Michael Talbot-Wilson enscribed thusly:
> On Tue, 1 Dec 1998, Michael H. Warfield wrote:
> > services that users do not need or understand is one of my major "button
> > pushes" against EVERY distribution out there. Some vendors and consultants
> > are now complaining that Linux is way TOO easy to install because it allows
> > users to unknowningly install poorly configured servers and shoot themselves
> > in the foot. They are correct.
> I disagree with you. A new user needs something that just works.
> It can't be too easy.
We'll just have to agree to disagree on this one. I agree that
a new user needs something that just works. They don't need everything
including the kitchen sink with no clue as to what they just did.
When people complain that Linux is harder to install than
Windows 95/98 they are really comparing apples and oranges. It would
be more realistic to compare installing Linux to installing Windows NT
Server with IIS and Exchange Server and SQL server, etc, etc, etc...
Linux is ALREADY much easier and MUCH MUCH faster to install than that.
Installing a simple workstation/client version of Linux should be
easier to install than Windows clients, but not the server stuff that
needs serious configuration before it can work safely.
> Instead of disabling stuff, the distribution install scripts should
> display prominent warnings, and advise users (new admins) themselves
> to disable unwanted services. And to do the other things you
> recommend.
No no no... I didn't say disable. It should merely be made "easier"
to install a safe, stable, secure workstation for a newbie than it is to
create an insecure, indeterminant, dangerous, high-power server.
The biggest problem that was pointed out to me was the "everything"
selection in these installs. If the user does not know or understand what
they are installing, they will take the path of least resistance. It is
up to the package designers to insure that the path of least resistance
leads to a safe, secure, but usable, configuration. With the everything
option present, the newbie looks at this list of options and thinks "well
I don't know what all this stuff is and I don't know what I want, so let's
just check this one box and get it all". All hope abandon yea who enter here!
We can't protect the luser who goes through and checks every box without
thinking, but I don't see that as the path of least resistance and we can't
protect everyone who is hell bent on self destruction either. I'll settle
for protecting the innocents to install vulnerable system simply because
they didn't know any better.
We already have script kiddies who are out specifically trolling
for just these kinds of installations because they are SOOO EASY to break
into... We really do not want to encourage this!
We also do NOT want to remove choices for those who really DO know
what they are doing. RedHat pissed me off with 5.2 because of the lame way
they implimented their "workstation" and "server" options to their install.
These should have loaded profiles and then allowed the individual to add,
change, or delete after the selection. Instead they blat out the install
and don't even leave a clue as to what they did or did not install (unless
one goes back and paws through the install log). This makes both of those
options worse than useless for both the experienced installer (who has now
lost choices) and the newbie (who is left in the dark as to what he just
did). Even if they left the choice in place and made it real easy to just
select "OK" but left in the ablity to modify the profile, they would be
miles ahead. Newbies might not like seeing things they don't understand,
but they can take the easy way out with the safe recommendations and they
DON'T have the nice convenient "everything" selection making it real easy
to shoot themselves in the foot.
> But ultimately we are responsible for our own security. It's no-one
> else's responsibility to prevent people from making mistakes, even
> costly ones; but they presumably learn thereby.
Yes and no... Taken to extremes that would say that the best way
to learn firearm safety would be to give youngsters loaded pistols and
let them learn the hard way not to shot each other. I think there is
a way we can provide the newbies with safe base installations from which
to learn without encouraging them to run nude through a hailstorm.
> --
> Michael Talbot-Wilson ------------------- [EMAIL PROTECTED]
> "Many good morrows to my noble lord!" - Catesby greeting Hastings
> (Richard III, Act III, Scene II).
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
