to Fix Permissions Yet
*Again* So I Can Get Some Real Work Done", based on the convenience
level you desire.  (This isn't intended as flamebait, merely a weak
attempt at humor.  A user reported on another Linux mailing list that he
had problems which required (ongoing) permissions tweaking.)

Certainly, one size does not fit all.  It boils down to the classic
tradeoff between convenience and security, and what level of risk is
acceptable.

I would define it, for the typical home user, as running no services by
default... and I thought I was going to be making a list here, but
that's about it, I suppose.  That would be a big step.  I suppose I'm
not really covering new ground here.  Oh yeah, maybe firewall off the
SunRPC port too.

Sometimes I get annoyed at the way Debian will automatically start
services when you install the daemons.  (Maybe I want to get it now,
read about it more, and configure it later.)  I suppose the assumption
is that if you install a daemon, it's going to run, so it may as well be
started.

>I'm curious (if LeRoy addressed this in his message, I'm sorry, I found it
>just too long), what is the "insecurity" that people are citing in
>distributions?  Is this a concrete problem or a hobgoblin?

Well, there's the Piranha password issue for one.  But in general, if a
half-dozen services get ran, and you never check the updates pages, it's
not a good thing.

>First, a "graphical user interface" does not mean "running under X".  It

Misunderstanding on my part.  When I think of "GUI", I think of
something with Big Ugly Icons.  :)  I think that "Automated Config
Tool" would be more descriptive of what you're talking about.

>My point is that every time someone brings up the issue of a GUI tool for
>configuring something, there's this rabid cry of "no, we want our text
>file" or "then it'll be just like Windows".  This is stupid.  Chew on
>this:  Windows doesn't have text config files, not because it has a GUI
>interface, but because a design decision was made to not have text files
>and only use the GUI interface.

You know, on a related note, I think that the GUI tools in Corel Linux
were pretty well designed, at least, from a back-end perspective.  I've
only messed around with them a little (preferring to use the command
line ;) ), but it seems like they went out of their way to make it
convenient to do your work as an unprivileged user; when you attempt to
perform an action requiring privileged access, it prompts you for the
superuser password.  And though I haven't really beat on it, their Corel
Update app seems to handle changes to your sources.list (apt's config
file telling it where to look for packages and updates) gracefully.  I
dislike their distribution for other reasons, though.  ;)  (In fact, the
Debian 2.2 (potato) system I'm running at this moment started life as a
Corel 1.0 or 1.1 install.  Maybe I'll look at some of their packages
again now that they've modularized their once-monolithic kde-corel
package.)

>Linux is about choices.  Why should *I* have a choice to use a GUI instead
>of hand-editing a text file?

It's getting there, Michael.  :)

Bill
-- 
>Ever heard of .cshrc?             | "Linux means never having to delete
That's a city in Bosnia. Right?    |  your love mail." -- Don Marti
(Discussion in comp.os.linux.misc  |  http://www.billjonas.com/
on the intuitiveness of commands.) |  http://www.harrybrowne.org/


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug