Re: RFC/Discuss: Replace KDE by LXDE on LTSP?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Apr 30, 2009 at 05:36:21AM -0700, Vagrant Cascadian wrote:
>On Wed, Apr 29, 2009 at 01:27:22AM +0200, Knut Yrvin wrote:
>> Skolelinux 3.0 is running LDM as a login manager on thin clients with
>> LTSP. This is slower than KDM.
>>
>> You can replace LDM with KDM, and speed things up a little.
>
>do you still see a speed improvement using KDM vs. LDM with
>LDM_DIRECTX=True ? this feature still uses ssh for the initial
>connection (i.e. namely, the password negotiation), but plain X11
>protocol for the rest of the session, and still should work with most
>of the other features of LDM (local devices, sound, and in newer
>versions, local applications).
>
>> But you'll miss the secure ssh tunnel which has some security
>> benefits clients connected to a network hub. When running a switch,
>> package sniffing is not as easy.
>
>as i understand it, it is actually trivial to packet sniff on switches,
>and provides no real security benefit. all you have to do is enable
>promiscuous mode on your ethernet device, no?
In april 2003 we discussed this exact thing on the norwegian list, with
Herman Robak providing most details:
https://init.linpro.no/pipermail/skolelinux.no/linuxiskolen/2003-April/009945.html
Back then Knut claimed that I blew it out of proportions when insisting
that LTSP 3.0 (i.e. no SSH) is insecure. Very much usable but insecure.
Before this thread grows too much, I suggest that the scandinavians
among us reread that old thread, and perhaps provide an english summary.
I am baffled that Knut still consider switches a security measure now 6
years later.
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn5sbIACgkQn7DbMsAkQLhaGwCfYDk9aeJxXBQrWjhoLEoBE1vF
sB8An3IKDobI/zi5M8XJ3G1TKWNbYr6f
=8+5Z
-----END PGP SIGNATURE-----
Reply to: