Slashdot Mirror


XLiveCD: Cygwin and X For Windows On A Live CD

mallumax writes "OSnews is running a story on XliveCD which runs an X server (from X.org) from the CD using Cygwin. Also included are awk, sed, perl, vim, bash, grep, other text utilities, and most importantly an OpenSSH client. XliveCD is being developed by University Technology Services of Indiana University. Now you can carry Cygwin with you! I have been looking for something like this for a long time. Torrent link."

3 of 313 comments (clear)

  1. Re:I don't get it. by MoneyMan · · Score: 5, Insightful

    The point is that you can sit at any windows machine, which may not necessarily be your own, and have a decent set of utilities to use.

    I personaly work on many machines on any given day. The majority of which I do not own. I'm not "allowed" by my customer to go and just start throwing applications onto their system willy-nilly.

    With this, I can work on any machine, using a shell I know, (bash), have a functional Xserver available, and access to a bajillion other GNU utilities without ever installing a single app.

    Ever needed to tail a file in windows? It's there. Yes, there is a tail app for windows, and it's free. The point here is that this doesn't need to be installed. Grep? same thing.

    Just boot to a LiveCD distro, you say? But I need to see what's happening on this Virii / Spyware ridden hunk o' junk while it's running windows.

    Could I build my own suite? Yeah... but why would I? This has what I need.

    Kudos and my thanks to the Cygwin team.

  2. Re:Wait... by steveha · · Score: 4, Insightful

    The terminology makes sense, but is it sensible?

    When you run the server on your thin client, and the clients all run on your rackmount server, and the newbies are all confused, and we need to write posts explaining why the seemingly backwards terminology is in fact correct... in some sense, it's sensible, but if you take a poll of a bunch of newbies, the consensus would be that it's confusing. (I'll stop now before someone beats me senseless.)

    If some terminology makes arguable sense but confuses everyone but hard-core computer geeks, is it really the best terminology? I say no.

    steveha

    --
    lf(1): it's like ls(1) but sorts filenames by extension, tersely
  3. Re:The point? by Minna+Kirai · · Score: 4, Insightful

    So, configure ssh to use S/Key, generate some one time pass phrases, and carry this live CD with you. Login remotely to your system, be careful not to do anything which is security sensitive, and you are set.

    No you're not. If the client machine is compromised, one-time logins cannot protect you. The local SSH client could do evil things in a hidden side-channel to your actual work.

    I've seen proof-of-concept modifed SSH clients which secretly download files from the remote homedir whenever anyone connects to anyplace (and that's in addition to logging all the activities of the session, of course).

    With work, the operating system could be modified to recognize known popular SSH clients (such as putty.exe on your USB drive, or this X LiveCD thing), and secretly replace it with a compromised version when you attempt to run from your supposedly-trusted removable media.

    to do anything which is security sensitive,

    Um... if the activity was genuinely insensitive to security, you could run naked telnet. It's true that attacks like I described are probably rare enough that many people would be willing to run the risk, but they should still be aware of the threats and make that choice on their own. Elaborate multi-part attacks will only become more common as time goes by.