On Mon, 24 Apr 2017 16:24:19 +0100, KatolaZ wrote in message <20170424152419.gu14...@katolaz.homeunix.net>:
> On Mon, Apr 24, 2017 at 05:10:35PM +0200, Arnt Karlsen wrote: > > [cut] > > > > > ..we don't warn them before we drop them online on wired networks > > with heads-0.2. > > The vdev iso does this right though, it stays offline until you > > e.g. run setnet.sh. > > > > ..I agree this is a policy issue, and we should set it so at least > > clueless heads-0.2 etc people stay offline until they change their > > passwords away from the default ones. > > > > So this should be implemented by the distro policy, e.g. in heads, not > in setnet or wicd... ..will that distro policy survive when clueless people install non-distro .debs or tarballs? > [cut] > > > > > ..I have the Knowledge, but still found myself Automagically Online > > with heads-0.2's Default Passwords, Because I Forgot I still had the > > network wire plugged in on boot-up. I'm just a human who err. ;o) > > In my case, this endpoint security breach was no problem. > > But that same blunder could kill any needy heads user. > > > > It would be sufficient to deny ssh login with password, which I > believe is already the default in heads. Or to disable sshd by > default, which is unnecessary if the former holds. ..there are many other ways to attack a box online, and most bad guys go after the weakest point they can find, usually in front of the screen. ;o) > Or maybe I have completely misunderstood what is the "endpoint > security breach" you are referring to. ..the biggest problem for me was getting annoyed by the awesome clunkyness with awesome and zsh, which had me do stupid mistakes by accident. _That_ is an endpoint security problem, just like we believe systemd is an endpoint security problem. ..in both cases we end users get tricked into bad things, the only real difference is, systemd endpoint security is intentional and controlled by _somebody_, while zsh+awesome endpoint security is _accidential_, just because those 2 happen to work ever so great for the heads developers, does not mean those 2 will work as great for me and other whistleblowers. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
