Is Debian 1.1 secure?

On Tue, 29 Sep 2009, in the Usenet newsgroup comp.os.linux.setup, in article
<16f0cdae-bdef-4ba7-9068-409278465e0d DeleteThis @e12g2000yqi.googlegroups.com>,
Manuel Rodriguez wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

>I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
>to work properly and fits my needs.

1.1 'Buzz' released June 1996 (474 packages, 2.0 kernel, fully ELF, dpkg)
1.2 'Rex' released December 1996 (848 packages, 120 developers)
1.3 'Bo' released July 1997 (974 packages, 200 developers)

You could _try_ at
ftp://sunsite.unc.edu/pub/historic-linux/distributions/debian/1.1

If you want to be ridiculous, that site also has Debian 0.91 from
January 1994, as well as SLS 1.03 and 1.05, Slackware 1.1.2 and others
of similar age.

>Question: is it secure to install it? (I mean possible lecks for
>viruses, spyware, rootkits and so on).

The skript kiddieZ would probably be laughing to hard, and unable to
find their 1997 root kits. The system would still be vulnerable to other
problems, as a LOT has changed in the past 13 years. You'd also run
into problems as Debian 1.x was libc5 (rather than the modern glibc2),
meaning few (if any) modern applications would be able to compile. You
would be limited to what ever packages were available with the original
distribution, and not have the security updates that were released
while the distributions were active. Likewise, it would be lacking
most/all of the modern features found on even a ten year old system.

Bottom line - very bad idea unless the system is stand-alone and has
NO network access to places you don't fully trust, and that includes
access _out_ (as a client), not just _in_ (as a server).

Old guy

Manuel Rodriguez wrote:
> I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
> to work properly and fits my needs. Question: is it secure to install
> it? (I mean possible lecks for viruses, spyware, rootkits and so on).

No. In 13 years, the number of discovered and currently exploited
vulnerabilities is quite high. Your big vulnerabilities would probably
include worms and various service attacks against network services
like any Apache servers and OpoenSSH servers, which wouldn't have
gotten any patches in over a dozen years.

If you needed to play with it, you might be able ot find a virtual
machine environment in which it would run and you could seriously
isolate and firewall around it to do some playing around, but I
suspect it's really not worth your time as a modern programmer.

On 2009-09-30, Nico Kadel-Garcia <nkadel RemoveThis @gmail.com> wrote:
> Manuel Rodriguez wrote:
>> I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
>> to work properly and fits my needs. Question: is it secure to install
>> it? (I mean possible lecks for viruses, spyware, rootkits and so on).
>
> No. In 13 years, the number of discovered and currently exploited
> vulnerabilities is quite high. [...]

If the OP really did want to install a bareboned Linux I suggest he'd
go for 'Damn Small Linux' or anything similar.

--
Jon Solberg (remove "nospam" from email address).

Jon Solberg wrote:

> On 2009-09-30, Nico Kadel-Garcia <nkadel RemoveThis @gmail.com> wrote:
>> Manuel Rodriguez wrote:
>>> I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
>>> to work properly and fits my needs. Question: is it secure to install
>>> it? (I mean possible lecks for viruses, spyware, rootkits and so on).
>>
>> No. In 13 years, the number of discovered and currently exploited
>> vulnerabilities is quite high. [...]
>
> If the OP really did want to install a bareboned Linux I suggest he'd
> go for 'Damn Small Linux' or anything similar.
>

Only problem is: The OP is a troll.

He spews his bullshit in other linux groups, too
--
"I don't want to belong to any club that would have me as a member."
-- Groucho Marx

On Sep 30, 2:49 am, Peter Köhlmann <peter-koehlm....TakeThisOut@t-online.de>
wrote:
> Jon Solberg wrote:
> > On 2009-09-30, Nico Kadel-Garcia <nka....TakeThisOut@gmail.com> wrote:
> >> Manuel Rodriguez wrote:
> >>> I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
> >>> to work properly and fits my needs. Question: is it secure to install
> >>> it? (I mean possible lecks for viruses, spyware, rootkits and so on).
>
> >> No. In 13 years, the number of discovered and currently exploited
> >> vulnerabilities is quite high. [...]
>
> > If the OP really did want to install a bareboned Linux I suggest he'd
> > go for 'Damn Small Linux' or anything similar.
>
> Only problem is: The OP is a troll.
>
> He spews his bullshit in other linux groups, too

Oh? Under what alias or name? This user address doesn't have much of a
'Profile' on Google's tools. And for a troll, it was actually a
vaguely interesting question.

Nico Kadel-Garcia wrote:

> On Sep 30, 2:49 am, Peter Köhlmann <peter-koehlm....DeleteThis@t-online.de>
> wrote:
>> Jon Solberg wrote:
>> > On 2009-09-30, Nico Kadel-Garcia <nka....DeleteThis@gmail.com> wrote:
>> >> Manuel Rodriguez wrote:
>> >>> I've read about Debian 1.1 (from year 1996). It needs only 16 MB
>> >>> RAM to work properly and fits my needs. Question: is it secure to
>> >>> install it? (I mean possible lecks for viruses, spyware, rootkits
>> >>> and so on).
>>
>> >> No. In 13 years, the number of discovered and currently exploited
>> >> vulnerabilities is quite high. [...]
>>
>> > If the OP really did want to install a bareboned Linux I suggest he'd
>> > go for 'Damn Small Linux' or anything similar.
>>
>> Only problem is: The OP is a troll.
>>
>> He spews his bullshit in other linux groups, too
>
> Oh? Under what alias or name?

Same one. In german linux groups

> This user address doesn't have much of a
> 'Profile' on Google's tools. And for a troll, it was actually a
> vaguely interesting question.

*Very* vaguely
--
The early bird gets the worm.
The early worm ... gets eaten.

On Tue, 2009-09-29 at 04:21 -0700, Manuel Rodriguez wrote:
> I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
> to work properly and fits my needs. Question: is it secure to install
> it? (I mean possible lecks for viruses, spyware, rootkits and so on).

Is Windows 3.51 secure?

Same era.

Also, Debian 1.1 requires 1996 class hardware. Just remember that, and
even so, there were MANY restrictions even by 1996 that didn't work well
with Linux (what was that? kernel 2.2?).

Can you give more details on what you're trying to install on? It might
help (you never know, somebody may have a more contemporary small linux
distro already installed on something similar).

Chris Cox wrote:
> On Tue, 2009-09-29 at 04:21 -0700, Manuel Rodriguez wrote:
>> I've read about Debian 1.1 (from year 1996). It needs only 16 MB RAM
>> to work properly and fits my needs. Question: is it secure to install
>> it? (I mean possible lecks for viruses, spyware, rootkits and so on).
>
> Is Windows 3.51 secure?
>
> Same era.
>
> Also, Debian 1.1 requires 1996 class hardware. Just remember that, and
> even so, there were MANY restrictions even by 1996 that didn't work well
> with Linux (what was that? kernel 2.2?).
>
> Can you give more details on what you're trying to install on? It might
> help (you never know, somebody may have a more contemporary small linux
> distro already installed on something similar).
>
>

Like SliTAZ but there are even smaller GNU/Linux systems though
they may be harder to tailor to the hardware.

later
bliss

On Wed, 30 Sep 2009, in the Usenet newsgroup comp.os.linux.setup, in article
<1254319462.4555.126.camel@geeko>, Chris Cox wrote:

>Manuel Rodriguez wrote:

>> Question: is it secure to install it?

>Is Windows 3.51 secure?

Sure - just remove the network capability, remove any drives capable of
removable media, and remove all users. Piece of cake!

>Also, Debian 1.1 requires 1996 class hardware. Just remember that, and
>even so, there were MANY restrictions even by 1996 that didn't work well
>with Linux

Also, it was libc5, not glibc2.

>(what was that? kernel 2.2?).

2.2.0 (forked from 2.1.132) was 25 January, 1999. "buzz" (Debian 1.1)
was released in June 1996, and my notes say it was a 2.0.0 kernel.
Looking at ftp://ftp.kernel.org/pub/linux/v2.0/, the 2.0.1 kernel is
listed as 2 July, 1996 (forked from 1.3.99 of May 1996). Ahh, a
directory listing of sunsite.unc.edu from October 1996 includes

../distributions/debian/buzz/binary-i386/base:

-r--r--r-- 1 ewt linux 1921908 Jun 16 12:56 kernel-image-2.0.0-0.deb

1.92 Megs... the ChangeLog file for 2.6.32-rc1 _alone_ is about three
times larger, never mind the patch-file or actual source.

-rw-rw-r-- 1 536 536 5768339 Sep 27 22:00 ChangeLog-2.6.32-rc1
-rw-rw-r-- 1 536 536 64104785 Sep 27 22:05 linux-2.6.32-rc1.tar.bz2
-rw-rw-r-- 1 536 536 81482035 Sep 27 22:05 linux-2.6.32-rc1.tar.gz
rw-rw-r--- 1 536 536 12971055 Sep 27 22:06 patch-2.6.32-rc1.gz
-rw-rw-r-- 1 536 536 10464694 Sep 27 22:06 patch-2.6.32-rc1.bz2

Old guy