Introduction

LiveCDs are generally speaking static distributions, on a read only CD.

One might assume this is good approach to mitigate several security risks, as if there there was ever an exploit with a LiveCD, you could just reboot the machine. The exploit/virus can not write itself to the read only disc, so a reboot starts from a fresh uncompromised position.

This is true to an extent, however what happens for example if the LiveCD shipped version 1 of browser. Suppose version 1 of browser is known to be insecure and prone to a phishing attack. If someone is using version 1 and goes to a malicious Web site, all the details of previous surfing in that session could be compromised. The read only LiveCD model doesn’t really mitigate that particular security risk of a vulnerable browser.

Keeping the LiveCD up to date by updating at bootup

This is the current method, though there is a couple of serious problems:

If one of the servers is not responding or slow, it can disrupt the whole upgrade and boot process - very network sensitive
If someone is using an old version of Webconverger, there will be lots of updates and hence a lot of downloads every boot - potentially high bandwidth
You can’t update some elements (like kernel, drivers) of a running system without a reboot. And after a reboot the updated packages will be lost of course!

Making upgrades better

Upgrades must be on to ensure better security & privacy and to meet Webconveger’s design goals. If people aren’t using this feature, then there is obviously a grave bug here that needs to be fixed.

The main problem as there are many megabytes of upgrades over time. Webconverger aims to be as small as possible, however typically when the Firefox debian package (Iceweasel) is updated, even the smallest changes (which they usually are), culminates into a fresh package that needs to be downloaded.

An updated browser package typically is about 8 megs!

Customer who deploy Webconverger in places with poor Internet connections cannot afford to download often at least 8 megs for every machine.

So in order to make upgrades better, there are a things a customer can do:

Run a proxy like squid
Download and update to the latest Webconverger from time to time

A good router should be able to provide an inbuilt proxy, however I haven’t been able to track down such products.

Stuff Webconverger can do to improve the situation:

Work out how to make upgrades smaller and more compact
Work out how to make upgrades more upto date, than just on bootup

Sadly both options currently on either side are difficult to implement!

With rsync

New versions will not being using rsync. Reasons are FF3 for example has many dependencies, such as:

dbus1.2.1-1i386.deb
iceweasel3.0~b5-1i386.deb
iceweasel-gnome-support3.0~b5-1i386.deb
iceweasel-webconverger6-23all.deb
libcairo21.6.4-1i386.deb
libdbus-1-31.2.1-1i386.deb
libdbus-glib-1-20.74-2i386.deb
libpixman-1-00.10.0-2i386.deb

So rsyncing that from FF2 will really not work.

From 2.38 Webconverger ships with rsync and just the browser is updated with:

rsync --delay-updates -a --progress webconverger.org::iceweasel/ /

Executed by the boot option ‘iceweaselupgrade’ from the live-initscripts package at boot time. This simple minimal upgrade strategy should ensure an up to date browser on future Webconverger deployments.

Developer notes

Other thoughts

Perhaps it is best just to upgrade the browser.

Upgrade periodically with something like cron apt.

Outlook

For CDs users, upgrades do not really work 100%. For small updates, “Updating at bootup” is fine on CD media. However as time goes on you really should download the latest copy of Webconverger and burn a new copy.

So for commercial (paying) customers I would suggest ordering a Webconverger CD every six months. You’re free to decide whether or not to update. If you do not update, remember your fresh boot ups will be slower and your network costs will increase over time.

For the future, USB and hard drive writing methods should mature and make the upgrade process a lot smoother and cheaper.