another good reason to get off the upgrade treadmill

Post #41,721 by tjsinclair 6/9/02 11:05:42 AM Reply	another good reason to get off the upgrade treadmill regardless of what OS/software you're running. If it does what you want how you want it to, why both upgrading to the latest and greatest? Now we have the added (dis)incentitive re: upgrading...additional security. Tom Sinclair "Subverting Young Minds Since 03/13/2000"
Post #41,748 by kmself 6/9/02 4:45:54 PM Reply	Disagreed, mostly I've watched this story -- it's actuallly originated from NewsForge by Robin Miller. It's true that ancient systems can offer network security. But you could make the same arguments for MacOS, DOS, or a Commodore 64. None of these systems, in default mode, offers any remote access capabilities (hell, most don't support sockets). While this offers security, it also makes things like, say, remote administration, impossible. There are balances between security and convenience. The rock-solid accessible 'Nix of the moment is [link\|http://www.openbsd.org/\|OpenBSD]. It's not absolutely proof, there have been some local exploits in the past year, but it's been safe from remote root exploits in the default install for five years. This is achieved both through choosing what's on the system, but also by using prophylactically secure tools (rewritten system libs that avoid many stack smashing and buffer overflow problems by disallowing them in the first place), and by painstakingly auditing all code on the system. I subscribe to a slightly different philosophy, though. I prefer Debian, and rely on the fact that it keeps current updates, and allows (and supports) removal of packages not required on the current system. This effectively achieves the same result (or approximates it) as the "security by obsolescence" school, because you're following one of its tenets: don't install crap you don't need. Turning a blind eye to updates itself doesn't work. Once you're open to the 'Net, you need to keep an eye on it, and make sure that bugs are fixed. And with a sufficiently complex system, updates of one component will often mean that others have to be rejiggered to keep things working smoothly. This is where Debian, with its policy, dependencies, and package management tools, wins. Note too, however, that Debian's stable release does somewhat follow the philosophy of minimal change. Once released, the secure track changes little, with only security updates being made to it. This means that you're buying tested, proven, stable, solutions, but are also keeping up to date on patches. If you prefer bleeding a bit, you can jump up to testing or unstable, but for the dependable iron out back, there's no need. Keeping your base stable helps. Freezing it in the face of all external factors is idiotic. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #41,774 by Ashton 6/9/02 9:20:09 PM Reply	What you describe is the sane approach for the competent person, doing lots of things - and both willing and able to keep ahead of the vandals. Murica is aging. Lots of folks actually 'need' very few capabilities. (Have to make a lightning trip with a friend, to LA sometime - and setup Something for her mother: which prompted me to wonder again, about what is 'adequate'.) Easy enough to reload? - for mere rec. web surfing but mostly for e-mail! and maybe fam. pix display. I haven't thought it through adequately. A Ghosted install - still needs a step-by-step savvy reinstall process. (And for that, would have to temp install a CDRW - or she has to buy one.) Simple e-Machine IIRC. Assumptions thus far: she would have NO sens. data on machine, to be extracted by fiends. She would save (have saved for her by local family) elsewhere - any priceless stuff accumulated, periodically. So then: could a complete reinstall be the answer for if Anything goes wrong goes wrong? Linux is obv. out for her, except via a local person who'd create the simplest set of modules and.. hand hold periodically. But her family might handle certain Windoze things, with a cookbook. Win 3.1x would doom her to latest browser ~ 3.0 (IIRC) = dead. (I used to use the local library's free remote dial-in (pre-ISP) to visit IWE and post via their Lynx-level 'browser'. Later, e-mail to Russia & back was just fine via same OS.. Then.) Hmmm - was that All-DOS, via Trumpet (??) Too long ago. But as you suggest - it's 2002. I'm still thinking.. There has to be some starkly-simpler solution for uncritical browsing, e-mail and - reload by incompetents. Doesn't there? Ashton
Post #41,781 by kmself 6/9/02 11:12:57 PM Reply	Remember that little disk I gave you? The LNX-BBC is a really cool proof of concept. For your friend, though, I'd suggest something less oriented toward technical problem solving. The [link\|http://www.knopper.net/knoppix/index-en.html\|Knoppix] bootable CD is very much an end-user oriented Linux-on-a-CDROM distribution. It's not entirely prime time, but the platform it provides can probably be readily tweaked, and for all but the most computer-phobic should be quite useable and an excellent introduction to GNU/Linux Point being, there's an "insert and run" version of GNU/Linux. Has KDE, GNOME, and WindowMaker installed. It's got OpenOffice (though the German-language localization -- one of the NQRFPT issues, at least in the US), and has recent browsers. What it does really well is autoconfigure for the available hardware. Thought it won't run X Windows on VMWare :-( My thought: a plausible case could be made for setting up a system to update such disks on a regular basis. The OS runs from a CD (or DVD), local storage is, er, local storage. Lack of R/W support of NTFS is something of a PITA, but for the Win9x crowd, MSDOS/VFAT are well supported. Add some means to save local stateful data (eg: user configs), and upgrades simply become a subscription service that mails out a new CD as needed (monthly, quarterly, annually). Could be an interesting business migration-to-Linux model. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #41,786 by Ashton 6/10/02 12:38:05 AM Reply	Booted a few days ago for a visitor.. :-) Went to Knoppix [chortle] Would that .pdf could be rotated! at least re English slide show. Will later read over the description for how the setup is accomplished, in more detail. Ramdisk! solves lots of conceptual 'problems', I see. And you sure as hell can't plant anything on a CD! This certainly could be the basis for a simple set of tasks as I suggested - and assuming that Konqueror suffices for the usual grunt work. Mail client.. then too: several HD partitions, since GBytes are damn near free: backup all transient files periodically to 2nd. 3rd and 4th contain dupes of the original HD setup for file, data layout. I'd need to get beyond mere up-to-speed to craft this, in any reasonable time re. the LA gig, but can envision it being a later: "forget all that toy stuff - this afternoon you'll see how to run your new bulletproof system. It won't need upgrades and it can't be hurt by the Baddies. You'll Love It!" Having done this a couple times, I know that one can write a 'cookbook' for an actual novice to use - though this is always much more effort than just getting the system dejunked and configured. And with toy s/ware you know you have to keep at (the cookbook too) periodically. Hard at a distance - but it worked for a friend in IN, and for several years. (But ya only do That kinda work for love, not $) With this approach, just maybe Once could be enough (!?) I agree that this is a legit marketing opportunity for someone - pitched particularly for people trying to do what we're trying to do. In fact it Must be because: it seems so obvious now that you've mentioned it! Natch you wouldn't start here and then try to morph piecemeal --> Debian, but the experience sure couldn't hoit. Hmmm - the daughter sprechen Deutsch! Burning a CD with the OO-Engl. version substituted, can't be a very big step. Now if all the configs come in German too.. well. Thanks for the ideas. I'd Hate marketing even a Good idea though, so it likely won't be me. Can think of a few IWErs who might just find this a pregnant alternative.. to Beastly employment [?] I'd buy stock !! Ashton who can't find the 'rotate 90\ufffd' button in Acrobat!

Welcome to IWETHEY!