On Mon, 2006-03-06 at 17:10 -0600, Les Mikesell wrote: > On Mon, 2006-03-06 at 16:49, David Boles wrote: > > > >> This is exactly what everyone has been trying to tell you all along. You want > > >> ONE package so you install everything. That way you would be sure to get the > > >> "the gazillion packages" that you don't want. > > > > > > How do I know I don't want them until I've tried them all? Isn't > > > it like flavors of ice cream except all free? > > > > > > > How new at this are you? > Old enough to remember versions of unix where you had to pay > extra to get a compiler or X so I'm happy to have more thrown > in for free. I'm not sure what that has to do with knowing > whether you'll find a program useful without trying it, or > knowing if you are likely to run across a script that invokes > it in the future. In the security business, we have and expression for people like you. Those people who use the "install everything" button just because they "might" want something in the future (and then forget they installed it, if they even realize they installed it to begin with). We dub thee "owned". The funny thing is that (and I've seen this in this thread) most of the time people will use the argument that the newbie user is the one who needs the "install everything" option, because they don't know what they want, so they'll be sure to get it. They are EXACTLY the LAST people who need or should use that damn thing. They are the MOST likely to get burned by it (and I've spent too much time helping newbies fix broken systems what would not have been broken into if they had only installed what they needed). This has gotten vastly better from the bad old days when RedHat Linux 3.x (or was it 4 - and I don't mean Enterprise) would install Samba and share out your entire system because the service was installed "running" and installed with the dumbest default configuration on the face of the planet (Bob Young and I had a little discussion about that down here in Atlanta when he came to the Atlanta Linux Showcase way back when). But better isn't perfect. Fine, now we are much more careful that "installed" services are not "enabled" services until you take some action. And the firewall defaults definitely help. But what about Apache add ons (like PHP et al). If you don't know and decide discreetly (with malice o forethought) that you want this fancy wiz bang sledgomatic chopper utility, and you just figure you'll get around to playing with it one of these days, I can bet you that the first person who plays with it will not be you and will not have your best interest at heart. Some security advisory comes out and you don't even know you have this tinker toy installed till someone has changed your root password for you. I've preached for years that one of the worst security vulnerability in many Linux distributions was the "install everything" button. That remains true to this day. Ignorance WILL bite you. > > I always go through the default install package > > selection and un-select things just because I don't want everything. > > > > And come to think of it has it been mentioned to you that the 'install > > everything' button never really did 'install everything'? > I guess I always believed the part that said it installed more > than all of the individual groups combined. > -- > Les Mikesell > lesmikesell@xxxxxxxxx Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
