[Discuss] Discuss - Software Engineering union
I wrote this on slashdot, and was wondering if you guys have an opinion. I come from a blue-collar background, my dad was a union iron worker. Trust me, there is a valuable skill set there. Strong guys who can weld, lift heavy equipment, and aren't afraid of extreme hights is, in itself, a fairly self limiting market. Anyway, the union in my view was a positive force for his industry. It set the safety standards, it provided benefits and retirement planning, it provided help for when the iron workers were mistreated. Unlike the teamsters, the iron workers were fairly well run. They partnered with the local construction companies and, in his day, help the business environment get buildings built. Decent pay and benefits and a guarantee of decent workers to employers, why wouldn't an honest business use union workers? I often argue that our interpretation of capitalism is incorrect. The word capital isn't just money. It is anything of value that can be traded. Just as businesses bargain with a capital collective, i.e. the business, banks, and investors join forces to create an entity greater than any one of them as a financial collective, workers' capital, i.e. the work that they do and their skils, is their capital and there is no conflict, in my eyes, when they bargain as a collective. An engineering union, could be a good move for the industry. It would certainly provide some push back against abusive contracts and NDAs. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Discuss - Software Engineering union
On 4/18/2012 8:36 AM, Mark Woodward wrote: I wrote this on slashdot, and was wondering if you guys have an opinion. Several. The first of which is that this is off topic for the general BLU discussion list. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] text-screen login?
For some for the recent distros (e.g. ubuntu) I am having difficulty figuring out how to kill the GUI login and have the old-fashion text-terminal-like login screen. Does anyone have helpful advice on how to set up a freshly installed linux-based system to start with a text-screen login Thanks, -- R. Luoma ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] text-screen login?
On 04/18/2012 10:30 AM, R. Luoma wrote: For some for the recent distros (e.g. ubuntu) I am having difficulty figuring out how to kill the GUI login and have the old-fashion text-terminal-like login screen. Does anyone have helpful advice on how to set up a freshly installed linux-based system to start with a text-screen login Thanks, Quick googling: http://www.techienote.com/2012/01/disable-gui-boot-in-ubuntu-11-10.html Basically you need to use update-rc.d to remove the 'lightdm' (for new ubuntu distributions) graphical login links from the system startup. All the rest from that tutorial is to disable the ubuntu graphical splash at boot. Which distribution are you using, do you know which gui login interface is installed? Nuno -- http://aeminium.org/nuno/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] camera files
in yesteryear, when i plugged a camera into my computer, the camera files would show up under /mnt, then later under /media, then under ~/.gvfs. now, however, they show up in one of those drag and drop windows (whatever they're called), but where are they? i see NIKON... at the top of the window and a directory DCIM in the window. find / -name DCIM produces nothing. ok -- so exactly where is DCIM? i know i'm something of a luddite, but i'm not happy in gui land. any help would be appreciated. ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-232-2360 (tel) j...@moylan.us www.moylan.us [death to html bloat!] ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] text-screen login?
On 4/18/2012 10:30 AM, R. Luoma wrote: Does anyone have helpful advice on how to set up a freshly installed linux-based system to start with a text-screen login You need to disable the gdm startup script. How you do that varies from one distribution to the next. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] camera files
On Wed, Apr 18, 2012 at 10:54:51AM -0400, dan moylan wrote: in yesteryear, when i plugged a camera into my computer, the camera files would show up under /mnt, then later under /media, then under ~/.gvfs. now, however, they show up in one of those drag and drop windows (whatever they're called), but where are they? i see NIKON... at the top of the window and a directory DCIM in the window. find / -name DCIM produces nothing. ok -- so exactly where is DCIM? I don't think it's mounted in a filesystem namespace (although perhaps could be with the right incantations). If you navigate into DCIM through the GUI, though, you'll find your images. You can use menus in the GUI to open another window into your filesystem, giving you a useful drag/drop destination for images you want to copy onto your filesystem. Nathan i know i'm something of a luddite, but i'm not happy in gui land. any help would be appreciated. ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-232-2360 (tel) j...@moylan.us www.moylan.us [death to html bloat!] ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] A Little OT: The Password Post-It
Greetings All, I've noticed that some of my users have been writing their passwords on post-its and leaving them all over the place. Our office has a Written Information Security Policy that each user signed, stating that passwords are not to be written down and stored in plain site. Management at my company isn't interested in disciplining anyone regarding these violations. As some of my users are in their late 70s and late 80s, I kind of understand the need to write passwords down. However, some of my other users are just plain dumb and complain all day about how many passwords they have to remember and how hard their lives are as a result. One particularly whiny person can't remember the four digit alarm code that she uses every day to get into our building. As a result she has written it on the back of her business card and leaves it in her cell phone case. I've come to realize that making things more secure is actually making the our information systems less secure. Further, adding levels of security is making the computer using experience at my organization more challenging for the already technically challenged. For example, enabling password complexity requirements just makes things harder for people to remember. The result is more passwords written on post-its. I think we, as IT professionals, have to acknowledge that not all of our users are as savvy we are. Not everyone is going to be capable of keeping their passwords straight. Perhaps the solution is to make things easier for our end users. I'm thinking now that I should install a single-sign-on software on all workstations. Once a user logs in they will never have to enter a password again (after the initial setup at least). On it's face, this may seem like a terrible solution. I'm thinking though that this might actually make things more secure as users will not be confused by multiple passwords. Hopefully, this will result in less post-it-passwords. I can then thoroughly secure the workstations by deploying Bitlocker and forcing the screens to lock after a certain period of inactivity. By securing the workstation I'm not noticeably inconveniencing users. This is a bit of give-and take, but a possible win-win. I'm wondering if anyone else has had similar troubles in the past. Any creative solutions? I've recommended terminating at least on person here, but I think my boss thought I was kidding ;-) -- Chris O'Connell http://outlookoutbox.blogspot.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] camera files
nathan meyers wrote: On Wed, Apr 18, 2012 at 10:54:51AM -0400, dan moylan wrote: in yesteryear, when i plugged a camera into my computer, the camera files would show up under /mnt, then later under /media, then under ~/.gvfs. now, however, they show up in one of those drag and drop windows (whatever they're called), but where are they? i see NIKON... at the top of the window and a directory DCIM in the window. find / -name DCIM produces nothing. ok -- so exactly where is DCIM? I don't think it's mounted in a filesystem namespace (although perhaps could be with the right incantations). If you navigate into DCIM through the GUI, though, you'll find your images. You can use menus in the GUI to open another window into your filesystem, giving you a useful drag/drop destination for images you want to copy onto your filesystem. thanks, got that, i had already imported the files via drag and drop (cumbersome). what i really would like are the right incantations. there ought to be some way just to mount the camera memory (the way i used to be done). i know there's someone out there thinking they're making it easy, but i have a hard time not saying bad words. bill ricker writes: find may avoid crossing filesys. do df or mount before and after to see where it's mounting. did both -- no differences except for a 4K size increase in /run. ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-232-2360 (tel) j...@moylan.us www.moylan.us [death to html bloat!] ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
KeePass... it saved my life. Seriously though, I have suggested it to a few grandparents/parents.. They love it. May need a little help setting it up but otherwise its great from there. On Wed, Apr 18, 2012 at 11:45 AM, Chris O'Connell omegah...@gmail.comwrote: Greetings All, I've noticed that some of my users have been writing their passwords on post-its and leaving them all over the place. Our office has a Written Information Security Policy that each user signed, stating that passwords are not to be written down and stored in plain site. Management at my company isn't interested in disciplining anyone regarding these violations. As some of my users are in their late 70s and late 80s, I kind of understand the need to write passwords down. However, some of my other users are just plain dumb and complain all day about how many passwords they have to remember and how hard their lives are as a result. One particularly whiny person can't remember the four digit alarm code that she uses every day to get into our building. As a result she has written it on the back of her business card and leaves it in her cell phone case. I've come to realize that making things more secure is actually making the our information systems less secure. Further, adding levels of security is making the computer using experience at my organization more challenging for the already technically challenged. For example, enabling password complexity requirements just makes things harder for people to remember. The result is more passwords written on post-its. I think we, as IT professionals, have to acknowledge that not all of our users are as savvy we are. Not everyone is going to be capable of keeping their passwords straight. Perhaps the solution is to make things easier for our end users. I'm thinking now that I should install a single-sign-on software on all workstations. Once a user logs in they will never have to enter a password again (after the initial setup at least). On it's face, this may seem like a terrible solution. I'm thinking though that this might actually make things more secure as users will not be confused by multiple passwords. Hopefully, this will result in less post-it-passwords. I can then thoroughly secure the workstations by deploying Bitlocker and forcing the screens to lock after a certain period of inactivity. By securing the workstation I'm not noticeably inconveniencing users. This is a bit of give-and take, but a possible win-win. I'm wondering if anyone else has had similar troubles in the past. Any creative solutions? I've recommended terminating at least on person here, but I think my boss thought I was kidding ;-) -- Chris O'Connell http://outlookoutbox.blogspot.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
Chris O'Connell wrote: | I think we, as IT professionals, have to acknowledge that not all of our | users are as savvy we are. Not everyone is going to be capable of keeping | their passwords straight. Hmmm ... A quick check shows that my personal password file has over 200 distinct entries. Some of these I haven't used in over a year, but the accounts are still there. One reason I haven't used them is that lots of software now remembers them and fills in Password: fields for me. But even if this weren't happening, I still couldn't remember that many passwords, unless I made most of them the same. If anyone claims that they can, I'd be very skeptical without a demo. So my level of savviness is probably irrelevant; I'd be surprised if very many people of any kind can remember so many nonsense words. And, despite whatever strategies I may try to use, most of these passwords do have at least some stuff that's difficult to remember. This is due to the way that admins insist on password rules that are designed for security, but which are different for every site. This forces me to use passwords that don't follow any personal pattern, meaning that I have little choice except to store them somewhere that's easily available when I need them. The real problem isn't that users write down their passwords. The real problem is that system admins force the users to write down their passwords. (Hey, maybe I should use that as a sig for a while. ;-) -- The fewer jobs a tool is designed to do, the better it does each of them. _' O :#/ John Chambers + j...@trillian.mit.edu /#\ jc1...@gmail.com | | ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
I provide them with KeePassX, but even that seems to complex for most of my users. I guess what I'm looking for is a non-technical solution or idea of how to keep users from having to write the passwords on postits. On Wed, Apr 18, 2012 at 12:15 PM, j...@trillian.mit.edu wrote: Chris O'Connell wrote: | I think we, as IT professionals, have to acknowledge that not all of our | users are as savvy we are. Not everyone is going to be capable of keeping | their passwords straight. Hmmm ... A quick check shows that my personal password file has over 200 distinct entries. Some of these I haven't used in over a year, but the accounts are still there. One reason I haven't used them is that lots of software now remembers them and fills in Password: fields for me. But even if this weren't happening, I still couldn't remember that many passwords, unless I made most of them the same. If anyone claims that they can, I'd be very skeptical without a demo. So my level of savviness is probably irrelevant; I'd be surprised if very many people of any kind can remember so many nonsense words. And, despite whatever strategies I may try to use, most of these passwords do have at least some stuff that's difficult to remember. This is due to the way that admins insist on password rules that are designed for security, but which are different for every site. This forces me to use passwords that don't follow any personal pattern, meaning that I have little choice except to store them somewhere that's easily available when I need them. The real problem isn't that users write down their passwords. The real problem is that system admins force the users to write down their passwords. (Hey, maybe I should use that as a sig for a while. ;-) -- The fewer jobs a tool is designed to do, the better it does each of them. _' O :#/ John Chambers + j...@trillian.mit.edu /#\ jc1...@gmail.com | | ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- Chris O'Connell http://outlookoutbox.blogspot.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
Password complexity requirements are: 1) Poorly implemented 2) Closer to security theater than actual security Frequent password changes are even more likely to lead to either wasted time for IT and users (I forgot my new password...again) or post-it passwords. I don't think either of these messages will ever make it to IT management, though. I think if I were designing the perfect password requirements, it would look something like: * IT has a password-crack server with a good dictionary, which includes names, sports teams, etc., all the trimmings a good password crack attempt needs. * No stupid password rules, but the server rolls through and tries to crack passwords, with a focus on new/recently changed passwords. If it finds it, user has to change their password. * Drew Van Zandt Artisan's Asylum Craft Lead, Electronics Robotics Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld) Domain Coordinator, MA-003-D. Masquerade aVST * On Wed, Apr 18, 2012 at 11:45 AM, Chris O'Connell omegah...@gmail.comwrote: Greetings All, I've noticed that some of my users have been writing their passwords on post-its and leaving them all over the place. Our office has a Written Information Security Policy that each user signed, stating that passwords are not to be written down and stored in plain site. Management at my company isn't interested in disciplining anyone regarding these violations. As some of my users are in their late 70s and late 80s, I kind of understand the need to write passwords down. However, some of my other users are just plain dumb and complain all day about how many passwords they have to remember and how hard their lives are as a result. One particularly whiny person can't remember the four digit alarm code that she uses every day to get into our building. As a result she has written it on the back of her business card and leaves it in her cell phone case. I've come to realize that making things more secure is actually making the our information systems less secure. Further, adding levels of security is making the computer using experience at my organization more challenging for the already technically challenged. For example, enabling password complexity requirements just makes things harder for people to remember. The result is more passwords written on post-its. I think we, as IT professionals, have to acknowledge that not all of our users are as savvy we are. Not everyone is going to be capable of keeping their passwords straight. Perhaps the solution is to make things easier for our end users. I'm thinking now that I should install a single-sign-on software on all workstations. Once a user logs in they will never have to enter a password again (after the initial setup at least). On it's face, this may seem like a terrible solution. I'm thinking though that this might actually make things more secure as users will not be confused by multiple passwords. Hopefully, this will result in less post-it-passwords. I can then thoroughly secure the workstations by deploying Bitlocker and forcing the screens to lock after a certain period of inactivity. By securing the workstation I'm not noticeably inconveniencing users. This is a bit of give-and take, but a possible win-win. I'm wondering if anyone else has had similar troubles in the past. Any creative solutions? I've recommended terminating at least on person here, but I think my boss thought I was kidding ;-) -- Chris O'Connell http://outlookoutbox.blogspot.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] camera files
which os and version? -- Bill @n1vux bill.n1...@gmail.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] camera files
bill ricker writes: which os and version? ubuntu 11.10 ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-232-2360 (tel) j...@moylan.us www.moylan.us [death to html bloat!] ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On 4/18/2012 12:29 PM, Chris O'Connell wrote: I guess what I'm looking for is a non-technical solution or idea of how to keep users from having to write the passwords on postits. Password policies are stupid. What needs to happen is that these folks need to be made to understand the nature of the threats involved and why protecting information is important. Once they understand that it is a short step for them to ask, what can I do about it? That's when things start to stick because it isn't a policy being put in the way of their work but their own actions protecting their work. Having a vested interest in good security practices means they'll be more likely to remember their passwords instead of needing to write them down. Just as importantly, when they are part of the security process like this they are less likely to be exploited socially. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
So, end user training? Good point! On Wed, Apr 18, 2012 at 1:18 PM, Richard Pieri richard.pi...@gmail.comwrote: On 4/18/2012 12:29 PM, Chris O'Connell wrote: I guess what I'm looking for is a non-technical solution or idea of how to keep users from having to write the passwords on postits. Password policies are stupid. What needs to happen is that these folks need to be made to understand the nature of the threats involved and why protecting information is important. Once they understand that it is a short step for them to ask, what can I do about it? That's when things start to stick because it isn't a policy being put in the way of their work but their own actions protecting their work. Having a vested interest in good security practices means they'll be more likely to remember their passwords instead of needing to write them down. Just as importantly, when they are part of the security process like this they are less likely to be exploited socially. -- Rich P. __**_ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/**listinfo/discusshttp://lists.blu.org/mailman/listinfo/discuss -- Chris O'Connell http://outlookoutbox.blogspot.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On 4/18/2012 1:20 PM, Chris O'Connell wrote: So, end user training? Good point! Don't call it that. Security isn't a destination. Security isn't the journey. Security is the faithful companion who accompanies you every step of the way. If you say training then your users are going to perceive security as a shackle dragging them down rather than the companion it is. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [OT]Discuss - Software Engineering union
Let me add my $0.02. (Yes it is a bit off topic, but still of interest to IT folks. ) I have dealt with unions from the standpoint where I was in a shop where one could not even move a monitor from one side of a cube to another. I was also a union member when I worked for the IRS. Ideally unions should represent labor in a general sense. But... there are some issues: First, unions are organizations and the union's goals may not coincide with the goals of its membership. Secondly, unions get into some nasty interjurisdictional disputes. Thirdly, work rules are set up that tend to prevent real work from being done, although that is not the intent. One laughable thing was in mainframe days where the computer operator would not allow the programmer to type in the commands to debug his program. The bottom line, IMHO, that some companies deserve to be unionized because they do not treat their employees well, but software engineers and other computer programmers are creative and that does not work well with a union environment. -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] text-screen login?
On 04/18/2012 10:57 AM, Richard Pieri wrote: On 4/18/2012 10:30 AM, R. Luoma wrote: Does anyone have helpful advice on how to set up a freshly installed linux-based system to start with a text-screen login You need to disable the gdm startup script. How you do that varies from one distribution to the next. In Fedora, you set up a default target. Essentially, it is a symple as ln -s /lib/systemd/system/target name.target /etc/systemd/system/default.target http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet Here is some stuff from /etc/inittab # systemd uses 'targets' instead of runlevels. By default, there are two main targets: # # multi-user.target: analogous to runlevel 3 # graphical.target: analogous to runlevel 5 # # To set a default target, run: # # ln -s /lib/systemd/system/target name.target /etc/systemd/system/default.target -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On 04/18/2012 12:29 PM, Chris O'Connell wrote: I provide them with KeePassX, but even that seems to complex for most of my users. I guess what I'm looking for is a non-technical solution or idea of how to keep users from having to write the passwords on postits. It is hard to change human nature. One way that tends to work (and make you very unpopular) is to either throw away the postits, or change the passwords. Of course, there is the you can cut off their hands -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On 4/18/2012 2:16 PM, Richard Pieri wrote: On 4/18/2012 1:20 PM, Chris O'Connell wrote: So, end user training? Good point! Don't call it that. Security isn't a destination. Security isn't the journey. Security is the faithful companion who accompanies you every step of the way. If you say training then your users are going to perceive security as a shackle dragging them down rather than the companion it is. I will modestly suggest an alternative approach: advertise a free seminar on tax avoidance. EVERYONE wants to avoid taxes. When the employees show up, tell them that the most certain way of avoiding taxes is to get fired for ignoring security rules. FWIW. YMMV. Bill -- Bill Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On 4/18/2012 3:57 PM, Jerry Feldman wrote: Threats don't work, especially when the worst offenders are senior management. Yep. If you want them to take security seriously then you need to get them to want to be part of the solution. Threats and mandatory training just makes them think that you see them as the problem. Never mind that getting fired or laid off doesn't exonerate one from income taxes. My worst tax years ever were the two years after I was laid off from my last gig. First, I was on the hook for income taxes from my severance and the unemployment checks. Second, once those ran out I took money out of my IRA so I got whacked for the income *and* the early withdrawal. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
Chris Tyler wrote: What about using single-sign-on with something more than a simple password? Perhaps a token generator (Yubikey or RSA token), smart card... I've been waiting to see someone adopt the idea of using cell phones with Bluetooth as a form of two-factor authentication. The basic version would work with any smart or feature phone with Bluetooth, and rely on the built-in Bluetooth security mechanisms to authenticate the phone and laptop/desktop. A more advanced version would run an app on a smart phone and use a PKI exchange. The advantage to this approach is that 1. no additional devices to carry or forget, 2. the 2nd factor authentication would be completely automatic whenever the phone was in range, with no user intervention, and you wouldn't even need to remove the phone from your pocket. You could even have such a setup automatically lock the user's screen when they step away, and unlock it without a password on their return, providing it hasn't been long since they left (1 or 2 hours?). I haven't ran across (or looked for) an open source implementation for this on the laptop/desktop side. I did look for something using PKI (or other two-factor mechanisms) and Bluetooth in the Android market, but didn't find anything relevant. (Plenty of two-factor token generators that require manual interaction.) But it does look like Samsung owns a patent on the idea: Public key infrastructure-based bluetooth smart-key system and operating method thereof http://www.faqs.org/patents/app/20090136035 -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On Wed, 2012-04-18 at 16:41 -0400, Tom Metro wrote: Chris Tyler wrote: What about using single-sign-on with something more than a simple password? Perhaps a token generator (Yubikey or RSA token), smart card... I've been waiting to see someone adopt the idea of using cell phones with Bluetooth as a form of two-factor authentication. The basic version would work with any smart or feature phone with Bluetooth, and rely on the built-in Bluetooth security mechanisms to authenticate the phone and laptop/desktop. A more advanced version would run an app on a smart phone and use a PKI exchange. There's already an application for lock-when-away / unlock-when-back using bluetooth under Linux -- http://blueproximity.sourceforge.net/ -- but this doesn't do initial logins; perhaps it can be adapted. -Chris ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] camera files
On Wed, Apr 18, 2012 at 10:54:51AM -0400, dan moylan wrote: in yesteryear, when i plugged a camera into my computer, the camera files would show up under /mnt, then later under /media, then under ~/.gvfs. now, however, they show up in one of those drag and drop windows (whatever they're called), but where are they? i see NIKON... at the top of the window and a directory DCIM in the window. find / -name DCIM produces nothing. These days, many cameras and other types of USB storage devices can operate in several USB modes, which unfortunately (I've found) can be called different things on different devices and/or operating systems. Some of these work like USB-attached disks, whereas others do not. You may need to check the mode your device is configured to connect with, and possibly choose another mode. There's usually some option in the settings that controls this. Not all devices support all of the possible modes, so if your device is new, it's possible it doesn't support that mode. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] text-screen login?
R. Luoma wrote: For some for the recent distros (e.g. ubuntu) I am having difficulty figuring out how to kill the GUI login and have the old-fashion text-terminal-like login screen. Does anyone have helpful advice on how to set up a freshly installed linux-based system to start with a text-screen login Thanks, You could always add runlevel 3 to the boot parameters. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
Chris Tyler wrote: There's already an application for lock-when-away / unlock-when-back using bluetooth under Linux -- http://blueproximity.sourceforge.net/ -- but this doesn't do initial logins; perhaps it can be adapted. Strictly an automatic screen lock/unlock. But nice. A step in the right direction. Next step might be a PAM plug-in or something. Thanks for the link. -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
Regarding the Bluetooth proximity unlock, there is a way to exploit such a system without the victim ever being without his fob. It's a simple exploit. Car thieves have been using it for several years with RFID-based start and unlock fobs: use a pair of transceivers to extend the RFID range. In networking terms, the paired transceivers form a bridge between car and fob. A similar attack against a Bt proximity unlock could work the same way. The transceivers need to be a little more sophisticated to handle the frequency hopping that Bt uses but that isn't difficult: just gang together enough transceivers to handle the full spectrum and run them in parallel. --Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] A Little OT: The Password Post-It
On Wed, Apr 18, 2012 at 12:58 PM, j...@trillian.mit.edu wrote: This is the problem that forces users to write passwords in a location that they can easily get at when they need a password. I don't see what's wrong with writing down passwords, so long as they're put in a secure place. Most adults can be trusted with sensitive items (credit cards and forms of ID, for example). If you printed business card-sized forms that they could write their passwords on, and told them to keep them in their wallets, I'd imagine they would keep them just as safe as they keep their credit cards. -Dan ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Discuss - Software Engineering union
Here's the problem that unions have: the right-wing media owners are out to get them, and the public is gullible. Are unions perfect? Absolutely not. No organization of human beings is perfect and without corruption. Some unions will be corrupt. Fact. MOST unions will not be. FACT. Those are the facts. You can look nation wide and look for union abuses, and find some. All unions? NO! A small number, YES!. The ratio of good to evil? Pretty low. Now, compare the abuses of private industry vs union corruption, and tell me which is the over whelming problem. Which does more good than bad. On 04/18/2012 09:47 AM, Edward Ned Harvey wrote: From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Mark Woodward I come from a blue-collar background, my dad was a union iron worker. I recognize that sometimes unions do good things. Whenever a company is too greedy, and exploits the employees too much. But unions are also sometimes bad. I am close to someone who works at a restaurant, which is part of a hotel. Staffing is done through the hotel, and the majority of hotel employees are housekeeping. (Foreign, generally non-english speaking, paid certainly minimum wage or better, but the point is, it's a low-paying job.) But in the restaurant, they have well paid chefs and etc. But when you unionize, you can't just unionize a few - it's all or nothing. The union came in, made vague promises of better pay and better work conditions, and housekeeping voted to unionize. I can't say whether or not housekeeping has benefited, but I can say with certainty, it has sucked in the restaurant. One guy took the restarant vodka and got drunk while cooking in the kitchen. Dangerous, and worse. He was fired. He took issue with the union, because he can only be fired for just cause, which means in effect, somebody needs to gather evidence as if it's a criminal trial. Everyone knew he was drunk, but now he's saying he wasn't. It seems coincidental that the vodka bottle disappeared from the store room at the same time it appeared half gone near his workstation, his breath reeking of alcohol, and obviously impaired... But he says he had nothing to do with it, and somebody was smelling something else, and he was behaving perfectly fine. There's also this concept of restaurant week, where all the restaurants are crazy busy. Well, one dishwasher simply didn't show up for a week. No call, no nothing. After restaurant week was over, he had his wife call from Florida, to say his grandfather had passed, and they would be staying in Fla for another week. I can understand bereavement, but there's no excuse for not calling, and ... length of time ... and It's not my fault it happened at the beginning of restaurant week. The union promised all sorts of things like regular raises, and better health insurance. So first of all, better health insurance is a relative term. Previously, it was a high deductible health plan + health saving plan + matching contributions to HSP. Moving forward, it's a full-health plan. Guess what, the full-health plan is better for some, while the HDHP is better for others. Because the HSP could be used for vision dental overages deductibles... physical therapy, acupuncture, massage and other forms of therapy, whereas those things are simply out-of-pocket on the full plan. Also, with the HSP, you save your funds lifelong and you keep it when you retire. Unlike the full plan, where you're uncovered as soon (or soon thereafter) as your unemployed. At an old age, you either have something you've saved up your whole life, or you have nothing. But anyone who has high expenses this year would be better having the full plan this year. The upshot is: Each type of plan is better for some. It's not fair to simply promise better health insurance. The union sales force is being deceitful. They don't get paid unless your organization decides to unionize. The union workers are not unbiased about your decision, and not above lying to get your patronage. Once you're unionized, it's extremely hard to get out. The upshot of the better pay is that the restaurant now has a maximum wage they're able to offer newhires, and the work schedule is assigned based on seniority. End result, whenever they have an entry-level position to fill, they do ok filling it, but whenever they have an upper-level position to fill, it goes unfilled. The head chef left for another restaurant some time ago, and they can't offer a competitive package to acquire a new head chef. But they can't leave the position open - So they hire somebody who's not qualified to be there. Everybody who works there can see this. They all formerly had aspirations for career paths and learning opportunities, but now they feel there's no way they can learn anything or improve themselves any more, because their superior(s) are not superior. Long story short, IMHO: Unions are
Re: [Discuss] Discuss - Software Engineering union
On 04/18/2012 10:26 AM, Richard Pieri wrote: On 4/18/2012 8:36 AM, Mark Woodward wrote: I wrote this on slashdot, and was wondering if you guys have an opinion. Several. The first of which is that this is off topic for the general BLU discussion list. I can certainly see that is is not unix or linux, generally, but there aren't many full time MBAs on this list. Most of us are impacted by this discussion. Seeing as most of us would be impacted, I ask the question .. What is on topic, generally? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss