Fwd: Re: rant of the day: installing fedora
Bill Oliver
vendor at billoblog.com
Mon Jul 8 16:39:47 UTC 2013
On Mon, 8 Jul 2013, davidschaak1 at mobilicity.blackberry.com wrote:
> Sorry for top posting this. My bb won't allow bottom posting.
>
> My $0.02 on this topic.
>
> My nfs server is running fc5. Very outdated but I see no reason to upgrade it as there are 3 firewalls between it and the Net. It is doing what I want it to do. Serve files.
>
> My other machines are all F17. Only one of them is connected to the net. They do specialized tasks.
>
> If your OS is doing what you want, you have had no crack attempts, and is working properly, why upgrade your OS?
>
> Dave
> Sent from my BlackBerry® smartphone powered by Mobilicity
>
One security-oriented response to your statement is that you fundamentally never know whether or not you have been compromised. You only know you have not discovered evidence of a compromise. I have a friend who worked for the government. His job was, literally, to break into homes/businesses and manually install keyloggers on computers (with a warrant, I assume). His whole orientation was to ensure that there was no evidence of his intrusion, since he was all about surveillance.
I tend to upgrade my personal box via fresh install just as a periodic spring cleaning. The bottom line is that I know a lot of stuff about these computing machines, but I don't know everything. There's always the chance that there's some security breach that I don't know about, some rootkit that has outwitted me, etc. And, of course, a lot of these compromises lay dormant for a long time before they pop up and you find yourself the source of spam or a zombie in a DoS or something. Yeah, I'm careful. Yeah, I run tripwire. Yeah, I read my logs. But still...
So, every couple of months, I back up my box and install something. Usually it's Fedora, but every now and then it's something else just for kicks. Mint was fun. Mageia was a little disappointing. Backtrack was cool.
What does that do for me? Well, I clean my disk. If I have an intrusion, it's gone. I wipe my slack space. I'm not going to be anybody's zombie in the near future. I get to learn about some new stuff, because there's always some new stuff. Since I always do an epoch-level backup at that point, then I know I have a full backup in my pocket.
Setting up the servers again is really not much of a hassle for a one-horse operation like mine. If I ran a distributed web server with a hundred boxes and had my own mini-isp, then it might be a problem. But with basically a couple of personal/home-business boxes, and one-box mailserver, webserver, nameserver, etc., it takes just a few more minutes after the installation to get back up in business. You just gotta plan things out. I could speed it up even more by scripting it, but I like to poke around by hand.
The only time this hasn't held is when I moved some of my stuff to a virtual box in the cloud. It turns out that apparently you gotta get the box reprovisioned by the company running the virtual server (at least for me), so it's a hassle getting everything done on my schedule. Choosing F16 was a mistake -- I can't even upgrade because I can't see or interact with the boot screen. I'm moving to CentOS for that machine, and will likely sit on it for awhile...
billo
More information about the users
mailing list