-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Johannes Wiedersich wrote:
Javier Fernández-Sanguino Peña wrote:
Did you actually tried update-notifier on KDE?
Yes, it was installed on my system for some months, but it never
informed me about any update. (I get informed via
On Wed, 05 Sep 2007 10:01:37 +0200
Johannes Wiedersich [EMAIL PROTECTED] wrote:
It was installed before etch went stable, though.
That shouldn't effect anything or at least development tries to avoid
that kind of errors.
---
Henri Salo fgeek at fgeek.fi +358407705733
GPG ID: 2EA46E4F fp:
On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
- From the documentation I gather, that update-manager would probably work
on kde, but that it just checks, if the package information has changed.
This would have to occur either manually or by some cron job, cron-apt
etc.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
- From the documentation I gather, that update-manager would probably work
on kde, but that it just checks, if the package information has
On Thu, 23 Aug 2007, Johannes Wiedersich wrote:
Note, that I don't even have fam installed, I have gamin for some
reasons I don't know or remember.
just to exclude one problem: I have gamin as well, instead of fam, and
update-notifier works fine here (on gnome).
Bye
Giacomo
--
On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
Did you actually tried update-notifier on KDE?
Yes, it was installed on my system for some months, but it never
informed me about any update. (I get informed via
debian-security-announce, though and install updates 'by
I believe Microsoft software comes with NO WARRANTY as well.
Hell, we should read the small print on all software...
It does come with a warranty, at least in Germany/Europe. Everything you
*pay* for has by law two years of warranty. The problem is that almost
no one knows that they have
On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
Simply installing update-manager (on etch) does not necessarily notify
the user of security updates. It might 'automagically' work in some
situations, but as long as it doesn't do so in _any_ situation it will
just make
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
I didn't say what you put here and do not have any intention to start a
flamware. I'm just saying that Debian KDE users with no update-notifier
*might*
not be *as* aware of available security updates as users
On Tue, Aug 21, 2007 at 03:50:44PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
On Tue, Aug 21, 2007 at 09:32:35AM +, [EMAIL PROTECTED] wrote:
is one of those installed by default ?
No, as I said, users have to select one of them and install it themselves.
well, I think you make an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jose Marrero wrote:
I believe Microsoft software comes with NO WARRANTY as well.
Hell, we should read the small print on all software...
It does come with a warranty, at least in Germany/Europe. Everything you
*pay* for has by law two years of
Javier Fernández-Sanguino Peña wrote:
Actually, I've just found that there is actually an update-notifier for KDE,
it's provided by adept (a package management interface similar to synaptic).
Try installing adept-notifier.
Perhaps it's time to revisit droppimg kpackage from kde-desktop and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
PS 2: While we are at it: debian by default also does not install or
enable an automated system to install security updates. It is the
On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
So even automatic _reminders_ to install security updates are only
enabled, if the user either installs gnome (I use kde) or specifically
knows of and installs the appropriate tool. I have not tried
exhaustively, but
On Mon, Aug 20, 2007 at 07:51:30PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
IMHO the distro already solves the problem. See
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup
(more in depth at http://wiki.debian.org/Firewalls)
Each users
On Tue, Aug 21, 2007 at 09:32:35AM +, [EMAIL PROTECTED] wrote:
is one of those installed by default ?
No, as I said, users have to select one of them and install it themselves.
Regards
Javier
signature.asc
Description: Digital signature
On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
Not exactly true. Debian adds security repositories to apt's sources,
that's true. But it does _not_ automatically install them on your
system. It was my point that debian does not by default provide an
automated system to
On Tue, Aug 21, 2007 at 09:06:18AM +, [EMAIL PROTECTED] wrote:
I imagine one of the available options would send you an email ?
or you could stick it the MOTD ...
whatabout headless web-interface controlled systems ?
For those systems there's cron-apt and debsecan. Your choice. Both use
On Fri, Aug 17, 2007 at 03:04:42PM -0700, Jack T Mudge III wrote:
On Thursday 16 August 2007 15:09, R. W. Rodolico wrote:
Unfortunately, I have to point to some of the
user oriented firewalls you get for windoze (which, to my knowledge, Linux
does not have). When they are installed, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
Not exactly true. Debian adds security repositories to apt's sources,
that's true. But it does _not_ automatically install them on your
On Dienstag 21 August 2007, Javier Fernández-Sanguino Peña wrote:
Iptables can already do this, it can communicate with user-space
applications. There's just no desktop-oriented firewall application (that I
know of) that uses this feature to use this feature.
There is one - fireflier by Martin
On Tue, Aug 21, 2007 at 05:13:43PM +0200, Johannes Wiedersich wrote:
Educating users also involves raising awareness that they *have* to keep
their system up-to-date with security patches both to prevent local and
remote exploits. The fact that KDE (or Xfce) does not have an equivalent to
On Fri, Aug 17, 2007 at 09:41:41AM -0400, Celejar wrote:
On Thu, 16 Aug 2007 16:49:36 -0700
Russ Allbery [EMAIL PROTECTED] wrote:
[snip]
Firewalls are good in the situation where, whenever you open up new
network access, you want to have to make that choice independently in
multiple
On Fri, Aug 17, 2007 at 07:15:06PM +0100, Joe wrote:
Pat wrote:
Whose responsibility is it, in the US if you manufacture a defective
product legally it is your responsibility if someone is harmed.
There's a bit of a difference between a defective product and one
incorrectly used. When
On 8/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Software failures *are* in the worst cases life threatening, and
everyday non-safety-critical systems can easily be a very serious
nuisiance to other users.
I propose we stick a label on: This software is not meant to be run in
life
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
thus defeat the purpose). A default firewall simply can't work,
even if we
had some way to implement it perfectly for all packages (without
breaking
any, which we undoubtedly would).
It all depends on context - I agree that a default firewall
On Mon, Aug 20, 2007 at 09:04:18AM +, [EMAIL PROTECTED] wrote:
I'm no security expert, but I would suggest that a benefit of
'Personal' firewalls is the provision of a simple, systematic way of
restricting access to services. Yes, many apps offer some way of doing
this, but
On Fri, Aug 17, 2007 at 12:24:27AM +0200, Izak Burger wrote:
On 8/16/07, Jack T Mudge III [EMAIL PROTECTED] wrote:
My personal view is that there are plenty of simpler distributions out
there,
knoppix for first-time users, Ubuntu/Suse for novices, and RedHat for people
who need
On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
PS 2: While we are at it: debian by default also does not install or
enable an automated system to install security updates. It is the
responsibility of the user to decide whether and when security updates
are installed.
Not
On Monday 20 August 2007 10:47, alex black wrote:
thus defeat the purpose). A default firewall simply can't work,
even if we
had some way to implement it perfectly for all packages (without
breaking
any, which we undoubtedly would).
It all depends on context - I agree that a default
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My intention wasn't to say a default firewall can never work, but
that it
can't work for debian, given the community/ideology and existing
user-base
surrounding it.
Ah, now we disagree: I just think you should have install profiles
and make
On Fri, 17 Aug 2007 19:15:06 +0100
Joe [EMAIL PROTECTED] wrote:
[snip]
A few points I think should be mentioned that have not yet been:
Egress filtering in Windows personal firewalls, and finally built
into Vista, is there in response to spyware. This is not yet a
Linux problem, and is
Am 2007-08-15 23:07:22, schrieb Paweł Krzywicki:
Yes, but not everyone is able to make one...
There is a lot of people who are using Debian only as a workstation
to create for example some OO documents, and they really dont need to
know what iptables is or some other packages involved in
Am 2007-08-15 22:47:12, schrieb Pat:
1) What if someone (and I am sure it happens more often than you may
realize) who is clueless about computers decides to download Debian,
installs it, get hacked, trojaned horsed, their credit cards numbers
stolen, etc.
How can this happen?
I was never
Quoting Michelle Konzack ([EMAIL PROTECTED]):
How can this happen?
I was never hacked since 1999-03...
One way:
Break-in without Remote Exploit on http://linuxmafia.com/kb/Security
(***cough*** shells.sourceforge.net ***cough***)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Thu, Aug 16, 2007 at 03:42:07PM -0700, Russ Allbery wrote:
R. W. Rodolico [EMAIL PROTECTED] writes:
At this point, I disagree. Unfortunately, I have to point to some of the
user oriented firewalls you get for windoze (which, to my knowledge,
Linux does not have). When they are
On Thu, 16 Aug 2007 18:21:59 -0500 (CDT)
R. W. Rodolico [EMAIL PROTECTED] wrote:
[snip]
Firewalls are for a stupidity shield. I had a situation where I was
cracked on one of my servers a few years ago. It was totally my fault; I
had a user I had mistakingly set up as an authorized ssh user
On Thu, 16 Aug 2007 16:49:36 -0700
Russ Allbery [EMAIL PROTECTED] wrote:
[snip]
Firewalls are good in the situation where, whenever you open up new
network access, you want to have to make that choice independently in
multiple locations. I'm dubious that this matches the desires of the
On Thu, 16 Aug 2007 17:11:54 -0700
Rick Moen [EMAIL PROTECTED] wrote:
[snip]
My perspective is influenced by the fact that all attempts to help
debug Linux networking failures have to start with What does
/sbin/iptables L, run as root, say? and What's in /etc/hosts.allow and
/etc/hosts.deny?
Celejar [EMAIL PROTECTED] writes:
Just curious; anyone can forget a user account, but how did the
attacker get root?
There are a *lot* more privilege escalation attacks than there are remote
exploits. Just in the Linux kernel, a new one seems to show up every six
months or so.
--
Russ
Quoting Russ Allbery ([EMAIL PROTECTED]):
Celejar [EMAIL PROTECTED] writes:
Just curious; anyone can forget a user account, but how did the
attacker get root?
There are a *lot* more privilege escalation attacks than there are remote
exploits. Just in the Linux kernel, a new one seems
Pat wrote:
I apologize if I have offended anyone with my responses. My initial
post was one mentioning
what I saw to be a problem in an attempt to help the community at
large but some persons took offense.
I don't think so. This is merely a lively discussion. A bit of
philosophy which can be
Pat wrote:
Whose responsibility is it, in the US if you manufacture a defective
product legally it is your responsibility if someone is harmed.
There's a bit of a difference between a defective product and one
incorrectly used. When a driver knocks down a pedestrian, should
the car
Rick Moen [EMAIL PROTECTED] writes:
And this is _another_ reason why a properly targeted file-based IDS is a
really capital idea -- as is alertness about what is and is not aberrant
system behaviour. I can even make this point in a Debian-relevant way.
All hail to the Debian Project's
Quoting Russ Allbery ([EMAIL PROTECTED]):
Yup. IDS systems are wonderful. But they do require discipline.
Indeed. I'd still like to see a trial project, to see _if_ a default IDS
setup (Samhain, AIDE, or Prelude-IDS) can be made to be generally useful.
(Yeah, I know: Sooner if you help.)
On Thursday 16 August 2007 15:09, R. W. Rodolico wrote:
Unfortunately, I have to point to some of the
user oriented firewalls you get for windoze (which, to my knowledge, Linux
does not have). When they are installed, the shut down basically
everything incoming, and all but a few standard
Of course is a little bit of philosophy. The whole Debian project is
based on a philosophy of freedom vs rampant marketing and corporate only
dominated computing experience. Granted that many take advantage of this
and make money they would not make if using other for profit OS's.
The original
On 8/15/07, Pat [EMAIL PROTECTED] wrote:
1) What if someone (and I am sure it happens more often than you may
realize) who is clueless about computers decides to download Debian,
installs it, get hacked, trojaned horsed, their credit cards numbers
stolen, etc.
It is called responsibility,
On Wed, Aug 15, 2007 at 10:47:12PM -0500, Pat wrote:
1) What if someone (and I am sure it happens more often than you may
realize) who is clueless about computers decides to download Debian,
installs it, get hacked, trojaned horsed, their credit cards numbers
stolen, etc.
On common
On Thu, Aug 16, 2007 at 06:38:32AM -0400, John Keimel wrote:
Let's not dumb down Debian for the rest of the world ...
agreed that defaults are important and should be appropriately set.
what can be done to improve the chances of users ending up with
appropriate settings ?
would it help to
On 8/16/07, Ondrej Zajicek [EMAIL PROTECTED] wrote:
And if there is no firewall (or other
hand-crafted protective measures), then there is no need for
rp_filter. So on common workstation there is no need for
rp_filter too.
I also don't see why you need rp_filter on a workstation. A
On Thu, Aug 16, 2007 at 01:59:03PM +0200, Izak Burger wrote:
On 8/16/07, Ondrej Zajicek [EMAIL PROTECTED] wrote:
And if there is no firewall (or other
hand-crafted protective measures), then there is no need for
rp_filter. So on common workstation there is no need for
rp_filter too.
I
The correct answer for the better of all now/future Debian users is to not
put a gun in the hands of a child.
For those mental midgets that are willing to put their CC info on a box that
they have no clue about then they deserve to have their identity stolen.
Debian does NOT need any improvements
On Thu, Aug 16, 2007 at 02:54:16PM +0200, Izak Burger wrote:
does it not cover the case of packets arriving at eth0 spoofed as
from 127.0.0.1 ?
Right you are, that slipped my mind.
I asked because I don't remember and I really can't be bothered to
check. These things are tricky and life is
[EMAIL PROTECTED] un jour écrivit:
All I'm saying is, would it be possible to have a single simple
option that users could *elect* to take, that wasn't the default,
that wasn't bending anyones life out of shape, marked Novice User
or something :-)
A question during the Debian installation
On Wed, Aug 15, 2007 at 09:34:19PM -0700, Russ Allbery wrote:
A default install should simply not listen to the network, at which point
a firewall is pointless complexity. I believe portmap is already
listening only to localhost and inetd doesn't run if there are no services
enabled.
Even if
Well, considering there are those of us who want to see linux become
an operating system for the average person, and I do believe this is
the ultimate goal of many linux communities.
Whose responsibility is it, in the US if you manufacture a defective
product legally it is your responsibility if
So, if we all adopt your attitiude toward everything, then people
would go for a walk in the park and get sprayed with deadly
insecticide by pest control people, or drive down the road and run off
a bridge that was collassped which no one bothered to barricade.
But who is the ultimate
On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote:
up your computer quite a bit. For example just the additional selection
of KDE gets you a running avahi daemon.
but that's the responsibility of the respective mainainer(s)
Inexperienced users may not even notice that they
On Wed, 15 Aug 2007 14:23:06 -0500
Pat [EMAIL PROTECTED] wrote:
[snip]
3) Do we really need portmap, inetd, or nfs running by default on our
workstations?
http://taosecurity.blogspot.com/2006/01/default-services-in-debian-this.html
See section 12.1.14.1 - 3 here:
Why not add 3 deb packages (deb-user, deb-workstation, deb-server) and
prompt the user during install for which style box they are setting
up. Then the selected package could have (or not have) necessary
dependencies for the system style. For instance, deb-user could
depend on lokkit as well as
On Thursday 16 August 2007 05:09, Robert Van Nostrand wrote:
The correct answer for the better of all now/future Debian users is to not
put a gun in the hands of a child.
For those mental midgets that are willing to put their CC info on a box
that they have no clue about then they deserve to
I apologize if I have offended anyone with my responses. My initial
post was one mentioning
what I saw to be a problem in an attempt to help the community at
large but some persons took offense.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
I've been watching this thread for a while and decided to post my two cents.
For my use, Debian is two things; a kick butt server and the basis for
other distro's that make pretty good workstations. I have tried Debian as
a workstation before and just never gotten a warm fuzzy (though it has
been
R. W. Rodolico [EMAIL PROTECTED] writes:
For workstations, I tend to use Kubuntu. On that, yes, I want a
firewall, and since I recommend it to anyone who asks (and even have my
sales staff using it), a default firewall is a Good Thing.
The part that concerns me about installing a firewall by
On 8/16/07, Jack T Mudge III [EMAIL PROTECTED] wrote:
My personal view is that there are plenty of simpler distributions out there,
knoppix for first-time users, Ubuntu/Suse for novices, and RedHat for people
who need hand-holding. Debian is primarily for advanced users, and for users
who have
On Thu, August 16, 2007 16:56, Russ Allbery wrote:
R. W. Rodolico [EMAIL PROTECTED] writes:
For workstations, I tend to use Kubuntu. On that, yes, I want a
firewall, and since I recommend it to anyone who asks (and even have my
sales staff using it), a default firewall is a Good Thing.
R. W. Rodolico [EMAIL PROTECTED] writes:
At this point, I disagree. Unfortunately, I have to point to some of the
user oriented firewalls you get for windoze (which, to my knowledge,
Linux does not have). When they are installed, the shut down basically
everything incoming, and all but a few
On Thu, August 16, 2007 17:42, Russ Allbery wrote:
R. W. Rodolico [EMAIL PROTECTED] writes:
At this point, I disagree. Unfortunately, I have to point to some of
the user oriented firewalls you get for windoze (which, to my knowledge,
Linux does not have). When they are installed, the shut
R. W. Rodolico [EMAIL PROTECTED] writes:
Firewalls are for a stupidity shield. I had a situation where I was
cracked on one of my servers a few years ago. It was totally my fault; I
had a user I had mistakingly set up as an authorized ssh user who
shouldn't have been. Their account was
Quoting R. W. Rodolico ([EMAIL PROTECTED]):
Firewalls are for a stupidity shield. I had a situation where I was
cracked on one of my servers a few years ago. It was totally my fault; I
had a user I had mistakingly set up as an authorized ssh user who
shouldn't have been. Their account was
Rick Moen [EMAIL PROTECTED] writes:
My perspective is influenced by the fact that all attempts to help debug
Linux networking failures have to start with What does /sbin/iptables
L, run as root, say? and What's in /etc/hosts.allow and
/etc/hosts.deny? -- because people shooting at their pedal
On 070816 at 20:37, Jan Hetges wrote:
On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote:
But if a user installs a debian package that lowers his systems security
there should be a big warning in the installer.
agree, something like debconf:
Are you shure you want
On Wed, 15 Aug 2007 14:23:06 -0500
Pat [EMAIL PROTECTED] wrote:
There are a few security issues I have noticed about debian's
installation.
1) No firewall setup during the install process, as it would be a
simple matter to run lokkit at the end of the install I fail to see
why this is not
Pat wrote:
There are a few security issues I have noticed about debian's
installation.
1) No firewall setup during the install process, as it would be a simple
matter to run lokkit at the end of the install I fail to see why this is
not
done.
2) Rpfilter and tcp syncookies are not enabled
On Wednesday 15 August 2007 21:19, Henri Salo wrote:
On Wed, 15 Aug 2007 14:23:06 -0500
Pat [EMAIL PROTECTED] wrote:
There are a few security issues I have noticed about debian's
installation.
1) No firewall setup during the install process, as it would be a
simple matter to run
1) What if someone (and I am sure it happens more often than you may
realize) who is clueless about computers decides to download Debian,
installs it, get hacked, trojaned horsed, their credit cards numbers
stolen, etc.
It is called responsibility, and we cannot blame it on them for
knowing
Pat [EMAIL PROTECTED] writes:
1) No firewall setup during the install process, as it would be a simple
matter to run lokkit at the end of the install I fail to see why this is
not done.
A default install should simply not listen to the network, at which point
a firewall is pointless
78 matches
Mail list logo
