Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
Wichert Akkerman <[EMAIL PROTECTED]> writes: > Previously Vineet Kumar wrote: > > > So are "please" and "thank you," but it's generally considered polite. > > Also using Mail-Followup-To is standard and expected behaviour on > debian lists. That's a reasonable requirement only when Debian adds support for Mail-Followup-To in all the MUA's that it supports. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Fri, Nov 23, 2001 at 12:38:29PM -0800, Thomas Bushnell, BSG wrote: > > Also using Mail-Followup-To is standard and expected behaviour on > > debian lists. > > That's a reasonable requirement only when Debian adds support for > Mail-Followup-To in all the MUA's that it supports. Do we *support* MUAs? -- Christian Surchi, [EMAIL PROTECTED], [EMAIL PROTECTED] | ICQ www.debian.org - www.softwarelibero.it - www.firenze.linux.it| 38374818 You will be advanced socially, without any special effort on your part.
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
Wichert Akkerman <[EMAIL PROTECTED]> writes: > Previously Vineet Kumar wrote: > > > So are "please" and "thank you," but it's generally considered polite. > > Also using Mail-Followup-To is standard and expected behaviour on > debian lists. That's a reasonable requirement only when Debian adds support for Mail-Followup-To in all the MUA's that it supports.
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:59:29+0100]:
> > thanks, you just made me laugh!
> you set lamer detector to orange.
alright, so my first step is to scale back and *not* flame. i am sorry
for posting my sarcastic comment.
i shall now try to sum up my points. we have been talking about
creating a system, in which even root can't do everything. in doing
so, we stumbled upon a problem of definition, because "root" can
either define to the line in /etc/{passwd,shadow} -- the user with UID
0, or it can define to the more abstract concept of system
administrator or "root" of a system.
let me put it this way: historically, root is the center of a unix
system, well, the root. root is the only account that comes
"pre-installed", root's password is defined during installation.
again, historically, there is *nothing* that root cannot do.
there exist a collection of kernel patches and other goodies, which
take some of that responsibility away from root. now, it doesn't
matter what the definition is, someone installs these and that someone
can very well change them again. whether that someone is "root"
him/herself, or the "owner" of the system, who wants to make lilfe
easier for the chap that was appointed "root", there is *still*
someone in total control over the system. in such a case, "root"
merely slides down one level in the hierarchy, but the point is, you
cannot lose control over your own computer system.
therefore, any argument against "root is god" is futile and useless.
it *does* boil down to "if you don't trust the person owning the
server, don't use that machine," and i would be *very* interested to
hear actual arguments against that.
now, i realize that i've been saying things that have been said over
and over in this thread, but maybe mathias is right, maybe i am just a
lamer and a dork, and shouldn't be using computers anyway. i will
happily consider to give up this job of mine and go into the monastery
as soon as someone gives me one scenario in which i am using a
computer that i do not own (as was the setup at the beginning of the
thread), which i can use in a secure manner *without* the owner (or
root) of that machine ever possibly able to spy on me.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
as i was going up the stair
i met a man who wasn't there.
he wasn't there again today.
i wish, i wish he'd stay away.
--hughes mearns
pgpwjLg1Xz8SZ.pgp
Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:58:46+0100]: > > excellent. you know what i did: i just remove the root:0:... line from > > /etc/passwd and /etc/shadow. now i can't be root. that must be perfect > > security. yeah! > > before you shout, think twice. this is READ-only on my system. you don't > really understand it, right? i think i do. i wasn't talking about your system, but more about the general gist of the email thread. i'll answer your lamer detector email in just a sec, so look there for more details. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "there is more stupidity than hydrogen in the universe, and it has a longer shelf life." -- frank zappa pgppi3UgpdJpN.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:59:29+0100]:
> > thanks, you just made me laugh!
> you set lamer detector to orange.
alright, so my first step is to scale back and *not* flame. i am sorry
for posting my sarcastic comment.
i shall now try to sum up my points. we have been talking about
creating a system, in which even root can't do everything. in doing
so, we stumbled upon a problem of definition, because "root" can
either define to the line in /etc/{passwd,shadow} -- the user with UID
0, or it can define to the more abstract concept of system
administrator or "root" of a system.
let me put it this way: historically, root is the center of a unix
system, well, the root. root is the only account that comes
"pre-installed", root's password is defined during installation.
again, historically, there is *nothing* that root cannot do.
there exist a collection of kernel patches and other goodies, which
take some of that responsibility away from root. now, it doesn't
matter what the definition is, someone installs these and that someone
can very well change them again. whether that someone is "root"
him/herself, or the "owner" of the system, who wants to make lilfe
easier for the chap that was appointed "root", there is *still*
someone in total control over the system. in such a case, "root"
merely slides down one level in the hierarchy, but the point is, you
cannot lose control over your own computer system.
therefore, any argument against "root is god" is futile and useless.
it *does* boil down to "if you don't trust the person owning the
server, don't use that machine," and i would be *very* interested to
hear actual arguments against that.
now, i realize that i've been saying things that have been said over
and over in this thread, but maybe mathias is right, maybe i am just a
lamer and a dork, and shouldn't be using computers anyway. i will
happily consider to give up this job of mine and go into the monastery
as soon as someone gives me one scenario in which i am using a
computer that i do not own (as was the setup at the beginning of the
thread), which i can use in a secure manner *without* the owner (or
root) of that machine ever possibly able to spy on me.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
as i was going up the stair
i met a man who wasn't there.
he wasn't there again today.
i wish, i wish he'd stay away.
--hughes mearns
msg04357/pgp0.pgp
Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:58:46+0100]: > > excellent. you know what i did: i just remove the root:0:... line from > > /etc/passwd and /etc/shadow. now i can't be root. that must be perfect > > security. yeah! > > before you shout, think twice. this is READ-only on my system. you don't > really understand it, right? i think i do. i wasn't talking about your system, but more about the general gist of the email thread. i'll answer your lamer detector email in just a sec, so look there for more details. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck "there is more stupidity than hydrogen in the universe, and it has a longer shelf life." -- frank zappa msg04356/pgp0.pgp Description: PGP signature
Re: Mutt & tmp files
On Thu, Nov 15, 2001 at 07:41:35PM +, sober wrote: > if it's to unsecure u have 2 ways: > - choose another emailprogramm where u don't know the risk that root can read > the mails > - write them direct on ur smtp server ... > > btw: root of ur mailserver can read ur incoming mails too ! > > // jens I was just thinking that the only way to do it is to write and compose the email and encrypt it on another machine and then simply send it straight to the SMTP server on the machine you want to use - a telnet session to port 25 is easy to achieve this by - SMTP is an easy protocol to learn. just my 2p -- Matthew Sackman Nottingham, ENGLAND
Re: Mutt & tmp files
On Thu, Nov 15, 2001 at 07:41:35PM +, sober wrote: > if it's to unsecure u have 2 ways: > - choose another emailprogramm where u don't know the risk that root can read the >mails > - write them direct on ur smtp server ... > > btw: root of ur mailserver can read ur incoming mails too ! > > // jens I was just thinking that the only way to do it is to write and compose the email and encrypt it on another machine and then simply send it straight to the SMTP server on the machine you want to use - a telnet session to port 25 is easy to achieve this by - SMTP is an easy protocol to learn. just my 2p -- Matthew Sackman Nottingham, ENGLAND -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, 20 Nov 2001 22:25:36 -0600 Nathan E Norman wrote: > On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: >> Mail-Followup-To is a non-standard, un-RFC documented, generally >> unsupported header. > The guy is using mutt. mutt supports M-F-T. You figure it out. Which ignores the fact that several commonly used MTAs strip such headers. > M-F-T is generally used on debian mailing lists. Used (in terms of being placed in messages) and used in terms of honoured by recipients are two very different things. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, Nov 20, 2001 at 08:25:36PM -0800, Nathan E Norman wrote: > On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: > > On Mon, 19 Nov 2001 21:57:05 -0600 > > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > > >> But his is hugely off topic, and I'll go no futher down this > > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > > unsupported header. > The guy is using mutt. mutt supports M-F-T. You figure it out. > M-F-T is generally used on debian mailing lists. Sometimes I see it (now that I'm looking for it) sometimes I don't. This post didn't have it. Others do. Some posts come through (for another debian list) matching ^X-Mailing-List:[EMAIL PROTECTED], others don't. I don't know if exchange is randomly changing the headers (it wouldn't surprise me) or if sometimes the original poster puts them in and sometimes not. -- Share and Enjoy.
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, 20 Nov 2001 22:25:36 -0600 Nathan E Norman wrote: > On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: >> Mail-Followup-To is a non-standard, un-RFC documented, generally >> unsupported header. > The guy is using mutt. mutt supports M-F-T. You figure it out. Which ignores the fact that several commonly used MTAs strip such headers. > M-F-T is generally used on debian mailing lists. Used (in terms of being placed in messages) and used in terms of honoured by recipients are two very different things. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: > On Mon, 19 Nov 2001 21:57:05 -0600 > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > >> But his is hugely off topic, and I'll go no futher down this > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > unsupported header. The guy is using mutt. mutt supports M-F-T. You figure it out. M-F-T is generally used on debian mailing lists. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpeKW70FKv00.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, Nov 20, 2001 at 08:25:36PM -0800, Nathan E Norman wrote: > On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: > > On Mon, 19 Nov 2001 21:57:05 -0600 > > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > > >> But his is hugely off topic, and I'll go no futher down this > > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > > unsupported header. > The guy is using mutt. mutt supports M-F-T. You figure it out. > M-F-T is generally used on debian mailing lists. Sometimes I see it (now that I'm looking for it) sometimes I don't. This post didn't have it. Others do. Some posts come through (for another debian list) matching ^X-Mailing-List:.*debian-user@.*, others don't. I don't know if exchange is randomly changing the headers (it wouldn't surprise me) or if sometimes the original poster puts them in and sometimes not. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: > On Mon, 19 Nov 2001 21:57:05 -0600 > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > >> But his is hugely off topic, and I'll go no futher down this > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > unsupported header. The guy is using mutt. mutt supports M-F-T. You figure it out. M-F-T is generally used on debian mailing lists. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton msg04309/pgp0.pgp Description: PGP signature
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Tue, Nov 20, 2001 at 03:40:42PM -0800, Petro wrote: > If you use a header that is not universally supported, or even > supported by a fairly popular mail client (Mutt in this case) or > frequently used (if not popular) MTA (Exchange in this case), then > you can't really complain if it gets ignored. > > As I said earlier, Mutt never saw it. > Quoting from the Mutt manual: Mutt has a few nice features for handling mailing lists. In order to take advantage of them, you must specify which addresses belong to mailing lists, and which mailing lists you are subscribed to. Once you have done this, the list-reply function will work for all known lists. Additionally, when you send a message to a subscribed list, mutt will add a Mail-Followup-To header to tell other users' mail user agents not to send copies of replies to your personal address. Note that the Mail-Followup-To header is a non-standard extension which is not supported by all mail user agents. Adding it is not bullet-proof against receiving personal CCs of list messages. Also note that the generation of the Mail-Followup-To header is controlled by the followup_to configuration variable. -- Ricardo pgpMBIln27enk.pgp Description: PGP signature
Re: Mutt & tmp files -- Root is not my Enemy
Howland, Curtis [EMAIL PROTECTED] wrote: > > There is also this How-To: > > http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO. > html > thats a very good one. If you actually get the stuff at cryptoapi.sourceforce.net you can do other filesystems other than ext2 (easily). A journalled crypto filesystem on a laptop is a better idea than a bog standard ext2 one. For various reasons, otherwise for a desktop/server environment ext2 crypto is great. > I've been thinking that a 100 or 500MB encrypted loop device per user, > mounted as a subdirectory under the individual users home, would be > effective. It doesn't encrypt the entirety of the disk, nor all of the > home directory, but could be (for instance) the KDE or GNOME "Desktop" > folder, and anything there would be hid from prying eyes. > a little excessive in size but thats the kind of system I use. You need to explain to the users the limits of the encryption and how to effectively use it. Also point out the things that *don't* need encrypting. This will prevent overloading the machine and also 90% of security is down to the individual, the other 10% is *assisted* by technology. They need to know that this is not a magic block box, you do actually need to know how it works and how to use it for it to become effective. > The same caviats, "when you're logged in it's wide open" and "it's only > as good as your passphrase" apply. > > Thoughts? > smartcard, pcmcia memory card for the filesystem. Smartcards however currently don't hold very much, something like a couple of kilobytes (of mass el cheapo production). pcmcia memory stuff is expensive. However I think 8 (or less)-16Mb cards can be picked up cheaply second hand. This would make a very nice alternative as ISA PCMCIA adapters for desktops are very cheap and fully supported. This would also permit you to use your *private* data on a number of machines and even take stuff home. Another portable storage thing is of course zip/clik disks, floppies, etc. what you have to think about is how much to trust the machine, if you don't then only a detachable device would work then plugs into the local terminal. Alex -- _ ( BOFH excuse #306: ) ( ) ( CPU-angle has to be adjusted because of ) ( vibrations coming from the nearby road ) - o ^__^ o (oo)\___ (__)\ )\/\ ||w | || || pgpPw4a7NBOtP.pgp Description: PGP signature
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Tue, Nov 20, 2001 at 03:40:42PM -0800, Petro wrote: > If you use a header that is not universally supported, or even > supported by a fairly popular mail client (Mutt in this case) or > frequently used (if not popular) MTA (Exchange in this case), then > you can't really complain if it gets ignored. > > As I said earlier, Mutt never saw it. > Quoting from the Mutt manual: Mutt has a few nice features for handling mailing lists. In order to take advantage of them, you must specify which addresses belong to mailing lists, and which mailing lists you are subscribed to. Once you have done this, the list-reply function will work for all known lists. Additionally, when you send a message to a subscribed list, mutt will add a Mail-Followup-To header to tell other users' mail user agents not to send copies of replies to your personal address. Note that the Mail-Followup-To header is a non-standard extension which is not supported by all mail user agents. Adding it is not bullet-proof against receiving personal CCs of list messages. Also note that the generation of the Mail-Followup-To header is controlled by the followup_to configuration variable. -- Ricardo msg04307/pgp0.pgp Description: PGP signature
Re: Mutt & tmp files -- Root is not my Enemy
Howland, Curtis [[EMAIL PROTECTED]] wrote: > > There is also this How-To: > > http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO. > html > thats a very good one. If you actually get the stuff at cryptoapi.sourceforce.net you can do other filesystems other than ext2 (easily). A journalled crypto filesystem on a laptop is a better idea than a bog standard ext2 one. For various reasons, otherwise for a desktop/server environment ext2 crypto is great. > I've been thinking that a 100 or 500MB encrypted loop device per user, > mounted as a subdirectory under the individual users home, would be > effective. It doesn't encrypt the entirety of the disk, nor all of the > home directory, but could be (for instance) the KDE or GNOME "Desktop" > folder, and anything there would be hid from prying eyes. > a little excessive in size but thats the kind of system I use. You need to explain to the users the limits of the encryption and how to effectively use it. Also point out the things that *don't* need encrypting. This will prevent overloading the machine and also 90% of security is down to the individual, the other 10% is *assisted* by technology. They need to know that this is not a magic block box, you do actually need to know how it works and how to use it for it to become effective. > The same caviats, "when you're logged in it's wide open" and "it's only > as good as your passphrase" apply. > > Thoughts? > smartcard, pcmcia memory card for the filesystem. Smartcards however currently don't hold very much, something like a couple of kilobytes (of mass el cheapo production). pcmcia memory stuff is expensive. However I think 8 (or less)-16Mb cards can be picked up cheaply second hand. This would make a very nice alternative as ISA PCMCIA adapters for desktops are very cheap and fully supported. This would also permit you to use your *private* data on a number of machines and even take stuff home. Another portable storage thing is of course zip/clik disks, floppies, etc. what you have to think about is how much to trust the machine, if you don't then only a detachable device would work then plugs into the local terminal. Alex -- _ ( BOFH excuse #306: ) ( ) ( CPU-angle has to be adjusted because of ) ( vibrations coming from the nearby road ) - o ^__^ o (oo)\___ (__)\ )\/\ ||w | || || msg04306/pgp0.pgp Description: PGP signature
RE: Mutt & tmp files -- Root is not my Enemy
There is also this How-To: http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO. html I've been thinking that a 100 or 500MB encrypted loop device per user, mounted as a subdirectory under the individual users home, would be effective. It doesn't encrypt the entirety of the disk, nor all of the home directory, but could be (for instance) the KDE or GNOME "Desktop" folder, and anything there would be hid from prying eyes. The same caviats, "when you're logged in it's wide open" and "it's only as good as your passphrase" apply. Thoughts? Curt- -Original Message- From: Petro [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 21, 2001 04:51 To: Florian Bantner Cc: debian-security@lists.debian.org Subject: Re: Mutt & tmp files -- Root is not my Enemy On Tue, Nov 20, 2001 at 02:47:56PM +0100, Florian Bantner wrote: > On Die, 20 Nov 2001, Rolf Kutz wrote: > > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > > even more than about a hack from outside via the internet etc. is > > > real physical access to the box. Something hackers normaly don't pay > > > enough attention is that just somebody steps - let's say 6 o'clock > > > in the morning - into your room, shows you his police card - or what ever > > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > > RAM (maybe set up a diskless system booting from > > cd. See the bootcd-package). They might still be > > bugging your hardware. > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. > * Use some kind of ram-disk device. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? Several years ago Matt Blaze published a bit of code that mounted encrypted files via the loop interface as home directories. It was fairly resource intensive, and hence not really scaleable. It is good for protecting against casual browsing, but while you're logged in to the machine (and hence have your home dir mounted) then it's just like a normal home directory. Found it http://www.ibiblio.org/pub/Linux/docs/faqs/security/Cryptographic-File-S ystem Seems I mis-remember bits of it. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Tue, Nov 20, 2001 at 01:00:58PM -0800, Vineet Kumar wrote: > * J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: > > On Mon, 19 Nov 2001 21:57:05 -0600 > > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > > >> But his is hugely off topic, and I'll go no futher down this > > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > > unsupported header. > So are "please" and "thank you," but it's generally considered polite. To carry your analogy forward into the absurd, to be useful "please" and "thank you" have to be heard and recognized as such. If you use a header that is not universally supported, or even supported by a fairly popular mail client (Mutt in this case) or frequently used (if not popular) MTA (Exchange in this case), then you can't really complain if it gets ignored. As I said earlier, Mutt never saw it. -- Share and Enjoy.
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Tue, 20 Nov 2001 13:00:58 -0800 Vineet Kumar <[EMAIL PROTECTED]> wrote: > * J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: >> Mail-Followup-To is a non-standard, un-RFC documented, generally >> unsupported header. > So are "please" and "thank you," but it's generally considered > polite. Which is a little difficult when MTAs strip the header (Exchange and Notes are notorious for this), or you're working with an MUA which neither honours or supports it (to any extent). At that point its an invisible header with as much effect on your mail processing as a X-This-Is-Useless: header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, 20 Nov 2001, J C Lawrence wrote: >On Mon, 19 Nov 2001 21:57:05 -0600 >Nathan E Norman wrote: > >> On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: >>> But his is hugely off topic, and I'll go no futher down this >>> road. > >> Could you at least honor my Mail-Followup-To: header? > >Mail-Followup-To is a non-standard, un-RFC documented, generally >unsupported header. This has been done to death on -devel. RFC 2076. However, the last part about generally unsupported is right. > -- I can be immature if I want to, because I'm mature enough to make my own decisions. Who is John Galt? [EMAIL PROTECTED]
RE: Mutt & tmp files -- Root is not my Enemy
There is also this How-To: http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO. html I've been thinking that a 100 or 500MB encrypted loop device per user, mounted as a subdirectory under the individual users home, would be effective. It doesn't encrypt the entirety of the disk, nor all of the home directory, but could be (for instance) the KDE or GNOME "Desktop" folder, and anything there would be hid from prying eyes. The same caviats, "when you're logged in it's wide open" and "it's only as good as your passphrase" apply. Thoughts? Curt- -Original Message- From: Petro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 04:51 To: Florian Bantner Cc: [EMAIL PROTECTED] Subject: Re: Mutt & tmp files -- Root is not my Enemy On Tue, Nov 20, 2001 at 02:47:56PM +0100, Florian Bantner wrote: > On Die, 20 Nov 2001, Rolf Kutz wrote: > > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > > even more than about a hack from outside via the internet etc. is > > > real physical access to the box. Something hackers normaly don't pay > > > enough attention is that just somebody steps - let's say 6 o'clock > > > in the morning - into your room, shows you his police card - or what ever > > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > > RAM (maybe set up a diskless system booting from > > cd. See the bootcd-package). They might still be > > bugging your hardware. > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. > * Use some kind of ram-disk device. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? Several years ago Matt Blaze published a bit of code that mounted encrypted files via the loop interface as home directories. It was fairly resource intensive, and hence not really scaleable. It is good for protecting against casual browsing, but while you're logged in to the machine (and hence have your home dir mounted) then it's just like a normal home directory. Found it http://www.ibiblio.org/pub/Linux/docs/faqs/security/Cryptographic-File-S ystem Seems I mis-remember bits of it. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Tue, Nov 20, 2001 at 01:00:58PM -0800, Vineet Kumar wrote: > * J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: > > On Mon, 19 Nov 2001 21:57:05 -0600 > > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > > >> But his is hugely off topic, and I'll go no futher down this > > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > > unsupported header. > So are "please" and "thank you," but it's generally considered polite. To carry your analogy forward into the absurd, to be useful "please" and "thank you" have to be heard and recognized as such. If you use a header that is not universally supported, or even supported by a fairly popular mail client (Mutt in this case) or frequently used (if not popular) MTA (Exchange in this case), then you can't really complain if it gets ignored. As I said earlier, Mutt never saw it. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
Previously Vineet Kumar wrote: > So are "please" and "thank you," but it's generally considered polite. Also using Mail-Followup-To is standard and expected behaviour on debian lists. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
* J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: > On Mon, 19 Nov 2001 21:57:05 -0600 > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > >> But his is hugely off topic, and I'll go no futher down this > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > unsupported header. So are "please" and "thank you," but it's generally considered polite. good times, Vineet -- Satan laughs when # "I disapprove of what you say, but I will we kill each other.# defend to the death your right to say it." Peace is the only way. # --Beatrice Hall, The Friends of Voltaire, 1906 pgp7JnVdqEw2r.pgp Description: PGP signature
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
On Tue, 20 Nov 2001 13:00:58 -0800 Vineet Kumar <[EMAIL PROTECTED]> wrote: > * J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: >> Mail-Followup-To is a non-standard, un-RFC documented, generally >> unsupported header. > So are "please" and "thank you," but it's generally considered > polite. Which is a little difficult when MTAs strip the header (Exchange and Notes are notorious for this), or you're working with an MUA which neither honours or supports it (to any extent). At that point its an invisible header with as much effect on your mail processing as a X-This-Is-Useless: header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Tue, 20 Nov 2001, J C Lawrence wrote: >On Mon, 19 Nov 2001 21:57:05 -0600 >Nathan E Norman wrote: > >> On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: >>> But his is hugely off topic, and I'll go no futher down this >>> road. > >> Could you at least honor my Mail-Followup-To: header? > >Mail-Followup-To is a non-standard, un-RFC documented, generally >unsupported header. This has been done to death on -devel. RFC 2076. However, the last part about generally unsupported is right. > -- I can be immature if I want to, because I'm mature enough to make my own decisions. Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, 19 Nov 2001 21:57:05 -0600 Nathan E Norman wrote: > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: >> But his is hugely off topic, and I'll go no futher down this >> road. > Could you at least honor my Mail-Followup-To: header? Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 03:34:54PM +0100, Rolf Kutz wrote: > Alexander Clouter ([EMAIL PROTECTED]) wrote: > > > I am the root guy of my own laptop and I can trust myself :) However a lot > > of countries (uk/us and probably others, lots in the eu I would imagine) > > have > > encryption laws, not preventing it but permiting them to throw you in jail > > unless you hand over your encryption codes. If you don't you get a nice big > What, if I someone gets an email encrypted with a > bogus key claiming to, but not belonging to the > recipient? What if I lost the key? Silly law. Many these days are. Not to get all Religious (cause I'm not), but that Moses guy pretty much summed everything up in those 10 laws (well 9 of 'em are ok, there's one that a little off), and ever since politicians have been trying to prove their worth by making things worse. -- Share and Enjoy.
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 02:47:56PM +0100, Florian Bantner wrote: > On Die, 20 Nov 2001, Rolf Kutz wrote: > > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > > even more than about a hack from outside via the internet etc. is > > > real physical access to the box. Something hackers normaly don't pay > > > enough attention is that just somebody steps - let's say 6 o'clock > > > in the morning - into your room, shows you his police card - or what ever > > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > > RAM (maybe set up a diskless system booting from > > cd. See the bootcd-package). They might still be > > bugging your hardware. > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. > * Use some kind of ram-disk device. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? Several years ago Matt Blaze published a bit of code that mounted encrypted files via the loop interface as home directories. It was fairly resource intensive, and hence not really scaleable. It is good for protecting against casual browsing, but while you're logged in to the machine (and hence have your home dir mounted) then it's just like a normal home directory. Found it http://www.ibiblio.org/pub/Linux/docs/faqs/security/Cryptographic-File-System Seems I mis-remember bits of it. -- Share and Enjoy.
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 12:13:05PM +0100, Rolf Kutz wrote: > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > even more than about a hack from outside via the internet etc. is > > real physical access to the box. Something hackers normaly don't pay > > enough attention is that just somebody steps - let's say 6 o'clock > > in the morning - into your room, shows you his police card - or what ever > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > RAM (maybe set up a diskless system booting from > cd. See the bootcd-package). They might still be > bugging your hardware. If this kind of attack is in your threat model, you need to seriously re-evaluate what you are doing. Not saying that you should stop doing it, but there really isn't much you can do to stop it. Quite frankly local encryption isn't going to help much against government agencies--even local police. The quickest way to "break" encryption is to use a rubber hose, and while they may apologize afterwards--if local law requires it, they still have access to your files and you are in pain. This starts to get into "magnesium strips taped to the HD" and other such destructive foolishness--that, depending on what you're trying to hid and from whom may be necessary, but is still *really* ugly. > > You have to experience that for yourself to believe how easy this > > could happen. Just be in the wrong place to the wrong time. > > It happend to me once, just because I lived that time in a > > flat-sharing community. I didn't see my computers for about a year > > and then all harddisk had been removed and where broken. > Did they replace the damage? -- Share and Enjoy.
Re: WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
Previously Vineet Kumar wrote: > So are "please" and "thank you," but it's generally considered polite. Also using Mail-Followup-To is standard and expected behaviour on debian lists. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
WAY OT (Re: In Praise of Dos (RE: Mutt & tmp files))
* J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: > On Mon, 19 Nov 2001 21:57:05 -0600 > Nathan E Norman wrote: > > > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > >> But his is hugely off topic, and I'll go no futher down this > >> road. > > > Could you at least honor my Mail-Followup-To: header? > > Mail-Followup-To is a non-standard, un-RFC documented, generally > unsupported header. So are "please" and "thank you," but it's generally considered polite. good times, Vineet -- Satan laughs when # "I disapprove of what you say, but I will we kill each other.# defend to the death your right to say it." Peace is the only way. # --Beatrice Hall, The Friends of Voltaire, 1906 msg04294/pgp0.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, 19 Nov 2001 21:57:05 -0600 Nathan E Norman wrote: > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: >> But his is hugely off topic, and I'll go no futher down this >> road. > Could you at least honor my Mail-Followup-To: header? Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 03:34:54PM +0100, Rolf Kutz wrote: > Alexander Clouter ([EMAIL PROTECTED]) wrote: > > > I am the root guy of my own laptop and I can trust myself :) However a lot > > of countries (uk/us and probably others, lots in the eu I would imagine) have > > encryption laws, not preventing it but permiting them to throw you in jail > > unless you hand over your encryption codes. If you don't you get a nice big > What, if I someone gets an email encrypted with a > bogus key claiming to, but not belonging to the > recipient? What if I lost the key? Silly law. Many these days are. Not to get all Religious (cause I'm not), but that Moses guy pretty much summed everything up in those 10 laws (well 9 of 'em are ok, there's one that a little off), and ever since politicians have been trying to prove their worth by making things worse. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 02:47:56PM +0100, Florian Bantner wrote: > On Die, 20 Nov 2001, Rolf Kutz wrote: > > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > > even more than about a hack from outside via the internet etc. is > > > real physical access to the box. Something hackers normaly don't pay > > > enough attention is that just somebody steps - let's say 6 o'clock > > > in the morning - into your room, shows you his police card - or what ever > > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > > RAM (maybe set up a diskless system booting from > > cd. See the bootcd-package). They might still be > > bugging your hardware. > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. > * Use some kind of ram-disk device. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? Several years ago Matt Blaze published a bit of code that mounted encrypted files via the loop interface as home directories. It was fairly resource intensive, and hence not really scaleable. It is good for protecting against casual browsing, but while you're logged in to the machine (and hence have your home dir mounted) then it's just like a normal home directory. Found it http://www.ibiblio.org/pub/Linux/docs/faqs/security/Cryptographic-File-System Seems I mis-remember bits of it. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 12:13:05PM +0100, Rolf Kutz wrote: > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > even more than about a hack from outside via the internet etc. is > > real physical access to the box. Something hackers normaly don't pay > > enough attention is that just somebody steps - let's say 6 o'clock > > in the morning - into your room, shows you his police card - or what ever > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > RAM (maybe set up a diskless system booting from > cd. See the bootcd-package). They might still be > bugging your hardware. If this kind of attack is in your threat model, you need to seriously re-evaluate what you are doing. Not saying that you should stop doing it, but there really isn't much you can do to stop it. Quite frankly local encryption isn't going to help much against government agencies--even local police. The quickest way to "break" encryption is to use a rubber hose, and while they may apologize afterwards--if local law requires it, they still have access to your files and you are in pain. This starts to get into "magnesium strips taped to the HD" and other such destructive foolishness--that, depending on what you're trying to hid and from whom may be necessary, but is still *really* ugly. > > You have to experience that for yourself to believe how easy this > > could happen. Just be in the wrong place to the wrong time. > > It happend to me once, just because I lived that time in a > > flat-sharing community. I didn't see my computers for about a year > > and then all harddisk had been removed and where broken. > Did they replace the damage? -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 03:34:54PM +0100, Rolf Kutz wrote: > What, if I someone gets an email encrypted with a > bogus key claiming to, but not belonging to the > recipient? What if I lost the key? Silly law. > Actually, an UK group did send a Government oficial an encrypted incriminating message and then destroyed the keys. Very silly law... -- Ricardo
Re: Mutt & tmp files -- Root is not my Enemy
Rolf Kutz [EMAIL PROTECTED] wrote: > > Alexander Clouter ([EMAIL PROTECTED]) wrote: > > > I am the root guy of my own laptop and I can trust myself :) However a lot > > of countries (uk/us and probably others, lots in the eu I would imagine) > > have > > encryption laws, not preventing it but permiting them to throw you in jail > > unless you hand over your encryption codes. If you don't you get a nice big > > What, if I someone gets an email encrypted with a > bogus key claiming to, but not belonging to the > recipient? What if I lost the key? Silly law. > I know, a whole lot was done in giving the police powers. Another thing is the e-mail monitoring is a regular day-to-day thing now. However although the police now have all these powers the government stupidly is not training them to take advantage of them. For example a girl ran away from home and the parents were worried and did a tv appeal, etc etc. The girl saw this an sent them an e-mail from a cyber cafe to tell them she was okay. Now to find out where she was the police knew she was in the same town due to the body of the text saying so. However to track her down they did a mass ticket drop to all the cyber cafe's and it was some time before the owner of one reconised her photo. The simple solution was to look at the headers, rip the ip and run that through arpa. This would of told them in less than thirty seconds *which* computer she actually used. Sure this didn't involve any special laws but it shows that they don't know what to do with technology. > > fine and 6 months->2 years in jail (in the uk at least). Stegraphy is > > probably a better option to avoid this 'problem' > > If they find stenographic software on the box, they > will ask you for the mantra, too. > probably true unless you can hide it in piccies and things, like the us have done a few times and apparently bin laden too. The funny thing is these laws are ment to prevent encryption being a 'problem' however they don't realise that why would terrorist bob care about being thrown into jail for two years over an encryption key. So far though this hasn't been put through court yet with the freedom of speech as a defence, etc. just my $0.02 :) Alex -- ( BOFH excuse #207: ) () ( We are currently trying a new concept ) ( of using a live mouse. Unfortuantely, ) ( one has yet to survive being hooked up ) ( to the computer.please bear with ) ( us.) o ^__^ o (oo)\___ (__)\ )\/\ ||w | || || pgps4CPiMZIYY.pgp Description: PGP signature
Re: Mutt & tmp files -- Root is not my Enemy
Alexander Clouter ([EMAIL PROTECTED]) wrote: > I am the root guy of my own laptop and I can trust myself :) However a lot > of countries (uk/us and probably others, lots in the eu I would imagine) have > encryption laws, not preventing it but permiting them to throw you in jail > unless you hand over your encryption codes. If you don't you get a nice big What, if I someone gets an email encrypted with a bogus key claiming to, but not belonging to the recipient? What if I lost the key? Silly law. > fine and 6 months->2 years in jail (in the uk at least). Stegraphy is > probably a better option to avoid this 'problem' If they find stenographic software on the box, they will ask you for the mantra, too. - Rolf
Re: Mutt & tmp files -- Root is not my Enemy
Florian Bantner ([EMAIL PROTECTED]) wrote: > On Die, 20 Nov 2001, Rolf Kutz wrote: > > > Use TMPFS. Encrypt your disk or do everything in > > RAM (maybe set up a diskless system booting from > > cd. See the bootcd-package). They might still be > > bugging your hardware. > > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. a tmp dir? > * Use some kind of ram-disk device. tmpfs puts /tmp in virtual memory aka ramdisk. See Virtual memory file system support in the Kernel. Beware that it might be paged out to swap. A swapless system might be a good idea anyway. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? There are several howtos about cryptofs. > > Did they replace the damage? > > No. To be honest: After one year I had a new box and everything > running. In my old one I found the harddisks disconnected and having > read-errors (that time 2 1GB drives). To do something whould include > contacting a Laywer and doing much stressful stuff, I didn't want to > bother with. You should have done that much earlier anyway. It should be sufficing for them to make a copy of your harddrive (or keep just the hdd if they feel to make a surface-analysis of it) and give it back to you. If they broke it, they should replace it especially if their suspicion turned out to be wrong. If you let them get away, they will do it again and again. If they'll find a crypto-fs on your hdd or encrypted mail, they might never give it back to you unless you provide the keys. IIRC they might even jail you in the UK[1] and US. Grüße, Rolf
Re: Mutt & tmp files -- Root is not my Enemy
Florian Bantner [EMAIL PROTECTED] wrote:
>
> I don't know tmpfs. What I'm currently thinging about is:
> * Create for every user a directory under his home.
> * Use some kind of ram-disk device.
> * Perhaps (just to be sure) encrypt it. Perhaps that's where I need
> some kind of encrypting filesystem (do I?). I'm not experienced in
> fs encryption. How do I mount such devices. Which encryption is
> used? When to enter passphrase?
>
thisis all well and good however the encrypted/whatever filesystem is
*mounted*. This means that the file is just stored in a *filing system* and
not some magical place where only the user can go. Remember if the user can
read the file that means root also can. Regardless of what filesystem you
are using. When its an encrypted filing system thats been mounted there is
no longer a need to know the key code unless its umounted and needs to then
be mounted.
sorry to 'piss on yer fire' but it ain't going to happen :) An alternative
is to try and find a nano/mutt hybrid that doesn't use temp files. You may
be able to pipe via stdin/outs as a quick patch. Remember if the data is on
a filing system and currently readable by the system administrator then the
data is insecure.
However with all these concerns about the root guy/gal, are they
untrustworthy or just a plain BOFH? If this is the caseit is likely to be
worth considering finding a friend with 24/7 access and putting an old 486
box online for you to ssh into.
having just read more of the thread, I notice root is not the problem. Then
to have an encrypted filing system will solve your immedient problem. I
currently have all my mutt/gpg/passwords/personnel stuff on a 10Mb
cryptographic filing system. This solves my problem of the tmp files however
I am the root guy of my own laptop and I can trust myself :) However a lot
of countries (uk/us and probably others, lots in the eu I would imagine) have
encryption laws, not preventing it but permiting them to throw you in jail
unless you hand over your encryption codes. If you don't you get a nice big
fine and 6 months->2 years in jail (in the uk at least). Stegraphy is
probably a better option to avoid this 'problem'
if you want any details on the kerneli crypto patches then do ask. I have
learned lots through the hard way of doing things, and now the data
corruption is no longer a problem ;)
Alex
--
_
( BOFH excuse #145: )
( )
( Flat tire on station wagon with tapes. )
( ("Never underestimate the bandwidth of )
( a station wagon full of tapes hurling )
( down the highway" Andrew S. Tanenbaum) )
-
o ^__^
o (oo)\___
(__)\ )\/\
||w |
|| ||
pgpEnWwyyOsbv.pgp
Description: PGP signature
Re: Mutt & tmp files -- Root is not my Enemy
On Die, 20 Nov 2001, Rolf Kutz wrote: > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > even more than about a hack from outside via the internet etc. is > > real physical access to the box. Something hackers normaly don't pay > > enough attention is that just somebody steps - let's say 6 o'clock > > in the morning - into your room, shows you his police card - or what ever > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > RAM (maybe set up a diskless system booting from > cd. See the bootcd-package). They might still be > bugging your hardware. I don't know tmpfs. What I'm currently thinging about is: * Create for every user a directory under his home. * Use some kind of ram-disk device. * Perhaps (just to be sure) encrypt it. Perhaps that's where I need some kind of encrypting filesystem (do I?). I'm not experienced in fs encryption. How do I mount such devices. Which encryption is used? When to enter passphrase? > > > You have to experience that for yourself to believe how easy this > > could happen. Just be in the wrong place to the wrong time. > > It happend to me once, just because I lived that time in a > > flat-sharing community. I didn't see my computers for about a year > > and then all harddisk had been removed and where broken. > > Did they replace the damage? > > - Rolf No. To be honest: After one year I had a new box and everything running. In my old one I found the harddisks disconnected and having read-errors (that time 2 1GB drives). To do something whould include contacting a Laywer and doing much stressful stuff, I didn't want to bother with. -- Florian Bantner AXON-E Interaktive Medien Tel. +49 - 941 - 599 854 4 Fax. +49 - 941 - 599 854 1 Mail [EMAIL PROTECTED] Key http://www.axon-e.de/gpg/f.bantner.key
Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 03:34:54PM +0100, Rolf Kutz wrote: > What, if I someone gets an email encrypted with a > bogus key claiming to, but not belonging to the > recipient? What if I lost the key? Silly law. > Actually, an UK group did send a Government oficial an encrypted incriminating message and then destroyed the keys. Very silly law... -- Ricardo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
Rolf Kutz [[EMAIL PROTECTED]] wrote: > > Alexander Clouter ([EMAIL PROTECTED]) wrote: > > > I am the root guy of my own laptop and I can trust myself :) However a lot > > of countries (uk/us and probably others, lots in the eu I would imagine) have > > encryption laws, not preventing it but permiting them to throw you in jail > > unless you hand over your encryption codes. If you don't you get a nice big > > What, if I someone gets an email encrypted with a > bogus key claiming to, but not belonging to the > recipient? What if I lost the key? Silly law. > I know, a whole lot was done in giving the police powers. Another thing is the e-mail monitoring is a regular day-to-day thing now. However although the police now have all these powers the government stupidly is not training them to take advantage of them. For example a girl ran away from home and the parents were worried and did a tv appeal, etc etc. The girl saw this an sent them an e-mail from a cyber cafe to tell them she was okay. Now to find out where she was the police knew she was in the same town due to the body of the text saying so. However to track her down they did a mass ticket drop to all the cyber cafe's and it was some time before the owner of one reconised her photo. The simple solution was to look at the headers, rip the ip and run that through arpa. This would of told them in less than thirty seconds *which* computer she actually used. Sure this didn't involve any special laws but it shows that they don't know what to do with technology. > > fine and 6 months->2 years in jail (in the uk at least). Stegraphy is > > probably a better option to avoid this 'problem' > > If they find stenographic software on the box, they > will ask you for the mantra, too. > probably true unless you can hide it in piccies and things, like the us have done a few times and apparently bin laden too. The funny thing is these laws are ment to prevent encryption being a 'problem' however they don't realise that why would terrorist bob care about being thrown into jail for two years over an encryption key. So far though this hasn't been put through court yet with the freedom of speech as a defence, etc. just my $0.02 :) Alex -- ( BOFH excuse #207: ) () ( We are currently trying a new concept ) ( of using a live mouse. Unfortuantely, ) ( one has yet to survive being hooked up ) ( to the computer.please bear with ) ( us.) o ^__^ o (oo)\___ (__)\ )\/\ ||w | || || msg04288/pgp0.pgp Description: PGP signature
Re: Mutt & tmp files -- Root is not my Enemy
Alexander Clouter ([EMAIL PROTECTED]) wrote: > I am the root guy of my own laptop and I can trust myself :) However a lot > of countries (uk/us and probably others, lots in the eu I would imagine) have > encryption laws, not preventing it but permiting them to throw you in jail > unless you hand over your encryption codes. If you don't you get a nice big What, if I someone gets an email encrypted with a bogus key claiming to, but not belonging to the recipient? What if I lost the key? Silly law. > fine and 6 months->2 years in jail (in the uk at least). Stegraphy is > probably a better option to avoid this 'problem' If they find stenographic software on the box, they will ask you for the mantra, too. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
Florian Bantner ([EMAIL PROTECTED]) wrote: > On Die, 20 Nov 2001, Rolf Kutz wrote: > > > Use TMPFS. Encrypt your disk or do everything in > > RAM (maybe set up a diskless system booting from > > cd. See the bootcd-package). They might still be > > bugging your hardware. > > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. a tmp dir? > * Use some kind of ram-disk device. tmpfs puts /tmp in virtual memory aka ramdisk. See Virtual memory file system support in the Kernel. Beware that it might be paged out to swap. A swapless system might be a good idea anyway. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? There are several howtos about cryptofs. > > Did they replace the damage? > > No. To be honest: After one year I had a new box and everything > running. In my old one I found the harddisks disconnected and having > read-errors (that time 2 1GB drives). To do something whould include > contacting a Laywer and doing much stressful stuff, I didn't want to > bother with. You should have done that much earlier anyway. It should be sufficing for them to make a copy of your harddrive (or keep just the hdd if they feel to make a surface-analysis of it) and give it back to you. If they broke it, they should replace it especially if their suspicion turned out to be wrong. If you let them get away, they will do it again and again. If they'll find a crypto-fs on your hdd or encrypted mail, they might never give it back to you unless you provide the keys. IIRC they might even jail you in the UK[1] and US. Grüße, Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
Florian Bantner [[EMAIL PROTECTED]] wrote:
>
> I don't know tmpfs. What I'm currently thinging about is:
> * Create for every user a directory under his home.
> * Use some kind of ram-disk device.
> * Perhaps (just to be sure) encrypt it. Perhaps that's where I need
> some kind of encrypting filesystem (do I?). I'm not experienced in
> fs encryption. How do I mount such devices. Which encryption is
> used? When to enter passphrase?
>
thisis all well and good however the encrypted/whatever filesystem is
*mounted*. This means that the file is just stored in a *filing system* and
not some magical place where only the user can go. Remember if the user can
read the file that means root also can. Regardless of what filesystem you
are using. When its an encrypted filing system thats been mounted there is
no longer a need to know the key code unless its umounted and needs to then
be mounted.
sorry to 'piss on yer fire' but it ain't going to happen :) An alternative
is to try and find a nano/mutt hybrid that doesn't use temp files. You may
be able to pipe via stdin/outs as a quick patch. Remember if the data is on
a filing system and currently readable by the system administrator then the
data is insecure.
However with all these concerns about the root guy/gal, are they
untrustworthy or just a plain BOFH? If this is the caseit is likely to be
worth considering finding a friend with 24/7 access and putting an old 486
box online for you to ssh into.
having just read more of the thread, I notice root is not the problem. Then
to have an encrypted filing system will solve your immedient problem. I
currently have all my mutt/gpg/passwords/personnel stuff on a 10Mb
cryptographic filing system. This solves my problem of the tmp files however
I am the root guy of my own laptop and I can trust myself :) However a lot
of countries (uk/us and probably others, lots in the eu I would imagine) have
encryption laws, not preventing it but permiting them to throw you in jail
unless you hand over your encryption codes. If you don't you get a nice big
fine and 6 months->2 years in jail (in the uk at least). Stegraphy is
probably a better option to avoid this 'problem'
if you want any details on the kerneli crypto patches then do ask. I have
learned lots through the hard way of doing things, and now the data
corruption is no longer a problem ;)
Alex
--
_
( BOFH excuse #145: )
( )
( Flat tire on station wagon with tapes. )
( ("Never underestimate the bandwidth of )
( a station wagon full of tapes hurling )
( down the highway" Andrew S. Tanenbaum) )
-
o ^__^
o (oo)\___
(__)\ )\/\
||w |
|| ||
msg04285/pgp0.pgp
Description: PGP signature
Re: Mutt & tmp files -- Root is not my Enemy
On Die, 20 Nov 2001, Rolf Kutz wrote: > Florian Bantner ([EMAIL PROTECTED]) wrote: > > > A fact about which I'm concerned > > even more than about a hack from outside via the internet etc. is > > real physical access to the box. Something hackers normaly don't pay > > enough attention is that just somebody steps - let's say 6 o'clock > > in the morning - into your room, shows you his police card - or what ever > > govermental id card - and tells you that your computer is now his. > > Use TMPFS. Encrypt your disk or do everything in > RAM (maybe set up a diskless system booting from > cd. See the bootcd-package). They might still be > bugging your hardware. I don't know tmpfs. What I'm currently thinging about is: * Create for every user a directory under his home. * Use some kind of ram-disk device. * Perhaps (just to be sure) encrypt it. Perhaps that's where I need some kind of encrypting filesystem (do I?). I'm not experienced in fs encryption. How do I mount such devices. Which encryption is used? When to enter passphrase? > > > You have to experience that for yourself to believe how easy this > > could happen. Just be in the wrong place to the wrong time. > > It happend to me once, just because I lived that time in a > > flat-sharing community. I didn't see my computers for about a year > > and then all harddisk had been removed and where broken. > > Did they replace the damage? > > - Rolf No. To be honest: After one year I had a new box and everything running. In my old one I found the harddisks disconnected and having read-errors (that time 2 1GB drives). To do something whould include contacting a Laywer and doing much stressful stuff, I didn't want to bother with. -- Florian Bantner AXON-E Interaktive Medien Tel. +49 - 941 - 599 854 4 Fax. +49 - 941 - 599 854 1 Mail [EMAIL PROTECTED] Key http://www.axon-e.de/gpg/f.bantner.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files -- Root is not my Enemy
Florian Bantner ([EMAIL PROTECTED]) wrote: > A fact about which I'm concerned > even more than about a hack from outside via the internet etc. is > real physical access to the box. Something hackers normaly don't pay > enough attention is that just somebody steps - let's say 6 o'clock > in the morning - into your room, shows you his police card - or what ever > govermental id card - and tells you that your computer is now his. Use TMPFS. Encrypt your disk or do everything in RAM (maybe set up a diskless system booting from cd. See the bootcd-package). They might still be bugging your hardware. > You have to experience that for yourself to believe how easy this > could happen. Just be in the wrong place to the wrong time. > It happend to me once, just because I lived that time in a > flat-sharing community. I didn't see my computers for about a year > and then all harddisk had been removed and where broken. Did they replace the damage? - Rolf
Re: Mutt & tmp files -- Root is not my Enemy
Florian Bantner ([EMAIL PROTECTED]) wrote: > A fact about which I'm concerned > even more than about a hack from outside via the internet etc. is > real physical access to the box. Something hackers normaly don't pay > enough attention is that just somebody steps - let's say 6 o'clock > in the morning - into your room, shows you his police card - or what ever > govermental id card - and tells you that your computer is now his. Use TMPFS. Encrypt your disk or do everything in RAM (maybe set up a diskless system booting from cd. See the bootcd-package). They might still be bugging your hardware. > You have to experience that for yourself to believe how easy this > could happen. Just be in the wrong place to the wrong time. > It happend to me once, just because I lived that time in a > flat-sharing community. I didn't see my computers for about a year > and then all harddisk had been removed and where broken. Did they replace the damage? - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 07:57:05PM -0800, Nathan E Norman wrote: > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > > But his is hugely off topic, and I'll go no futher down this road. > > Could you at least honor my Mail-Followup-To: header? I would have if I saw it. Mutt didn't notice it, and I don't see it in my backups. There is a possibility that $exchange elided it. Either way, if you'd stuck it in there, I apologize for not being able to follow it, since it didn't make it here. -- Share and Enjoy.
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 07:57:05PM -0800, Nathan E Norman wrote: > On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > > But his is hugely off topic, and I'll go no futher down this road. > > Could you at least honor my Mail-Followup-To: header? I would have if I saw it. Mutt didn't notice it, and I don't see it in my backups. There is a possibility that $exchange elided it. Either way, if you'd stuck it in there, I apologize for not being able to follow it, since it didn't make it here. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > But his is hugely off topic, and I'll go no futher down this road. Could you at least honor my Mail-Followup-To: header? Thanks, -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpzIcTnflLEx.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: > But his is hugely off topic, and I'll go no futher down this road. Could you at least honor my Mail-Followup-To: header? Thanks, -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton msg04281/pgp0.pgp Description: PGP signature
RE: In Praise of Dos (RE: Mutt & tmp files)
>From: John Galt [mailto:[EMAIL PROTECTED]
>delete. You're missing a large point here: root doesn't have to have
RWX
>access on everything to be able to do their job, -WX may do the trick.
So, root does not need total file access in order to do some subset of
functions which you, or the NSA, consider "their job."
Who, prey tell, set up those permissions? (hint: root)
I believe that an administrator account with such limited permissions is
a very good idea on a large-scale or multi-admin machine. In an ISP, for
instance, your grunt sysop is neither trained nor absolutely trusted.
But someone has to be able to administer *that* account too, so I still
assert there should be a Root As God as final arbiter, to install the
key-sig software, intrusion detection, etc.
>No, DOS taught us how to allow for a system to be compromised at the
drop
>of a hat.
Interesting. Physical compromise is not at issue, because a machine
which is physically compromised is merely a matter of time before it is
broken. It is my impression we (all) agree on that.
>>If you cannot trust root, don't use that machine for anything you want
>>to be secure.
>Probably a good dictum, but not really feasable in most cases. Do you
>trust your ISP? They have root on the system that forwards mail to
you...
Quite right. Luckly, there are ways to secure specific functions, such
as PGP'd email, ssh for remote login, https for document viewing and
forms, IPSec for datastreams, etc. The comodity internet cannot ever be
considered secure.
Had people only ever used terminals on shared servers, such as the IBM,
DEC, Unix "mainframe" model, I believe we would have better individual
user tools for security against root. Single user machines, thus my
comment about Dos, give the imperssion of end-point security.
>Win 3.0 was broken and unusable, you know that?
Unusable? Then I seem to have been able to do the impossible. It
certainly did not work well, but "unusable"? Hmmm...
>Win 3.X is the last system that had hardware requirements based on
>objective criteria and allowed the system control that you lauded in
your
>main email.
I'm glad the theoretical considerations were able to be communicated, I
do wish you had added your reservations and elaborations rather than
using the absolute negative "No."
> Win 95+ started doing things for you, and NEVER does them the
>way they should be done. Perhaps it just takes longer to do things
>right...
I think the distributed effort of the open source projects, while
chaotic so that key-strokes will not always be consistant (so what?),
does allow for people to use the systems that give them the least
astonishment.
And, best of all, if someone realizes how they "should" be done, they
can advocate it to someone who really can make it a reality.
Unlike arguing for something durnig "Face Time" with Bill.
I was able to limit Win95, after lots of experimenting, to three running
"services" and relative un-hackability. But it was a single user
machine, and the keyboard was God. An object lesson in choosing a good
PGP pass phrase.
>void hamlet()
>{#define question=((bb)||(!bb))}
UmmmI believe that parses as b^2, not b*2... :^)
>Who is John Galt? [EMAIL PROTECTED] that's who!
http://www.lfcity.org/
Curt-
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 02:14:54PM -0800, Nathan E Norman wrote: > On Mon, Nov 19, 2001 at 01:47:40PM -0800, Petro wrote: > > > enviroments and applications to figure out what it takes to make a > > > system really consistent and usable for you. Even if you pick some > > > things that aren't quite finished as part of your enviroment, if > they > > > are part of an active project, they will be working much better > soon. > > Go into Netscape, open up some random web page. What's the key > > command for find? > > Now open Lyx. What's the key command for find? Mutt? Opera? > > OpenOffice? > > Just like Windows 3.11. > > Which was my point. > Install Netscape 4.x, 6.x, Mozilla, and IE on a windows box. > Good luck expecting the same key strokes to do the same thing in each > application. I don't have Netscape for my windows laptop, but on Opera, IE, Pegasus Mail, Star Office, and Office the Select All, Cut, Copy, Paste, and Find options all had the exact same key commands. Most of them (were applicable) had the same key command for undo. All of them used ctrl-n for "new", whatever "new" meant in their context. Even WinCVS, a port of a Unix App uses most of these. Ctrl-p is almost always print etc. Beyond those basics, there will (and arguably should) be differences in what keys do, but the basics should (were applicable) be consistent across an interface. But his is hugely off topic, and I'll go no futher down this road. -- Share and Enjoy.
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 04:14:54PM -0600, Nathan E Norman wrote: > Install Netscape 4.x, 6.x, Mozilla, and IE on a windows box. > > Good luck expecting the same key strokes to do the same thing in each > application. Just tried this (except for Netscape 6.x) -- and at least Ctrl-F, Ctrl-A, Ctrl-P, Ctrl-O, Ctrl-W, Ctrl-C, Ctrl-X, Ctrl-V, Ctrl-R, Ctrl-B, Ctrl-Z and Ctrl-N are consistent among all three. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
RE: In Praise of Dos (RE: Mutt & tmp files)
>From: John Galt [mailto:[EMAIL PROTECTED]]
>delete. You're missing a large point here: root doesn't have to have
RWX
>access on everything to be able to do their job, -WX may do the trick.
So, root does not need total file access in order to do some subset of
functions which you, or the NSA, consider "their job."
Who, prey tell, set up those permissions? (hint: root)
I believe that an administrator account with such limited permissions is
a very good idea on a large-scale or multi-admin machine. In an ISP, for
instance, your grunt sysop is neither trained nor absolutely trusted.
But someone has to be able to administer *that* account too, so I still
assert there should be a Root As God as final arbiter, to install the
key-sig software, intrusion detection, etc.
>No, DOS taught us how to allow for a system to be compromised at the
drop
>of a hat.
Interesting. Physical compromise is not at issue, because a machine
which is physically compromised is merely a matter of time before it is
broken. It is my impression we (all) agree on that.
>>If you cannot trust root, don't use that machine for anything you want
>>to be secure.
>Probably a good dictum, but not really feasable in most cases. Do you
>trust your ISP? They have root on the system that forwards mail to
you...
Quite right. Luckly, there are ways to secure specific functions, such
as PGP'd email, ssh for remote login, https for document viewing and
forms, IPSec for datastreams, etc. The comodity internet cannot ever be
considered secure.
Had people only ever used terminals on shared servers, such as the IBM,
DEC, Unix "mainframe" model, I believe we would have better individual
user tools for security against root. Single user machines, thus my
comment about Dos, give the imperssion of end-point security.
>Win 3.0 was broken and unusable, you know that?
Unusable? Then I seem to have been able to do the impossible. It
certainly did not work well, but "unusable"? Hmmm...
>Win 3.X is the last system that had hardware requirements based on
>objective criteria and allowed the system control that you lauded in
your
>main email.
I'm glad the theoretical considerations were able to be communicated, I
do wish you had added your reservations and elaborations rather than
using the absolute negative "No."
> Win 95+ started doing things for you, and NEVER does them the
>way they should be done. Perhaps it just takes longer to do things
>right...
I think the distributed effort of the open source projects, while
chaotic so that key-strokes will not always be consistant (so what?),
does allow for people to use the systems that give them the least
astonishment.
And, best of all, if someone realizes how they "should" be done, they
can advocate it to someone who really can make it a reality.
Unlike arguing for something durnig "Face Time" with Bill.
I was able to limit Win95, after lots of experimenting, to three running
"services" and relative un-hackability. But it was a single user
machine, and the keyboard was God. An object lesson in choosing a good
PGP pass phrase.
>void hamlet()
>{#define question=((bb)||(!bb))}
UmmmI believe that parses as b^2, not b*2... :^)
>Who is John Galt? [EMAIL PROTECTED] that's who!
http://www.lfcity.org/
Curt-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 01:47:40PM -0800, Petro wrote: > > enviroments and applications to figure out what it takes to make a > > system really consistent and usable for you. Even if you pick some > > things that aren't quite finished as part of your enviroment, if they > > are part of an active project, they will be working much better soon. > > Go into Netscape, open up some random web page. What's the key > command for find? > > Now open Lyx. What's the key command for find? Mutt? Opera? > OpenOffice? > > Just like Windows 3.11. > > Which was my point. Install Netscape 4.x, 6.x, Mozilla, and IE on a windows box. Good luck expecting the same key strokes to do the same thing in each application. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgp9YeB0NHUKS.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 12:46:21PM -0800, James Hamilton wrote: > My Gnome/X/Debian GNU/Linux Desktop is much "slicker" than > anything I have ever been able to do with Windows. The Gnome > apps have a fairly consistent interface as well. There is a steeper and > longer learning curve to learn how to really use X and Unix, but I would > say that is an asset for members of the technocracy rather than a > drawback. I honestly don't know what you are talking about. Using No, you are not listening. The slickness of the UI isn't what you can accomplish with the OS, but rather about how things look. Look at the icons, look at the buttons that gnome provides. Simple and functional, but not nearly the degree of sophistication that Windows/MacOS provide. Look at the integration of the application UI into the OS UI, it all looks the same. Now maybe if I used FVWM2, or KDE, I would see more of this, but frankly they act too much like windows (hit people, having the minimize, maximize and KILL WINDOW buttons so close together is wrong. This is one of the many UI issues Apple got right in OS 6-9, but broke in X, and that windows got wrong with the 95 style UI). so and use too much screen realestate for their icons and task bar, so I use a different window manager (one of what, 20? available). > the NT box I am using now to post this message is sheer torture, but Outhouse huh. What's the Free Replacement for that? > I have to have one Windows desktop and support one Windows server > here at work. I would say the functionality of Linux is currently and Functionality is not useability. The Functionality of Linux is far superior to Windows in every area except common desktop applications (Word processors, spread sheets, Graphic Design (which is the only reason I still use MacOS at home, there is simply nothing in the Open Source world that is any where near Illustrator and Quark X-Press, and while the GIMP comes close to PhotoShop, I've been using Photoshop for over 10 years now, and I'm used to it). Yes, I've used Star Office and OO, and they are good, but not quite ready. > rapidly surpassing that of Microsoft OSes, and that perhaps you haven't > found or learned the right environment and apps. With Windows, > everthing gets set up and it works the way MS decrees it will. With > GNU/Linux, you have a huge number of choices. Part of becoming > a real user of open source is spending a lot of time evaluating different Stop right there. Do *NOT* assume because I criticize Linux that I don't know Linux. I'm not going to get in a DSW with you, but I started using Linux with kernel .99p6. I've built X from scratch (once). I use Linux on my desk at work, and I'm one of like 2 or 3 in my office to do so. I've used Slackware, DeadRat, Debian, and SuSE. I am the team lead for a small SA team that maintains a 100+ server site, primarily (and if testing goes well this week, soon to be almost completely) Linux based. We're pusing an average (24 hour average) of around 60 Mbits a second, and our front end is entirely Linux. I spent my weekend fighting with kernels and LVM to get snap shots working properly I've used Linux as a desktop OS for 5 or 6 years, either primarily, or in conjunction with my Mac. I've used Star Office, Open Office, SAIG, Lyx, and WordPerfect on Linux (among others) for word processing. I've used or tried just about every mail application out there for Linux, and (check the headers) use Mutt daily at work--with Exchange no less. I don't criticize Linux because I know windows better, I criticize Linux because it's not as good as it *could* be. In fact, I don't know windows better. I've only had 2 machines of "mine" that run windows--one is a work laptop used for Word and accessing a shared mailbox on Exchange, the other is my Counter-Strike box. That's all that's on it. Windows, and the files needed for Counter-Strike. > enviroments and applications to figure out what it takes to make a > system really consistent and usable for you. Even if you pick some > things that aren't quite finished as part of your enviroment, if they > are part of an active project, they will be working much better soon. Go into Netscape, open up some random web page. What's the key command for find? Now open Lyx. What's the key command for find? Mutt? Opera? OpenOffice? Just like Windows 3.11. Which was my point. > Once I set up my box, my roomates (non-tech) can use it to surf the > web, read their email, write papers, browse newsgroups etc with a > fairly consistent and truly complete suite of free applications. I did that 5 years ago for my wife. Of course, that was also true of Windows 3.11, with the exception that the underlying OS w
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 02:14:54PM -0800, Nathan E Norman wrote: > On Mon, Nov 19, 2001 at 01:47:40PM -0800, Petro wrote: > > > enviroments and applications to figure out what it takes to make a > > > system really consistent and usable for you. Even if you pick some > > > things that aren't quite finished as part of your enviroment, if > they > > > are part of an active project, they will be working much better > soon. > > Go into Netscape, open up some random web page. What's the key > > command for find? > > Now open Lyx. What's the key command for find? Mutt? Opera? > > OpenOffice? > > Just like Windows 3.11. > > Which was my point. > Install Netscape 4.x, 6.x, Mozilla, and IE on a windows box. > Good luck expecting the same key strokes to do the same thing in each > application. I don't have Netscape for my windows laptop, but on Opera, IE, Pegasus Mail, Star Office, and Office the Select All, Cut, Copy, Paste, and Find options all had the exact same key commands. Most of them (were applicable) had the same key command for undo. All of them used ctrl-n for "new", whatever "new" meant in their context. Even WinCVS, a port of a Unix App uses most of these. Ctrl-p is almost always print etc. Beyond those basics, there will (and arguably should) be differences in what keys do, but the basics should (were applicable) be consistent across an interface. But his is hugely off topic, and I'll go no futher down this road. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 04:14:54PM -0600, Nathan E Norman wrote: > Install Netscape 4.x, 6.x, Mozilla, and IE on a windows box. > > Good luck expecting the same key strokes to do the same thing in each > application. Just tried this (except for Netscape 6.x) -- and at least Ctrl-F, Ctrl-A, Ctrl-P, Ctrl-O, Ctrl-W, Ctrl-C, Ctrl-X, Ctrl-V, Ctrl-R, Ctrl-B, Ctrl-Z and Ctrl-N are consistent among all three. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
My Gnome/X/Debian GNU/Linux Desktop is much "slicker" than anything I have ever been able to do with Windows. The Gnome apps have a fairly consistent interface as well. There is a steeper and longer learning curve to learn how to really use X and Unix, but I would say that is an asset for members of the technocracy rather than a drawback. I honestly don't know what you are talking about. Using the NT box I am using now to post this message is sheer torture, but I have to have one Windows desktop and support one Windows server here at work. I would say the functionality of Linux is currently and rapidly surpassing that of Microsoft OSes, and that perhaps you haven't found or learned the right environment and apps. With Windows, everthing gets set up and it works the way MS decrees it will. With GNU/Linux, you have a huge number of choices. Part of becoming a real user of open source is spending a lot of time evaluating different enviroments and applications to figure out what it takes to make a system really consistent and usable for you. Even if you pick some things that aren't quite finished as part of your enviroment, if they are part of an active project, they will be working much better soon. Once I set up my box, my roomates (non-tech) can use it to surf the web, read their email, write papers, browse newsgroups etc with a fairly consistent and truly complete suite of free applications. >>> Petro <[EMAIL PROTECTED]> 11/19/01 12:10PM >>> On Mon, Nov 19, 2001 at 12:30:34AM -0800, Martin Christensen wrote: > > "Petro" == Petro <[EMAIL PROTECTED]> writes: > Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis > Petro> wrote: > >> ps: From a personal perspective, I think Linux is about where > >> Windows 3.0 was. This is not a troll, just a usability thing. > Petro> No, it's about where win3.11 was in a lot of ways. Modulo > Petro> the stability &&etc. > > I am just dying to find out why this is so. I find the unices I work > with to be much more usable than any incarnation of Windows. So what > exactly do you put into 'usability'? Consistency of UI, availibility and integration of applications, "slickness" of look and feel. Under 3.1[1] applications had widely varying "look and feel", and were not well integrated, nor was the windowing system well integrated with the underlying OS (it didn't provide "proper" abstraction of things like file-systems, processes etc.). With Windows 95, Microsoft changed a lot of that. Not that they did it *well* (the Win95 style interface gives me hives), but they provided a fairly consistent (if awful) interface, and a good deal of abstraction of the underlying hardware/OS. Linux is still at the Win3.11 level in those regards. Does this mean Linux isn't useable? Well, considering I've had at least one Linux box running at home since late 1993/94 (and had it installed on and off for about a year before that), I would have to say it's perfectly usable for those inclined to learn, those who have specific tasks it needs done. But I wouldn't put it on my mother-in-laws computer, or my moms. Then again, I wouldn't give my Mom a windows machine either (I gave her a Mac about 3/4 years ago, and she hasn't bothered to plug it in yet). I like Linux, I think it's a *good* OS, and it's coming along quite nicely, but that doesn't mean I think it's easy to use. IMO, one of the biggest problems Linux is facing in it's quest to take the desktop is that (1) there are too many different groups working on UI stuff, and (2) Most of them think that the Win95 LOOK is right, but don't bother trying for the consistency. Of course, my primary desk-top machine at home right now is a Mac running OS X. Which has some UI issues as well. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
> "Petro" == Petro <[EMAIL PROTECTED]> writes: >> I am just dying to find out why this is so. I find the unices I >> work with to be much more usable than any incarnation of >> Windows. So what exactly do you put into 'usability'? Petro> Consistency of UI, availibility and integration of Petro> applications, "slickness" of look and feel. [...] That's just one aspect of usability. If I start talking about pipes and redirection, perl, grep, sed, awk, xargsm emacs, make etc., then I'm sure that there are many out there who get a usability hard-on. Does the Windows platform in any incarnation have the degree of flexibility and perfect interaction that the dozens of common Unix utilities provide? Yes, Windows has GUI consistence that Unix can't compare with, but there's certainly more to it than that. It is dangerous and wrong to think that usability is only about Joe Schmoe; it is also about him, and in many cases it is primarily about him, but it is often in his name that ambitious users are slaughtered at the sacrificial altar. It has always been typical for DOS and Windows applications that they try to do everything themselves until every desktop clock or whatever gizmo can check your E-mail or feed your goldfish. When weighing the areas in which Windows and Unix respectively are consisten, Unix wins by a wide margin on my subjective scale. There are those who have different priorities, but that, contrary to what some people seem to shout, does not invalidate mine. Martin -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt pgp5t3Q6MZGau.pgp Description: PGP signature
Re: Re: In Praise of Dos (RE: Mutt & tmp files)
Hi, > >Root Is God. This is a multi-user, full-time, "networked" device. Root > >bears the responsibility of everything that happens to that machine. > >They are answerable to everyone, not just one user. > > No, root had best not be god. NSA Rainbow book pretty much states that > for C systems that the administrator should be able to delete files, but > may not necessarily be able to read them. In a B system, administrative > duties are dealt with by a committee, no one of which may necessarily > have permissions to read a file, but all in concert must be able to > delete. You're missing a large point here: root doesn't have to have RWX > access on everything to be able to do their job, -WX may do the trick. It depends what you want "root" to be, really. If you are after a machine which you are IN CONTROL of, mostly with only you using it, then root being in total charge of everything is perhaps OK. So its not good from a security point of view, but if you dont want security to be your top priority, then its, AFIAK, no big deal. You dont have a lot of users about who may try and break your system, so user-level security (eg wheel/sudo/etc) isnt as much effort as you need on a 5000 user uni. server. > >For all its faults, Dos taught us what it was like to be in complete > >control of ones own machine. No other users, no daemons, no "services". > >Programs ran in a vacuum. I really like such control for single-user > >machines from a security standpoint, even though I prefer the > >functionality of Linux. > > No, DOS taught us how to allow for a system to be compromised at the drop > of a hat. If you have unquestioned authority over your system, others can > have it too. and anyway, if you like a machine like that, set your linux box to have no cron or anything like that, auto-loggin for root, single terminal, and only one user (root) which you do everything with. Like DOS except easier to use. Linux can be both secure and multiuser (unlike DOS) or totally insecure and single user (like DOS). Its still linux, even if it doesnt comply to RFC x and Security standard y. The point is, a Linux box can be set up however you want, and root is (until you limit him/her/them) totally in charge. and you can change even that. MadProf - I dont care about security. So root me.-- Wot? No Coffee?
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 12:30:34AM -0800, Martin Christensen wrote: > > "Petro" == Petro <[EMAIL PROTECTED]> writes: > Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis > Petro> wrote: > >> ps: From a personal perspective, I think Linux is about where > >> Windows 3.0 was. This is not a troll, just a usability thing. > Petro> No, it's about where win3.11 was in a lot of ways. Modulo > Petro> the stability &&etc. > > I am just dying to find out why this is so. I find the unices I work > with to be much more usable than any incarnation of Windows. So what > exactly do you put into 'usability'? Consistency of UI, availibility and integration of applications, "slickness" of look and feel. Under 3.1[1] applications had widely varying "look and feel", and were not well integrated, nor was the windowing system well integrated with the underlying OS (it didn't provide "proper" abstraction of things like file-systems, processes etc.). With Windows 95, Microsoft changed a lot of that. Not that they did it *well* (the Win95 style interface gives me hives), but they provided a fairly consistent (if awful) interface, and a good deal of abstraction of the underlying hardware/OS. Linux is still at the Win3.11 level in those regards. Does this mean Linux isn't useable? Well, considering I've had at least one Linux box running at home since late 1993/94 (and had it installed on and off for about a year before that), I would have to say it's perfectly usable for those inclined to learn, those who have specific tasks it needs done. But I wouldn't put it on my mother-in-laws computer, or my moms. Then again, I wouldn't give my Mom a windows machine either (I gave her a Mac about 3/4 years ago, and she hasn't bothered to plug it in yet). I like Linux, I think it's a *good* OS, and it's coming along quite nicely, but that doesn't mean I think it's easy to use. IMO, one of the biggest problems Linux is facing in it's quest to take the desktop is that (1) there are too many different groups working on UI stuff, and (2) Most of them think that the Win95 LOOK is right, but don't bother trying for the consistency. Of course, my primary desk-top machine at home right now is a Mac running OS X. Which has some UI issues as well. -- Share and Enjoy.
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 01:47:40PM -0800, Petro wrote: > > enviroments and applications to figure out what it takes to make a > > system really consistent and usable for you. Even if you pick some > > things that aren't quite finished as part of your enviroment, if they > > are part of an active project, they will be working much better soon. > > Go into Netscape, open up some random web page. What's the key > command for find? > > Now open Lyx. What's the key command for find? Mutt? Opera? > OpenOffice? > > Just like Windows 3.11. > > Which was my point. Install Netscape 4.x, 6.x, Mozilla, and IE on a windows box. Good luck expecting the same key strokes to do the same thing in each application. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton msg04277/pgp0.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 12:46:21PM -0800, James Hamilton wrote: > My Gnome/X/Debian GNU/Linux Desktop is much "slicker" than > anything I have ever been able to do with Windows. The Gnome > apps have a fairly consistent interface as well. There is a steeper and > longer learning curve to learn how to really use X and Unix, but I would > say that is an asset for members of the technocracy rather than a > drawback. I honestly don't know what you are talking about. Using No, you are not listening. The slickness of the UI isn't what you can accomplish with the OS, but rather about how things look. Look at the icons, look at the buttons that gnome provides. Simple and functional, but not nearly the degree of sophistication that Windows/MacOS provide. Look at the integration of the application UI into the OS UI, it all looks the same. Now maybe if I used FVWM2, or KDE, I would see more of this, but frankly they act too much like windows (hit people, having the minimize, maximize and KILL WINDOW buttons so close together is wrong. This is one of the many UI issues Apple got right in OS 6-9, but broke in X, and that windows got wrong with the 95 style UI). so and use too much screen realestate for their icons and task bar, so I use a different window manager (one of what, 20? available). > the NT box I am using now to post this message is sheer torture, but Outhouse huh. What's the Free Replacement for that? > I have to have one Windows desktop and support one Windows server > here at work. I would say the functionality of Linux is currently and Functionality is not useability. The Functionality of Linux is far superior to Windows in every area except common desktop applications (Word processors, spread sheets, Graphic Design (which is the only reason I still use MacOS at home, there is simply nothing in the Open Source world that is any where near Illustrator and Quark X-Press, and while the GIMP comes close to PhotoShop, I've been using Photoshop for over 10 years now, and I'm used to it). Yes, I've used Star Office and OO, and they are good, but not quite ready. > rapidly surpassing that of Microsoft OSes, and that perhaps you haven't > found or learned the right environment and apps. With Windows, > everthing gets set up and it works the way MS decrees it will. With > GNU/Linux, you have a huge number of choices. Part of becoming > a real user of open source is spending a lot of time evaluating different Stop right there. Do *NOT* assume because I criticize Linux that I don't know Linux. I'm not going to get in a DSW with you, but I started using Linux with kernel .99p6. I've built X from scratch (once). I use Linux on my desk at work, and I'm one of like 2 or 3 in my office to do so. I've used Slackware, DeadRat, Debian, and SuSE. I am the team lead for a small SA team that maintains a 100+ server site, primarily (and if testing goes well this week, soon to be almost completely) Linux based. We're pusing an average (24 hour average) of around 60 Mbits a second, and our front end is entirely Linux. I spent my weekend fighting with kernels and LVM to get snap shots working properly I've used Linux as a desktop OS for 5 or 6 years, either primarily, or in conjunction with my Mac. I've used Star Office, Open Office, SAIG, Lyx, and WordPerfect on Linux (among others) for word processing. I've used or tried just about every mail application out there for Linux, and (check the headers) use Mutt daily at work--with Exchange no less. I don't criticize Linux because I know windows better, I criticize Linux because it's not as good as it *could* be. In fact, I don't know windows better. I've only had 2 machines of "mine" that run windows--one is a work laptop used for Word and accessing a shared mailbox on Exchange, the other is my Counter-Strike box. That's all that's on it. Windows, and the files needed for Counter-Strike. > enviroments and applications to figure out what it takes to make a > system really consistent and usable for you. Even if you pick some > things that aren't quite finished as part of your enviroment, if they > are part of an active project, they will be working much better soon. Go into Netscape, open up some random web page. What's the key command for find? Now open Lyx. What's the key command for find? Mutt? Opera? OpenOffice? Just like Windows 3.11. Which was my point. > Once I set up my box, my roomates (non-tech) can use it to surf the > web, read their email, write papers, browse newsgroups etc with a > fairly consistent and truly complete suite of free applications. I did that 5 years ago for my wife. Of course, that was also true of Windows 3.11, with the exception that the underlying OS
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, 19 Nov 2001, Howland, Curtis wrote:
>To be blunt, I don't think one can entirely protect ones self from root,
>nor do I believe it's an "All Good" idea.
>
>Root Is God. This is a multi-user, full-time, "networked" device. Root
>bears the responsibility of everything that happens to that machine.
>They are answerable to everyone, not just one user.
No, root had best not be god. NSA Rainbow book pretty much states that
for C systems that the administrator should be able to delete files, but
may not necessarily be able to read them. In a B system, administrative
duties are dealt with by a committee, no one of which may necessarily
have permissions to read a file, but all in concert must be able to
delete. You're missing a large point here: root doesn't have to have RWX
access on everything to be able to do their job, -WX may do the trick.
>For all its faults, Dos taught us what it was like to be in complete
>control of ones own machine. No other users, no daemons, no "services".
>Programs ran in a vacuum. I really like such control for single-user
>machines from a security standpoint, even though I prefer the
>functionality of Linux.
No, DOS taught us how to allow for a system to be compromised at the drop
of a hat. If you have unquestioned authority over your system, others can
have it too.
>However, I also like the fact that when my wife's Win98 device crapped
>out and was sent to the shop for repair, it was no effort to simply
>"adduser x" . The beauty of a multi-user machine. She can get the
>functions she needs until her machine comes back, but she now has to
>trust me that I won't "less /var/spool/mail/x" as root.
>
>If you cannot trust root, don't use that machine for anything you want
>to be secure.
Probably a good dictum, but not really feasable in most cases. Do you
trust your ISP? They have root on the system that forwards mail to you...
>Curt-
>
>ps: From a personal perspective, I think Linux is about where Windows
>3.0 was. This is not a troll, just a usability thing.
Win 3.0 was broken and unusable, you know that? The Win 3.0 -> 3.1
upgrade was actually a usability patch kit, and propagated for free. Win
3.0 is the GUI equivalent to DOS 4: a version that MS would just as soon
forget.
That being said, and assuming that you're not comparing linux to a
broken version of Windows, So? Win 3.X (I'd actually put the usability
more in WfWG area myself) was the last usable system MS came up with IMHO.
Win 3.X is the last system that had hardware requirements based on
objective criteria and allowed the system control that you lauded in your
main email. Win 95+ started doing things for you, and NEVER does them the
way they should be done. Perhaps it just takes longer to do things
right...
>-Original Message-
>From: Daniel D Jones [mailto:[EMAIL PROTECTED]
>... We're talking about trying to protect
>yourself from legitimate root on a system where you're merely a user.
>-
>
>
>
--
void hamlet()
{#define question=((bb)||(!bb))}
Who is John Galt? [EMAIL PROTECTED] that's who!
Re: In Praise of Dos (RE: Mutt & tmp files)
My Gnome/X/Debian GNU/Linux Desktop is much "slicker" than anything I have ever been able to do with Windows. The Gnome apps have a fairly consistent interface as well. There is a steeper and longer learning curve to learn how to really use X and Unix, but I would say that is an asset for members of the technocracy rather than a drawback. I honestly don't know what you are talking about. Using the NT box I am using now to post this message is sheer torture, but I have to have one Windows desktop and support one Windows server here at work. I would say the functionality of Linux is currently and rapidly surpassing that of Microsoft OSes, and that perhaps you haven't found or learned the right environment and apps. With Windows, everthing gets set up and it works the way MS decrees it will. With GNU/Linux, you have a huge number of choices. Part of becoming a real user of open source is spending a lot of time evaluating different enviroments and applications to figure out what it takes to make a system really consistent and usable for you. Even if you pick some things that aren't quite finished as part of your enviroment, if they are part of an active project, they will be working much better soon. Once I set up my box, my roomates (non-tech) can use it to surf the web, read their email, write papers, browse newsgroups etc with a fairly consistent and truly complete suite of free applications. >>> Petro <[EMAIL PROTECTED]> 11/19/01 12:10PM >>> On Mon, Nov 19, 2001 at 12:30:34AM -0800, Martin Christensen wrote: > > "Petro" == Petro <[EMAIL PROTECTED]> writes: > Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis > Petro> wrote: > >> ps: From a personal perspective, I think Linux is about where > >> Windows 3.0 was. This is not a troll, just a usability thing. > Petro> No, it's about where win3.11 was in a lot of ways. Modulo > Petro> the stability &&etc. > > I am just dying to find out why this is so. I find the unices I work > with to be much more usable than any incarnation of Windows. So what > exactly do you put into 'usability'? Consistency of UI, availibility and integration of applications, "slickness" of look and feel. Under 3.1[1] applications had widely varying "look and feel", and were not well integrated, nor was the windowing system well integrated with the underlying OS (it didn't provide "proper" abstraction of things like file-systems, processes etc.). With Windows 95, Microsoft changed a lot of that. Not that they did it *well* (the Win95 style interface gives me hives), but they provided a fairly consistent (if awful) interface, and a good deal of abstraction of the underlying hardware/OS. Linux is still at the Win3.11 level in those regards. Does this mean Linux isn't useable? Well, considering I've had at least one Linux box running at home since late 1993/94 (and had it installed on and off for about a year before that), I would have to say it's perfectly usable for those inclined to learn, those who have specific tasks it needs done. But I wouldn't put it on my mother-in-laws computer, or my moms. Then again, I wouldn't give my Mom a windows machine either (I gave her a Mac about 3/4 years ago, and she hasn't bothered to plug it in yet). I like Linux, I think it's a *good* OS, and it's coming along quite nicely, but that doesn't mean I think it's easy to use. IMO, one of the biggest problems Linux is facing in it's quest to take the desktop is that (1) there are too many different groups working on UI stuff, and (2) Most of them think that the Win95 LOOK is right, but don't bother trying for the consistency. Of course, my primary desk-top machine at home right now is a Mac running OS X. Which has some UI issues as well. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
> "Petro" == Petro <[EMAIL PROTECTED]> writes: >> I am just dying to find out why this is so. I find the unices I >> work with to be much more usable than any incarnation of >> Windows. So what exactly do you put into 'usability'? Petro> Consistency of UI, availibility and integration of Petro> applications, "slickness" of look and feel. [...] That's just one aspect of usability. If I start talking about pipes and redirection, perl, grep, sed, awk, xargsm emacs, make etc., then I'm sure that there are many out there who get a usability hard-on. Does the Windows platform in any incarnation have the degree of flexibility and perfect interaction that the dozens of common Unix utilities provide? Yes, Windows has GUI consistence that Unix can't compare with, but there's certainly more to it than that. It is dangerous and wrong to think that usability is only about Joe Schmoe; it is also about him, and in many cases it is primarily about him, but it is often in his name that ambitious users are slaughtered at the sacrificial altar. It has always been typical for DOS and Windows applications that they try to do everything themselves until every desktop clock or whatever gizmo can check your E-mail or feed your goldfish. When weighing the areas in which Windows and Unix respectively are consisten, Unix wins by a wide margin on my subjective scale. There are those who have different priorities, but that, contrary to what some people seem to shout, does not invalidate mine. Martin -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt msg04274/pgp0.pgp Description: PGP signature
Re: Re: In Praise of Dos (RE: Mutt & tmp files)
Hi, > >Root Is God. This is a multi-user, full-time, "networked" device. Root > >bears the responsibility of everything that happens to that machine. > >They are answerable to everyone, not just one user. > > No, root had best not be god. NSA Rainbow book pretty much states that > for C systems that the administrator should be able to delete files, but > may not necessarily be able to read them. In a B system, administrative > duties are dealt with by a committee, no one of which may necessarily > have permissions to read a file, but all in concert must be able to > delete. You're missing a large point here: root doesn't have to have RWX > access on everything to be able to do their job, -WX may do the trick. It depends what you want "root" to be, really. If you are after a machine which you are IN CONTROL of, mostly with only you using it, then root being in total charge of everything is perhaps OK. So its not good from a security point of view, but if you dont want security to be your top priority, then its, AFIAK, no big deal. You dont have a lot of users about who may try and break your system, so user-level security (eg wheel/sudo/etc) isnt as much effort as you need on a 5000 user uni. server. > >For all its faults, Dos taught us what it was like to be in complete > >control of ones own machine. No other users, no daemons, no "services". > >Programs ran in a vacuum. I really like such control for single-user > >machines from a security standpoint, even though I prefer the > >functionality of Linux. > > No, DOS taught us how to allow for a system to be compromised at the drop > of a hat. If you have unquestioned authority over your system, others can > have it too. and anyway, if you like a machine like that, set your linux box to have no cron or anything like that, auto-loggin for root, single terminal, and only one user (root) which you do everything with. Like DOS except easier to use. Linux can be both secure and multiuser (unlike DOS) or totally insecure and single user (like DOS). Its still linux, even if it doesnt comply to RFC x and Security standard y. The point is, a Linux box can be set up however you want, and root is (until you limit him/her/them) totally in charge. and you can change even that. MadProf - I dont care about security. So root me.-- Wot? No Coffee? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 12:30:34AM -0800, Martin Christensen wrote: > > "Petro" == Petro <[EMAIL PROTECTED]> writes: > Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis > Petro> wrote: > >> ps: From a personal perspective, I think Linux is about where > >> Windows 3.0 was. This is not a troll, just a usability thing. > Petro> No, it's about where win3.11 was in a lot of ways. Modulo > Petro> the stability &&etc. > > I am just dying to find out why this is so. I find the unices I work > with to be much more usable than any incarnation of Windows. So what > exactly do you put into 'usability'? Consistency of UI, availibility and integration of applications, "slickness" of look and feel. Under 3.1[1] applications had widely varying "look and feel", and were not well integrated, nor was the windowing system well integrated with the underlying OS (it didn't provide "proper" abstraction of things like file-systems, processes etc.). With Windows 95, Microsoft changed a lot of that. Not that they did it *well* (the Win95 style interface gives me hives), but they provided a fairly consistent (if awful) interface, and a good deal of abstraction of the underlying hardware/OS. Linux is still at the Win3.11 level in those regards. Does this mean Linux isn't useable? Well, considering I've had at least one Linux box running at home since late 1993/94 (and had it installed on and off for about a year before that), I would have to say it's perfectly usable for those inclined to learn, those who have specific tasks it needs done. But I wouldn't put it on my mother-in-laws computer, or my moms. Then again, I wouldn't give my Mom a windows machine either (I gave her a Mac about 3/4 years ago, and she hasn't bothered to plug it in yet). I like Linux, I think it's a *good* OS, and it's coming along quite nicely, but that doesn't mean I think it's easy to use. IMO, one of the biggest problems Linux is facing in it's quest to take the desktop is that (1) there are too many different groups working on UI stuff, and (2) Most of them think that the Win95 LOOK is right, but don't bother trying for the consistency. Of course, my primary desk-top machine at home right now is a Mac running OS X. Which has some UI issues as well. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 09:30:34AM +0100, Martin Christensen typed out the following... > > "Petro" == Petro <[EMAIL PROTECTED]> writes: > Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis > Petro> wrote: > >> ps: From a personal perspective, I think Linux is about where > >> Windows 3.0 was. This is not a troll, just a usability thing. > Petro> No, it's about where win3.11 was in a lot of ways. Modulo > Petro> the stability &&etc. > > I am just dying to find out why this is so. I find the unices I work > with to be much more usable than any incarnation of Windows. So what > exactly do you put into 'usability'? ...and that's all Martin Christensen wrote I'm afraid Seconded! I find stability wise Linux out strips any Windows I have used so far (haven't tried XP yet - and to be honest not planning to). As far as usability goes Linux is way ahead. I find Windows too restricting for my use. Apart from a few applications I just have to use I find its interface slows me down. I'll qualify that by saying that I am definately a techy user. Still this is getting OT for this list - perhaps move onto user?! -- --- Paul Tansom:Talking to penguins can be inTUXicating, whereas talking to windows is only 1 step away from talking to the wall! --- Smoothwall firewall/router project: http://www.smoothwall.org/ Smoothwall project community contact: [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, 19 Nov 2001, Howland, Curtis wrote:
>To be blunt, I don't think one can entirely protect ones self from root,
>nor do I believe it's an "All Good" idea.
>
>Root Is God. This is a multi-user, full-time, "networked" device. Root
>bears the responsibility of everything that happens to that machine.
>They are answerable to everyone, not just one user.
No, root had best not be god. NSA Rainbow book pretty much states that
for C systems that the administrator should be able to delete files, but
may not necessarily be able to read them. In a B system, administrative
duties are dealt with by a committee, no one of which may necessarily
have permissions to read a file, but all in concert must be able to
delete. You're missing a large point here: root doesn't have to have RWX
access on everything to be able to do their job, -WX may do the trick.
>For all its faults, Dos taught us what it was like to be in complete
>control of ones own machine. No other users, no daemons, no "services".
>Programs ran in a vacuum. I really like such control for single-user
>machines from a security standpoint, even though I prefer the
>functionality of Linux.
No, DOS taught us how to allow for a system to be compromised at the drop
of a hat. If you have unquestioned authority over your system, others can
have it too.
>However, I also like the fact that when my wife's Win98 device crapped
>out and was sent to the shop for repair, it was no effort to simply
>"adduser x" . The beauty of a multi-user machine. She can get the
>functions she needs until her machine comes back, but she now has to
>trust me that I won't "less /var/spool/mail/x" as root.
>
>If you cannot trust root, don't use that machine for anything you want
>to be secure.
Probably a good dictum, but not really feasable in most cases. Do you
trust your ISP? They have root on the system that forwards mail to you...
>Curt-
>
>ps: From a personal perspective, I think Linux is about where Windows
>3.0 was. This is not a troll, just a usability thing.
Win 3.0 was broken and unusable, you know that? The Win 3.0 -> 3.1
upgrade was actually a usability patch kit, and propagated for free. Win
3.0 is the GUI equivalent to DOS 4: a version that MS would just as soon
forget.
That being said, and assuming that you're not comparing linux to a
broken version of Windows, So? Win 3.X (I'd actually put the usability
more in WfWG area myself) was the last usable system MS came up with IMHO.
Win 3.X is the last system that had hardware requirements based on
objective criteria and allowed the system control that you lauded in your
main email. Win 95+ started doing things for you, and NEVER does them the
way they should be done. Perhaps it just takes longer to do things
right...
>-Original Message-
>From: Daniel D Jones [mailto:[EMAIL PROTECTED]]
>... We're talking about trying to protect
>yourself from legitimate root on a system where you're merely a user.
>-
>
>
>
--
void hamlet()
{#define question=((bb)||(!bb))}
Who is John Galt? [EMAIL PROTECTED] that's who!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
> "Petro" == Petro <[EMAIL PROTECTED]> writes: Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis Petro> wrote: >> ps: From a personal perspective, I think Linux is about where >> Windows 3.0 was. This is not a troll, just a usability thing. Petro> No, it's about where win3.11 was in a lot of ways. Modulo Petro> the stability &&etc. I am just dying to find out why this is so. I find the unices I work with to be much more usable than any incarnation of Windows. So what exactly do you put into 'usability'? Martin -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt pgplnM903KhmX.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 09:30:34AM +0100, Martin Christensen typed out the following... > > "Petro" == Petro <[EMAIL PROTECTED]> writes: > Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis > Petro> wrote: > >> ps: From a personal perspective, I think Linux is about where > >> Windows 3.0 was. This is not a troll, just a usability thing. > Petro> No, it's about where win3.11 was in a lot of ways. Modulo > Petro> the stability &&etc. > > I am just dying to find out why this is so. I find the unices I work > with to be much more usable than any incarnation of Windows. So what > exactly do you put into 'usability'? ...and that's all Martin Christensen wrote I'm afraid Seconded! I find stability wise Linux out strips any Windows I have used so far (haven't tried XP yet - and to be honest not planning to). As far as usability goes Linux is way ahead. I find Windows too restricting for my use. Apart from a few applications I just have to use I find its interface slows me down. I'll qualify that by saying that I am definately a techy user. Still this is getting OT for this list - perhaps move onto user?! -- --- Paul Tansom:Talking to penguins can be inTUXicating, whereas talking to windows is only 1 step away from talking to the wall! --- Smoothwall firewall/router project: http://www.smoothwall.org/ Smoothwall project community contact: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt & tmp files)
> "Petro" == Petro <[EMAIL PROTECTED]> writes: Petro> On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis Petro> wrote: >> ps: From a personal perspective, I think Linux is about where >> Windows 3.0 was. This is not a troll, just a usability thing. Petro> No, it's about where win3.11 was in a lot of ways. Modulo Petro> the stability &&etc. I am just dying to find out why this is so. I find the unices I work with to be much more usable than any incarnation of Windows. So what exactly do you put into 'usability'? Martin -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt msg04269/pgp0.pgp Description: PGP signature
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis wrote: > ps: From a personal perspective, I think Linux is about where Windows > 3.0 was. This is not a troll, just a usability thing. No, it's about where win3.11 was in a lot of ways. Modulo the stability &&etc. -- Share and Enjoy.
In Praise of Dos (RE: Mutt & tmp files)
To be blunt, I don't think one can entirely protect ones self from root, nor do I believe it's an "All Good" idea. Root Is God. This is a multi-user, full-time, "networked" device. Root bears the responsibility of everything that happens to that machine. They are answerable to everyone, not just one user. For all its faults, Dos taught us what it was like to be in complete control of ones own machine. No other users, no daemons, no "services". Programs ran in a vacuum. I really like such control for single-user machines from a security standpoint, even though I prefer the functionality of Linux. However, I also like the fact that when my wife's Win98 device crapped out and was sent to the shop for repair, it was no effort to simply "adduser x" . The beauty of a multi-user machine. She can get the functions she needs until her machine comes back, but she now has to trust me that I won't "less /var/spool/mail/x" as root. If you cannot trust root, don't use that machine for anything you want to be secure. Curt- ps: From a personal perspective, I think Linux is about where Windows 3.0 was. This is not a troll, just a usability thing. -Original Message- From: Daniel D Jones [mailto:[EMAIL PROTECTED] ... We're talking about trying to protect yourself from legitimate root on a system where you're merely a user. -
Re: Root is God? (was: Mutt & tmp files)
-BEGIN PGP SIGNED MESSAGE- On Friday 16 November 2001 11:39, Mathias Gygax wrote: > > There is no way, nor any reason why, to setup a system in such a way > > that the maintainer of the system cannot maintain it. > > maintainer is someone else. root is there for serving the daemons. > administrating the machine is the next security level and this time in > the kernel (to deactivate it). the interface is clean. Did you follow this thread from the beginning? The original question asked how one could secure their email from reading by root. It's clear in this case that "root" is a synonym for SysAdmin. And the bottom line is that you can't . SA may log in as root, as guest, as santaclaus - it really doesn't matter what the user name and uid is. What matters is that someone has full access to the system. Someone has the ability to install keystroke sniffers and other cute little toys. If they're willing to go to the extent of trying to recover a deleted file, they're likely willing to go to the extend of modifying executables, etc. root may not be God on your system, but that's not the same as saying your system is atheistic. There IS a God; he just answers to a different name. And you can't hide from God. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBO/hbvTA1uBpee9v5AQH8NAMApKYIwBJCJiJuzn4f5Egbf7xmlDvUdJnT g3hPyfdzVD5pm3n1AgVlyAUPszgO6pGGQODBCKojyvky6jKyYeaE/yt0nVtDTAOG 0EleeqGDD/jKtjUNtDaaOX3VNuCPpxjr =QCue -END PGP SIGNATURE-
Re: Mutt & tmp files
-BEGIN PGP SIGNED MESSAGE- On Friday 16 November 2001 11:21, Oyvind A. Holm wrote: > On 2001-11-15 19:11 Florian Bantner wrote: > Another thing is... You're a bit concerned that root can read your > mail. A good advice is to never - NEVER place your private (secret) key > on another machine you don't have physical access to or a machine which > is owned by others. Public keys only. Store it on a floppy if you have > to decrypt messages. Make sure the gpg executable is setuid root to > prevent swapping anbd insecure memory, and make sure there is no daemon > gathering keystrokes. Good practices but there's only so much you can do. How do you ensure that the pgp executable hasn't been modified to store a copy of your key after it reads it from the floppy? How do you ensure that the kernel hasn't been modified to gather keystrokes? We're talking about trying to protect yourself from legitimate root on a system where you're merely a user. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBO/hayTA1uBpee9v5AQFlTQMAqxVts+1zGWsv2xX6AtKti/gn7GTK2YJX u/GkfZZSu783nkJ6aoDy5Fc0ppO5t5bnsm2SJ3vzca4bLFLhR72rRTFs6doylnNd r+O8+UREJAkHUCNNQfemOudZHPRpcJ4z =Ktbf -END PGP SIGNATURE-
Re: In Praise of Dos (RE: Mutt & tmp files)
On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis wrote: > ps: From a personal perspective, I think Linux is about where Windows > 3.0 was. This is not a troll, just a usability thing. No, it's about where win3.11 was in a lot of ways. Modulo the stability &&etc. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
In Praise of Dos (RE: Mutt & tmp files)
To be blunt, I don't think one can entirely protect ones self from root, nor do I believe it's an "All Good" idea. Root Is God. This is a multi-user, full-time, "networked" device. Root bears the responsibility of everything that happens to that machine. They are answerable to everyone, not just one user. For all its faults, Dos taught us what it was like to be in complete control of ones own machine. No other users, no daemons, no "services". Programs ran in a vacuum. I really like such control for single-user machines from a security standpoint, even though I prefer the functionality of Linux. However, I also like the fact that when my wife's Win98 device crapped out and was sent to the shop for repair, it was no effort to simply "adduser x" . The beauty of a multi-user machine. She can get the functions she needs until her machine comes back, but she now has to trust me that I won't "less /var/spool/mail/x" as root. If you cannot trust root, don't use that machine for anything you want to be secure. Curt- ps: From a personal perspective, I think Linux is about where Windows 3.0 was. This is not a troll, just a usability thing. -Original Message- From: Daniel D Jones [mailto:[EMAIL PROTECTED]] ... We're talking about trying to protect yourself from legitimate root on a system where you're merely a user. - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Root is God? (was: Mutt & tmp files)
-BEGIN PGP SIGNED MESSAGE- On Friday 16 November 2001 11:39, Mathias Gygax wrote: > > There is no way, nor any reason why, to setup a system in such a way > > that the maintainer of the system cannot maintain it. > > maintainer is someone else. root is there for serving the daemons. > administrating the machine is the next security level and this time in > the kernel (to deactivate it). the interface is clean. Did you follow this thread from the beginning? The original question asked how one could secure their email from reading by root. It's clear in this case that "root" is a synonym for SysAdmin. And the bottom line is that you can't . SA may log in as root, as guest, as santaclaus - it really doesn't matter what the user name and uid is. What matters is that someone has full access to the system. Someone has the ability to install keystroke sniffers and other cute little toys. If they're willing to go to the extent of trying to recover a deleted file, they're likely willing to go to the extend of modifying executables, etc. root may not be God on your system, but that's not the same as saying your system is atheistic. There IS a God; he just answers to a different name. And you can't hide from God. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBO/hbvTA1uBpee9v5AQH8NAMApKYIwBJCJiJuzn4f5Egbf7xmlDvUdJnT g3hPyfdzVD5pm3n1AgVlyAUPszgO6pGGQODBCKojyvky6jKyYeaE/yt0nVtDTAOG 0EleeqGDD/jKtjUNtDaaOX3VNuCPpxjr =QCue -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files
-BEGIN PGP SIGNED MESSAGE- On Friday 16 November 2001 11:21, Oyvind A. Holm wrote: > On 2001-11-15 19:11 Florian Bantner wrote: > Another thing is... You're a bit concerned that root can read your > mail. A good advice is to never - NEVER place your private (secret) key > on another machine you don't have physical access to or a machine which > is owned by others. Public keys only. Store it on a floppy if you have > to decrypt messages. Make sure the gpg executable is setuid root to > prevent swapping anbd insecure memory, and make sure there is no daemon > gathering keystrokes. Good practices but there's only so much you can do. How do you ensure that the pgp executable hasn't been modified to store a copy of your key after it reads it from the floppy? How do you ensure that the kernel hasn't been modified to gather keystrokes? We're talking about trying to protect yourself from legitimate root on a system where you're merely a user. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBO/hayTA1uBpee9v5AQFlTQMAqxVts+1zGWsv2xX6AtKti/gn7GTK2YJX u/GkfZZSu783nkJ6aoDy5Fc0ppO5t5bnsm2SJ3vzca4bLFLhR72rRTFs6doylnNd r+O8+UREJAkHUCNNQfemOudZHPRpcJ4z =Ktbf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Root is God? (was: Mutt & tmp files)
On Son, Nov 18, 2001 at 05:06:21 +0100, martin f krafft wrote: > thanks, you just made me laugh! you set lamer detector to orange.
Re: Root is God? (was: Mutt & tmp files)
On Son, Nov 18, 2001 at 05:08:14 +0100, martin f krafft wrote: > excellent. you know what i did: i just remove the root:0:... line from > /etc/passwd and /etc/shadow. now i can't be root. that must be perfect > security. yeah! before you shout, think twice. this is READ-only on my system. you don't really understand it, right?
Re: Mutt & tmp files
* Wade Richards <[EMAIL PROTECTED]> [2001.11.15 22:17:39-0800]: > This is the sort of absolutist nonsense that gives security experts a > bad name. After all, anyone armed with a chainsaw can cut through a > solid oak door in a matter of hours, so why bother installing a deadbolt > on your door? get a steel door. look, the point is not physical console security, cause as soon as you get physical, there is nothing to stop you. but from the network or on the machine, there is security, and every step is necessary. i find that security experts are getting there name through people who read bugtraq and happily install patches, then call their system safe because other people think it's safe. if you don't take everything into account, you aren't a security expert. thoughts towards modified mutt/gpg, ttysniffers, and other such methods are necessary if you are a security expert, and they are what distinguishes you from a pop-security float-along. > For example, I'm root on my machine. I'm nosy. I'd like to know what > the people who use my machine are saying about me in e-mail. If I can > grab the contents of a file from /tmp, I just might do that. which is very illegal. remind me to never get an account on a system you have root access to. > But I'm also lazy. I'm not going to spend hours or weeks writing code to > install a tty sniffer, find enough disk space for the logs, and search > through the log files for something interesting. I'm a nozy root, > I'm not a masochistic root. so? it's possible and therefore should be considered. > Also, what makes you thing root "knows what he's doing?" I suspect that > many people with the "root" password could not install a tty sniffer or > any other spying tool unless they could type "apt-get install ttysniffer". then you shouldn't be on his/her system. period. do you even know what a hacker is? a security expert who isn't a hacker should possibly consider politics... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] weekend, where are you? pgpQeWjEu0jPs.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 14:36:30+0100]: > > > > Root is God. Anything you do on the system is potentially visible to > > > > root. > > this is, with the right patches applied, not true. ^^ > can very fine tune the setup. for a real linux multi-user system, it's the > perfect secruity patch. ^^ thanks, you just made me laugh! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] windoze nt crashed. i am the blue screen of death. no one hears your screams. pgppnvW3wHyuU.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 15:06:54+0100]: > > well, i thought this is the definition of root. > > no. with LIDS you can protect files and syscalls even from root. in my > setup, root cannot even write to his own home directory. ... which root can change at convenience. this thread is becoming boring! > my root user can't write to /usr/*, doesn't have any special syscall > access to change network and firewall settings, can't SETUID/SETGID and > is really locked like a normal user etc. but... root in this setup is > useless. you can't do anything that looks like administration. you can > run the daemons that need root access, but they're limited and can't do > the full root stuff root usually does. excellent. you know what i did: i just remove the root:0:... line from /etc/passwd and /etc/shadow. now i can't be root. that must be perfect security. yeah! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] it's as bad as you think, and they are out to get you. pgpWf2waEfI5v.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
On Son, Nov 18, 2001 at 05:06:21 +0100, martin f krafft wrote: > thanks, you just made me laugh! you set lamer detector to orange. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Root is God? (was: Mutt & tmp files)
On Son, Nov 18, 2001 at 05:08:14 +0100, martin f krafft wrote: > excellent. you know what i did: i just remove the root:0:... line from > /etc/passwd and /etc/shadow. now i can't be root. that must be perfect > security. yeah! before you shout, think twice. this is READ-only on my system. you don't really understand it, right? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mutt & tmp files
* Wade Richards <[EMAIL PROTECTED]> [2001.11.15 22:17:39-0800]: > This is the sort of absolutist nonsense that gives security experts a > bad name. After all, anyone armed with a chainsaw can cut through a > solid oak door in a matter of hours, so why bother installing a deadbolt > on your door? get a steel door. look, the point is not physical console security, cause as soon as you get physical, there is nothing to stop you. but from the network or on the machine, there is security, and every step is necessary. i find that security experts are getting there name through people who read bugtraq and happily install patches, then call their system safe because other people think it's safe. if you don't take everything into account, you aren't a security expert. thoughts towards modified mutt/gpg, ttysniffers, and other such methods are necessary if you are a security expert, and they are what distinguishes you from a pop-security float-along. > For example, I'm root on my machine. I'm nosy. I'd like to know what > the people who use my machine are saying about me in e-mail. If I can > grab the contents of a file from /tmp, I just might do that. which is very illegal. remind me to never get an account on a system you have root access to. > But I'm also lazy. I'm not going to spend hours or weeks writing code to > install a tty sniffer, find enough disk space for the logs, and search > through the log files for something interesting. I'm a nozy root, > I'm not a masochistic root. so? it's possible and therefore should be considered. > Also, what makes you thing root "knows what he's doing?" I suspect that > many people with the "root" password could not install a tty sniffer or > any other spying tool unless they could type "apt-get install ttysniffer". then you shouldn't be on his/her system. period. do you even know what a hacker is? a security expert who isn't a hacker should possibly consider politics... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck weekend, where are you? msg04261/pgp0.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 14:36:30+0100]: > > > > Root is God. Anything you do on the system is potentially visible to > > > > root. > > this is, with the right patches applied, not true. ^^ > can very fine tune the setup. for a real linux multi-user system, it's the > perfect secruity patch. ^^ thanks, you just made me laugh! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck windoze nt crashed. i am the blue screen of death. no one hears your screams. msg04260/pgp0.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 15:06:54+0100]: > > well, i thought this is the definition of root. > > no. with LIDS you can protect files and syscalls even from root. in my > setup, root cannot even write to his own home directory. ... which root can change at convenience. this thread is becoming boring! > my root user can't write to /usr/*, doesn't have any special syscall > access to change network and firewall settings, can't SETUID/SETGID and > is really locked like a normal user etc. but... root in this setup is > useless. you can't do anything that looks like administration. you can > run the daemons that need root access, but they're limited and can't do > the full root stuff root usually does. excellent. you know what i did: i just remove the root:0:... line from /etc/passwd and /etc/shadow. now i can't be root. that must be perfect security. yeah! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck it's as bad as you think, and they are out to get you. msg04259/pgp0.pgp Description: PGP signature
Re: Root is God? (was: Mutt & tmp files)
first in this discussion root == maintianer of the box you are suggesting the maintainer of the box has no pysical access and no privileges to maintain the box. this makes no sense. On Fri, Nov 16, 2001 at 05:39:43PM +0100, Mathias Gygax wrote: > > i don't care. i can seal LIDS that you can only administrate your > machine from the console. it doesn't work any longer over remote links. > > > Thats like saying root doesn't have the root password. It doesn't > > matter, root can change the root password. > > this is a new way of thinking. root is there for serving purposes. with > LIDS, you're sealing the kernel to not accept potentially malicious > input from root. or the legit maintainer, no remote admin capabilities.. doesn't sound new sounds like NT. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp5cSV8jvJW9.pgp Description: PGP signature
