[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] Which is the fastest Desktop distro for schools?



On Tue, 16 Nov 2004 12:21:39 +0200
Michael Shigorin <mike@osdn.org.ua> wrote:

: Sorry but I digress.  If a capable student got root, nothing
: would realistically help on a classic *nix system.  If (s)he's
: not that capable but somewhat locky with destruction, nothing
: helps either -- dd'ing root partition with zeroes is a matter of
: minutes.

Yes, yes of course. But dd'ing root would reveal their presence -
not something an experienced cracker wants to do. You'd reinstall
and change all passwords. OTOH, what if they're just 'cool warez'
kids, who don't even know dd exists and laid hands on a root kit
somewhere? I think this is much more likely in a school system.

Taking preventative measures to make installing such software a
little more difficult is a wise precaution. A 'hardened' system is
much less vulnerable and presents obstacles to invaders. They don't
have to insurmountable, but by raising the required level of skill
you just may save your butt. Of course, the properly trained admin
knows how to work with the system in any case. As I said originally,
ease of use isn't necessarily a good thing, but disabling your
pkgmgr, for example, is one of a number of ways around this.

: Package management lies at completely another level of
: abstraction to consider mixing them up a mistake.
: > So a more difficult, or less well known pkgmgr may actually be
: > a better choice in a lab environment. Kids will be kids.
: No.  It's like "getting Amigas to schools will help".  There are
: standards, and using home-made stuff as a replacement for proper
: security procedures -- and helping students to understand that
: they do any harm to the systems that would otherwise help _them_
: learn -- is better in my experience.
: It's not "some lusers", it's children we're responsible for.
: Remember Antoine de Saint Exupery's "The Little Prince"?

Oh boy. 'Standards' is what we're up against. ie Microsoft. It
produces a monolithic mindset that believes one size fits all. 

I'll be the first to admit some standards are ok in a general sense.
For example, that a 'standard' installer is a good idea, but it's
only a starting point. Every system is different, every school is
different. Local customization is how that's achieved. Call it
'home-made' if you like, but a universal system is not a good idea.
Every country, region, school board and district are different.
Globalized thinking is wreaking havoc elsewhere in the world on many
levels. I suggest you reflect on this some more. 

Automation has its downside. In this case 'automagic' pkgmgrs push
competence, knowledge and training upstream and transform admins
into dumb users. The only result is a distro that seeks to emulate
Windows. No thanks.

Management loves the MS business model. Every month, RedHat becomes
more and more like MS. Personally, I don't wish to see linux
deteriorate into the 'new' MS. Changing the world does not mean
changing your system's brandname. It means being better. We have the
oppurtunity. But linux is looking more and more like Windows, and
becoming just as monolithic. I want to stay away from that.

It would be foolish to consider a universal firewall to be secure -
regardless of whether or not it is 'proper security proceedure'. It
has to be customized to be effective. An 'upstream' ruleset just
won't cut it.

Teaching students about the harm that crackers do is of course
important. It will work with 80-90% of students. But what about the
'cool warez' kids? You ignore them at your peril. We are responsible
for *ALL* of the children in our care - little princes or not - and
we should choose and construct our systems accordingly. As I said,
an unhardened, universal system just makes things easy for
script-kiddie wannabes.
 
: > However, Vector Linux does offer a choice of package managers.
: 
: Front-ends for tar or technologically?  Debian and ALT, for
: example, do provide Synaptic GUI and aptitude console tool in
: addition to basic apt utilities, but all of these stand as
: unified _technology_.  Fedora provides yum and apt which can be
: described as two _different_ technologies.
: All of these base themselves on lower-level technologies and
: package formats (rpm/rpm and dpkg/deb) which _already_ let us do
: sysadmin-critical things starting with integrity checking.
: It doesn't matter whether to untar stuff with This Cool GUI or
: That 1337 Tool -- it _does_ matter if you can answer "where's
: this file from?" and "what files belonging to package X are
: changed and how?".

Well, I'd say you're contradicting yourself. First you're arguing
for ease of use, but now the depth of your arguement easily
surpasses the ordinary admins level of knowledge, skill and above
all need. You have to understand that often the school admin is not
an IP professional, but a teacher with IP responsibilities.

And this level of arguement also misses something very basic. If an
admin has a question, any question, he normally has access to the
telephone and email. He does not have to rely solely upon his
pkgmgr.

Finally, I'd say that above all, this level of integrated complexity
will convince most that Debian is still a hackers distro. For
example, try explaining the intricacies of maintaining a mixed
distro to the average user, given the stratification of
stable/testing/unstable.

: And (surprise!) some of the ways to "deal with this" are already
: well-trodden (replacing custom scripts with proper packaging
: systems) and results combine even better with the rest of these
: ways (having package-based master nfs'ed over or using local
: packages with settings -- I prefer to submit non-specific
: software packages upstream so that more people can benefit).

No surprise. But, as above, a 'proper packaging system'  produces a
globalized, generic, monolithic system. By replacing, or even
seeking to replace, all scripts you place yourself at your vendors
mercy. The only options available to you will be those selected
upstream. RedHat and Microsoft are good examples of this. Retaining
a fair degree of local control is a good admin practice. 

For example, if you automate update&upgrade you have no control over
when your network upgrades. But if you set up a local repository,
you can test the upgrades and decide when to make them available to
your net. Local control is a good thing.

: > Can you provide links or flesh this 'debate' out a bit? 
: To what?  apt/synaptic/aptitude? :)

Well, black humour aside, here's your original quote. Apply some
intelligence, try again and get back to us. Seriously, I'd be
interested to follow said thread.
: Exactly.  That's the point of large amount of educative holy wars
: with slackwarists and gentooists on my part -- and the most
: hard-to-answer thing is "and how much time do you spend on a
: dozen of systems to maintain?".  Educative, because if a person
: thinks of itself as an systems administrator, then "systems" is
: not just "localhost".

: It is the matter of time wasted with finding the answers.

No. Ignorance is not bliss. Again this is the kind of subterfuge
that Windows thrives on. "You push the button we'll do the rest."
Properly trained admins should know what they are doing. All it
takes is a couple of wrong clicks and you're up the creek. It
doesn't matter which distro you use, there is no substitute for a
competent administrator - the guy with the answers - or at least
some of them.

: It _is_ relevant though when you stumble upon the one you badly
: need right now but have to figure out what it needs to build and
: run if it's not packaged.

No it isn't. Try 'man alien' and get back to us.

: Packaging is distilled experience of building, tuning and using
: software.
 
Yet it still remains naive. The first generations of package 
managers are monolithic. They grab control of your filesystem and
try to create an image of their parent. One system does not suit 
all and the sooner package manager designers learn this the better. 
For example, there is no real way (yet) to integrate the management 
of a secondary root with pkgmgrs. For a dumb user, upstream 
mangagement is fine, but lots of us have a large need for local 
control. That this isn't addressed reveals the philosophy of its 
adherents. Personally, I've come a long way since Windows 3.1. B-?

: > The significant fact is that for all the software available,
: > precious little of it falls in the education/applications
: > category. What good is a ton of software you don't need?
 
: Then nobody forces you to use it.  Still if you spend your time
: to package stuff for e.g. Debian Jr then it benefits not only
: your users but fellow colleagues and their users, too.

Well, assuming it's out there. It isn't. It's not just a question of
packaging. It's a question of people with programming talents
collaborating with educators and fulfilling their needs. Why is it
that we can have 10,000+ packages 'available' but still say we have
a shortage of basic educational apps? 

: Again, I did some packages for ALT Linux SchoolJunior (which is
: getting deployed in some districts of Russia) and it's a pity
: that there's no time to package and maintain every beautiful
: piece of software I'd like to deliver to our friends in schools.

Kudos.

	b.

BTW, I don't subscribe to the religion of the one true distro. This
message is written on a Debian system sitting behind a Slackware
firewall. And I've used others. :-) Having knowledge of multiple
distros gives me a balanced point of view, choices, and enables me
to exercise better judgement.