From: Heiko Z. <hz...@pr...> - 2003-09-29 19:49:47
|
On 09/29/2003 07:30:08 AM Bruce Smith wrote: >> I have read about the possibility to install Squid in a DL-based bo= x. >> >> Do you need a hard disk or can you install it entirely on RAM and/o= r >the >> CD-ROM? ... and, in case you can install Squid in a box without a >hard >> disk, > >I suppose (in theory) you can run Squid without a HDD. However, you'l= l >need a fair amount of memory, and you're cache size will be limited. >I've never done it personally. Yes, you'll need lot's of RAM, but it should be quite fast then. One problem would be, that after a reboot all the cache is gone. >> how far are your from installing a Web Server like Apache (a slim do= wn >> version of it)? > >We currently have thttpd DL. >I don't know if there are any plans for Apache, or not. We currently have no plans for implementing Apache. We could think abou= t it for release 2.0 >> Do you know of anyone who has done that? > >Nope. I did a test server once to try it out. It worked pretty good. >> I have fancied aboud a DL+Apache configuration in which DL does the= >> firewall job and Apache serves all read-only static content and take= s >care >> of the SSL connections, passing all dynamic pages requests to a >back-end, >> internal engine ... THTTPD + Stunnel are all you need and guess what, it's all in DL. ;-) cya Heiko = |
From: Camilo L. <cm...@ho...> - 2003-09-30 19:03:41
|
... >THTTPD + Stunnel are all you need and guess what, it's all in DL. ;-) >cya > Heiko Super cool!!! I will try it and most probably need your help again ;-) Now, before I put my time into something that might not make sense to begin with, when you say lots of RAM; are 2 Gig of RAM enough? Please, let me know if I am wrong: ._ in case 2 Gigs of RAM are enough; ._ since you have TCP/IP running in DL; ._ you may set up part of the installation in the hard drive and, ._ as you told me, you have already tested a full-blown TCP/IP demanding app such as Apache Could you go ahead and try any other similar configuration based on DL? What else is involved that a newbie wouldn't know about ;-)? I am thinking about: 1._ running DL with an thttpd + stunnel configuration on RAM: 1.1_ thttpd installed in a chroot jail on port 80 serving static stuff and, 1.2_ as a separate process, stunnel (chrooted too) on 443 dealing with SSL connections, stripping them and passing them to the back-end HTTP processing engines Questions: ._ Both, 1.1 and 1.2 should be running from RAM, and ._ I would like to actually route the requests to port 80 and 443 to ports higher than 1024 and run thttpd and stunnel on them, but these are not DL issues they are actually basic configuration ones (well, I am guessing here DL uses iptables for its firewall rules right?)) ._ Current versions of OpenSSL after 0.9.6 (OpenSSL 0.9.7c being the latest stable) has built-in, hardware-based accelerator support. Stunnel is based on OpenSSL, so it 'should' work in a DL setup, right? Or, are there any constraining or extra issues that DL causes to hardware support for accelerator cards? (as I understand DL is a slim-down version of Linux) 2._ All requests for dynamic content should be routed to another port say 8080 (probably on a different box in the same internal network), where an HTTP engine fields and process them. Questions: ._ The HTTP engine should not run from RAM, but from the hard drive. Ideally, (and alternatively) I would like for the HTTP engine's core files (read-only, binary and initial-configuration ones) to run from the CD-ROM, but, of course, log files, pages, resource files, code and other files that need frequent editing, and actual DB data files must not. // - - - - - - The approx. size of the full JRE Java Run Time environment Standard Edition 1.4.2_01 from SUN is 46,100,013 bytes (e.g., Windows version). Now, you could technically get rid of all the crap you don't need for a server configuration (but SUN made it "illegal" to do so, in "our case" a DL config could place it in the hard drive and 'fugget' about it) and or you could use a way less demanding JRE like IBM's Jikes, Kaffe (kaffe.org) or some JRE based on the GNU Classpath project // - - - - - - The approx. size of a bare installation of a full HTTP server (Tomcat) is 6,960,298 bytes! // - - - - - - And the approx. size of a bare installation of a full application server (JBoss) including an HTTP Server engine (Tomcat) is 12,499,518 bytes! // - - - - - - When I say 'bare' installation I mean only the core, read-only files should be on the DL CD-ROM (and/or RAM if enough of it). I don't think that, say, 60 Mg, is too much to ask 'RAM-wise' to a Linux-like DL + JRE + Tomcat configuration, or is it? My experience, when trying something edgy "mum and dad haven't told you" is, as "flat-earth" kind of people would say, "monsters be there". I would like to mentally dive into it and have the time to do so right now. (Like 3 'relatively free' weeks and enough enthusiasm to keep doing it and thoroughly document my incursion) Heiko (or anyone with enough experience with DL), could you mentor me while trying it? Telling me how to go about it? Like trying first a type of config and then which one should I try next, kind of a roadmap/checklist including test sets and stress testing? I have enough experience with Java and noticed you are more comfortable using PERL. As a software guy, I don't deal much with hardware (don't even have the time to, anyway), that is why I am asking for some knowledgeable people to oversee my tinkering with DL. Thanks |
From: maarten v. d. B. <de...@ul...> - 2003-09-30 21:07:37
|
On Tuesday 30 September 2003 21:04, Camilo Lopez wrote: > ... > > >THTTPD + Stunnel are all you need and guess what, it's all in DL. ;-) > I will try it and most probably need your help again ;-) > > Now, before I put my time into something that might not make sense to > begin with, when you say lots of RAM; are 2 Gig of RAM enough? > Please, let me know if I am wrong: > ._ in case 2 Gigs of RAM are enough; Hm. 2 Gig of ram are enough for just about _anything_. LOL :) > ._ since you have TCP/IP running in DL; > ._ you may set up part of the installation in the hard drive and, > ._ as you told me, you have already tested a full-blown TCP/IP demanding > app such as Apache > > Could you go ahead and try any other similar configuration based on DL? I have a somewhat offtopic question about this (and other posts I see on the list) but I hope I won't be stepping on people's toes here... I do not understand the mechanisms that some of us make use devil linux for applications like that. It started out as a bootable, un-compromiseable router running from CD, am I right ? You can and could install it to harddisk of course, but then again that was not the real selling point since any linux distribution can do that and comes with a plethora of applications to boot. Being able to run devil linux from HD is a good thing but I thought the goal was CD's, USBsticks, CF cards, etc. Well, adding things that do not (IMHO) belong on a plain router (think samba, apache, and things like that) take security to a more shakey level, take time and effort away from the 'real' project goals (If I do / did understand those goals correctly, that is). Also, the codebase grows enormously, and with that compiletime, space, etcetera. But hey, I am not developing so I maybe better shut up since the work is done by others anyhow. That is true. A few months ago I contributed to the project by a donation and I got a fine present [code] back from Heiko. But at that time the emphasis seemed to be more on things like snmp, iproute2, IPsec, things more closely related to routing / security and everything it entails. If I misread the signs, I apologise. But I just wanted to know in which direction devil-linux is going to go in. This was also triggered by the fact that I thought the emphasis was on security, yet there are no essential updates (as yet) which leaves me (using devil linux as a true router) with a real problem (well, I made a temporary workaround, of course). Kind regards, Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER |
From: Heiko Z. <he...@zu...> - 2003-09-30 22:25:18
|
maarten van den Berg wrote: > On Tuesday 30 September 2003 21:04, Camilo Lopez wrote: > >>... >> >> >>>THTTPD + Stunnel are all you need and guess what, it's all in DL. ;-) > > >> I will try it and most probably need your help again ;-) >> >> Now, before I put my time into something that might not make sense to >>begin with, when you say lots of RAM; are 2 Gig of RAM enough? >> Please, let me know if I am wrong: >>._ in case 2 Gigs of RAM are enough; > > > Hm. 2 Gig of ram are enough for just about _anything_. LOL :) Starting with the next release, the RAMDISK will have the size of RAM / 2. If this is not practical, we can try to add some intelligence. cya Heiko |
From: Heiko Z. <he...@zu...> - 2003-09-30 22:56:16
|
maarten van den Berg wrote: > I have a somewhat offtopic question about this (and other posts I see on the > list) but I hope I won't be stepping on people's toes here... > > I do not understand the mechanisms that some of us make use devil linux for > applications like that. It started out as a bootable, un-compromiseable > router running from CD, am I right ? Absolutely correct. > You can and could install it to harddisk of course, but then again that was > not the real selling point since any linux distribution can do that and comes > with a plethora of applications to boot. Being able to run devil linux from > HD is a good thing but I thought the goal was CD's, USBsticks, CF cards, etc. That is still the case. I personally see the HD only as a storage device (mail, samba, squid, etc.), but not for booting. > Well, adding things that do not (IMHO) belong on a plain router (think samba, > apache, and things like that) take security to a more shakey level, take time > and effort away from the 'real' project goals (If I do / did understand those > goals correctly, that is). Also, the codebase grows enormously, and with that > compiletime, space, etcetera. But hey, I am not developing so I maybe better > shut up since the work is done by others anyhow. That is true. Yeah ! Shut up ! (just kidding) That's the reason why we created the easy-to-use build system. If you think there's too much shit on the CD, compile your own version. I was thinking about releasing 2 different versions of DL: Router/Firewall and Full. But then plus the i486 and the i686-SMP version, this means I would have to release 4 different versions each time... > A few months ago I contributed to the project by a donation and I got a fine > present [code] back from Heiko. But at that time the emphasis seemed to be > more on things like snmp, iproute2, IPsec, things more closely related to > routing / security and everything it entails. And the donation is still appreciated ! > If I misread the signs, I apologise. But I just wanted to know in which > direction devil-linux is going to go in. This was also triggered by the fact > that I thought the emphasis was on security, yet there are no essential > updates (as yet) which leaves me (using devil linux as a true router) with a > real problem (well, I made a temporary workaround, of course). The concept behind DL worked out so well for me, that I tried to replace most Linux Server I have (including the ones in the Company) with DL boxes. As I mentioned before, it's easy to create your own this-is-the-way-I-want-it DL version, when you use our build system. cya Heiko |
From: maarten v. d. B. <de...@ul...> - 2003-10-01 00:25:20
|
On Wednesday 01 October 2003 00:52, Heiko Zuerker wrote: > maarten van den Berg wrote: > > I have a somewhat offtopic question about this (and other posts I see on > > the list) but I hope I won't be stepping on people's toes here... > > > > I do not understand the mechanisms that some of us make use devil linux > > for applications like that. It started out as a bootable, > > un-compromiseable router running from CD, am I right ? > > Absolutely correct. > > Well, adding things that do not (IMHO) belong on a plain router (think > > samba, apache, and things like that) take security to a more shakey > > level, take time and effort away from the 'real' project goals (If I do / > > did understand those goals correctly, that is). Also, the codebase grows > > enormously, and with that compiletime, space, etcetera. But hey, I am > > not developing so I maybe better shut up since the work is done by others > > anyhow. That is true. > > Yeah ! Shut up ! > (just kidding) :-0 > That's the reason why we created the easy-to-use build system. If you > think there's too much shit on the CD, compile your own version. > I was thinking about releasing 2 different versions of DL: > Router/Firewall and Full. But then plus the i486 and the i686-SMP > version, this means I would have to release 4 different versions each > time... Yeah... I have the dev version installed but I... <ahem> I haven't touched it in quite a long while. With life being short and all, you know... So how do I go about it ? Just drop in my new or patched foobar.tar.gz sources and hope for the best while running make ? ;-) > > A few months ago I contributed to the project by a donation and I got a > > fine present [code] back from Heiko. But at that time the emphasis > > seemed to be more on things like snmp, iproute2, IPsec, things more > > closely related to routing / security and everything it entails. > > And the donation is still appreciated ! Yeah ? You like it ? Do you carry it around everywhere, like I do ? ;-) > > If I misread the signs, I apologise. But I just wanted to know in which > > direction devil-linux is going to go in. This was also triggered by the > > fact that I thought the emphasis was on security, yet there are no > > essential updates (as yet) which leaves me (using devil linux as a true > > router) with a real problem (well, I made a temporary workaround, of > > course). > > The concept behind DL worked out so well for me, that I tried to replace > most Linux Server I have (including the ones in the Company) with DL boxes. Hmm, really ? I just got on the edge of being 'shot down' by a fellow engineer from one of my customers when I had to admit that "that router" had not been openssh-fixed yet 'cause there simply were no patches for it'. You should have seen his face, he was struck by lightning for a second when it registered. But we both are kinda paranoid* when it comes to security so that explains it I guess. I don't want to think about what would've happened if ALL the boxes of that customer would have been DL based, hehehe... (I guess it's my own fault for taking such things for granted before checking) (paranoid*) as a matter of fact the machine itself was so firewalled that the ssh port was unreachable even long before the openssh advisory came. > As I mentioned before, it's easy to create your own > this-is-the-way-I-want-it DL version, when you use our build system. Yes. The difference is that I tend to go for "when it's stable don't touch it" whereas you, as a developer, are always running the state of the art latest cvs version I bet. So I don't routinely check out cvs, build a new system and drive over to the colocation facility only to find out a couple of hours late that that latest DL version just broke and took 12 webservers down with it (since that's what it firewalls)... That would surely be a "CLM" for me. So, it is only when a serious hole gets discovered I break out the 'toolbox'. I'm sorry if this doesn't help speed developing (since I don't try out new versions) but most engineers are reluctant to flash their Cisco's at every opportunity, for the same reasons: If it ain't broke, don't fix it. Well, it feels good chatting about this project again, I'll see what I can get done here. Is 0.6 a stable [enough] starting point right now ? Oh yeah, a P.S.: I noticed a bug(?? or missing feature?) when I just tried to backup a running config: I just inserted a new blank floppy and ran 'save-config' in the expectation that it would save its config but it didn't. Does it have to be formatted first ? ext2 ? minix ? I guess I kinda expected it would do a 'tar -cf /dev/fd0 <file>' instead of saving the tarball onto a floppy filesystem. My bad. Regards, Maarten > cya > Heiko > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Linux: Because rebooting is for adding hardware. |
From: Heiko Z. <he...@zu...> - 2003-10-01 00:46:20
|
maarten van den Berg wrote: > On Wednesday 01 October 2003 00:52, Heiko Zuerker wrote: >>That's the reason why we created the easy-to-use build system. If you >>think there's too much shit on the CD, compile your own version. >>I was thinking about releasing 2 different versions of DL: >>Router/Firewall and Full. But then plus the i486 and the i686-SMP >>version, this means I would have to release 4 different versions each >>time... > > > Yeah... I have the dev version installed but I... <ahem> I haven't touched > it in quite a long while. With life being short and all, you know... > > So how do I go about it ? Just drop in my new or patched foobar.tar.gz sources > and hope for the best while running make ? ;-) Yeah, something like that. ;-) >>>A few months ago I contributed to the project by a donation and I got a >>>fine present [code] back from Heiko. But at that time the emphasis >>>seemed to be more on things like snmp, iproute2, IPsec, things more >>>closely related to routing / security and everything it entails. >> >>And the donation is still appreciated ! > > > Yeah ? You like it ? Do you carry it around everywhere, like I do ? ;-) Yes I do, whereever I go. 8-) >>>If I misread the signs, I apologise. But I just wanted to know in which >>>direction devil-linux is going to go in. This was also triggered by the >>>fact that I thought the emphasis was on security, yet there are no >>>essential updates (as yet) which leaves me (using devil linux as a true >>>router) with a real problem (well, I made a temporary workaround, of >>>course). >> >>The concept behind DL worked out so well for me, that I tried to replace >>most Linux Server I have (including the ones in the Company) with DL boxes. > > > Hmm, really ? I just got on the edge of being 'shot down' by a fellow > engineer from one of my customers when I had to admit that "that router" had > not been openssh-fixed yet 'cause there simply were no patches for it'. > You should have seen his face, he was struck by lightning for a second when it > registered. But we both are kinda paranoid* when it comes to security so that > explains it I guess. I don't want to think about what would've happened if > ALL the boxes of that customer would have been DL based, hehehe... > (I guess it's my own fault for taking such things for granted before checking) I'm aware of this problem. Starting with the next release we will bring out regular updates. > (paranoid*) as a matter of fact the machine itself was so firewalled that the > ssh port was unreachable even long before the openssh advisory came. Good! That's the way to go. >>As I mentioned before, it's easy to create your own >>this-is-the-way-I-want-it DL version, when you use our build system. > > > Yes. The difference is that I tend to go for "when it's stable don't touch it" > whereas you, as a developer, are always running the state of the art latest > cvs version I bet. So I don't routinely check out cvs, build a new system > and drive over to the colocation facility only to find out a couple of hours > late that that latest DL version just broke and took 12 webservers down with > it (since that's what it firewalls)... That would surely be a "CLM" for me. > So, it is only when a serious hole gets discovered I break out the 'toolbox'. > > I'm sorry if this doesn't help speed developing (since I don't try out new > versions) but most engineers are reluctant to flash their Cisco's at every > opportunity, for the same reasons: If it ain't broke, don't fix it. > Well, it feels good chatting about this project again, I'll see what I can get > done here. Is 0.6 a stable [enough] starting point right now ? I just updated my system again this weekend, it looks very stable. But wait until the new testing release comes out end of this week, it has most bugs fixed. The open stuff is minor or we're waiting for an update (e.g. the new Kernel). > Oh yeah, a P.S.: I noticed a bug(?? or missing feature?) when I just tried to > backup a running config: I just inserted a new blank floppy and ran > 'save-config' in the expectation that it would save its config but it didn't. > Does it have to be formatted first ? ext2 ? minix ? > I guess I kinda expected it would do a 'tar -cf /dev/fd0 <file>' instead of > saving the tarball onto a floppy filesystem. My bad. You need to use a formated configuration media. cya Heiko |
From: Bruce S. <bw...@ar...> - 2003-10-01 02:01:07
|
> I was thinking about releasing 2 different versions of DL: > Router/Firewall and Full. But then plus the i486 and the i686-SMP > version, this means I would have to release 4 different versions each > time... I was thinking of a smaller version for another reason. We need a smaller DL that'll fit on a smaller (<512MB) USB memory stick. - BS |
From: Heiko Z. <he...@zu...> - 2003-09-30 22:46:19
|
Camilo Lopez wrote: > ... > > >>THTTPD + Stunnel are all you need and guess what, it's all in DL. ;-) > > >>cya >> Heiko > > > Super cool!!! > > I will try it and most probably need your help again ;-) > > Now, before I put my time into something that might not make sense to > begin with, when you say lots of RAM; are 2 Gig of RAM enough? > Please, let me know if I am wrong: > ._ in case 2 Gigs of RAM are enough; > ._ since you have TCP/IP running in DL; > ._ you may set up part of the installation in the hard drive and, > ._ as you told me, you have already tested a full-blown TCP/IP demanding app > such as Apache Did I ? I tried once thttpd as a webserver. > Could you go ahead and try any other similar configuration based on DL? Nope. You guys can try out the stuff (features), let us do the development work. > What else is involved that a newbie wouldn't know about ;-)? > > I am thinking about: > > 1._ running DL with an thttpd + stunnel configuration on RAM: > 1.1_ thttpd installed in a chroot jail on port 80 serving static stuff and, > 1.2_ as a separate process, stunnel (chrooted too) on 443 dealing with SSL > connections, stripping them and passing them to the back-end HTTP processing > engines > > Questions: > ._ Both, 1.1 and 1.2 should be running from RAM, and > > ._ I would like to actually route the requests to port 80 and 443 to ports > higher than 1024 and run thttpd and stunnel on them, but these are not DL > issues they are actually basic configuration ones (well, I am guessing here > DL uses iptables for > its firewall rules right?)) You can do all of this > ._ Current versions of OpenSSL after 0.9.6 (OpenSSL 0.9.7c being the latest > stable) has built-in, > hardware-based accelerator support. Stunnel is based on OpenSSL, so it > 'should' work in a DL > setup, right? Or, are there any constraining or extra issues that DL causes > to hardware support > for accelerator cards? (as I understand DL is a slim-down version of Linux) I have no idea.... Actually we still use 0.9.6j, since there were some incompatabilities with 0.9.7. I'll start another test with the latest 0.9.7... > 2._ All requests for dynamic content should be routed to another port say > 8080 (probably on a different box in the same internal network), where an > HTTP engine fields and process them. Everything dynamic has to be on another host, we currently don't support this. This is a limitation of thttpd. > Questions: > ._ The HTTP engine should not run from RAM, but from the hard drive. > Ideally, (and alternatively) I would like for the HTTP engine's core files > (read-only, binary and initial-configuration ones) to run from the CD-ROM, > but, of course, log files, pages, resource files, code and other files that > need > frequent editing, and actual DB data files must not. That's the way it is right now. > // - - - - - - > The approx. size of the full JRE Java Run Time environment Standard Edition > 1.4.2_01 from SUN is > 46,100,013 bytes (e.g., Windows version). > Now, you could technically get rid of all the crap you don't need for a > server configuration (but > SUN made it "illegal" to do so, in "our case" a DL config could place it in > the hard drive and > 'fugget' about it) and or you could use a way less demanding JRE like IBM's > Jikes, Kaffe (kaffe.org) or some JRE based on the GNU Classpath project > > // - - - - - - > The approx. size of a bare installation of a full HTTP server (Tomcat) is > 6,960,298 bytes! > > // - - - - - - > And the approx. size of a bare installation of a full application server > (JBoss) including an HTTP Server engine (Tomcat) is 12,499,518 bytes! > > // - - - - - - > When I say 'bare' installation I mean only the core, read-only files should > be on the DL CD-ROM (and/or RAM if enough of it). > I don't think that, say, 60 Mg, is too much to ask 'RAM-wise' to a > Linux-like DL + JRE + Tomcat configuration, or is it? I think it will be a challange to get all this working under DL, but when you can do it, I would like to have to documentation for it on our website. > My experience, when trying something edgy "mum and dad haven't told you" > is, as "flat-earth" kind of people would say, "monsters be there". > I would like to mentally dive into it and have the time to do so right now. > (Like 3 'relatively free' weeks and enough enthusiasm to keep doing it and > thoroughly document my incursion) > > Heiko (or anyone with enough experience with DL), could you mentor me while > trying it? Telling me how to go about it? Like trying first a type of config > and then which one should I try next, kind of a roadmap/checklist including > test sets and stress testing? You can ask all kinds of questions here on the ML, that's the reason why we have it. > I have enough experience with Java and noticed you are more comfortable > using PERL. As a software guy, I don't deal much with hardware (don't even > have the time to, anyway), that is why I am asking for some knowledgeable > people to oversee my tinkering with DL. Me Perl? No chance! cya Heiko |
From: Heiko Z. <he...@zu...> - 2003-10-01 02:08:36
|
Bruce Smith wrote: >>I was thinking about releasing 2 different versions of DL: >>Router/Firewall and Full. But then plus the i486 and the i686-SMP >>version, this means I would have to release 4 different versions each >>time... > > > I was thinking of a smaller version for another reason. We need a > smaller DL that'll fit on a smaller (<512MB) USB memory stick. > The main problem there is: what will you include? Everybody needs something else... cya Heiko |
From: Bruce S. <bw...@ar...> - 2003-10-01 02:12:13
|
> >>I was thinking about releasing 2 different versions of DL: > >>Router/Firewall and Full. But then plus the i486 and the i686-SMP > >>version, this means I would have to release 4 different versions each > >>time... > > > > I was thinking of a smaller version for another reason. We need a > > smaller DL that'll fit on a smaller (<512MB) USB memory stick. > > The main problem there is: what will you include? > Everybody needs something else... I guess I'd stick with the firewall stuff and get rid of the other server (i.e. Samba) stuff. - BS |
From: Camilo L. <cm...@ho...> - 2003-10-01 01:15:13
|
maarten van den Berg wrote: ... > > Could you go ahead and try any other similar configuration based on DL? > > > I have a somewhat offtopic question about this (and other posts I see on the > list) but I hope I won't be stepping on people's toes here... > > I do not understand the mechanisms that some of us make use devil linux for > applications like that. It started out as a bootable, un-compromiseable > router running from CD, am I right ? You absolutely are!!! And we know the importance of keeping focused; -but- (IMHO and from a purely technical point of view,) I think the venue should be there for people to get 'creative'. Also, as you yourself mentioned people have already done all kinds of imaginable/fancy things with DL (which also shows its versatility). The JRE is not an application just a "Run-Time Environment" or a "platform". Java (among many other things) sports a thorough security framework, which, I think; on top of DL would be something 'technically desirable'. Also, I can't provide you with the link right now, but I remember to have read the comments at amazon.com of this new book about security written by a group of big time people in the security field, who as one of their most important security advices said "If you want to be really secure do not code in C++, code in Java .". You might think I am a sales person from Sun ;-) but I could dig for the reference to the article. I really don't see a mayor breakthrough once you run apps like Apache trying something like making a JRE work based on DL. If there are already a number of best quality JRE's for Linux itself. By reading your note I got confused about one of DL's features, namely, when you use a hard drive you still boot from the CD right? Well, maybe I was getting in love with DL the wrong way. Bummer! I think I will give it a try anyway. Thanks |
From: Heiko Z. <he...@zu...> - 2003-10-01 01:31:18
|
Camilo Lopez wrote: > maarten van den Berg wrote: > ... > > >>>Could you go ahead and try any other similar configuration based on DL? >> >> >>I have a somewhat offtopic question about this (and other posts I see on > > the > >>list) but I hope I won't be stepping on people's toes here... >> >>I do not understand the mechanisms that some of us make use devil linux > > for > >>applications like that. It started out as a bootable, un-compromiseable >>router running from CD, am I right ? > > > > You absolutely are!!! And we know the importance of keeping focused; -but- > (IMHO and from a purely technical point of view,) I think the venue should > be there for people to get 'creative'. > > Also, as you yourself mentioned people have already done all kinds of > imaginable/fancy things with DL (which also shows its versatility). > > The JRE is not an application just a "Run-Time Environment" or a "platform". > Java (among many other things) sports a thorough security framework, which, > I think; on top of DL would be something 'technically desirable'. > > Also, I can't provide you with the link right now, but I remember to have > read the comments at amazon.com of this new book about security written by a > group of big time people in the security field, who as one of their most > important security advices said "If you want to be really secure do not code > in C++, code in Java .". You might think I am a sales person from Sun ;-) > but I could dig for the reference to the article. > > I really don't see a mayor breakthrough once you run apps like Apache trying > something like making a JRE work based on DL. If there are already a number > of best quality JRE's for Linux itself. > > By reading your note I got confused about one of DL's features, namely, when > you use a hard drive you still boot from the CD right? Yes. Harddisk are supposed to be for storage of data only. However some people modified DL to boot from HDD. > Well, maybe I was getting in love with DL the wrong way. Bummer! > > I think I will give it a try anyway. You can do a lot of things, just give it a try. cya Heiko |