Agree the security part of it here. Remember the Ramen worm? Most people
tend to make full installation, and did nothing to turn them off later,
and left it open to internet thinking that it's the most secure OS in the
world. Yes, a *VERY LARGE* portion of people's linux knowledge is like
this: "what is apache?"
I think the following sentence is known well among more experienced
people:
If you don't know what it is, you don't need it.
The converse is also true:
If you need it, you'll know what it is. (and know how to turn it
on too)
Yes, I know msec does part of it, but still needs more tightening. Yet I
don't want to criticize Mandrake so much, since at that time Mandrake 7.2
was a lot better than Redhat 6.2 --- it even ignores such things as
openwall patch and Bastille Linux.
For the complain that it's bloated, I don't agree. Let's compare with
SuSE, and I think u get it immediately. It's up to users to choose what to
install. Yes, you don't use news readers (me neither), but does that mean
all people in the world don't use news readers? All people don't use
Gimp? For those who don't even know what some package "foo" can do, how
can they tell which is needed and which is not then? They will only
complain "There is no tool for me to do this thing" instead.
If you can trim down the OS, it can be only 150MB something or even
smaller (see vector linux) yet still contain most of the apps
needed. However that needs a certain expertise before you can even decide
what is needed and what is not.........
Abel Cheung
On Tue, 6 Mar 2001, Prana wrote:
> I've told many times that this is for security and *speed*, why nobody
> (developers) listened to me? Users, being Linux newbies, have all
> promiscous services running, and if they forget to run Mandrake Update
> they will get hacked. They don't even know what a daemon is, so why
> bother turning all NFS server on? Why not just give a message box after
> install saying that the services for servers are turned off by default
> and that they can run drakxservices?
>
> How many times Zope has a security vulnerability? What about rpc.statd?
> And in 8.0 there's an install option that asks them about what services
> they want to run. For God's sake, they're Windows-convert users, how can
> you expect them to know what a daemon is. Most of my friends who runs
> Mandrake don't even know what xfs means. They go like "Huh?" when I told
> them what nfs, identd, etc means. *Just turn the services off _by
> default_*. This is because Mandrake have ALL services running, at least
> it is for the development version. I don't know how many times I've told
> Mandrake developers to turn it off by default, and they NEVER listen to
> me. And now a whole bunch of people who don't know how to turn it off,
> of course, say that LM is slow, whereas it's actually much faster than
> Win 2000 if they turn them off by default.
>
> And also, they say that LM 7.2 is bloated (read ActiveWin.com). Of
> course it is, since it includes stuff like GIMP, XMMS, etc. However,
> I've personally never used stuff useless stuff like xmame and xmess
> which takes a lot of hard-drive space and they're in the default
> selection of install. I never run tin, xrn, or other old and ugly news
> readers.
>
> I'm not trying to flame here. I personally like Mandrake and I dedicate
> my software for Mandrake, and so far I've contributed 2 (gnome-telnet -
> 7.2 ext CD #2 and Mandrake Update Robot - contrib 8.0). I really hope
> Mandrake will now turn off the services by default like Redhat 7.0. Many
> people don't like services turned on by default, it's useless, trust me.
> If they want to know about how to turn it on, give a simple message box
> after the install to run drakxservices.
>
> I hope this time Mandrake will listen the opinion of users. I've had
> many people who are confused - what is "heartbeat", "cfengine",
> "bootparamd", "xntpd","tftp", "xinetd", etc. They don't even understand
> those cryptic abbreviation. My point is, I hope for 8.0 all of the junk
> services are turned off by default.
