[colug-432] February COLUG Meeting Announcement

Steve Roggenkamp roggenkamps at acm.org
Thu Feb 23 21:42:55 EST 2012 

I'm not going to be able to make the meeting, but I thought I would
throw some more wood on the discussion fire.

Has anyone done much work with Nixos (www.nixos.org)?  It's a
source/binary distribution with a twist.  It has its own packaging
system, nix, that creates packages based on the source code as well as
all of the dependencies required to build it.  It removes all of the
standard directories U**X users have come to know and love over the
years.  Gone is /usr/lib, /usr/bin, /sbin, etc., in favor of a
directory /nix/store with each package having its own directory that
uses a hash string to encode it, something like,
/nix/store/r8vvq9kq18pz08v249h8my6r9vs7s0n3-firefox-8.0.0.1/.

It's very confusing when you first encounter it, but it provides some
advantages.

1. It provides a way to have multiple versions of a library without
interference.
2. You can have atomic updates and rollbacks.
3. Non-privileged users can install software such as glibc without
breaking things.

This seems to be useful, but one thing I've not seen mentioned is
security implications.  For me it would seem to offer an ideal method
to obfuscate library locations so that it would slow an attacker down
because there is no standard location for any given library, thus
increasing the chances of being discovered.  Unless you're a very high
value target, there should be much easier targets out there.

My thoughts on this were triggered by a New York Times article a
couple of weeks ago about the efforts people have to go to when
visiting China to insure they are not the target of espionage.  Of
course 90+% are probably using Microsoft OS which, as we know, have
problems in this area, but I'm sure someone using Linux as their OS
would not present an impenetrable system, just maybe a  bit more
difficult that Windows.

Sorry I'm not going to make the meeting, but I thought I would throw
this out for discussion.

Steve

On Wed, Feb 22, 2012 at 7:21 PM, Bill Baker <bill_chris at earthlink.net> wrote:
> Glad you liked it! :)
>
... rest deleeted

More information about the colug-432 mailing list