Another way to get a computer that just works each and every time, is to make sure that the core system is read-only. If it is read-only, no changes can stick to it—be those good or bad, desirable or not. Great concept. How do you execute on it exactly? Big question mark here.
First off, Windows OS does not do it. With a bunch of workarounds one can manage to mount a NTFS partition in read-only mode on Windows XP. However, if you want to boot off this partition, you are out of luck, unless you get fancy with bootable flash roms. Flash memory is optimized for reading, so such systems boot faster that any regular drive. (The read wear will be huge, so those roms will need to be changed regularly).
This leaves us with Linux, where one can use the concept of a read-only FS with more flexibility.
On linux, the /root contains primarily static data that only changes with upgrades and installation of new packages. In this case one can also setup such mount points as /usr, /lib, /boot, /bin, /sbin, /etc as read-only.
Let’s look at the benefits of read-only filesystems:
– Let there be flash
Specific devices like flash memory can be used to optimize computer performance for faster booting. Have you seen the difference in boot times between SSD and regular drives? That’s what I am talking about. Amazing.
– Insert Title Here
If the actual media that’s set as read-only cannot be written to (such as DVD or a CD), only a hardware failure can stop normal operation. In this case even if a system is compromised, no data can be written to the persistent media.
– User data and system data get separated out of necessity
System data just does not change, so if one needs to save user data, writable locations shall be used. This lesson is usually learned right away after a couple of unsuccessful save attempts. Cruel? Yes. Effective? Hell, yes!
– System lint is kept at bay
Your computer turns into an appliance, so any remnant files or settings that typically accumulate over time do not stick.
Next time we’ll talk the drawbacks of using filesystems to restore your computers.