Re: Can't get interfaces????

Subject: Re: Can't get interfaces????
From: andrew morgan (morgan@orst.edu)
Date: Tue Jul 25 2000 - 16:52:16 EDT

• Next message: Harry Zink/Netatalk List: "Re: Can't get interfaces????"
• Previous message: Harry Zink/Netatalk List: "Re: SourceForge Project Approved"
• In reply to: Tom Fitzgerald: "Re: Can't get interfaces????"
• Next in thread: Tom Fitzgerald: "Re: Can't get interfaces????"
• Reply: andrew morgan: "Re: Can't get interfaces????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Jul 2000, Tom Fitzgerald wrote:

> > Yeah, this is a known issue with RedHat 6.2, since the boneheads at RedHat
> > felt it necessary to remove autoloading of the appletalk module as of 6.2
> > (after all, saving these few bytes of extra configuration from a text file
> > makes all the difference).
>
> The Redhat people did exactly the right thing. The two boneheaded moves
> were:
>
> 1) Enabling it by default in all versions prior to 6.2, and
> 2) Not publicizing it adequately in the release notes when they removed it.
>
> Redhat has had a chronic problem of enabling every silly service and
> driver that can possibly be enabled. This has caused waves of security
> problems in every release, since a hole in the most insignificant package
> affects everyone who hasn't explicitly turned it off (which nobody does).
>
> It's actually very good that they're not enabling so many services by
> default. This can only help the security of internet-accessible Linux
> systems, which is right now terrible.
>
> Most users don't use or need the Appletalk protocol, so it shouldn't be
> there. The same is true of dozens of other packages that one can only
> hope are also being disabled (which you won't notice since you don't use
> them). Redhat enabled them so users wouldn't need to read docs to figure
> out how to turn them on, so Redhat could claim that Linux is as admin-
> friendly as Windows. Instead, it's like Windows because it's full of
> security problems. The whole idea was flawed.

You're missing a small point though. Appletalk is not a "service" that is
running all the time, and the appletalk kernel module is not loaded all
the time. They broke the kernel so that it won't *auto-load* the
appletalk kernel module when it is needed by netatalk. Imagine if they
did the same thing to IP... So every user has to explicity say "I want to
load the NET4 services" before they fire up their web browser?

We are not talking about running the netatalk servers by default. That is
an entirely different situation, and I totally agree that excess services
should be disabled by default.

        Andy

• Next message: Harry Zink/Netatalk List: "Re: Can't get interfaces????"
• Previous message: Harry Zink/Netatalk List: "Re: SourceForge Project Approved"
• In reply to: Tom Fitzgerald: "Re: Can't get interfaces????"
• Next in thread: Tom Fitzgerald: "Re: Can't get interfaces????"
• Reply: andrew morgan: "Re: Can't get interfaces????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:37 EST