Subject: Re: Can't get interfaces????
From: Tom Fitzgerald (tfitz@MIT.EDU)
Date: Tue Jul 25 2000 - 17:50:25 EDT
I should put a big IMHO at the beginning of all this...
> You're missing a small point though. Appletalk is not a "service" that is
> running all the time, and the appletalk kernel module is not loaded all
> the time.
But isn't it loaded automatically if the kernel receives Appletalk
traffic? If so, then there's still the case where software will run that
the computer's owner isn't aware of. Flaws in the appletalk module can
make the system vulnerable to attack. This isn't implausible - Linux
used to have bugs in its IP fragmentation code that made it possible to
panic the system from outside.
(I don't know how Linux loads modules... if this isn't possible, and the
module can only load as the result of a local program action, then you're
right. I still think Redhat is doing the right thing by not enabling
tons of stuff automatically, even stuff they enabled in past versions, but
in this case there was no benefit to disabling it.)
> They broke the kernel so that it won't *auto-load* the
> appletalk kernel module when it is needed by netatalk. Imagine if they
> did the same thing to IP... So every user has to explicity say "I want to
> load the NET4 services" before they fire up their web browser?
That's an unfair comparison - 99% of Linux users use IP, maybe 2% use
Appletalk (probably less). Enabling features by default that are wanted
by only a tiny minority of users causes bloat, mysterious side effects,
and security bugs. It's the "Microsoft Office" approach to software
design.
I'll happily respond to other e-mail about this person-to-person, but I
won't be cc'ing the list.
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:37 EST