(No Title)
http://people.redhat.com/~hp/stateless/StatelessLinux.pdf
I don’t know if I should declare victory, defeat, or nothing. This is pretty much a whitepaper describing my vision for a mounted-CD operating system in some ways, but a bit more versatile than Knoppix or Gnoppix live Linux CDs.
Cool? Yes. But a little too BCIS Fascist for my tastes. Here’s what I see: we have on one end the thin client (or terminal, in oldspeak). On the other end is the Winbloat model for functionality and permissions: RPC vulnerabilities, root priveleges on the Linux side.
This Fedora idea is a bit too close to the Knoppix/thin client solution. I need to have enough leeway to make changes. This does not mean kludges that make “common root tasks” trivial. The reason you have root logins is to supercede one’s normal expectations of operational demands. Root loses importance to the user with this Stateless idea. Instead, we see a layer of abstraction between the user and the system. This means the death of Linux as anything but a bargain. The closeness of the user to system functionality is what makes Linux anything different from Windows technologically.
Mounting the root filesystem as readonly is assinine. Just try to word process on an iPod. We’re talking embedded-level Linux here, and I don’t think anybody wants that for their PC. PC hardware is just too damn smart to lock it down. On the corporate IT side, it might make some sense in theory. In truth, I want to be able to change my system. I simply disagree with the guiding principles of this project.
On the other hand, the kernel should not be read-write. GUI binaries? Readonly. Base functionality DLL’s? Readonly. DirectX/Avalon? Readonly.
Config files? Read-write. Data? Read-write. Not network storage…for now. Maybe at widespread gigabit ethernet and approaching 100% network uptime WITH ENCRYPTION.
Here’s my optimal liveCD-but-permanent-PC op system root filesystem:
/ -> /dev/hda1 (read-write by root)
/bin -> /dev/cdrom
/boot -> /dev/cdrom
/dev -> (virtual, driven by the emerging udev system and hotplug)
/etc -> /dev/hda1 (with a backup default config image on the CD with a restore utility)
/home -> /dev/hda2 (different partition for user data. why not?)
/lib -> /dev/cdrom (this is the biggie)
/var -> /dev/hda1 (needs to be writable for logging)
/usr, /bin, and /sbin -> /dev/cdrom (very important, most apps are distributed on CD)
/opt -> /dev/hda1 (all other installed software goes here, “firewalled” from app data)
/root -> /dev/hda1 (this should be treated as “protected system space” with the other config/admin stuff)
Everything else is virtual.
Alright. I’m done.