Slashdot Mirror
Linux Lite?
smock writes "An interesting (and, IMO, excellent) suggestion is over at Linux Journal. " Essentially, an argument for better opening security, given the lack of experience of many new Linux users.
← Back to Stories (view on slashdot.org)
Would reading a few paragraphs kill anyone?
While reading the manuals is something we would *hope* everyone would do, time and experience has shown us that it just Won't Happen. We can't just say, "Well, dammit, you should have read the manual," over and over again. We have to build something that will work securely for those that *don't* read the manuals, because there will always be a significant percentage of users that simply won't.
No amount of screaming, shouting, pasting of banners and throttling will get everyone to "clue up" and read about what they're installing, so we have to adapt the distributions so that they will still function for these types of people.
We (LinuxPPC Inc.) used to have a "lite" version of LinuxPPC R4, our old glibc-1.99 distro. Lite was a minor debacle..
;)
First, it was hard to install. I actually can't remember why at this point, but it rarely seemed to work.
It was hard to figure out what needed to be in, and what people would want, and still give it a small footprint. The final cut was a 104 MB distro that could be installed into as little as 30 or 50 MB. But really, you can do that with R4 anyway. I installed from an R4 CD onto a Zip disk. I had Apache running, but no X. It was slow, but it worked!
Then there was LinuxPPC Live, which was an all-in-one distro similar to the recently announced "DemoLinux". Live consisted of a big fat ramdisk.image.gz file and a bigger, fatter live.filesystem file.
Now, the problem with Live was that to make it small enough to fit on demo CD-ROMs and Zip disks, we had to (again) do a lot of cutting, which made it semi-useless. You could set up a PPP dialup with netcfg (kppp was a buggy pile of junk at the time, and of no use). But, if you booted it off a CD, it took forever to boot, and it couldn't save any settings.
Linux on PowerPC still has to contend with users who have HFS Extended formatted drives. HFS Extended, or HFS+, is a more efficient disk format than Apple's original HFS, the Heirarchical File System. (Anyone else remember MFS?) Most Macs now ship with HFS+ formatted HDs, and Linux can't boot from a live filesystem on an HFS+ disk.
Live worked better than Lite, but only slightly. I never had problems with it (that is, it booted, it ran), but it just wasn't usable for much.
The good news is that doing Live provided a lot of solid R&D ground for us to do our current release's installer on. LinuxPPC 1999 (and the new Q3) can boot right from the CD-ROM, into Linux, into X, and into the installer. And it's all under the GPL. C'mon, Caldera! You made such a big deal about releasing Lizard under a semi-open license.. let's see you go all the way.
Live as a standalone distribution isn't a totally dead concept, though. It's got a lot of merit, and it's served nicely as a proof of concept for the live filesystem. It's not perfect, definately not ideal for power users, but it's a good way to get people into Linux with a minimum of fuss.
-- haaz.
So you arrive at college to move your junk into your dorm room. You notice a little jack in your wall that is too big to stick your telephone plug into and see the word DATA above it. After asking someone, you find out that it's an Internet connection. Not only that, it's *Really* fast and always connected. A sence of freedom and superiority overcomes you as you think of all of your friends with little modems. You can't wait, and run to the bookstore to get the "Network startup kit."
Opening your machine for the first time made you nervous, but after all, you have "ethernet" now, so you can't possibly go wrong. Magicly enough, Windows properly finds your new 3C509 and sets it up. You begin playing around with the network settings based on the little numbers you find on your dorm network setup paper. After a reboot, you fly into Netscape and get lost in the web, watching things come at you with blinding speed. But you want more.
You meet this scruffy, withdrawn student down the hall. You know he's the resident computer guru, so you ask him what else you can do to have fun on the internet. He gives you a long hard look, not sure just how bright you are. Unknown to you, he has been evaluating your intellegence since day one, along with the rest of the incoming freshman. He sighs when he realizes you are the least annoying person in your pack. "Linux," he says. You turn to him with a quizical look on your face. He points you to linux.org and tells you to look around. You jump to it.
Around 2 AM, your Debian install is complete. You had another hard drive lying around from when you had your machine upgraded, and an engineering major installed it and made it go. You choose debian because of the FTP install. You wanted everything to work without waiting, too impatient. Once it's set up, you leave your machine on as you go to bed. You logged out, and felt important doing so.
The morning brings around the first day of classes. You give your friends your 'New' email address and brag about being able to get your own email without having to use the Campus system. You don't know or care how sendmail works. You know, however that it works, and that pine is rather nifty.
As you walk in at night, exhausted from a full day of work and play, you hear your hard drive going a mile a second. You walk over to log in, and find your password changed. You're completely lost and have no idea what to do. You yank the magic cable out of the wall and turn off the machine. You remember that you can still boot to Windows, so you do. Ahh, safe, you sigh.
A week later, the scruffy geek comes back to your room with your hard drive. He had taken it, at your request, to find out what had happened. He snorted, and asked you what business did you have running NCSA HTTPD. You shrugged. He looks over at the wall. He looks confused and exasperated. Unbenounsed to you, he's having a chicken and egg argument with himself. "He needs to learn before he can use this stuff. However, he can't learn without using Linux."
He turns back to you. "Ok, I'll secure this system for you. However, this is a one time deal. I'll answer your questins, in brief, but I will not do anymore for you. Do you understand?" You nod. He returns your harddrive the next day. You're happy as a clam that everything, as far as you can tell, is just as you left it. What did he do? You let it escape your mind as you look at this neat thing called IRC.
Two weeks later, your hard drive is wiped. Unknown to you, another daemon, this time sendmail, had a Cert advisory posted, and you pissed someone off on IRC. The wrong person.
I hope you enjoied that little tidbit. This happens way too often. However, in reality, people's college boxes just become hideouts for script kiddies. I believe a condenced Linux Workstation would be extreamly useful. I wish I had one when I started. I, instead, was baptized by fire.
Mike
While I understand they do it to attract Windows users it is becoming a very dangerous game. The solution is not going even further the Windows way, as the article suggests. The only real solution is that the distributions stop focusing on copying Windows styles, looks, feels, sounds, etc. and start focusing on these points:
- Good comprehensive documentation, including overviews and guides to the software they distribute. Besides all generic documentation which comes with a package there is a need for each distribution to explain what is included and why, how the packages included will help the user, and which packages should a user install to accomplish what she needs.
- An installation system which educates the user at the same time it installs the packages. It should guide users so that they choose the installation which best fits their needs, avoiding the current install everything approach.
- A good admintool which takes care of all the tedious system administration tasks in an unobtrusive way. It should perform all necessary security checks and monitor the system periodically.
Of course, these are the ultimate goals and it would take time to reach them. However, while some distros are at least partially working on similar projects, most are not. If new Linux boxes are insecure it is the distros fault. No doubt about it.