Comments on: ubuntu weirdnesses http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/ Fri, 10 Feb 2012 05:54:57 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Per http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/comment-page-1/#comment-18202 Per Fri, 02 Feb 2007 07:26:54 +0000 http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/#comment-18202 I have never actually used any of them, but a quick search in the repositories found a few iptables configuration tools. If you don't want to bother with iptables syntax then you might want to check them out. I have never actually used any of them, but a quick search in the repositories found a few iptables configuration tools. If you don’t want to bother with iptables syntax then you might want to check them out.

]]> By: david carlton http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/comment-page-1/#comment-18199 david carlton Fri, 02 Feb 2007 05:49:48 +0000 http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/#comment-18199 Normally, I love standards, but Posix has never done that much for me. (Not that I've actually, you know, read it or anything.) I'm not using super-fancy features in those scripts, and I've never gotten the impression that there's something special about the minimalism of pure original Bourne shell. Having said that, I'm not entirely comfortable with having sh = bash, either - I guess I'd be happier if there were a standard that had a little bit more functionality in the shell. To be sure, typing two extra characters isn't exactly an onerous burden. At first, I liked that firewall argument - I'm all for no configuration if possible. But if installing a service just means doing a simple package install, then it gets weaker - I installed Apache and MySQL over the weekend, and if I didn't have the router in place protecting me, I'd be thinking twice about doing that without a firewall. (Though with my current configuration, I'm using Apache over a LAN, but the argument would apply if I only had one computer and no router.) And, even setting aside my eroding iptables skills, it's not like it's that braindead easy. Aside from taking the time to learn the syntax and making your first mistakes (and hoping that the mistakes aren't of the form of inadvertently leaving a hole open), there are interactions with nameservers and NTP servers that, in my past experience, require more coordination than you want to do by hand. Normally, I love standards, but Posix has never done that much for me. (Not that I’ve actually, you know, read it or anything.) I’m not using super-fancy features in those scripts, and I’ve never gotten the impression that there’s something special about the minimalism of pure original Bourne shell. Having said that, I’m not entirely comfortable with having sh = bash, either – I guess I’d be happier if there were a standard that had a little bit more functionality in the shell. To be sure, typing two extra characters isn’t exactly an onerous burden.

At first, I liked that firewall argument – I’m all for no configuration if possible. But if installing a service just means doing a simple package install, then it gets weaker – I installed Apache and MySQL over the weekend, and if I didn’t have the router in place protecting me, I’d be thinking twice about doing that without a firewall. (Though with my current configuration, I’m using Apache over a LAN, but the argument would apply if I only had one computer and no router.)

And, even setting aside my eroding iptables skills, it’s not like it’s that braindead easy. Aside from taking the time to learn the syntax and making your first mistakes (and hoping that the mistakes aren’t of the form of inadvertently leaving a hole open), there are interactions with nameservers and NTP servers that, in my past experience, require more coordination than you want to do by hand.

]]> By: Chris http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/comment-page-1/#comment-18145 Chris Thu, 01 Feb 2007 18:28:27 +0000 http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/#comment-18145 > I have verified that there is no firewall in place. Ubuntu doesn't ship with a firewall, because it doesn't ship with any externally-accessible services turned on -- and the idea is that if you're competent enough to set such a service up, you can handle providing an iptables rule for it too. I tend to find firewalls to be nuisances, but I also tend not to run insecure services. > I have verified that there is no firewall in place.

Ubuntu doesn’t ship with a firewall, because it doesn’t ship with any externally-accessible services turned on — and the idea is that if you’re competent enough to set such a service up, you can handle providing an iptables rule for it too.

I tend to find firewalls to be nuisances, but I also tend not to run insecure services.

]]> By: John Cowan http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/comment-page-1/#comment-18102 John Cowan Thu, 01 Feb 2007 08:06:34 +0000 http://malvasiabianca.org/archives/2007/01/ubuntu-weirdnesses/#comment-18102 Bash is too heavyweight to be the default scripting shell, IMHO. Shell scripts should be Posix by default; if you actually depend on bash features, you should say so. Bash is too heavyweight to be the default scripting shell, IMHO. Shell scripts should be Posix by default; if you actually depend on bash features, you should say so.

]]>