From: me@privacy.invalid   
      
   On Sat, 25 Oct 2025 09:42:25 -0400, Paul wrote:   
      
   > On Sat, 10/25/2025 8:06 AM, s|b wrote:   
   >   
   > > That's a bit overwhelming. If we would choose some obscure distribution,   
   > > let's say Tiny11, I would imagine there would be less support than for   
   > > instance Linux Mint. That's not good, is it?   
      
   > I guess I'm not doing a good job on the analogies.   
      
   Could be the language barrier. (-;   
      
   > As a helper, as an initial skill, you should read up   
   > on what the "standard procedure is".   
   >   
   > Let's use as an example, someone drops by your help center.   
   > They say   
   >   
   >    "I have a new printer. How do you install those, anyway ?"   
      
   I'm interrupting, but (most) people will say "I have a new printer. Can   
   YOU install his?"   
      
   > And you, having read the official page for it, follow the   
   > procedure, make sure CUPS is installed, and then use some   
   > dialog pointed at port 631 and start the printer install.   
   >   
   > Now, maybe the printer is a tough one, and requires a   
   > few minutes search on Google to determine "status on   
   > July 2025 printer that just arrived". Or, it's an existing   
   > printer (like the one I bought, an end of line), and   
   > the driver is mature. The customer leaves happy.   
   >   
   > Six months pass. Something happens to the printer. You're   
   > not available. They go to the Linux Cafe for help. The helper   
   > there asks "how did he install it?". The customer replies   
   > "he used the standard procedure". The helper then has a context   
   > and the customer does their best to fill in the anecdotal bits.   
   >   
   > That's better than the customer saying, "Oh, s|b hacked it in   
   > with some custom assembler code, but I don't have the code   
   > he used." That's going to considerably complicate the situation.   
   > Who knows what the assembler code damaged while it worked?   
      
   This is why it's probably a good idea to cooperate with a Linux Repair   
   Café. I just want to add that our target group doesn't even have a   
   printer in most cases. The library (not our organisation) offers   
   printing documents as a service. (We would have to set up LibreOffice to   
   save documents that are compatible with Office365, but that is easily   
   done.)   
      
   > There is no end to the complexity a potential situation could raise.   
   > There would be questions here nobody could answer. They could   
   > likely answer them when sitting in front of the machine   
   > and looking around, as sometimes all it takes is one hint   
   > from a look around, to figure it out. The knowledge tree   
   > starts with a solid knowledge of the fundamentals underneath.   
   > It's the same way we learn maths.   
      
   That's why we have the KIS principle: Keep It Simple.   
      
   > Try using the OS with just sudo. The machines are most likely   
   > to be single user, there won't be situations where john peeps   
   > at mary's files using sudo.   
   >   
   > sudo can be restricted to only allowing "mount" and "umount"   
   > as privileged activities. That was more likely to be the   
   > intended usage of sudo in UNIX days. The UNIX box didn't come   
   > with sudo enabled. You installed it and edited the sudoers file   
   > with a "blessed" editor. And those are the privileges I   
   > was given back in the day, all I was allowed was "mount" and "umount".   
   > Sudo activites were logged, and sent to the administrator.   
   > (If you were abusing it, someone might notice.)   
      
   I made a note and will look into this. Or maybe you have a URL I can   
   take a look at?   
      
   > If you did become root, by adding the password, as root you   
   > could edit the sudoers file and restrict the activities of others.   
   >   
   > As long as the disk isn't encrypted, I'm willing to bet you can   
   > always exploit it. Using things like chroot, from a boot key.   
      
   We wouldn't encrypt the drive. The option comes up during installation,   
   but I already said to my supervisor that it wouldn't be a good idea for   
   the people we want to reach. Easier to retrieve data in case of a   
   problem was the main idea. Keep in mind everybody would still have an   
   external hdd with backup data of their Windows laptop/PC.   
      
   --   
   s|b   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)