simple-user
Group: Members
Posts: 1
Joined: Jan. 2005 |
|
Posted: Jan. 25 2005,16:04 |
|
Hello,
Please take this as comments and suggestions, for constructive purposes, not simply as a criticism.
Allow me to leave some of my thoughts here about DSL and MyDSL. I'm getting better with Enlish but I'm not a native English speaker, please bear with me and I appreciate it if you can point out my mistakes.
I think Knoppix Live CD is the greatest leap as of late of Linux and OSS. Allowing for Knoppix Remastering is another strength of OSS, I whole-heartedly applaud the effords and great work to allow a small distribution like DSL to experiment with new and creative ways to get some work done.
I really love the idea of "small is beautiful" of DSL. Also love the "automation" idea and real code to do just that of MyDSL.
My reservations, however, are a bit more complex. Let me cut to the chase here and say the potential bad things with DSL and MyDSL. Then give some examples of similar school of thinking.
DSL allows the default "dsl" user/account to have sudo everything. It is great if you are doing a hdd rescue, or backup. I'll venture to say it may be OK for your own LAN not connected to the Internet, let's not argue about this last statement because everyone has their own opinion. The real problem is if you run DSL on the internet and someone can exploit some security holes and became the "dsl" user. They can find out very easily if not already know "dsl" can sudo everything. Now your machine is owned by someone else, which can become a spambot, a DDOS-node, or a node along a trail of crackers' path and they can wipe out the log files at will.
Sure someone may jump in and argue this is not the case if you run from CD, or turn off the high-speed connection... I'm simply pointing out that if you imagine your invention became popular and everyone is using it, what might happen? In other words, please be considerate of your actions.
MyDSL is great if I were to customize it for my own use, and can build and share those *.dsl packages with trusted friends. I enjoy the similar automation motto, too. The problem with MyDSL is the very problem of "Ms. LookOut" and "Ms. Internet-Exploder"; Well you can call that Ms. or Mrs. as in calling some middle-age lady, or old lady if you like. The idea is to simplify complicated configuration and setup steps, just simply do things automatically. It is a well intentioned thing, but if taken beyond the original intention, it can be very disturbing to say the least.
These "intention" things happened in live, not simply in computer fields. One example if I remember correctly is that the Nobel invention of explosives intended for mining or road construction... but later being used in warfare. Later in life Mr. Nobel try to setup the Nobel Peace price. An example about "minding your own business, what I do don't concern you." is the Drunk-Driving situations.
OK, I'll try to throw in my suggestions of one way I can think of, but there are many ways to slice the pie...
For DSL, the way it runs from the live-CD I have no problems with especially to help rescue a troubled-machine. For hard-drive, or even USB-drive install, it may help if an additional user account is created without sudo privileges by default. It may be an extra password to remember but it is probably better for us all on the internet.
For MyDSL, the folks doing the core of these MyDSL scripts and programs already know enough about ramdisk and what root can to the system. Imagine what a rogue MyDSL in the wild can do? Perhaps using that ramdisk and overwritting the root file structure would be best done in a chroot/jail environment? Like what the old UML (User-Mode-Linux) was working on? I say that because I think UML has recently change focus to tinker with VM-Ware/Bochs ideas. Using MyDSL in a chroot envrionment with more restriction on sudo might be quite a bit more work but will be much better for a hard-drive or USB-drive installation. But be mindful that a rouge MyDSL in current implementation (2005/01) running even from a CD can wipe out entire hard drives in just a few moments the way that DOS/Windoze virii have done. Or it could be worse, it cout turn those machines into zombies on the internet.
Best regards,
Just a concerned Netizen (Net-citizen).
|