Client CD

Fairlight fairlite at fairlite.com
Tue Aug 22 22:11:38 PDT 2006 

Confusious (Walter Vaughan) say:
> Goal is to build a CD that is as reliable as a Tandy DT-100 with the
> ability to surf the web with Opera 9.0, and simple to eat as candy.

Reliability and the modern definition of "ease of use" are mutually
exclusive concepts.  The more features you "need" to give someone, the more
potential fault points you introduce.  Jay would probably say the two are
orthogonal, I think his exact wording would likely be.

My other big concern would be security.  Say you create this CD, test it,
it works great.  You either use it in production, or maybe it's just an
emergency-case failure plan to give someone that kind of functionality.
You're running a read-only media, so the opportunity to forget is
definitely there.  And when the first exploit in a subsystem on that
roll-up you put together is found that doesn't require write access and
gives someone remote privileges?  You either have a nice set of drink
coasters and have to roll-up another patched set, or you're running in the
red because you're thinking of it as a static platform that you may not
think of as particularly vulnerable.

"You" being a generic pronoun, of course.  This isn't personal, this is
hypothetical.

I'm just saying...  If it was -really- as easy as snapping together a
distribution that was light, totally user friendly, and needed zero
maintenance, 1) somebody, be it a company or individual(s) would have
already done it and cashed in, and 2) you wouldn't actually need real
sysadmins who actually need to know what they're doing to maintain the
platform.  Oh wait, they call that platform Windows, and you see how well
-that- security's worked.  What was the last security patch rollout from
Microsoft a week ago comprised of, about 9 patches at once, 2 at a minimum,
possibly 3 listed as critical?

I'm sorry, Walter.  I respect your skills, knowledge, and experience.  But
I just don't hold with this philosophy some hold in general that *nix
should be as easy as Windows, or OS/X, or a dumb terminal, and treated as a
trivial desktop.  It might come off as snobbery or job insecurity, but it's
not on my end.  The truth is, *nix simply wasn't designed for that kind of
use, and things have only grown in complexity over the last 17 years since
I started with BSD 4.3.  Hell, things have grown a -lot- in the last three
years.  It's not like any of the major packages are just sitting still.
More fault points are introduced with every non-bugfix release of every
subsystem and package--and even then, oftentimes.  There's a lot of power
under the hood of any *nix platform.  Things of power deserve respect.  An
attempt at trivialising a platform that powerful seems to me to be a recipe
for disaster at a general level.

One could point to OS/X as a shining example that it's possible to achieve
some pinnacle of a perfect mix, but even that platform has seen its share
of patch requirements for security.  It's not static, no matter how easy
it is for the layman to use.  Systems -can't- be static anymore and still
remain secure indefinitely because there are generally speaking always bugs
in the system, and at any granular point in time -something-, somewhere in
a platform, has a bug more than likely.

"With great power comes great responsibility," someone once said.  The
maintenence requirements come with the heritage of what's under the hood,
and just can't be shirked in the name of convenience.  Not if one's doing
it correctly and thoroughly.

You could lock it down to zero services running on zero ports, only
non-root access, and possibly even get it down to zero SUID root programs
if you didn't need them.  You'd still have the risk of attacks through
the kernel itself via the network, and previously undiscovered local
privilege escalations through other subsystems.  Even without network
connectivity, in theory there could be exploitable bugs in modules that
support the hardware you're using.  Did you (or whomever) audit the source
code to make sure it's all safe?  No.  Who reads several gigs of source
code before using a platform?  It's simply not risk-free enough from which
one should attempt to make a static platform.  It's not the nature of the
beast.  Watching someone trying to tame such a beast in the fashion you're
describing and call it not only harmless but beneficial feels very much
like watching someone running on a wet tile floor with scissors in hand.

One admin's opinion, FWIW.  YMMV.

mark->

More information about the Filepro-list mailing list