On Fri, May 02, 2008 at 10:19:11AM +1000, Trent W. Buck wrote:
On Thu, May 01, 2008 at 05:39:07PM +0300, Tzafrir Cohen wrote:
On Thu, May 01, 2008 at 09:48:45AM -0400, John Reese wrote:
Marco Amadori wrote:
ssh wise, Ubuntu's choice is more secure, because it disallows ssh
logins if the
Marco Amadori wrote:
Alle Sunday 27 April 2008, Daniel Baumann ha scritto:
The only other live system I know remotely, uses username 'ubuntu' and
no password.
That made me curious what others think. So, what do *you* guys think?
Should it be left as is? Or do you have other preferences?
On Thu, May 01, 2008 at 09:48:45AM -0400, John Reese wrote:
Marco Amadori wrote:
Alle Sunday 27 April 2008, Daniel Baumann ha scritto:
The only other live system I know remotely, uses username 'ubuntu' and
no password.
That made me curious what others think. So, what do *you* guys
On Mon, Apr 28, 2008 at 09:15:33AM +1000, Trent W. Buck wrote:
On Sun, Apr 27, 2008 at 03:00:34PM +0300, Tzafrir Cohen wrote:
Instead of having a static, predictable, easy-to-crack password, I
would suggest taking these steps:
Here you assume that someone will actually bother to take
On Monday 28 April 2008, Tzafrir Cohen wrote:
I also expect a typical system to be up for a pretty short time, and
hence the impact of a malicious take-over is significantly reduced.
If the system has permanent storage like a harddisk or flash stick, a
take-over could last longer than the
On 27/04/2008, Daniel Baumann wrote:
That made me curious what others think. So, what do *you* guys think?
There are many advantages in none/default/null/boot-options or colours
of bikesheds [1]
Should it be left as is? Or do you have other preferences? How do other
live systems do it?
Hi
On Mon, Apr 28, 2008 at 09:51:02AM +0200, Maarten ter Huurne wrote:
On Monday 28 April 2008, Tzafrir Cohen wrote:
I also expect a typical system to be up for a pretty short time, and
hence the impact of a malicious take-over is significantly reduced.
If the system has permanent
On Mon, Apr 28, 2008 at 11:22:50AM +0300, Tzafrir Cohen wrote:
It's nice to say that default passwords are dangerous. But this is
how it's done with practically any router box and such, where
local access does not really exist.
For the record, OpenWRT ships with a null password by default. I
On Sun, Apr 27, 2008 at 03:00:34PM +0300, Tzafrir Cohen wrote:
[*] As for more than necessary - what does it take to boot to the CD
automatically after a timeout of, say, 60 seconds?
config/binary:
LH_SYSLINUX_TIMEOUT=20
Works well.
--
Tzafrir Cohen
icq#16849755
On 27/04/2008, Daniel Baumann [EMAIL PROTECTED] wrote:
Hi,
some days ago, somone on irc asked about thoughs of having, by default,
no password for the live user.
Currently, we have the username 'user' with password 'live', which I
*personally* consider to be a reasonable choice.
The
On Sun, Apr 27, 2008 at 11:09:06AM +0200, Daniel Baumann wrote:
Hi,
some days ago, somone on irc asked about thoughs of having, by default,
no password for the live user.
Currently, we have the username 'user' with password 'live', which I
*personally* consider to be a reasonable choice.
On Sun, Apr 27, 2008 at 12:38:10PM +0300, Tzafrir Cohen wrote:
On Sun, Apr 27, 2008 at 11:09:06AM +0200, Daniel Baumann wrote:
[should the default live user get a null password?]
Password should not be required for that user in {g|k}dm (e.g: in
case there is a need to logout and re-login).
On Sunday 27 April 2008 19:09:06 Daniel Baumann wrote:
Hi,
some days ago, somone on irc asked about thoughs of having, by default,
no password for the live user.
Currently, we have the username 'user' with password 'live', which I
*personally* consider to be a reasonable choice.
The
sidux creates a user account w a disabled password. This creates extra
work, the user should not be able to lock their session et al.
Yes, session lock is a little problem, easy to solve
replacing /usr/bin/kdesktop_lock with an script that don't locks the session.
On Sun, Apr 27, 2008 at 03:00:34PM +0300, Tzafrir Cohen wrote:
Instead of having a static, predictable, easy-to-crack password, I
would suggest taking these steps:
Here you assume that someone will actually bother to take action with a
live CD. Users expect it to Just Work[tm].
I'm
15 matches
Mail list logo
