Locking down Ubuntu (was: Two rather negative articles about
Ubuntu)
Paul Sladen
ubuntu at paul.sladen.org
Wed Jul 5 15:35:45 BST 2006
On Wed, 5 Jul 2006, Shawn McMahon wrote:
> Many commands can be used to do that, such as "rm" and "cat". Should we
> remove them, or modify them so they can't do any harm?
I think this is an absolutely vital requirement. Clearly the best way to
make this happen is to provide a read-only base-image for Ubuntu and check
that the md5sum of this partition is correct on each reboot.
If the user has dared to modify it then we can easily:
1) Call the BIOS DRM services to lockout the machine and require a
return-to-manufacturer for the system to be unlocked by an "expert".
2) Refuse to provide "support" for non-standard images if even 1-bit has
been changed from the standard build of Ubuntu.
3) Simultaniously display a "Sad Mac" icon to the user so that they have
no clue of finding out what happened.
I think this will earn Ubuntu an unwavering reputation for being truely
trustworthy. A computer is a privilige for those willing to sign up to the
restricted-use rules; any deviation from those regulations should result in
an immediate confuscation of the user's European Computer Driving License
(ECDL, or equivalent foreign license) and withdrawl of all house-hold
electrical goods.
Luckily the BIOS vendors are well on the way to including the kind of
powerful security and encryption infrastructure required, so I think this
has a very real potential for edgy+1 or the release after that. Could you
start drawing up a specification on Blueprint:
https://launchpad.net/distros/ubuntu/+specs
We are one people. With one will, one resolve, one cause. Our enemies shall
talk themselves to death and we will bury them with their own confusion. We
shall prevail!
-Paul
--
High on a Spanish mountain, surrounded by howling dogs. Southampton, GB
More information about the sounder
mailing list