|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] apt-get / rpm freshmeat article
|
Bill Jonas wrote:
>
> On Mon, 18 Sep 2000, Michael W. Ryan wrote:
>
> >I agree. A distribution should be proactive in that area, no matter who
> >the intended userbase is. I also think that one needs to define "secure".
> >As an example (a little extreme), I find that my firewall requires a
> >different example of "secure" than a desktop system.
>
> True. I've heard, actually, that MandrakeSoft is quite good in this
> area, allowing you to choose the level of security you want on a sliding
> scale from "Cracker's Paradise" to "I've Got to Fix Permissions Yet
> *Again* So I Can Get Some Real Work Done", based on the convenience
> level you desire. (This isn't intended as flamebait, merely a weak
> attempt at humor. A user reported on another Linux mailing list that he
> had problems which required (ongoing) permissions tweaking.)
>
> Certainly, one size does not fit all. It boils down to the classic
> tradeoff between convenience and security, and what level of risk is
> acceptable.
>
> I would define it, for the typical home user, as running no services by
> default... and I thought I was going to be making a list here, but
> that's about it, I suppose. That would be a big step. I suppose I'm
> not really covering new ground here. Oh yeah, maybe firewall off the
> SunRPC port too.
>
This is especially important now that dsl is becoming mor prevelant!
Being on line all of the time can be a very dangerous condition.
> Sometimes I get annoyed at the way Debian will automatically start
> services when you install the daemons. (Maybe I want to get it now,
> read about it more, and configure it later.) I suppose the assumption
> is that if you install a daemon, it's going to run, so it may as well be
> started.
Agreeded
No I didn't, but I think that it might be a good discussion on the
debian developers list to chat about. For I also have the same problem
of disabeling deamons that I desire to run from the command line.
I think as part of the install script for a deamon should be a prompt
asking if the administrator would like the deamon to run upon startup.
I think that this was the old way of doing it, but now that even debian
is moving toward a noninteractive install that any deamon will run from
/etc/rc*. This is one of the hazards that I was attempting to bring
out.
>
> >I'm curious (if LeRoy addressed this in his message, I'm sorry, I found it
> >just too long), what is the "insecurity" that people are citing in
> >distributions? Is this a concrete problem or a hobgoblin?
I was citing an article that I read in Maximum Linux I think that
mentioned Corel and RedHat in their policy for ``ease of use'' in
opening some back doors.
>
> Well, there's the Piranha password issue for one. But in general, if a
> half-dozen services get ran, and you never check the updates pages, it's
> not a good thing.
>
> >First, a "graphical user interface" does not mean "running under X". It
First off, Corel didn't offer a text based install and when It didn't
recognize my graphics card, the install stopped. Storm Linux at least
offered a X based or a Text based install for such a situation. I
realize that Corel now has version 9 out but I don't know if they added
a text based install.
>
> Misunderstanding on my part. When I think of "GUI", I think of
> something with Big Ugly Icons. :) I think that "Automated Config
> Tool" would be more descriptive of what you're talking about.
>
> >My point is that every time someone brings up the issue of a GUI tool for
> >configuring something, there's this rabid cry of "no, we want our text
> >file" or "then it'll be just like Windows". This is stupid. Chew on
> >this: Windows doesn't have text config files, not because it has a GUI
> >interface, but because a design decision was made to not have text files
> >and only use the GUI interface.
>
> You know, on a related note, I think that the GUI tools in Corel Linux
> were pretty well designed, at least, from a back-end perspective. I've
> only messed around with them a little (preferring to use the command
> line ;) ), but it seems like they went out of their way to make it
> convenient to do your work as an unprivileged user; when you attempt to
> perform an action requiring privileged access, it prompts you for the
> superuser password. And though I haven't really beat on it, their Corel
> Update app seems to handle changes to your sources.list (apt's config
> file telling it where to look for packages and updates) gracefully. I
> dislike their distribution for other reasons, though. ;) (In fact, the
> Debian 2.2 (potato) system I'm running at this moment started life as a
> Corel 1.0 or 1.1 install. Maybe I'll look at some of their packages
> again now that they've modularized their once-monolithic kde-corel
> package.)
>
> >Linux is about choices. Why should *I* have a choice to use a GUI instead
> >of hand-editing a text file?
>
> It's getting there, Michael. :)
>
> Bill
--
Rev. LeRoy D. Cressy mailto:ldc@netaxs.com /\_/\
http://www.netaxs.com/~ldc ( o.o )
Phone: 215-535-4037 > ^ <
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|