Linux Mint "Deep Freeze" Program

Jason

OFRIS

stacksofplates

You can set your VB image as immutable if you don't want any changes at all. You can also take snapshots with VB. For a more low level approach, you could also use LVM snapshots on the VHD and restore that way.

BRRABill

@johnhooks said:

You can set your VB image as immutable if you don't want any changes at all. You can also take snapshots with VB. For a more low level approach, you could also use LVM snapshots on the VHD and restore that way.

I'll have to look into that.

I'm just thinking for higher risk users, whatever, might be nice to give them a sandbox if they want.

I guess ultimately Deep Freeze on Windows would be best, but I was thinking Mint might be good for a purely activity-based experience. Browse, then I'll restore,

The $100K security bounty on the Chromebook got me thinking about it.

stacksofplates

@BRRABill said:

@johnhooks said:

You can set your VB image as immutable if you don't want any changes at all. You can also take snapshots with VB. For a more low level approach, you could also use LVM snapshots on the VHD and restore that way.

I'll have to look into that.

I'm just thinking for higher risk users, whatever, might be nice to give them a sandbox if they want.

I guess ultimately Deep Freeze on Windows would be best, but I was thinking Mint might be good for a purely activity-based experience. Browse, then I'll restore,

The $100K security bounty on the Chromebook got me thinking about it.

Ya the immutable disk would be the closest thing to deep freeze (that's built into VB) other than what @Jason said.

BRRABill

The program doesn't have very good recent reviews.

I think I'll try the immutable route.

scottalanmiller

@johnhooks said:

Ya the immutable disk would be the closest thing to deep freeze (that's built into VB) other than what @Jason said.

You can do this with LVM or BtrFS on the system itself, too. But using VB for this would be easier.

scottalanmiller

@BRRABill said:

The program doesn't have very good recent reviews.

I think I'll try the immutable route.

Nothing is more powerful than the immutable route. Deep Freeze, while very, very good, does have a risk that malware could, in theory, attack it directly as it depends on the Windows system itself. A vulnerability there could allow malware to attack and disable the Deep Freeze process. I'm not aware of this risk ever having been successful exploited, but it is an architectural risk. You are trusting the OS to protect itself.

With the VBox route, you are getting the platform that envelopes the OS to protect the OS. This is a layer of protect and assurance that an application like Deep Freeze cannot match. Not that you need this level, Deep Freeze is extremely good, but since you get it by the nature of the platform, you are good to go.

If you don't need a custom desktop, you can also simply run Linux Mint as a Live system and not install it at all making it that much simpler

BRRABill

@scottalanmiller said:

If you don't need a custom desktop, you can also simply run Linux Mint as a Live system and not install it at all making it that much simpler

Outside the scope of something I want to do now, but can you take a Mint desktop that you set up (say with certain apps and stuff) and "freeze" it to a live CD?

Well, I am sure you can, but what is the difficulty level?

stacksofplates

@BRRABill said:

@scottalanmiller said:

If you don't need a custom desktop, you can also simply run Linux Mint as a Live system and not install it at all making it that much simpler

Outside the scope of something I want to do now, but can you take a Mint desktop that you set up (say with certain apps and stuff) and "freeze" it to a live CD?

Well, I am sure you can, but what is the difficulty level?

Live cd is by nature frozen. No changes are saved unless you specifically make a persistent disk.

scottalanmiller

@BRRABill said:

@scottalanmiller said:

If you don't need a custom desktop, you can also simply run Linux Mint as a Live system and not install it at all making it that much simpler

Outside the scope of something I want to do now, but can you take a Mint desktop that you set up (say with certain apps and stuff) and "freeze" it to a live CD?

CAN you, yes. WOULD you? No. Use VBox for that.

dafyre

@scottalanmiller said:

@BRRABill said:

@scottalanmiller said:

If you don't need a custom desktop, you can also simply run Linux Mint as a Live system and not install it at all making it that much simpler

Outside the scope of something I want to do now, but can you take a Mint desktop that you set up (say with certain apps and stuff) and "freeze" it to a live CD?

CAN you, yes. WOULD you? No. Use VBox for that.

Unless he needs to use this as a kiosk type machine.

BRRABill

@dafyre said:

Unless he needs to use this as a kiosk type machine.

My purposes are indeed taken care of by VB.

But I was wondering about a Kiosk application, or like at a public library or something.

scottalanmiller

@dafyre said:

@scottalanmiller said:

@BRRABill said:

@scottalanmiller said:

If you don't need a custom desktop, you can also simply run Linux Mint as a Live system and not install it at all making it that much simpler

Outside the scope of something I want to do now, but can you take a Mint desktop that you set up (say with certain apps and stuff) and "freeze" it to a live CD?

CAN you, yes. WOULD you? No. Use VBox for that.

Unless he needs to use this as a kiosk type machine.

Ah, okay. Yes that would make sense. I was thinking in the context of the OP.

scottalanmiller

@BRRABill said:

@dafyre said:

Unless he needs to use this as a kiosk type machine.

My purposes are indeed taken care of by VB.

But I was wondering about a Kiosk application, or like at a public library or something.

Then, yes. That would be an option. Although more commonly you might do something like PXE boot from a read only image.

dafyre

@scottalanmiller said:

@BRRABill said:

@dafyre said:

Unless he needs to use this as a kiosk type machine.

My purposes are indeed taken care of by VB.

But I was wondering about a Kiosk application, or like at a public library or something.

Then, yes. That would be an option. Although more commonly you might do something like PXE boot from a read only image.

blink... Rereads OP. blink Dang, I'm not awake this morning.

BRRABill

@dafyre said:

blink... Rereads OP. blink Dang, I'm not awake this morning.

EH, that's OK.

I think it's a natural fork of this conversation, and I was interested in the answer.

scottalanmiller

There are basically two ways to approach it...

1. Read Only filesystem where it never changes, period.
2. Snapshot filesystem that "rolls back" after being used. (Deep Freeze approach)

The later is useful more for testing that normal use. It makes the users THINK that they are making changes but then deletes them without warning. Good for a lab, bad for a normal desktop.