Re:Another tool for managing Debian installs...
on
Debian 3.0r2 Released
·
· Score: 1
I like debfoster over deborphan, depending on what I'm up to.
The upside to debfoster is that I have the option of walking through all of what I'm going to call the "top-level" packages on my system - those that are not installed as dependencies, but something that I installed for my own evil purposes. Then, for each such package, it tells me which packages are installed because of it, and gives me the option to review its package information, and keep it or give the package its walking papers.
This way, I'm not limited to libraries without dependent applications. Any package is subject to scrutiny, depending on the configuration.
I still use deborphan on occasion for quickly getting rid of a library or two, but I use debfoster followed by cruft for "spring cleaning".
To pick nits a touch, the reason X got its own sub directory was that it was often on a separate file system from the rest of/usr. In the long, long ago X was of such astounding size relative to the limited and expensive disk space of the day that special considerations had to be made upon its installation. It had little to do with any other sort of organization.
As for the rest of the rant, to simply call the current practice of file organization horrendous behavior, sloppiness, or laziness without ample argument or demonstrable advantages as to why breaking every package into separate sub directories is damaging to the cause at best. Had the rant contained any sort of claim that there are an unacceptable number of name space clashes, that simply doing an 'ls' in one of these directories blew away the file name cache mechanisms in the kernel, forever making certain optimizations useless, or anything of that sort would hold more weight than unsupported bashing.
The author laments the inability to manage these subdirectories effectively with standard tools, but as I see it, the option to not use package management has been there all along. Roll your own, putting things where you want them. Or, I might suggest broadening the concept of 'standard tools' to include the package management system installed, should the former option seem ludicrous.
Not having to muck around with the PATH - and moreso, not having to support users mucking around with their own PATHs - far outweighs the disadvantages of not being able to use 'standard tools'. What time I lose learning and using my package management system I make up tenfold in not supporting the very issues which I forsee the author's solution creating.
The only part I disagree with is the scalability bit. With their low-end servers (Netra X1's, etc.) being priced to compete with the PC market, I'm sure they'd much rather have you think Solaris, think UltraSPARC, and buy an X1 or other such box instead of a PC to run Linux.
Though it does provide the scalability you describe, I'm certain it's not to Sun's immediate advantage.
People pay hard-earned tax dollars to cover the cost of public education...
But do people pay enough hard-earned tax dollars? You get what you pay for...
Face facts- most schools find it challenging enough to stay open with the public's so-called support. If they don't appease the majority, they're going to lose even more support for the upcoming tax levy.
I'm amazed that the public education manages. Not that I condone the actions of the administrators of this particular school, but for the love of Eris, don't even start down the "our hard-earned tax-dollars" path without thinking about it first.
--Rana, not a teacher by trade, but appreciative of those who are...
EMERALD security components can also help users analyze communications traffic, collecting Simple Mail Transfer Protocol (SMTP), File
Transfer Protocol (FTP) and Web server data directly from the Transmission Control Protocol (TCP) traffic stream. "For Web traffic where
we deal with Secure Socket Layer (SSL) and cryptography, we've created an embedded component to decrypt Apache Web server traffic,
and we're extending it over to Netscape's Web server," Porras said.
Are they really saying that, for the purposes of intrusion detection, they will be decrypting SSL traffic off the wire and on the fly? More to the point, they're saying that this can be (relatively) easily done?
Or, is it that they're talking about an Apache module which will examine the traffic on the other side of the tunnel? The wording is a little confusing.
We should use the Discordian calendar...
on
13 Month Calendar?
·
· Score: 1
Five seasons (Chaos, Discord, Confusion, Bureaucracy, The Aftermath), seventy-three days each. Five days in a week. With two days set aside as the weekend, it's a three day work week.
No potentially offensive 'Godsday', either. Just Sweetmorn, Boomtime, Pungenday, Prickle-Prickle, and Setting Orange. There's a day called Prickle-Prickle. What more could you want?
And, with St. Tib's day, even Leap Years are covered...
Every Christmas is Prickle-Prickle, the 67th day of the Aftermath. Every New Years day is Sweetmorn, the 1st day of Chaos.
I like this plan much better.
Have a happy 3167!:)
From the article:
I did several installations, and I can safely say I don't terribly like the defaults
Debian uses. The first thing I noticed was that while formatting the disk, Debian
defaults to an enormous / partition and a swap partition. Unless you use quotas, a
user can easily fill up the disk (/home/username,/tmp,/var/spool/mail/username,
etc.). While a certain percentage is reserved for root, that doesn't help other users
much. Admittedly, most distributions (or operating systems in general, for that fact)
don't do a great job of this. But there are a few, like Red Hat, that do.
What? So, after creating a separate/home partition, if a user decides to fill it, this still helps the others using the resource exactly how? If I have quotas, sure, I'll buy that. Just creating a separate partition however does not help in the least. It means I can still get e-mail while I can't create any new files in my home directory- unless the person is more determined, can manage to discern that there may be more than one partition, and fills the mail spool partition, too.
Semi-valid arguments for this might be that you can at least mount some of these partitions noexec or nosuid as a deterrent for casual users and lame crackers. However, this has nothing at all to do with the distribution, or DoS attacks. All Kurt is suggesting is that I should have more granular DoS. Yay. It's still a DoS, no matter how you cut it.
The testing distribution, as I read it, is meant to create a better mechanism for updating than only updating once a week. The math is easy enough- if I were to update now out of unstable after not updating for a week, I'd get the changes submitted five minutes ago, as well as everything submitted over the course of the last week.
The testing distribution is for those who really want to do what you're suggesting- only updating packages that have survived in unstable for over a week or two. The latency is there so that the number of bugs that will be encountered by someone updating out of testing is hopefully lowered, at least relatively to one who updates out of unstable.
Someone should write an option into Mozilla or it's ilk to NOT LOAD any image with a height and width of 1. That would stop the web bugging industry at least for a little while, don't you think?
Or, more to the point, since a 1x2 transparent image would do the job just as well- examine the image. If the entire image is transparent (possibly, even if it's all the same color) then drop it.
By the time you've examined the image, however, you've already downloaded it. Part of the damage, at least, is already done.
You could, however, highlight the web bug and bring it to the attention of the user, where they might be able to in their browser, in their favorite proxy, or even in their firewall establish that either this particular bug, or bugs with similar URLs should never be downloaded again. This would help to defeat some data correlation, helping to minimize the damage.
For extra credit, one might set up an RBS-like database that could be trusted to serve as a source of web bugs that exist, and a plugin or modification to browsers to help keep others from downloading them. That's a full-scale effort, however, and probably far less practical.
Slashdot Mirror
I like debfoster over deborphan, depending on what I'm up to.
The upside to debfoster is that I have the option of walking through all of what I'm going to call the "top-level" packages on my system - those that are not installed as dependencies, but something that I installed for my own evil purposes. Then, for each such package, it tells me which packages are installed because of it, and gives me the option to review its package information, and keep it or give the package its walking papers.
This way, I'm not limited to libraries without dependent applications. Any package is subject to scrutiny, depending on the configuration.
I still use deborphan on occasion for quickly getting rid of a library or two, but I use debfoster followed by cruft for "spring cleaning".
--rana
To pick nits a touch, the reason X got its own sub directory was that it was often on a separate file system from the rest of /usr. In the long, long ago X was of such astounding size relative to the limited and expensive disk space of the day that special considerations had to be made upon its installation. It had little to do with any other sort of organization.
As for the rest of the rant, to simply call the current practice of file organization horrendous behavior, sloppiness, or laziness without ample argument or demonstrable advantages as to why breaking every package into separate sub directories is damaging to the cause at best. Had the rant contained any sort of claim that there are an unacceptable number of name space clashes, that simply doing an 'ls' in one of these directories blew away the file name cache mechanisms in the kernel, forever making certain optimizations useless, or anything of that sort would hold more weight than unsupported bashing.
The author laments the inability to manage these subdirectories effectively with standard tools, but as I see it, the option to not use package management has been there all along. Roll your own, putting things where you want them. Or, I might suggest broadening the concept of 'standard tools' to include the package management system installed, should the former option seem ludicrous.
Not having to muck around with the PATH - and moreso, not having to support users mucking around with their own PATHs - far outweighs the disadvantages of not being able to use 'standard tools'. What time I lose learning and using my package management system I make up tenfold in not supporting the very issues which I forsee the author's solution creating.
--Rana
The only part I disagree with is the scalability bit. With their low-end servers (Netra X1's, etc.) being priced to compete with the PC market, I'm sure they'd much rather have you think Solaris, think UltraSPARC, and buy an X1 or other such box instead of a PC to run Linux.
Though it does provide the scalability you describe, I'm certain it's not to Sun's immediate advantage.
--rana
He used... sarcasm. He knew all the tricks- dramatic irony, metaphor, bathos, puns, parody, litotes and satire. He was vicious.
(Monty Python, Episode 14)
--rana, who almost fell for this as serious until he read the "Full House or Pee Wee's Great Adventure" bit...
People pay hard-earned tax dollars to cover the cost of public education...
But do people pay enough hard-earned tax dollars? You get what you pay for...
Face facts- most schools find it challenging enough to stay open with the public's so-called support. If they don't appease the majority, they're going to lose even more support for the upcoming tax levy.
I'm amazed that the public education manages. Not that I condone the actions of the administrators of this particular school, but for the love of Eris, don't even start down the "our hard-earned tax-dollars" path without thinking about it first.
--Rana, not a teacher by trade, but appreciative of those who are...
Who crossed a LINUX USER with Zippy the PINHEAD and set HIM up for a SLASHDOT INTERVIEW? ;)
I have got to be misinterpreting this passage:
EMERALD security components can also help users analyze communications traffic, collecting Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and Web server data directly from the Transmission Control Protocol (TCP) traffic stream. "For Web traffic where we deal with Secure Socket Layer (SSL) and cryptography, we've created an embedded component to decrypt Apache Web server traffic, and we're extending it over to Netscape's Web server," Porras said.
Are they really saying that, for the purposes of intrusion detection, they will be decrypting SSL traffic off the wire and on the fly? More to the point, they're saying that this can be (relatively) easily done?
Or, is it that they're talking about an Apache module which will examine the traffic on the other side of the tunnel? The wording is a little confusing.
Five seasons (Chaos, Discord, Confusion, Bureaucracy, The Aftermath), seventy-three days each. Five days in a week. With two days set aside as the weekend, it's a three day work week. No potentially offensive 'Godsday', either. Just Sweetmorn, Boomtime, Pungenday, Prickle-Prickle, and Setting Orange. There's a day called Prickle-Prickle. What more could you want? And, with St. Tib's day, even Leap Years are covered... Every Christmas is Prickle-Prickle, the 67th day of the Aftermath. Every New Years day is Sweetmorn, the 1st day of Chaos. I like this plan much better. Have a happy 3167! :)
I did several installations, and I can safely say I don't terribly like the defaults Debian uses. The first thing I noticed was that while formatting the disk, Debian defaults to an enormous / partition and a swap partition. Unless you use quotas, a user can easily fill up the disk (/home/username,
What? So, after creating a separate /home partition, if a user decides to fill it, this still helps the others using the resource exactly how? If I have quotas, sure, I'll buy that. Just creating a separate partition however does not help in the least. It means I can still get e-mail while I can't create any new files in my home directory- unless the person is more determined, can manage to discern that there may be more than one partition, and fills the mail spool partition, too.
Semi-valid arguments for this might be that you can at least mount some of these partitions noexec or nosuid as a deterrent for casual users and lame crackers. However, this has nothing at all to do with the distribution, or DoS attacks. All Kurt is suggesting is that I should have more granular DoS. Yay. It's still a DoS, no matter how you cut it.
Security Portal, huh? Hrmm.
--Rana
The testing distribution is for those who really want to do what you're suggesting- only updating packages that have survived in unstable for over a week or two. The latency is there so that the number of bugs that will be encountered by someone updating out of testing is hopefully lowered, at least relatively to one who updates out of unstable.
--Rana
Or, more to the point, since a 1x2 transparent image would do the job just as well- examine the image. If the entire image is transparent (possibly, even if it's all the same color) then drop it.
By the time you've examined the image, however, you've already downloaded it. Part of the damage, at least, is already done.
You could, however, highlight the web bug and bring it to the attention of the user, where they might be able to in their browser, in their favorite proxy, or even in their firewall establish that either this particular bug, or bugs with similar URLs should never be downloaded again. This would help to defeat some data correlation, helping to minimize the damage.
For extra credit, one might set up an RBS-like database that could be trusted to serve as a source of web bugs that exist, and a plugin or modification to browsers to help keep others from downloading them. That's a full-scale effort, however, and probably far less practical.
Great topics for an O'Reilly...
;)
I'm personally waiting for 'The Opposite Sex in a Nutshell' series.