Re: [Discuss] Upgraded fedora 15 to 16 unable to boot
On 1/1/2012 6:12 PM, Jerry Feldman wrote: Once I was able to boot, then I was not able to log in on Gnome3, but that was probably the customizations I added, There was a problem with the caribou package (it was noarch in F15, in F16 the x86_64 installer would update to the i686 version). The solution is to log in on the console, and yum erase caribou, then re-install (if you want; it's not really needed for most environments). A simple yum update might work as well, since I think they figured out what the problem was. But the solution I described first worked for me on several machines. Matt ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Upgraded fedora 15 to 16 unable to boot
On 01/02/2012 01:03 PM, Matthew Gillen wrote: On 1/1/2012 6:12 PM, Jerry Feldman wrote: Once I was able to boot, then I was not able to log in on Gnome3, but that was probably the customizations I added, There was a problem with the caribou package (it was noarch in F15, in F16 the x86_64 installer would update to the i686 version). The solution is to log in on the console, and yum erase caribou, then re-install (if you want; it's not really needed for most environments). A simple yum update might work as well, since I think they figured out what the problem was. But the solution I described first worked for me on several machines. I got it fixed. I've seen that problem many times before with both gnome and kde. -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] build my own cell phone
Stephen Adler wrote: ...I've set out for my new years resolution, to build my own cell phone... Anyone on BLU ever attempt or know of anyone who attempted to build their own cell phone? Didn't the Openmoko (http://www.openmoko.com/) guys run into some significant roadblocks when it came to creating open firmware for the GSM radio? The carrier don't take kindly to arbitrary code running at that layer. However, your goal is a bit fuzzy. Presumably you aren't planning to build your own GSM radio. How much of the phone do you need/want to build to achieve your goal? You best bet might be to start with a purchased phone and mod it in some fashion. I'm not aware of any phones that are designed to permit swapping components. -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] [OT] Microsoft's Standalone System Sweeper
I heard Microsoft's Standalone System Sweeper mentioned on the Security Now podcast sometime last year, and recently when several friends and relatives, that are still unfortunate enough to be running Windows, asked me for advice on repairing malware infections, I recommended they try it. They've all had positive results. Also it is turn-key enough that non-technical users can employ it themselves. It has saved me from making on-site visits. To use Microsoft's Standalone System Sweeper you download an installer on an uninfected Windows machine, and run it to produce a bootable CDR, DVD, or USB drive. You then boot the infected system with the media you created and it scans/repairs the system. I think it is about time there was a commercial solution for malware remediation that didn't depend on the infected OS. I always found the idea of downloading and running repair tools on an infected system to be tenuous. For the technically inclined, the best option was always to boot a live CD (Linux or Windows) and run repair tools from that. Microsoft seems to recommend SS only if other methods have failed, but I tend to think that if you notice malware symptoms despite running real-time protection (say Microsoft Security Essentials), then your first response should be a tool like SS. I plan to recommend to my friends and clients that they run SS prophylacticly every 6 months. I would, however, like to know more about what System Sweeper does. For example, why do they have both a 32-bit and 64-bit version? (The architecture needs to match the target system that will be scanned/repaired.) It raises the possibility that they are bundling repair files onto the CDR to replace commonly damaged files, and that the CDR only has enough capacity to handle one target type. Why doesn't Microsoft provide an optional ISO file to download? It would permit you to use more secure systems (like Linux) to create the media, and if all you had was an infected system available, probably less risky to download and burn an ISO than running the installer. Sure, the tool would need the latest virus signatures, but a scheduled job could regenerate the ISO file on Microsoft's servers periodically. What does SS actually do when it scans a system? It seems to both detect and repair problems. Can it replace corrupt or infected Windows files? Does it include replacement files, or does it just know how to repair the on-disk files from specific types of damage? Does it exclusively scan for virus signatures, or does it also compare the hash of system files against a database of hashes of known good files? Does it repair the MBR? How does it determine the MBR is bad, and will it consider alternate bootloaders, like GRUB or Truecrypt, as infected and replace them? -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Full disk encryption
The EFF recently tweeted (http://twitter.com/#!/EFF/status/153306301965938688): @EFF Call to action for 2012: full disk encryption on every machine you own! Who's with us? eff.org/r.3Ng Which links to this article: https://www.eff.org/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. [...] Choosing a Disk Encryption Tool [...] -Microsoft BitLocker in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows. -TrueCrypt has the most cross-platform compatibility. -Mac OS X and most Linux distributions have their own full-disk encryption software built in. What makes Microsoft BitLocker better than TrueCrypt? Are you using full disk encryption? If so, what tool are you using? -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Full disk encryption
No, I'm not for it. Just don't loose your laptop. Just don't leave your laptop, in the car, in high theft areas, like the Microcenter parking lot ;-( I've been at companies that demanded that everyone use it, and there is a performance hit. The one that we used was like a bios thing, it popped up and demanded the key before it would boot. If you have oodles of CPU and RAM, it is less annoying. The more likely scenario will be that people in corporate situations will be forced to use it. And then you won't like it. Thanks, Jim Gasek --- tmetro-...@vl.com wrote: From: Tom Metro tmetro-...@vl.com To: L-blu discuss@blu.org Subject: [Discuss] Full disk encryption Date: Mon, 02 Jan 2012 19:55:34 -0500 The EFF recently tweeted (http://twitter.com/#!/EFF/status/153306301965938688): @EFF Call to action for 2012: full disk encryption on every machine you own! Who's with us? eff.org/r.3Ng Which links to this article: https://www.eff.org/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. [...] Choosing a Disk Encryption Tool [...] -Microsoft BitLocker in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows. -TrueCrypt has the most cross-platform compatibility. -Mac OS X and most Linux distributions have their own full-disk encryption software built in. What makes Microsoft BitLocker better than TrueCrypt? Are you using full disk encryption? If so, what tool are you using? -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Full disk encryption
BitLocker claims a single digit percentage hit. Personally I've not noticed it. ALSO, NO FULL DISK ENCRYPTION should ever be used on an SSD drive. Performance will drop by 30% and the drive's wear-leveling system and TRIM won't function correctly. On Mon, Jan 2, 2012 at 8:10 PM, Jim Gasek j...@gasek.net wrote: No, I'm not for it. Just don't loose your laptop. Just don't leave your laptop, in the car, in high theft areas, like the Microcenter parking lot ;-( I've been at companies that demanded that everyone use it, and there is a performance hit. The one that we used was like a bios thing, it popped up and demanded the key before it would boot. If you have oodles of CPU and RAM, it is less annoying. The more likely scenario will be that people in corporate situations will be forced to use it. And then you won't like it. Thanks, Jim Gasek --- tmetro-...@vl.com wrote: From: Tom Metro tmetro-...@vl.com To: L-blu discuss@blu.org Subject: [Discuss] Full disk encryption Date: Mon, 02 Jan 2012 19:55:34 -0500 The EFF recently tweeted (http://twitter.com/#!/EFF/status/153306301965938688): @EFF Call to action for 2012: full disk encryption on every machine you own! Who's with us? eff.org/r.3Ng Which links to this article: https://www.eff.org/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. [...] Choosing a Disk Encryption Tool [...] -Microsoft BitLocker in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows. -TrueCrypt has the most cross-platform compatibility. -Mac OS X and most Linux distributions have their own full-disk encryption software built in. What makes Microsoft BitLocker better than TrueCrypt? Are you using full disk encryption? If so, what tool are you using? -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- Chris O'Connell http://outlookoutbox.blogspot.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] D-I-Y NAS enclosures
Benjamin Carr wrote: I am personally enamored of the HP Proliant Microserver... It has a 64bit AMD Athlon II Neo processor, two DIMM slots (supports ECC), one gigabit NIC, a four drive cage (not hot-swap)... It is $330 from NewEgg with a throw away 250GB drive and 1GB of Ram. I wish they would sell it bare for $50 less but the don't. Did that come loaded with Windows Home Server? I see HP went on to produce an Atom version with 2GB Memory and 1TB HD: http://www.newegg.com/Product/Product.aspx?Item=N82E16859105777 I looked it up for comparison when I recently ran across Acer's product in this space: http://www.newegg.com/Product/Product.aspx?Item=N82E16859321016 a smaller 8.5 x 8 x 7 cube with a 2 TB drive. (Plus 5 USB and 1 eSATA ports.) Currently selling for $260. Possibly discounted due to being loaded with an obsolete version of Windows Home Server. (I wonder how much the windows tax is on this server and what a bare bones version without the OS and drive would sell for.) My biggest concern with these NAS boxes is whether the motherboards are proprietary and if you'd be stuck if it died. Seems like a good deal, if the included drive is useful to you. According to camelegg.com, it is on a downward price trend, so it may be discounted further: http://camelegg.com/product/N82E16859321016?utm_campaign=firefox_extutm_source=product_link_ttputm_medium=www -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Full disk encryption
On Jan 2, 2012, at 7:55 PM, Tom Metro wrote: What makes Microsoft BitLocker better than TrueCrypt? ... because it protects against more attack modes than other software. Are you using full disk encryption? If so, what tool are you using? I don't. I take care of my gear. I made this statement before: I see WDE as enabler for carelessness. We keep hearing about lost notebooks with sensitive information on them. If the bearers of those notebooks weren't so careless then their notebooks wouldn't have been lost in the first place. Better still, if the data on those laptops were kept on secure servers with controlled VPN access instead of on portable equipment then loss of that portable equipment wouldn't be an issue. Legacy FileVault restore is a PITA. You can't restore normally. You either restore the entire sparsebundle for the user's home directory or mount the backup volume and pluck out files by hand. FileVault2 addresses this because it is a WDE system, but FV2 has its own issues. And this is the great big rub with WDE: backups. File-level backups are decrypted when sent to the backup system unless the backup system itself re-encrypts everything. One MITM attack and everything is compromised. Container and block backups require restoring the entire container or block device; they can't be used to restore single files, at least not without great difficulty, and block device (bare metal) restores usually need to restored to identical hardware to work correctly. I had TrueCrypt WDE on my netbook and BitLocker on my gaming rig at home. I ripped them out because of the backup/restore hassles. The perception of security just isn't worth it. Never mind that I have a pair of Mac Minis playing server. Sometimes they need to be restarted remotely. Can't do that with WDE. --Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [HH] build my own cell phone
Maybe a better term is a hand held Gnu/Linux PC with at least WiFi capability. One can then move on to adding the cell phone component. Once the first step is done, go to google.com/voice. Universal WiFi is a threat to cell phones, so don't expect to see it anytime soon. In my brand new office, they decided to save by not giving us good old phones. I made a call via the computer, the wife could not tell. Since there is so much money paid for phones, expect effective fictional roadblocks to keep on appearing. Now that Microsoft owns Skype, there is more of a chance of making real inroads. It is just silly that I pay for 3 types of ways to play phone tag: land line, cell phone, and the Internet. Doug ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Full disk encryption
What makes Microsoft BitLocker better than TrueCrypt? I've used TrueCrypt; no experience w/ BitLocker. Are you using full disk encryption? If so, what tool are you using? I use Ubuntu which allows encryption of the home directory. I keep all of my personal/sensitive stuff in the home directory, so I figured encrypting the home dir would be enough. The decryption happens upon login and my password is sufficiently long. Any thoughts on the kind of security risk I might be vulnerable to because I only encrypt my home dir as opposed to the full disk? I recently came across advice to use cascading encryption, which I understand to mean nesting encryption, where each is a different kind (aes, blowfish, etc.) This seems overkill for most folks. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Full disk encryption
On 1/3/2012 12:16 AM, a k'wala wrote: Any thoughts on the kind of security risk I might be vulnerable to because I only encrypt my home dir as opposed to the full disk? Many applications use /tmp or /var files as working storage, and they leave ghosts behind. Bill -- Bill Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [HH] build my own cell phone
I used to work for a small VOIP hardware vendor. We sold Asterisk systems. Getting them set up 'right' the first time is the trick. Also VOIP does not work well over open internet (latency, dropped packed, traffic shaping - even when the vendor says they don't do it, over committed networks, etc) add to non-private IP networks not really working well. Yes you can get it to go, just not as well as you might want. Normal VOIP systems are TCP/IP internally and when they go to the carrier equipment (your friendly neighborhood Bell affiliate or equivalent) most folks get T1's installed and use them for the 'analog' lines, that really stay digital the whole way, but you don't get a data T1, you get a 'voice'. If you don't need a whole T1 of voice, you can carve some data off of it, and the rest be voice. Businesses almost must do this to have the flexibility a PBX allows with the ability to do VOIP. My boss then made a trip to the UK. One day a customer called, he forgot to un-forward his cell to his private internal line, so it got routed by Asterisk to his cell when he was outside London. He conferenced me in (I was in the office in TN) so we had a 3 way conference over VOIP internationally. It worked. His part of the conversation was OK, not great (as VOIP does over the open internet). It worked well overall. Other than time zone issues, all was OK. We also used OpenVPN and ssh to remotely log into customers servers for maintenance (Mandrake and Ubuntu were our main client server bread and butter). Phone cards were Digium, but we sold various phones (Cisco, Snom, Polycom, etc). Some were better than others. Polycom were my favorite, Cisco was high $$, Snom was an economical alternative. But behind it all Asterisk as the PBX software was flexible. We did small businesses, large (several thousand handset) campuses, etc. Our favorite and easiest to maintain setup was a Asterisk server in each major building (250 or so phones), and have them trunk to each other over a IP connection. It allowed the most redundancy and reduced wiring costs for most situations. Still, each setup was individual, not cookie cutter. Oh yes, we did use soft phones but for the most part they were of less quality than stand alone hardware. Dedicated networks are nice but not often a possibility (places that did internal VPNs to keep VOIP traffic away from data made life easier. Otherwise dedicating lots of 'extra' bandwidth on their own network makes VOIP work 'smoother'. Just a few random thoughts. ... Jack ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss