Flashes of Panic

A year or so ago, I was tinkering around with geocaching trade items. I had, briefly, been putting Linux CDs in caches, but at the rate I was caching, three-disk Red Hat sets were prohibitively time-intensive, so I went looking for single-disk distributions. What I found was the “Live CD” distros. (Jargon note: “distro” is a shortening of “distribution,” which is Linux-community jargon for a complex of software, installation scripts, and a Linux kernel available for installation as a complete operating system. You can’t get plain-vanilla “Linux”; Linux itself is only a kernel. Instead, there are dozens of options customized for particular purposes, or intended to run on as wide a variety of hardware as possible.)

A “Live CD” is an entire operating system on a single 650 MB ISO. The most widely known is Knoppix, which uses most of the CD to provide a pretty versatile experience; another which I played with is called Puppy Linux, which is almost small enough for a Zip disk and includes only a seriously pared-down suite of software. The key is that the CDs themselves are bootable. This means you can walk in to your office, sit down at the WinXP box your Microsoft-minded IT department forced on you, boot from the Live CD and work in Linux, with the hard disk of the computer available to you as a writable volume. (The Knoppix distro I played with also let you use a floppy disk to store volatile ~/ information like a .bash_profile file.) There’s a possible performance disadvantage if the machine doesn’t have enough RAM to keep the operating system in memory and has to hit the CD, but most of the Live CD distros are configured with this in mind; Puppy claims to free the CD completely, allowing you to remove the disk after booting and use the drive for other purposes.

Let me repeat that concept from a slightly different perspective: a Live CD lets you override the installed operating system and all its safeguards, and use your own system, right down to the kernel. If you are a corporate IT type, you’re probably not too concerned about your users at this level. If they’re bright enough to know how a Live CD works, they’re bright enough to understand systems security concepts, or should be; if they’re not, that’s a user-education issue, not something to be solved with software or hardware.

However, the idea of someone coming in from outside—posing as the FedEx guy, no doubt—and sitting down at one of your systems with a Live CD, that idea should reduce you to a paranoid wreck, assuming you haven’t already delegated someone to password-protect the BIOS of every box on your network.

Wait, wait, it gets worse: with a few innocent inquiries on a listserv this evening, I discovered that there is a Linux distribution customized for USB keychain drives.

Now we’re talking. I laugh at your clunky Windows desktop. I have a penguin in my pocket.