Re: [newbie] Internet security Mandrake 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 23 January 2003 10:05 pm, Derek Jennings wrote: (Hmm How do you know that site does not contain malicious HTML designed to cause a buffer overflow in your browser and install a Trojan on your computer? - The best defence against that possibility is to not visit the site with Internet Explorer :-) I read at www.linuxsecurity.com that there is a trojan for linux in mp3 files. Have you heard or read about this, Derek ?. Could tripwire protect linux box from trojan horses ?. Any comments will be appreciated. - -- Rifza Adriansyah Are you using GnuPG ? Find my public key at http://belgium.keyserver.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+MRZQH9VEhcXPGz4RAunlAJ9sMfw2KxGVH4RYlfWdxC2bmcNY7gCeP7iD kdIK8pYVNphWhn7lgGV5E9k= =XLrN -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Friday 24 Jan 2003 10:32 am, Rifza Adriansyah wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 23 January 2003 10:05 pm, Derek Jennings wrote: (Hmm How do you know that site does not contain malicious HTML designed to cause a buffer overflow in your browser and install a Trojan on your computer? - The best defence against that possibility is to not visit the site with Internet Explorer :-) I read at www.linuxsecurity.com that there is a trojan for linux in mp3 files. Have you heard or read about this, Derek ?. Could tripwire protect linux box from trojan horses ?. Any comments will be appreciated. - -- Rifza Adriansyah Yes. I read about it here http://212.100.234.54/content/6/28842.html and here http://www.pclinuxonline.com/modules.php?name=Newsfile=articlesid=4252 It exploits a bug in a version of mpg123 to run arbitary code when you play a malicious mp3 file. It can damage files in your *user* account (so long as you are not running as root) The version of mpg123 shipped with Mandrake is not vulnerable, and the alternative mp3 player mpg321 is not affected. There was also a bug found in mozilla a while back which would allow a malicious website to run arbitary code in your computer. http://www.mozilla.org/projects/security/known-vulnerabilities.html I am no security expert, but I do not think Tripwire would protect against either of those attacks. As I understand it tripwire works by comparing files checksums against those previously calculated to find evidence of intrusion. (As can msec) While Linux is not immune to malicious attack, it is certainly better protected than Windows, but you should still get your security updates regularly. derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Internet security Mandrake 9.0
Do a search on google, there are tons of tutorials on IPTables. A good place to start is www.netfilter.org or http://www.linuxguruz.org/iptables/ Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vaessen, E.M.J. (Ed) Sent: Thursday, January 23, 2003 3:58 AM To: '[EMAIL PROTECTED]' Subject: [newbie] Internet security Mandrake 9.0 I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Ed Vaessen Disclaimer Aan dit bericht kunnen geen rechten worden ontleend. Dit bericht is uitsluitend bestemd voor de geadresseerde. Als u dit bericht per abuis hebt ontvangen, wordt u verzocht het te vernietigen en de afzender te informeren. Wij adviseren u om bij twijfel over de juistheid of de volledigheid van de mail contact met afzender op te nemen. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thursday 23 Jan 2003 9:58 am, Vaessen, E.M.J. (Ed) wrote: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Ed Vaessen This is a good place to start. http://www.mandrakesecure.net/en/docs/msec.php http://www.mandrakelinux.com/en/doc/90c/en/Server_Conf_Guide.html/security.html For a desktop system 'High' is probably too high a security level. You will find the system will not let you do what appears to be innocent things. If you are coming from the Windows world 'Standard' security is already much higher than you had before. derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
Ed said: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Setting msec to high is a good first step, but you need to make sure shorewall is on also. You'll find it under Security in the Mandrake Control Center. For more info on security check out MandrakeUser (http://www.mandrakeuser.org/docs/index.html). -- Anthony Abby - http://www.aplusdata.com Comic Book Community News| Web Programming Inventory and Management System | Cold Fusion PHP ASP Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Internet security Mandrake 9.0
Hello Derek, Even though 'high' is very severe according to your words, my connection to the internet via my ISP works fine and I encountered no road blocks towards internet. Your remarks give me a very save feeling (but: who can assure me that you are not a malicious hacker trying to lull me and rule my machine?) Ed -Oorspronkelijk bericht- Van: Derek Jennings [mailto:[EMAIL PROTECTED]] Verzonden: donderdag 23 januari 2003 13:14 Aan: [EMAIL PROTECTED] Onderwerp: Re: [newbie] Internet security Mandrake 9.0 On Thursday 23 Jan 2003 9:58 am, Vaessen, E.M.J. (Ed) wrote: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Ed Vaessen This is a good place to start. http://www.mandrakesecure.net/en/docs/msec.php http://www.mandrakelinux.com/en/doc/90c/en/Server_Conf_Guide.h tml/security.html For a desktop system 'High' is probably too high a security level. You will find the system will not let you do what appears to be innocent things. If you are coming from the Windows world 'Standard' security is already much higher than you had before. derek -- -- www.jennings.homelinux.net Disclaimer Aan dit bericht kunnen geen rechten worden ontleend. Dit bericht is uitsluitend bestemd voor de geadresseerde. Als u dit bericht per abuis hebt ontvangen, wordt u verzocht het te vernietigen en de afzender te informeren. Wij adviseren u om bij twijfel over de juistheid of de volledigheid van de mail contact met afzender op te nemen. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thursday 23 Jan 2003 2:00 pm, Vaessen, E.M.J. (Ed) wrote: Hello Derek, Even though 'high' is very severe according to your words, my connection to the internet via my ISP works fine and I encountered no road blocks towards internet. Your remarks give me a very save feeling (but: who can assure me that you are not a malicious hacker trying to lull me and rule my machine?) He's wicked! Wicked I tell you! g Anne -- Registered Linux User No.293302 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thursday 23 Jan 2003 2:00 pm, Vaessen, E.M.J. (Ed) wrote: Hello Derek, Even though 'high' is very severe according to your words, my connection to the internet via my ISP works fine and I encountered no road blocks towards internet. Your remarks give me a very save feeling (but: who can assure me that you are not a malicious hacker trying to lull me and rule my machine?) Ed Well give me your IP address, root password and Credit card number, and then see how trustworthy I am :-) Seriously :- At high security the msec security system will enforce file permissions quite strictly. People on high security often complain they set file permissions one way, and then a few minutes later they get changed. If 'High' works for you then fine. But be aware if 'weird' things happen it could be because of the security level. BTW: The security level is unrelated to the firewall. You can test your firewall here http://scan.sygatetech.com/ (Hmm How do you know that site does not contain malicious HTML designed to cause a buffer overflow in your browser and install a Trojan on your computer? - The best defence against that possibility is to not visit the site with Internet Explorer :-) derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thu, 23 Jan 2003 10:58:28 +0100 Vaessen, E.M.J. (Ed) [EMAIL PROTECTED] wrote: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Howdy, I recently had problems with the security level I was using (msec level 4) - that level did work for me once when I had a computer setup to only be a firewall/router protecting our local home network. No other services except Internet Conenction Sharing were supplied by that computer to the local network in the house so it worked fine. BTW, I also ran a firewall in that setup in case you were wondering. However, when I attempted to use the same computer for a firewall/router AND samba file sharing - samba was not able to share the files to the local network. Level 4 - which I believe from your post you are not using, blocks any local services from that computer configured as such to the network. From Derek J.'s post to my recent issue with msec level 4 and samba, I learned there are ways to open up services like samba...but I had no luck. Your results may vary if you choose that level. FYI, the description of level 4 in text was called Higher- just below Paranoid(level 5) The description Mandrake provides for msec levels made me think level 4 was what I wanted/needed - ie; #1 the firewall/router is a server and #2 it is always connected to the internet. What I ended up doing is dropping down to level 3 (High) and now samba is happily sharing files across the local network. Level 3 is what I use for my p.c. also and I have gotten used to any odd things there may be. To me, it is acting like a normal Linux system should, but then I have never tried level 2 so I cannot compare it. I choose to keep level 3 for my p.c. and it works for me. I would prefer to go back to level 4 for our firewall/router someday, but I am a guy who learns well from reading about success stories or well explained howto's - of which it is slim pickens for msec itself. man mseclib does give some good info though, along with the links Derek posted already (forgive me if I forgot that somebody else has posted a link) IMO, level 3 is just about right for your setup - along with a good set of firewall rules, then again - what ever works for you should be good. Just remember to keep a firewall going on your system, even if you do not have a network to protect. You need to guard against somebody gaining access to your p.c. and using it to their advantage. Just my 2 cents worth (ok, maybe 3 or 4) Good luck Steve -- Linux user #280097 Machine #162480 http://counter.li.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet Security -J.Miner and Microsoft
What ever happened to free speech? If you don't agree with someone, why not express your opinion, instead of whining? If it really is too much trouble to simply delete what you don't want to read, why not get another account for the list? ShalomOut Chal Elder PCUSA Registered Linux user #217118 Jeanette Russo wrote: How many people would like to see this thread taken off list it is OT. - Original Message - From: John [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 10, 2001 4:28 PM Subject: Re: [newbie] Internet Security -J.Miner and Microsoft I hate threads like this. Makes you stop and think about why you use these mailing lists!!! John W
Re: [newbie] Internet Security -J.Miner and Microsoft
Been on holiday have we? g On Thursday 12 July 2001 10:43, Charles A. Punch wrote: What ever happened to free speech? If you don't agree with someone, why not express your opinion, instead of whining? If it really is too much trouble to simply delete what you don't want to read, why not get another account for the list? ShalomOut Chal Elder PCUSA Registered Linux user #217118 Jeanette Russo wrote: How many people would like to see this thread taken off list it is OT. - Original Message - From: John [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 10, 2001 4:28 PM Subject: Re: [newbie] Internet Security -J.Miner and Microsoft I hate threads like this. Makes you stop and think about why you use these mailing lists!!! John W -- Serenity through viciousness.
Re: [newbie] Internet Security -J.Miner and Microsoft
On Friday 13 July 2001 12:18 am, Sridhar Dhanapalan wrote: On Fri, 13 Jul 2001 04:32, Tom Brinkman wrote: On Thursday 12 July 2001 04:43 am, Sridhar Dhanapalan wrote: Many people buy a little too much into the GNU/Linux hype, and become disappointed when it isn't the same as Windows. Seems like a contradictory statement to me Sridhar ? I believe many Lusers aren't payin _enough_ _attention_ to the GNU/Linux hype. Particularly the difference between open and closed source software and hardware. Specially those just tryin Linux, but even some more experienced users, don't know, care, or understand that closed source software and hardware can't and never can be supported for Linux and why. That's it's often disappointing and even dangerous to try to. [disappointed] ...but it works great with Window$ http://www.mandrakeforum.org/article.php?sid=427lang=en ...we have the problem of secret software in general. Allow me to clarify my statement. Granted, I'm glad you did ;) People can read about GNU/Linux all over the place nowadays. Much of this stuff stresses how user-friendly it is in combination with desktops like GNOME and KDE, and so people are enticed to try it out. As I have mentioned in earlier posts, people's definitions on user-friendly and intuitive can vary greatly, and many Windows users define user-friendliness as being like Windows. While GNOME and KDE *are* user-friendly environments, they are *not* Windows. This seems to disappoint a lot of newcomers, and so they complain that this isn't Windows. On the other hand, there are many people out there who could benefit greatly from GNU/Linux, yet do not try it out. The Microsoft monopoly has conditioned them into thinking that Windows is the only viable desktop OS, and that constant crashes, virii and security breaches are normal. To them, GNU/Linux is difficult to comprehend, with its endless array of distributions and its command-line access. Windows looks easy, since it is designed to be entirely graphical (and hence limiting in terms of functionality). Conversely, GNU/Linux looks like it has too many commands to keep track of. While the reality is that almost everything in GNU/Linux can be done graphically, people are led to believe that they need to memorise hundreds of console commands. The MandrakeForum article you linked to was very interesting, and it serves to reinforce my belief that binary-only drivers are bad. Unfortunately, for several types of hardware people do not have much of a choice. This is particularly evident in graphics hardware. Most video cards nowadays employ a Nvidia or ATI chipset, which require binary-only drivers to work. These two companies basically *own* the consumer 3D acceleration market, so anyone wishing to have decent 3D performance must buy one of these chipsets. As much as I hate binary-only drivers, I am increasingly thinking about purchasing Nvidia graphics hardware for my next PC. Things were much better when Matrox and 3Dfx were kings (I currently have a Millennium II and a Voodoo2). These companies worked closely with the XFree86 group to produce quality open-source drivers. But alas, those golden days are now over :-( Couldn't agree more with ya Sridhar. BUT you did leave the door open for me to once again rant about closed source ;) AND it's much more than just drivers, it's binary only applications many Lusers introduce into their system, and then blame Linux and/or Mandrake when the results are less than satisfactory. I believe this is a major point of ignorance with many Lusers. It often is also the major point of their dissatifaction, and they don't realize it's their own fault. Like you, I'm also on the crux of gettin a GeForce. BUT, at least I know that any problems, including loss of security, arising from that decision, are user, then hardware, but not at all Mandrake GNU/Linux. The only thing saving me is my Voodoo3 is still proving to be adequate. specially if I could figure out how to overclock it in Linux without having to rewrite the open source drivers. Winbloes just needs a registry hack to do it to their secret driver ; -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Internet Security -J.Miner and Microsoft
John, Etharp, et al., Seriously, though, my foundation just finished a special study last month in which I discovered that _millions_ of threads are simply abandoned every single year, and that this has been a growing trend for many years! It's really not a laughing matter. Many of these threads don't deserve the apathy and neglect that come from us who just don't feel like contributing anymore. Who are we to vilify these threads? Are we not responsible for them?! The whole situation is simple unbelievable. Threads don't deserve that kind of treatment you people are suggesting here. Most of the time it's not their fault that they turned out that way. If you study them closely, you find that these threads really had no choice to turn out the way they did. Most of them had a very decent beginning. They were bright, full of ideas and humor; they expressed an ever-so-humble curiosity; and they made us question the way _we_ do things-to take another look at our lives to make sure we were doing things the best. They enriched us. But we live such fast-paced lives today, that it's too easy to introduce turmoil into these threads. We move so fast; regrettable things are said; nobody teaches them moderation. They get out of control! So who do we blame? If we're honest... we blame ourselves. So please, put away your weapons, your threats, and change your heart. Don't take out your frustrations with the murder or abandonment of threads. It's time to take a stand. To be counted. To speak up and proclaim, No!! I won't tolerate this anymore. I'm going to improve the life of threads, and I'm starting with ME! Miark P.S. To contribute to the continued research and care of threads, please give what you can by making a non-tax deductible donation via PayPal to [EMAIL PROTECTED] And thank you for your kind support. - Original Message - From: etharp [EMAIL PROTECTED] To: John W [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 13, 2001 4:18 PM Subject: Re: [newbie] Internet Security -J.Miner and Microsoft NO NO Reay this thread, and all threads deserve to live full and sometime productive lives no don't pull out that gunno please don't shoot this thread.. no realy dont shoot me... PLEAS BANG BANG BANG On Friday 13 July 2001 17:14, John W wrote: At 08:56 AM 7/13/01 -0500, Jeanette Russo wrote: How many people would like to see this thread taken off list it is OT. - Original Message - From: John [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 10, 2001 4:28 PM Subject: Re: [newbie] Internet Security -J.Miner and Microsoft I hate threads like this. Makes you stop and think about why you use these mailing lists!!! John W I would like to see it go.
Re: [newbie] Internet Security -J.Miner and Microsoft
On Thu, 12 Jul 2001 08:15, Judith Miner wrote: Thank you for your very gracious message, Sridhar. Misunderstandings and misjudgments are a common problem in e-mail lists and forums, especially when we aren't very well acquainted. I think I was expecting too much too soon with my Linux installation. I wanted to get it up and fully useful within two weeks, which I stretched to three. I now realize it will take much longer to set up my desktop and become familiar with the system and the applications. I have other work to do, so I'll continue working with Linux as I can find time for it--and I really enjoy it, so finding time will be a high priority. I'm glad we have managed to resolve things on the list. Many people buy a little too much into the GNU/Linux hype, and become disappointed when it isn't the same as Windows. I'm not saying you're one of them, but I'm glad that you enjoy it -- even after all the misaccusations that have been flying around on the list. Like anything new, it takes time to truly understand. After a while, it'll really grow on you :-) I still get the feeling, however, that you are annoyed that GNU/Linux is not Windows. No, I'm not. I accept the system for what it is, I respect it, and I like it. I think most users of the graphical interface would agree that there is still work to be done. Things that Windows or Mac OS have gotten right ought not be rejected simply because of the source, however. Eventually Linux with a graphical interface will be so much nicer than Windows or the Mac because the user will have *choice* far beyond what can be done in the other OSes. You can set it up exactly the way you like and have so many more possibilities. Hear, hear! However, this is also a major reason why things don't seem so simple in *nix compared to Windows or MacOS. There are so many different variations in features and how they are implemented that it is difficult to design one all-encompassing way of doing something. Windows and MacOS, OTOH, restrict possibilities to a degree where creating a new feature or application can be easy. A similar example can be seen in *nix component architectures. GNOME uses a very flexible system, CORBA. This flexibility, however, made things more difficult to code, and performance was not great on slower machines. The KDE group recognised that, and instead made their own simpler version, KParts. While not as versatile, it wa far easier to code for, and it was faster. This, IMHO, is a reason why KDE is developing so quickly. KParts has made code reuse easier to achieve, while maintaining enough functionality to get things done. Your special character (e.g. cedilla) problem is interesting. Microsoft tries its best to blur the distinction between elements in its OS, as Civileme has noted. In GNU/Linux, on the other hand, packages and elements are clear-cut and well-defined. Civileme appeared to be annoyed that many people blame the entire OS for little problems like this, It's a MAJOR problem, not a little problem. It is also not really a blurred distinction in Windows--or in the Mac OS. Windows uses the so-called Microsoft 1252 character set. This is essentially the Latin 1 character set with typographical characters inserted into the empty positions between 129 and 160 in the 256 available slots. *All* applications use the same character set, and all characters can be entered from the keyboard (with many languages supported). All TrueType fonts in the \Windows\Fonts directory are available to all applications for printing, with correct screen rasterization at all point sizes. All Type 1 fonts managed by Adobe Type Manager are available to all applications for printing and viewing. Character sets are consistent across applications. It is seamless and transparent to the user. You *never* have to install fonts into applications. The system supplies the fonts to the applications. Windows 2000 supports both Type 1 and TrueType natively, and Unicode is also supported, though the extent depends on the application. Unicode is still fairly new and applications have to be written to take advantage of it. Plus most fonts do not yet have a full Unicode set of glyphs and many never will. Mac OS operates similarly, with a consistent character set available to all applications with the same keystrokes. Lest you think I am viewing this problem through a Windows lens, let me quote from the Font HOTTO from linuxdoc.org (also installed with Mandrake 8 documentation): Installing fonts for WYSIWYG publishing on Linux is a relatively complex task... The main reason for the complexity is that the font printing system (ghostscript) is unrelated to the screen font system. In a way, Linux's left hand does not know what its right hand is doing. This problem is nontrivial to solve, beause it is possible that printer fonts and display fonts reside on different machines, so there is no guarantee that
Re: [newbie] Internet Security -J.Miner and Microsoft
On Thursday 12 July 2001 04:43 am, Sridhar Dhanapalan wrote: Many people buy a little too much into the GNU/Linux hype, and become disappointed when it isn't the same as Windows. Seems like a contradictory statement to me Sridhar ? I believe many Lusers aren't payin _enough_ _attention_ to the GNU/Linux hype. Particularly the difference between open and closed source software and hardware. Specially those just tryin Linux, but even some more experienced users, don't know, care, or understand that closed source software and hardware can't and never can be supported for Linux and why. That's it's often disappointing and even dangerous to try to. [disappointed] ...but it works great with Window$ http://www.mandrakeforum.org/article.php?sid=427lang=en ...we have the problem of secret software in general. -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Internet Security -J.Miner and Microsoft
Thank you for your very gracious message, Sridhar. Misunderstandings and misjudgments are a common problem in e-mail lists and forums, especially when we aren't very well acquainted. I think I was expecting too much too soon with my Linux installation. I wanted to get it up and fully useful within two weeks, which I stretched to three. I now realize it will take much longer to set up my desktop and become familiar with the system and the applications. I have other work to do, so I'll continue working with Linux as I can find time for it--and I really enjoy it, so finding time will be a high priority. I still get the feeling, however, that you are annoyed that GNU/Linux is not Windows. No, I'm not. I accept the system for what it is, I respect it, and I like it. I think most users of the graphical interface would agree that there is still work to be done. Things that Windows or Mac OS have gotten right ought not be rejected simply because of the source, however. Eventually Linux with a graphical interface will be so much nicer than Windows or the Mac because the user will have *choice* far beyond what can be done in the other OSes. You can set it up exactly the way you like and have so many more possibilities. Your special character (e.g. cedilla) problem is interesting. Microsoft tries its best to blur the distinction between elements in its OS, as Civileme has noted. In GNU/Linux, on the other hand, packages and elements are clear-cut and well-defined. Civileme appeared to be annoyed that many people blame the entire OS for little problems like this, It's a MAJOR problem, not a little problem. It is also not really a blurred distinction in Windows--or in the Mac OS. Windows uses the so-called Microsoft 1252 character set. This is essentially the Latin 1 character set with typographical characters inserted into the empty positions between 129 and 160 in the 256 available slots. *All* applications use the same character set, and all characters can be entered from the keyboard (with many languages supported). All TrueType fonts in the \Windows\Fonts directory are available to all applications for printing, with correct screen rasterization at all point sizes. All Type 1 fonts managed by Adobe Type Manager are available to all applications for printing and viewing. Character sets are consistent across applications. It is seamless and transparent to the user. You *never* have to install fonts into applications. The system supplies the fonts to the applications. Windows 2000 supports both Type 1 and TrueType natively, and Unicode is also supported, though the extent depends on the application. Unicode is still fairly new and applications have to be written to take advantage of it. Plus most fonts do not yet have a full Unicode set of glyphs and many never will. Mac OS operates similarly, with a consistent character set available to all applications with the same keystrokes. Lest you think I am viewing this problem through a Windows lens, let me quote from the Font HOTTO from linuxdoc.org (also installed with Mandrake 8 documentation): Installing fonts for WYSIWYG publishing on Linux is a relatively complex task... The main reason for the complexity is that the font printing system (ghostscript) is unrelated to the screen font system. In a way, Linux's left hand does not know what its right hand is doing. This problem is nontrivial to solve, beause it is possible that printer fonts and display fonts reside on different machines, so there is no guarantee that all fonts the XClient uses are printable. ...It seems that font management standards which address this issue would greatly simplify the installation of fonts into WYSIWYG publishing systems, because all applications could use a system-wide (as opposed to application-specific) configuration. Read the last sentence again. That's the point I was trying to make. Is the author of Font HOWTO a fifth columnist as some on this list thought I was?g I still cannot excuse your assertions that logging in as root is harmless. This has got to be the *worst* thing you can do. I've never made a general statement that logging in as root is harmless or ought to be a general practice. I have ALWAYS acknowledged the importance of the root/user distinction when multiple users are involved. What I have been trying to *find out* (because I do not KNOW) is whether the harmfulness really applies when the sole user of the system is also root. Leaving aside the question of being online as root, so far the only harmful thing anyone could suggest as a result of a single user working regularly as root is that not being forced to enter a root password would make single user less conscious of the consequences of an action. Frankly, this seems paternalistic to me--as if one says, you are so careless that unless you are forced to think about it, you'll do crazy things like delete files and directories willy-nilly. Besides, if it's MY system and I mess it up because I was
Re: [newbie] Internet Security -J.Miner and Microsoft
I (being American from the Viet Nam era) have the answer to the war against Gates. we pack up, declare ourselves the winner, and not play anymore. we don't need to be against anyone. we just need to be FOR opensource. (imho) On Tuesday 10 July 2001 06:36, Len Lawrence wrote: On Mon, 9 Jul 2001, tazmun wrote: But regardless of whether she was a plant, she's abrasive, offensive, and utterly thankless to the Linux community as a whole. (Isolated thank yous on the list doesn't count.) And you sir are very close minded. You don't want to listen to new ideas and thinking if they don't fall into your narrow guidelines. I have reason to suspect that you would be perfectly happy if Linux remained an elite OS out of the reach of the average user putting yourself on some sort of pedestal. Sorry I don't deal well with snooty I'm better then you types. Judith gave the list some constructive criticism in hopes I'm sure that the right people might be listening. I distinctly remember her thanking the community for all the work that has been done and credited the community with developing a system with great potetial. Maybe not an exact quote but I think the meaning was close. All things change. They get better or get worse and/or die eventually. I believe the community knows this and realizes that Linux's future depends on innovation and new ideas and thinking. With that said I wouldn't be surprised if this community desires me to leave, but that's ok for I don't desire to be somewhere where speaking out for your convictions and ideas is not acceptable. Tazmun Dear tazmun Please don't leave the list. It is essential for the community of Linux users to accept criticism, constructive or otherwise, particularly from recent converts like Judith, and important to avoid complacency, and paranoia. Speaking for myself, it was refreshing to read those first posts from Judith, interesting to see how a deserter from the other camp actually views modern operating systems. As somebody else has pointed out, most PC users see Windows as the face of computers and most of them view computers as a commodity item like a VCR or television or games console. Their mindset is unlikely to change. What do they care about the niceties of Open Source, or free software versus commercial? There is no point in trying to reach them, and that is what will continue to fill Billy's coffers for a long time to come. Many of the diehard Linuxers like me come from a background which has exposed them to many different operating systems and many different ways of applying computers; business, technical, realtime and embedded systems and so on. With 39 years involvement in computers behind me I could never take Windows seriously. It was a toy operating system, but like GNU/Linux has evolved and should now perhaps be regarded as a real operating system. However, I shall always loathe it. I found the interface ugly and awkward to use, counter-intuitive to someone with a long history of command line operations. There seem to be a lot of Linux users who would take the opposite viewpoint - witness the popularity of KDE - so Linux obviously has the potential to please former Windows users, with the added bonus of far more freedom and choice. rant That last point, choice, is another reason why I detest Microsoft and all its hangers on. Gates started a bandwagon rolling which started to gather momentum ten years ago. Software houses jumped on it but were too lazy, ignorant, or greedy to consider providing support for alternative operating systems when they became viable. The business world in particular seemed only too eager to go along with a company whose obvious intention was to take over the world by imposing its own standards on everybody, to strangle all competition, and fleece the punters. Linux does allow choice, but many doors are still closed to it - it is continually being sidelined. For instance, the Encyclopaedia Britannica will never be available for Unix* systems. The UK Ordnance Survey likewise. I would have bought them. The same applies to much educational software and language courses. Writing to these companies does no good - they simply bin the letters. /rant So please bear with us. As you have probably noted, there are many shades of opinion amongst Linux users and developers on almost every subject. That is why it sometimes appears to lurch forward rather than evolve smoothly. There are internal threats to the OS, like forking and the multitude of distributions, so the developers have to divert some of their energies from the war against Gates.
Re: [newbie] Internet Security -J.Miner and Microsoft
The idea that I am a Microsoft employee or a plant infiltrating this list gave me the best laugh I've had in a long time. Especially since I've done nothing else for the past three weeks but try to get a good, working Linux system in hopes that I will never again have to spend my not-abundant money on anything from Bill Gates' company. The only Microsoft software on my computers that I paid for is Windows itself. There is also no pirated Microsoft software. I have Microsoft Works on my laptop, but that's because the laptop came with it and it provides a spell checker used by other applications. I don't like Works and don't use it. I have no Office, no Word, no FrontPage, no Money, no Publisher. Oh yes--I do have Encarta. It was free after a rebate, so I figure Microsoft lost money on that one. Some of you think I'm negative about and critical of Linux. That's because you haven't heard my complaints about Microsoft and Windows.g As with just about everything of this nature on the Net, you don't post messages about stuff that's working well, you post about your problems. In fact, there is a lot I like about Linux and some things about which I'm wildly enthusiastic. I intend to stick with it for the duration. I also agree that it is getting friendlier all the time, and while it has a ways to go, it's headed in the right direction. I am also quite amused that anyone thinks I have some profound knowledge of networking. Just because I can use terms like NetBEUI, TCP/IP, and NetBIOS does not mean I understand anything about them. NetBEUI and TCP/IP are networking protocols. TCP/IP is what you use for the Internet but it can also be used for a LAN. NetBEUI is only for a small LAN; you can't use it for the Internet. I don't know what NetBIOS is, but I know it's not supposed to be enabled for a protocol that gets you on the Internet. For a NetBEUI home network, each workgroup has to have a name and each computer in the workgroup has to have a name. You have to enable file and printer sharing for drives and printers you want available over the network. That is the total of my knowledge of networking. I learned the little I know primarily from grc.com, which explains how to set up your protocols and bindings properly--by default, Windows makes a mess of this. I didn't use Microsoft's wizards to set up my two-computer network. Instead, I got good, easy instructions from some PC magazine's Web site. So the secret is out. I do not have any detailed knowledge of networking. When I say I don't understand the stuff I read about Linux networking, I really don't! Not a clue. I do not know how to make a system safe, but if someone gives me good directions, I can follow them. I am totally puzzled by this post of Roman's: I have been following Judith Miner's email posts since 1996 through the her Wordstar postings on another news group. It appears that she is not new to the Microsoft Windows OS. This goes back as far as Windows 3.11 and DOS. I don't know if she is really who she says she is... but she has been pi**ssing off at lot of people over the years. She is well known through other newsgroups. I'm well known through other newsgroups??? I don't recall ever posting anything to newsgroups. In fact, I haven't read Usenet newsgroups in years. The only newsgroups I've read in the past two years have been on the Adobe and Corel sites, and I just lurked, I didn't post. I am an active member of the WordStar users' support e-mail list. If Roman is a member, I don't recall seeing any messages he has posted. The only people on that list that I've p*ssed off are two Microsoft boosters. One of them has actually waited in line outside a store waiting for the next release of Windows and the other is constantly lauding the wonders of Microsoft Word--this on a WordStar list. So two makes a lot of people? I have received numerous personal e-mails of thanks from WordStar List members whose problems I was able to solve, and have even received e-mails from people who found the answer to their questions in the List archives. In the spirit of volunteerism, I have written a book called WordStar for Windows How-To, which can be downloaded for no charge from the Web sites of the WordStar group and of some of our members. So it comes as news to me that I'm well known through other newsgroups. Of course I'm not new to the Microsoft OS. I go back to DOS 3-something in 1987. I identified myself as an experienced and proficient Windows user when I first posted on this List. Of course, someone had to come up with a crack that proficient Windows users usually weren't. All I can tell you is that I run a lot of demanding programs in the areas of writing, page design and layout, and graphics, as well as general office stuff, I have never had a virus or worm, and I've never had to reinstall Windows because it got messed up beyond salvaging. I'm not trying to dump Windows because I have stability or security problems with it, but because I don't
Re: [newbie] Internet Security -J.Miner and Microsoft
Judith, If this is the case then please accept my sincerest apologies for the bulk of what I have said (although I haven't really said much :-) ). I still get the feeling, however, that you are annoyed that GNU/Linux is not Windows. Fine, it may not be quite as user-friendly, but it is still a work in progress -- you do appear to recognise this. As I and others have posted earlier, different people have very different notions on what user-friendliness and intuitiveness is. Some people prefer how the command line works, some prefer Windows, some prefer MacOS 9, some prefer MacOS X, some prefer GNOME, some prefer KDE... The list goes on and on. Each *nix GUI project has it's own goals and target audience. While it may look like KDE and GNOME, for example, are trying to lure Windows users, they are doing it in different ways. They are both very respectable environments, and both are very usable, but in different ways. When switching to anything new, one must keep an open mind -- otherwise there is no point. Your special character (e.g. cedilla) problem is interesting. Microsoft tries its best to blur the distinction between elements in its OS, as Civileme has noted. In GNU/Linux, on the other hand, packages and elements are clear-cut and well-defined. Civileme appeared to be annoyed that many people blame the entire OS for little problems like this, when the fault (if it is a fault) usually lies with an individual package. I agree with his statement. However, I'm not sure where the best place would be for a special character feature. Perhaps it is a problem with XFree86? I know that MS also makes available an option for using US International keyboards, yet still provides an across-the-board function (using Alt) for special characters. I realise that character sets vary across character sets (e.g. ASCII and Unicode) -- could this be an issue here? Note that this problem is different from the em-dashes and smart-quotes that you can get in MS Word. You obviously have done some homework when it comes to attempting to solve your problems. However, I still cannot excuse your assertions that logging in as root is harmless. This has got to be the *worst* thing you can do. You speak as if you know much about network (and remember that the Internet is also a network) security yet you claim that your Windows box is safe. I must say that your idea of encouraging people to log in as root and then having bad things may happen if you do this messages is simply preposterous (for technical reasons). I do not blame you for this, though. This your first (AFAIK) crack at a secure multi-user OS, and this new paradigm would understandably be a bit bewildering and confusing at first. Civileme has already dispelled the open ports myths, so I shall not revisit that. My bottom-line is that GNU/Linux is a different OS, with different ways of doing things. If it ever becomes a mainstream user-friendly OS, it will not be user-friendly in the same way that MacOS or Windows is. There are different ways of doing things, and one must keep an open mind in order to learn them. For example, your annoyance with typing the root password over and over can be safely circumvented with user permissions, su, kdesu and sudo (as I have repeated endlessly over the past few weeks). I intend all this as constructive criticism, not as an insult or a flame. You are obviously not a troll, and I can sympathise with many of your views. On Wed, 11 Jul 2001 00:13, Judith Miner wrote: The idea that I am a Microsoft employee or a plant infiltrating this list gave me the best laugh I've had in a long time. Especially since I've done nothing else for the past three weeks but try to get a good, working Linux system in hopes that I will never again have to spend my not-abundant money on anything from Bill Gates' company. The only Microsoft software on my computers that I paid for is Windows itself. There is also no pirated Microsoft software. I have Microsoft Works on my laptop, but that's because the laptop came with it and it provides a spell checker used by other applications. I don't like Works and don't use it. I have no Office, no Word, no FrontPage, no Money, no Publisher. Oh yes--I do have Encarta. It was free after a rebate, so I figure Microsoft lost money on that one. Some of you think I'm negative about and critical of Linux. That's because you haven't heard my complaints about Microsoft and Windows.g As with just about everything of this nature on the Net, you don't post messages about stuff that's working well, you post about your problems. In fact, there is a lot I like about Linux and some things about which I'm wildly enthusiastic. I intend to stick with it for the duration. I also agree that it is getting friendlier all the time, and while it has a ways to go, it's headed in the right direction. BIG SNIP it looks weird to me that she doesn't know how to get the
RE: [newbie] Internet Security -J.Miner and Microsoft
Hmmm, interesting, as a relatively disinterested reader of this correspondence I nevertheless found myself interested enough to check with deja-news... I am totally puzzled by this post of Roman's: I have been following Judith Miner's email posts since 1996 through the her Wordstar postings on another news group. It appears that she is not new to the Microsoft Windows OS. This goes back as far as Windows 3.11 and DOS. I don't know if she is really who she says she is... but she has been pi**ssing off at lot of people over the years. She is well known through other newsgroups. I'm well known through other newsgroups??? I don't recall ever posting anything to newsgroups. In fact, I haven't read Usenet newsgroups in years. The only newsgroups I've read in the past two years have been on the Adobe and Corel sites, and I just lurked, I didn't post. It makes for an interesting search on so many topics contributed to by at least one Judith Miner ;o) Daryl Johnson Proplan Associates 07710 908817
Re: [newbie] Internet Security
Many thanks for this very helpful message, Tom. I typed tinyfirewall (no quotes) at the console prompt and got a message everything already installed followed by four lines complaining about Missing charset in Fontset creation. It also mentioned line 70 of /usr/lib/libDrakX/my_gtk.pm. I looked at that line in the my_gtk.pm file. I will post these error messages on this list when I have a chance to run Linux again. We have been having frequent thunderstorms for the past three days and my Linux computer is turned off and unplugged. The messages are too long for me to reproduce them without making a mistake. I need to copy and paste. This may explain why the firewall setup in DrakConf won't run. Maybe it can't find the font it needs to display the screens. I have no idea how this may have happened because I didn't do anything related to that font, but maybe I can get it fixed up with a little help and then can set up my firewall. --Judy Miner - Original Message - From: Tom Brinkman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: July 08, 2001 11:30 AM Subject: Re: [newbie] Internet Security On Saturday 07 July 2001 09:52 pm, Judith Miner wrote: [snip] You have to have open ports to run your system and get on the Net. What you don't want is for those ports to be seen or accessible by others. ( and that about sums up my security expertise ;) I don't know what else to suggest. You're gonna have to get DrakConf - Security - Firewalling functioning to setup a firewall. [snip] -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Internet Security -J.Miner and Microsoft
On Mon, 9 Jul 2001 07:51, Tom Brinkman wrote: Â Â Most all 'computer' problems are/or, at least I've found it's best for me, should be approached as User, then Hardware, then (any) OS. Also, I'm not hearing anything about the fact that we use GNU/Linux in this thread. Linux is only the kernel, everything else is GNU contributed proccesses and apps written to run on it. It's obvious (at least to me ;) that distros like RH, SuSe, and specially Mandrake have made great strides in gathering together these apps/proccesses, and 'user friendliness' configuration and coordination tools in just the past few years. *_In spite of_* an increasing ignorance and/or preference of Lusers to add closed source/binary only apps and (win)hardware into the mix. (yeah, I'm diggin at y'all nVidia folks again ;) I have to agree here. People tend to forget or even ignore all the hard work the Free Software Foundation has and is still doing. Linux is a kernel. Just about everything else around it is GNU -- hence the term GNU Operating System. The GNU OS can work on a wide variety of *nix kernels (e.g. Solaris BSD). Linux, however, cannot work on its own, and needs the GNU OS to operate. There was a recent discussion on MandrakeForum about this: http://www.mandrakeforum.com/article.php?thold=-1mode=nestedorder=0sid=1038lang=en Please be patient while it loads -- it is quite large. Prominent discussions on the page involve an argument between Craig Black and Yama. Craig is one of those pitiful souls who cannot comprehend the work of Richard Stallman or the FSF. Yama and a few others refute him at every turn, and eventually it just becomes an insult-fest :-) It's quite funny to read Craig's work, and eventually Deno (the Forum maintainer) adds his own two cents. By the way, if you haven't figured it out yet, Yama is my handle -- so all Yama posts are by me :-) -- Sridhar Dhanapalan. There are two major products that come from Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson
Re: [newbie] Internet Security -J.Miner and Microsoft
I initially thought that Civileme's post was just a bit over the top. After reading this, however, I think he was pretty-much spot-on. I suggest that if Judith wants something more like Windows, she have a look at other OSs like MacOS, OS/2 or BeOS. OS/2 is a single-user OS, and it has quite a few good applications written for it (many of them ports from *nix). I used to run it back in the Warp 3 days (around 1995). GNU/Linux *will* become more user-friendly, but it will take time. It is not quite there yet for the average user. System elements like the root-user dichotomy will never disappear, for they are fundamental to system stabliity. Implementing work-arounds to this would only defeat GNU/Linux's security (both physical and network, including Internet), and anyone knowledgeable enough to code such a system (assuming it is possible) would not do so because their knowledge would tell them it is a bad idea. As Civileme mentioned in an earlier post, MS try to blur the distinction between application and OS, so migrating Windows users end up blaming Linux when their desired function supposedly does not exist. People must remember that GNU/Linux is not Windows, nor will it ever be Windows. It is an entirely different OS, with entirely different ways of going about things. People need to keep an open mind when trying something new, and they should stop expecting everything to work just like Windows. The oft-abused term intuitive means different things to different people, depending on their own personal experiences. It has often been said that it is far easier to introduce a total computer newbie to GNU/Linux than it is to teach the same thing to an experienced Windows or MacOS user. The total newbie is starting with a clean slate. (S)he does not have any prior expectations on how something should work, and so is not 'hobbled' by past experience. The Windows/MacOS expert, on the other hand, must un-learn everything they had learnt previously, and shelve any expectations, in order to learn the new OS. IMHO, the *real* growth for GNU/Linux in the consumer market will not be in wealthier nations, where MS is already established. The action will instead be in poorer nations and areas, where the free GNU/Linux and cheaper hardware will enable millions to own computers and embedded devices (consoles, set-top boxes, PDAs, etc). With this in mind, focussing on luring Windows users with a clone-interface would be an extremely short-sighted strategy. On Mon, 9 Jul 2001 05:40, Romanator wrote: Jeferson Lopes Zacco wrote: -Mensagem Original- De: civileme [EMAIL PROTECTED] Para: Judith Miner [EMAIL PROTECTED]; [EMAIL PROTECTED] Enviada em: domingo, 8 de julho de 2001 04:27 Assunto: Re: [newbie] Internet Security And despite the fact that I enjoy your posts, this is my last one to you and note it is on-list. It occurs to me that if you are a Microsoft shill, or executive, that you could be a lot more productive to your company by wasting my time than you could be by being negative on the newbie list. Civileme Interesting ... I had just written an e-mail congratulating Judith on her posts. After reading yours, tough, I must admit they do make some sense...and I haven't seen a reply of hers to your post. I would give a most outraged reply if I were mistaken with a Microshaft plant. And it looks weird to me that she doesn't know how to get the cedille, yet she knows so much about other things. I'm still not convinced she is a plant, tough. Time will tell. On the other hand, I guess that her posts didn't manage to scare anyone, if that was her intention. That linux needs to get easier to configure if it wants to atract Window$ users is a fact. Mandrake has gone a long way towards it by making the installation process easy- it is, in fact much easier and quicker than window$. But there is still work to be done, as I pointed in my last post. Will it be done? It depends on the community attitude towards new users, and their ability to handle micoshaft attacks, which will increase from now on. And it seems that the attacks can be very violent and unexpected indeed... --Jeferson L. Zacco aka Wooky [EMAIL PROTECTED] Linux registered user #221896 - Computers are used to solve problems that wouldn't exist if computers weren't invented in the first place. I have been following Judith Miner's email posts since 1996 through the her Wordstar postings on another news group. It appears that she is not new to the Microsoft Windows OS. This goes back as far as Windows 3.11 and DOS. I don't know if she is really who she says she is... but she has been pi**ssing off at lot of people over the years. She is well known through other newsgroups. My comments are not because I think I'm better than she is nor am I a Linux elitist or guru. However, almost every
Re: [newbie] Internet Security -J.Miner and Microsoft
etharp wrote: snip hey roman, are you a typical windows user? grin Hey Tom, I have an NVIDIA card and works great. What can I say, it came with the computer. Roman Registered Linux User #179293 su is not the root of your problem but the start of a new journey Only for projects at work. grin -- Roman Registered Linux User #179293 su is not the root of your problem but the start of a new journey
Re: [newbie] Internet Security -J.Miner and Microsoft
I initially thought that Civileme's post was just a bit over the top. After reading this, however, I think he was pretty-much spot-on. I suggest that if Judith wants something more like Windows, she have a look at other OSs like MacOS, OS/2 or BeOS. OS/2 is a single-user OS, and it has quite a few good applications written for it (many of them ports from *nix). I used to run it back in the Warp 3 days (around 1995). [rest snipped] I thought Civileme's post was brilliant. But regardless of whether she was a plant, she's abrasive, offensive, and utterly thankless to the Linux community as a whole. (Isolated thank yous on the list doesn't count.) The Linux community (and especially the Newbie Mandrake community) requires an attitude support, cooperation, and thankfulness. To miss on any of these three things just drags us down, and introduces FUD. We don't need that, and as Civileme did so skillfully, we need to set it straight when it creeps in. Bravo, Civileme. Miark
Re: [newbie] Internet Security -J.Miner and Microsoft
But regardless of whether she was a plant, she's abrasive, offensive, and utterly thankless to the Linux community as a whole. (Isolated thank yous on the list doesn't count.) And you sir are very close minded. You don't want to listen to new ideas and thinking if they don't fall into your narrow guidelines. I have reason to suspect that you would be perfectly happy if Linux remained an elite OS out of the reach of the average user putting yourself on some sort of pedestal. Sorry I don't deal well with snooty I'm better then you types. Judith gave the list some constructive criticism in hopes I'm sure that the right people might be listening. I distinctly remember her thanking the community for all the work that has been done and credited the community with developing a system with great potetial. Maybe not an exact quote but I think the meaning was close. All things change. They get better or get worse and/or die eventually. I believe the community knows this and realizes that Linux's future depends on innovation and new ideas and thinking. With that said I wouldn't be surprised if this community desires me to leave, but that's ok for I don't desire to be somewhere where speaking out for your convictions and ideas is not acceptable. Tazmun
Re: [newbie] Internet Security -J.Miner and Microsoft
On Monday 09 July 2001 15:22, you wrote: But regardless of whether she was a plant, she's abrasive, offensive, and utterly thankless to the Linux community as a whole. (Isolated thank yous on the list doesn't count.) And you sir are very close minded. You don't want to listen to new ideas and thinking if they don't fall into your narrow guidelines. I have reason to suspect that you would be perfectly happy if Linux remained an elite OS If you are applying this to all of the list members you are very much mistaken. I, for example turned to Linux a couple of years ago purely because I wanted something new out of computing, I didn't want shrink wrapped software that in a lot of cases didn't live up to it's media hype. I wanted to learn and have learnt a lot, mainly thanks to people on this list but also because I am not afraid to pick up a book and read. If I considered myself to be elite or part of an elite group I would hardly be writing now on a newbie group. out of the reach of the average user putting yourself on some sort of pedestal. Sorry I don't deal well with snooty I'm better then you types. Your insult is noted and I don't deem it worthy of a considered reply. Judith gave the list some constructive criticism in hopes I'm sure that the right people might be listening. They are, but not even Microsoft would make a modification/bug fix for one person overnight, Linux is new and growing, change takes time. When I started it took me 2 days to install and set up properly - that isn't any sort of elitist comment, I mention it to illustrate how far it has come in a short time, this has come about by requests for change, constructive criticism etc. Don't forget that most of the work on Linux is done by unpaid volunteers, people like you and me who can and do make contributions - but these volunteers have studies/employment to consider and can only devote a limited amount of time to Linux. Companies such as Mandrake are small, very few paid employees - the resources aren't there as they are with Microsoft, IBM and others who can release a team of programmers to deal with a specific matter. I distinctly remember her thanking the community for all the work that has been done and credited the community with developing a system with great potetial. Maybe not an exact quote but I think the meaning was close. All things change. They get better or get worse and/or die eventually. I believe the community knows this and realizes that Linux's future depends on innovation and new ideas and thinking. With that said I wouldn't be surprised if this community desires me to leave,but that's ok for I don't desire to be somewhere where speaking out for your convictions and ideas is not acceptable. That's up to you, nobody will ask you to leave, the thing about Linux is it's free, to quote as in speech, not beer you have your right to free speech and you have your views which may be criticised openly, even rudely perhaps, but they will be respected. Tazmun Sorry this is reply is badly edited, I don't do rant very well grin -- Poogle Registered Linux user 182657 (added to sig for the benefit of those irritated by it)
Re: [newbie] Internet Security -J.Miner and Microsoft
And you sir are very close minded. You don't want to listen to new ideas and thinking if they don't fall into your narrow guidelines. Ideas were not at all the subject of my e-mail. I was speaking to _attitude_. Miark
Re: [newbie] Internet Security -J.Miner and Microsoft
Miark wrote: I initially thought that Civileme's post was just a bit over the top. After reading this, however, I think he was pretty-much spot-on. I suggest that if Judith wants something more like Windows, she have a look at other OSs like MacOS, OS/2 or BeOS. OS/2 is a single-user OS, and it has quite a few good applications written for it (many of them ports from *nix). I used to run it back in the Warp 3 days (around 1995). [rest snipped] I thought Civileme's post was brilliant. But regardless of whether she was a plant, she's abrasive, offensive, and utterly thankless to the Linux community as a whole. (Isolated thank yous on the list doesn't count.) The Linux community (and especially the Newbie Mandrake community) requires an attitude support, cooperation, and thankfulness. To miss on any of these three things just drags us down, and introduces FUD. We don't need that, and as Civileme did so skillfully, we need to set it straight when it creeps in. Bravo, Civileme. Miark I second that. Good feedback from Civileme. Hang in there, you're doing a great job. Roman Registered Linux User #179293 su is not the root of your problem but the start of a new journey
Re: [newbie] Internet Security
On Saturday 07 July 2001 09:52 pm, Judith Miner wrote: DrakConf shows iptables as stopped and there is no way I can get it running. I have it selected to run at boot, like the other services. Makes no difference. iptables is always listed as stopped. If I click on start, nothing happens. I believe this is normal. IOW's iptables isn't a running service all the time, it just needs to be available. You should have these binaries in /sbin : iptables* iptables-restore* iptables-save* Also go thru the docs in file:/usr/share/doc/mandrake/en/user.html/bastille.html and you'll see screenshots of what you should be seeing. That file is not on my computer. I believe it is part of mandrake-doc, which I have tried to install numerous times and it WILL NOT install. Somethin's wrong with your hardware or the CD's you've got? I did 8.0 updates immediately after installing, so maybe an update fixes your problem (?) always get the informative error message Installation failed. Nothing else. Um, WHY did it fail? C'mon, Linux, help me out here! I copied the file from the CD to my hard drive; sometimes that helps. Not this time, though. So where can I try to get another copy of this file? You can get any file Mandrake ships with from any of the ftp mirrors. mandrake_doc-en-8.0-2mdk provides the bastille docs medium security has little or nothing to do with being able to get thru a thoro port scan with all ports invisible/filtered. What does medium security have to do with, then? I'd think making ports invisible is pretty universal to security. If it's just internal network stuff, Yes, mostly, at least as I understand it. I know that you can have your security setting at the lowest, and still pass a port scan with a proper firewall. Also that setting your security level to the highest, but without a firewall, won't get you past a port scan. I may as well not bother with it because nobody else has access to my computer. My only concern is Internet security. If Bastille won't close my ports, what will? You have to have open ports to run your system and get on the Net. What you don't want is for those ports to be seen or accessible by others. ( and that about sums up my security expertise ;) I don't know what else to suggest. You're gonna have to get DrakConf - Security - Firewalling functioning to setup a firewall. I suppose you could script a firewall manually if you were a iptables guru (but I'm not). Try su'ing to root in a terminal and running DrakConf that way. Might work, or at least spit out some error messages. You are using a 2.4.x kernel with iptables, right? -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Internet Security -J.Miner and Microsoft
-Mensagem Original- De: civileme [EMAIL PROTECTED] Para: Judith Miner [EMAIL PROTECTED]; [EMAIL PROTECTED] Enviada em: domingo, 8 de julho de 2001 04:27 Assunto: Re: [newbie] Internet Security And despite the fact that I enjoy your posts, this is my last one to you and note it is on-list. It occurs to me that if you are a Microsoft shill, or executive, that you could be a lot more productive to your company by wasting my time than you could be by being negative on the newbie list. Civileme Interesting ... I had just written an e-mail congratulating Judith on her posts. After reading yours, tough, I must admit they do make some sense...and I haven't seen a reply of hers to your post. I would give a most outraged reply if I were mistaken with a Microshaft plant. And it looks weird to me that she doesn't know how to get the cedille, yet she knows so much about other things. I'm still not convinced she is a plant, tough. Time will tell. On the other hand, I guess that her posts didn't manage to scare anyone, if that was her intention. That linux needs to get easier to configure if it wants to atract Window$ users is a fact. Mandrake has gone a long way towards it by making the installation process easy- it is, in fact much easier and quicker than window$. But there is still work to be done, as I pointed in my last post. Will it be done? It depends on the community attitude towards new users, and their ability to handle micoshaft attacks, which will increase from now on. And it seems that the attacks can be very violent and unexpected indeed... --Jeferson L. Zacco aka Wooky [EMAIL PROTECTED] Linux registered user #221896 - Computers are used to solve problems that wouldn't exist if computers weren't invented in the first place.
Re: [newbie] Internet Security -J.Miner and Microsoft
Jeferson Lopes Zacco wrote: -Mensagem Original- De: civileme [EMAIL PROTECTED] Para: Judith Miner [EMAIL PROTECTED]; [EMAIL PROTECTED] Enviada em: domingo, 8 de julho de 2001 04:27 Assunto: Re: [newbie] Internet Security And despite the fact that I enjoy your posts, this is my last one to you and note it is on-list. It occurs to me that if you are a Microsoft shill, or executive, that you could be a lot more productive to your company by wasting my time than you could be by being negative on the newbie list. Civileme Interesting ... I had just written an e-mail congratulating Judith on her posts. After reading yours, tough, I must admit they do make some sense...and I haven't seen a reply of hers to your post. I would give a most outraged reply if I were mistaken with a Microshaft plant. And it looks weird to me that she doesn't know how to get the cedille, yet she knows so much about other things. I'm still not convinced she is a plant, tough. Time will tell. On the other hand, I guess that her posts didn't manage to scare anyone, if that was her intention. That linux needs to get easier to configure if it wants to atract Window$ users is a fact. Mandrake has gone a long way towards it by making the installation process easy- it is, in fact much easier and quicker than window$. But there is still work to be done, as I pointed in my last post. Will it be done? It depends on the community attitude towards new users, and their ability to handle micoshaft attacks, which will increase from now on. And it seems that the attacks can be very violent and unexpected indeed... --Jeferson L. Zacco aka Wooky [EMAIL PROTECTED] Linux registered user #221896 - Computers are used to solve problems that wouldn't exist if computers weren't invented in the first place. I have been following Judith Miner's email posts since 1996 through the her Wordstar postings on another news group. It appears that she is not new to the Microsoft Windows OS. This goes back as far as Windows 3.11 and DOS. I don't know if she is really who she says she is... but she has been pi**ssing off at lot of people over the years. She is well known through other newsgroups. My comments are not because I think I'm better than she is nor am I a Linux elitist or guru. However, almost every post on our news group is a lecture on how Linux has not been geared to the normal person who doesn't understand command lines. Well, I say, rather than being spoon fed - as you did with Windows, try the GUI. If you do not understand the command lines, read a good book on Linux(remember books?). If there's something you don't like in the Linux OS, change it. I read that you have a lot experience with the Windows OS. Are you telling us that you learned this all without reading a single Windows or DOS book? This is BS. On one hand, you show a lot of knowledge about TCP/IP but turn around and talk through both sides of your mouth about no knowledge on fire walling etc. etc. etc. Poor me, I am a normal Windows user wanting to be a normal Linux User. Rather than spending time typing up many emails, why don't you provide a wish list to Mandrakesoft for them to review. Or, try another flavor of Linux such as Caldera? I'm sure a lot of your ideas are already in the works, and will be addressed in their future releases. Rather than checking a web page that doesn't necessarily have all of the answers, start reading a book about Linux. I am just a normal user of Linux, who happens to have Windows NT4 installed on another partition for other softwares that will NOT run on Linux. Either way, we encourage any one's constructive input. Roman Registered Linux User #179293 su is not the root of your problem but the start of a new journey
Re: [newbie] Internet Security -J.Miner and Microsoft OT
On Sunday 08 July 2001 20:17, you wrote: On Sunday 08 July 2001 05:43 pm, Romanator wrote: Tom Brinkman wrote: *_In spite of_* an increasing ignorance and/or preference of Lusers to add closed source/binary only apps and (win)hardware into the mix. (yeah, I'm diggin at y'all nVidia folks again ;) Hey Tom, I have an NVIDIA card and works great. What can I say, it came with the computer. Yeah, an I'm on the crux of gettin a GeForce too. At least I'm aware of the repercussions tho. Like I said, life's about choices ; It's a damn shame that Billy Goat and Dell, et al, put us in this position. Still, if the GeForce creates problems, they're User induced. I'll be the responsible culprit. In the meantime, this ol' (open source) pci Voodoo3 runs like heck on a supposedly buggy IDE-VIA kt133a chipset with a Tbird at 1.5+gig :) At least with the V3 oc'd. FS2000 fps in Winblows (which is all I use it for anymore) runs with all display options maxed, thunder lighting and rain, at 800 feet AGL over very dense scenery with 50+ fps :) Windoze is for kids, an I'm just a big kid ;~ ... out of the clear blue western sky comes Sky King!! :)) FlightGear's not quite ready for prime time. If you know who Sky and Penny are, ever saw the TV show, then ignore my message. Why worry 'bout anything anymore? Be happy, just never use any M$ products to connect to the Net, no matter how well you believe they can be secured, or how old you are. YMMV ;)) OOh! Sky King, I had a crush on Penny. Always wanted to fly after that show. Dated aren't we. -- Dennis M. registered linus user #180842
Re: [newbie] Internet Security -J.Miner and Microsoft
Tom Brinkman wrote: On Sunday 08 July 2001 05:43 pm, Romanator wrote: Tom Brinkman wrote: *_In spite of_* an increasing ignorance and/or preference of Lusers to add closed source/binary only apps and (win)hardware into the mix. (yeah, I'm diggin at y'all nVidia folks again ;) Hey Tom, I have an NVIDIA card and works great. What can I say, it came with the computer. Yeah, an I'm on the crux of gettin a GeForce too. At least I'm aware of the repercussions tho. Like I said, life's about choices ; It's a damn shame that Billy Goat and Dell, et al, put us in this position. Still, if the GeForce creates problems, they're User induced. I'll be the responsible culprit. In the meantime, this ol' (open source) pci Voodoo3 runs like heck on a supposedly buggy IDE-VIA kt133a chipset with a Tbird at 1.5+gig :) At least with the V3 oc'd. FS2000 fps in Winblows (which is all I use it for anymore) runs with all display options maxed, thunder lighting and rain, at 800 feet AGL over very dense scenery with 50+ fps :) Windoze is for kids, an I'm just a big kid ;~ ... out of the clear blue western sky comes Sky King!! :)) FlightGear's not quite ready for prime time. If you know who Sky and Penny are, ever saw the TV show, then ignore my message. Why worry 'bout anything anymore? Be happy, just never use any M$ products to connect to the Net, no matter how well you believe they can be secured, or how old you are. YMMV ;)) -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay By the way, I reran my port scan and I passed with flying colors(I had to reinstall using Reiser FS). I like it. I remember Sky King, Sky and Penny. Boy, that brings back memories. However, I've been trying to avoid M$ products. I can't believe how the market has been saturated with junky hardware. Roman Registered Linux User #179293 su is not the root of your problem but the start of a new journey
Re: [newbie] Internet Security -J.Miner and Microsoft
Tom Brinkman wrote: On Sunday 08 July 2001 11:40 am, Jeferson Lopes Zacco wrote: That linux needs to get easier to configure if it wants to atract Window$ users is a fact. Most all 'computer' problems are/or, at least I've found it's best for me, should be approached as User, then Hardware, then (any) OS. Also, I'm not hearing anything about the fact that we use GNU/Linux in this thread. Linux is only the kernel, everything else is GNU contributed proccesses and apps written to run on it. It's obvious (at least to me ;) that distros like RH, SuSe, and specially Mandrake have made great strides in gathering together these apps/proccesses, and 'user friendliness' configuration and coordination tools in just the past few years. *_In spite of_* an increasing ignorance and/or preference of Lusers to add closed source/binary only apps and (win)hardware into the mix. (yeah, I'm diggin at y'all nVidia folks again ;) It's to the point where I believe Linux has far surpassed any M$ offering in ease of installation and use by computer users on *real* computers. Those that insist on approaching their use of the computer problems as OS, then hardware, and lastly themselves will always have the hardest time ... _any OS_. In this I cite the use of non-(win) -hardware as the users fault. One very important exception to my above rants is security. Then if you're a M$ (OS, or applications for it) user, blame the OS first ;) Mainly because it's all closed, binary only ... and there's no viable way to secure and administer it. It's win-hard/software! So I pose the question... why the need for this seemingly absurd (to me anyhow) desire for Linux to attract Winblows users? Why add people who, usually in ignorance, sometimes arrogance, most often blame the OS for their problems to the Linux base of users? They could only be part of the problem, not the solution! Seems to me we already gotten a large recent influx who want to approach problems back'a$$wards as OS, hardware, but not themselves. Life's about choices, YMMV -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay Hey Tom, I have an NVIDIA card and works great. What can I say, it came with the computer. Roman Registered Linux User #179293 su is not the root of your problem but the start of a new journey
Re: [newbie] Internet Security
On Saturday 07 July 2001 11:55 am, Judith Miner wrote: Tom wrote: In DrakConf, click on Security, then on Firewalling. You'll be asked a few simple easy questions. Most often the default answer is appropriate and already selected. When you're done it will configure 8.0's iptables and start your firewall for you. I've tried that--MANY times. When I click on Configure in Firewalling, it shows a small window titled tinyfirewall and says something about checking installed components. The small window disappears and I'm left with the same Configure screen. You either have an incomplete installation, or you don't have the necessary services running (eg, iptables, check DrakConf). Also go thru the docs in file:/usr/share/doc/mandrake/en/user.html/bastille.html and you'll see screenshots of what you should be seeing. It disturbs me that BastilleChooser on medium security medium security has little or nothing to do with being able to get thru a thoro port scan with all ports invisible/filtered. -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Internet Security
Thanks for your suggestions, Dennis. Judy, a much better way to do this is to bring up a su console and at the prompt do cd /usr/sbin then at the prompt type in InteractiveBastille without the quotes and with the caps as shown. A setup gui will start with some pretty good explanation of what is being done and why. I've tried that (tried it again a few minutes ago, in fact) and I CANNOT comprehend the questions and the explanations. I can't answer if I don't understand what Bastille proposes. I don't know what they are talking about, most of the time. I do not have any files explaining Bastille on my computer. The Security and Firewall sections of DrakConf do nothing. Something seems to be amiss, but I can't discover what it is or what to do about it. InteractiveBastille is *not* a tool for the nontechnical person. I'm lost at the first screen! It tells me something about a script for firewalling and hints I'll have to install it myself. Ha! What? Where? How? I've read the text file that is what appears on screen and it gets worse and worse as it goes on. I could go into a little more detail than BastilleChooser does, but InteractiveBastille is a lost cause. --Judy Miner
Re: [newbie] Internet Security
Thanks for trying to help, Tom. You either have an incomplete installation, or you don't have the necessary services running (eg, iptables, check DrakConf). I have iptables and everything for Bastille listed as installed in Software Manager. I uninstalled iptables and reinstalled it, to make sure I had all the necessary dependencies. Made no difference. DrakConf shows iptables as stopped and there is no way I can get it running. I have it selected to run at boot, like the other services. Makes no difference. iptables is always listed as stopped. If I click on start, nothing happens. Also go thru the docs in file:/usr/share/doc/mandrake/en/user.html/bastille.html and you'll see screenshots of what you should be seeing. That file is not on my computer. I believe it is part of mandrake-doc, which I have tried to install numerous times and it WILL NOT install. I always get the informative error message Installation failed. Nothing else. Um, WHY did it fail? C'mon, Linux, help me out here! I copied the file from the CD to my hard drive; sometimes that helps. Not this time, though. So where can I try to get another copy of this file? I am left with BastilleChooser because I absolutely do not understand the questions InteractiveBastille asks. I can't answer the questions if I have no clue what they're asking. medium security has little or nothing to do with being able to get thru a thoro port scan with all ports invisible/filtered. What does medium security have to do with, then? I'd think making ports invisible is pretty universal to security. If it's just internal network stuff, I may as well not bother with it because nobody else has access to my computer. My only concern is Internet security. If Bastille won't close my ports, what will? Any ideas what I can try next? --Judy Miner
Re: [newbie] Internet Security
On Tue, 3 Jul 2001 21:57:44 -0400 Judith Miner [EMAIL PROTECTED] wrote: S'ok - we've all been here at some point GGrin that had something to do with mail transport. So okay, some progress. At sdesign.com I had fewer ports open than I did before, but I'm still seeing open ports at 631 (tcp) and 6000 (tcp X11). Port 631 is your Cups printer Daemon and 6000 is part of your GUI setup I got the same results whether I went online as root or as user. How can I get those ports closed? Clear directions much appreciated! If you tell me exactly where to look and what to edit, I can do it, but I can't figure it out on my own. I'm not sure about the results of cups the port being closed, but as I understand closing the X11 port with have a sortakindlikeabit deretorious effect on your preference for the GUI (um - won't work) g It's a real ring-a-round - if you want to close/disable 631 completely, you might well wind up removing the cups systems and installing the 'old' lpr/lpd' system - others will correct me on this issue. I tried to run the interactive Bastille but I didn't understand the options and the explanations were much too sketchy. I don't like to make decisions like that when I don't understand what I'm doing. So I ran BastilleChooser instead and figure it's better than nothing. Why isn't Bastille on medium security closing all my ports? I agree with these comments. Part of the problem with many applications we try to use when we are unfamiliar with them is the on-screen instruction. Remember that very many of the applications developers do not use English (which-ever flavour) as their first language and as a result many messages are rather obscure. I don't have a work around for this. I use the firewalling which is accessed from the Mandrake Control Centre. It is a subset of Bastille and unless one is totally paranoid about security, I feel it is quite adequate for the 'average home user' (which included me). Have you taken a look at that yet, I know there's a great deal to learn here and I suspect that you, like many other on the list, will eventually get there. There are a good many books out there which are very helpful - one which I found useful when I was first starting was:Sams Teach Yourself Linux in 10 minutes which cost me about $US10. It's 200-page paperback which helps with much of the 'basic' stuff. If you want to get more detail then look at the O'Rielly titles in your local book-store. _BUT_ bear in mind that many of the books out there are written around the Redhat distributions and may not be exactly what you are looking for. Look at this way (Comment from mere male) The diff between RH and LM is much the same as the difference between a couple od say Microwave ovens - they do the same job - it's just that the controls are different. Cheers John -- The number of UNIX installations has grown to 10, with more expected (The UNIX Programmer's Manual, 2nd Edition, June 1972.) Registered Linux User: 102826
Re: [newbie] Internet Security
Here's what I did... I edited the file '/etc/rc.d/rcfirewall', and added rules for the services that i required, or wanted to block... It was in the form: ipchains {rule.} ipchains {rule...} etc., etc. Try man ipchains and/or search the web for sample rcfirewall scripts, and how to create them. Might be of use... note: I now use an old machine (486) with smoothwall installed on it, and it sits between my local machines and the outside world.. Way easier ;) Might still have the file somewhere, I'll have a look G - Original Message - From: Judith Miner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 04, 2001 2:57 AM Subject: [newbie] Internet Security First of all, thanks to everyone who shared their opinions on working as root. I've printed out a bunch of messages and will be digesting them as time allows. For those who wondered why I need to be root so often, it's because I'm still very much involved in getting the system set up, installing programs, etc., and it seems I have to be root in order to do a lot of what needs to be done. Once the system is complete and has a chance to settle, I can handle working as user. But for now, it is very inconvenient. My priorities now are first, to firm up my Internet security; second, to get my Type 1 fonts working and available to applications; third, to figure out what's going on with the printers. Today I worked on Internet security. I tried some of the things suggested and frankly, I don't have a clue. I don't understand the directions, I can't find some of the things suggested, I can't deal with scripts, I don't have six months to take a course.g I read the How To's on network security and firewalls and they descended into geekspeak much too fast and far too deeply and I was lost. Remember, I'm your test case--the Windows user who wants to say good-bye to Microsoft but does not want to and will not become a command line/console sort of gal. Mandrake 8 claims to have me in mind.g Since I was stumped by the console approach, here's what I did in desperation to get my ports closed on the Internet. I ran draksec as root from a command line and when it came up, I set my security to Medium. I also ran BastilleChooser and picked the Medium level, no server option. Then I went on the Web and back to grc.com and sdesign.com to test my ports. At grc.com all my ports were closed, which was an improvement from when I tested before and my SMTP port was reported open. I turned off some startup process or whatever it's called that had something to do with mail transport. So okay, some progress. At sdesign.com I had fewer ports open than I did before, but I'm still seeing open ports at 631 (tcp) and 6000 (tcp X11). I got the same results whether I went online as root or as user. How can I get those ports closed? Clear directions much appreciated! If you tell me exactly where to look and what to edit, I can do it, but I can't figure it out on my own. I tried to run the interactive Bastille but I didn't understand the options and the explanations were much too sketchy. I don't like to make decisions like that when I don't understand what I'm doing. So I ran BastilleChooser instead and figure it's better than nothing. Why isn't Bastille on medium security closing all my ports? Thanks very much for any help you can give. --Judy Miner
Re: [newbie] Internet Security
I tried to run the interactive Bastille but I didn't understand the options and the explanations were much too sketchy. I don't like to make decisions like that when I don't understand what I'm doing. So I ran BastilleChooser instead and figure it's better than nothing. Why isn't Bastille on medium security closing all my ports? I tried to set up a firewall with Bastille, and it locked up so many things that I ended up booting failsafe to remove it all. Then I went back to pmfirewall and ipchains, and things are pretty safe again now. :) Paul
RE: [newbie] Internet Security some iphains stuff... simple explanation
Hi Judith,, rather then comment on the command stuff that the other responses are focusing on, I will try to help you out in my megre way... first, what type of connection do you have? cable, ppp (dialup) ADSL all can require different answers.. The problem is that I do everything with IPCHAINS, and because you have IPtables, it is different and not compatable, although the syntax is similiar, This is an IPchain rule to open a port.. /sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255 80 -j ACCEPT That basically means allow all tcp connections from 0/0 (anywhere) to 123.123.123.245/255.255.255.255 (your ip and subnet) on port 80,, so that means with this ipchains rule, it will open port 80... if you change the -j (which bascially means jumpto and is essentially what you want to do with the packet... so change it to DENY and you have locked that port.. and if you put a -l after it, it will log it also.. /sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255 80 -j DENY -l brief breakdown,,, -A means append a new rule... -p means what protocol, in the above example its tcp -s means source,, where the packet came from,,, (so 0/0 means it doens't matter where it came from) -d means destination, where the packet was heading to,, (hense specifing your IP) -j is the target, or what to do with the packet... (hence DENY, ACCEPT REJECT.. etc..) -l log the packets Then you would add this rule to the bottom of your rc.local file,,, or where ever your other firewall scripts put them.. so in your case, assuming you had ipchains and not iptables, (IPTABLES is newer and in some ways better, (ie simplier) to use) you could add the rules as follows... /sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255 631 -j DENY -l /sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255 6000 -j DENY -l so now,, all you have to do is convert them to IPTABLES and add them to your rules and you are set... I might that ipchains and iptables are kernel filtering,, they are much better then the windows variants, and that is why they are alittle more daunting at first,, I ran bastille ages ago, and had the same problem, back then I didn't know wether or not to have stuff open or closed... Thats why I liked pmfirewall back then, it asks you questions and writes the rules based on your suggestions... and it suggests stuff like closing 6000... anyway, I apologise for not being able to be more specific to your problems, but there are a few sites out there that can tell you how to convert IPCHAINS to IPTABLES, and if you find one of them, you should be fine... (or you can set your box up to use ipchains instead, but thats more hassle then converting to iptables. regards Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Judith Miner Sent: Wednesday, 4 July 2001 9:58 AM To: [EMAIL PROTECTED] Subject: [newbie] Internet Security First of all, thanks to everyone who shared their opinions on working as root. I've printed out a bunch of messages and will be digesting them as time allows. For those who wondered why I need to be root so often, it's because I'm still very much involved in getting the system set up, installing programs, etc., and it seems I have to be root in order to do a lot of what needs to be done. Once the system is complete and has a chance to settle, I can handle working as user. But for now, it is very inconvenient. My priorities now are first, to firm up my Internet security; second, to get my Type 1 fonts working and available to applications; third, to figure out what's going on with the printers. Today I worked on Internet security. I tried some of the things suggested and frankly, I don't have a clue. I don't understand the directions, I can't find some of the things suggested, I can't deal with scripts, I don't have six months to take a course.g I read the How To's on network security and firewalls and they descended into geekspeak much too fast and far too deeply and I was lost. Remember, I'm your test case--the Windows user who wants to say good-bye to Microsoft but does not want to and will not become a command line/console sort of gal. Mandrake 8 claims to have me in mind.g Since I was stumped by the console approach, here's what I did in desperation to get my ports closed on the Internet. I ran draksec as root from a command line and when it came up, I set my security to Medium. I also ran BastilleChooser and picked the Medium level, no server option. Then I went on the Web and back to grc.com and sdesign.com to test my ports. At grc.com all my ports were closed, which was an improvement from when I tested before and my SMTP port was reported open. I turned off some startup process or whatever it's called that had something to do with mail transport. So okay, some progress. At sdesign.com I had fewer ports open than I did before, but I'm still seeing open
RE: [newbie] Internet Security
I thought I might comment here, it is quiet acceptable to close both cups and x11 on your external interface,, (ie the one that connects to the outside world, be it via ppp0,, eth0 or other, in fact, since you want neither X or cups linked to the outside world, its RECOMMENDED you do close them on the external interface closing them on all interfaces, particularly the interal ones,, is bad and will effect the services,, (ie they wont work) see my earlier email about ipchains... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Rye Sent: Wednesday, 4 July 2001 3:02 PM To: Judith Miner Cc: [EMAIL PROTECTED] Subject: Re: [newbie] Internet Security On Tue, 3 Jul 2001 21:57:44 -0400 Judith Miner [EMAIL PROTECTED] wrote: S'ok - we've all been here at some point GGrin that had something to do with mail transport. So okay, some progress. At sdesign.com I had fewer ports open than I did before, but I'm still seeing open ports at 631 (tcp) and 6000 (tcp X11). Port 631 is your Cups printer Daemon and 6000 is part of your GUI setup I got the same results whether I went online as root or as user. How can I get those ports closed? Clear directions much appreciated! If you tell me exactly where to look and what to edit, I can do it, but I can't figure it out on my own. I'm not sure about the results of cups the port being closed, but as I understand closing the X11 port with have a sortakindlikeabit deretorious effect on your preference for the GUI (um - won't work) g It's a real ring-a-round - if you want to close/disable 631 completely, you might well wind up removing the cups systems and installing the 'old' lpr/lpd' system - others will correct me on this issue. I tried to run the interactive Bastille but I didn't understand the options and the explanations were much too sketchy. I don't like to make decisions like that when I don't understand what I'm doing. So I ran BastilleChooser instead and figure it's better than nothing. Why isn't Bastille on medium security closing all my ports? I agree with these comments. Part of the problem with many applications we try to use when we are unfamiliar with them is the on-screen instruction. Remember that very many of the applications developers do not use English (which-ever flavour) as their first language and as a result many messages are rather obscure. I don't have a work around for this. I use the firewalling which is accessed from the Mandrake Control Centre. It is a subset of Bastille and unless one is totally paranoid about security, I feel it is quite adequate for the 'average home user' (which included me). Have you taken a look at that yet, I know there's a great deal to learn here and I suspect that you, like many other on the list, will eventually get there. There are a good many books out there which are very helpful - one which I found useful when I was first starting was:Sams Teach Yourself Linux in 10 minutes which cost me about $US10. It's 200-page paperback which helps with much of the 'basic' stuff. If you want to get more detail then look at the O'Rielly titles in your local book-store. _BUT_ bear in mind that many of the books out there are written around the Redhat distributions and may not be exactly what you are looking for. Look at this way (Comment from mere male) The diff between RH and LM is much the same as the difference between a couple od say Microwave ovens - they do the same job - it's just that the controls are different. Cheers John -- The number of UNIX installations has grown to 10, with more expected (The UNIX Programmer's Manual, 2nd Edition, June 1972.) Registered Linux User: 102826
Re: [newbie] Internet Security
On Tuesday 03 July 2001 08:57 pm, Judith Miner wrote: How can I get those ports closed? Clear directions much appreciated! If you tell me exactly where to look and what to edit, I can do it, but I can't figure it out on my own. In DrakConf, click on Security, then on Firewalling. You'll be asked a few simple easy questions. Most often the default answer is appropriate and already selected. When you're done it will configure 8.0's iptables and start your firewall for you. Then go to http://www.sdesign.com:8080/cgi-bin/fwtest.cgi for either a Basic or Complete scan. -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Internet Security
Paul wrote: I tried to run the interactive Bastille but I didn't understand the options and the explanations were much too sketchy. I don't like to make decisions like that when I don't understand what I'm doing. So I ran BastilleChooser instead and figure it's better than nothing. Why isn't Bastille on medium security closing all my ports? I tried to set up a firewall with Bastille, and it locked up so many things that I ended up booting failsafe to remove it all. Then I went back to pmfirewall and ipchains, and things are pretty safe again now. :) Paul Rather than using Bastille, I installed ipchains and ran a port scan with flying colours. Roman Registered Linux User #179293 This email is powered by the Tux Email Utility
Re: [newbie] Internet Security
Remember, I'm your test case--the Windows user who wants to say good-bye to Microsoft but does not want to and will not become a command line/console sort of gal. Mandrake 8 claims to have me in mind.g While it's true that Mandrake may require less command line usage than other Linux distributions, I find it hard to imagine that MDK or anybody else would claim that you can avoid the command line altogether. And quite frankly, I don't know why you'd want to go without it. Linux is based on the command line. Its power and speed comes from the command line. Desktop interfaces are great, but you can't go without some understanding of Linux' blood and guts. Honestly, if you want to ditch M$ but aren't willing to become familiar with the command line, I think you should be looking at Macs rather than Linux. Don't get me wrong-I'm not trying to drive you away from Linux; I just think you seriously need to re-evaluate your attitude towards the command line. It can be demanding, but its really necessary, and well worth the trouble. So do the desktop thing, but don't cut yourself off from the command line. Miark
Re: [newbie] Internet Security
On Tue, 3 Jul 2001, Miark wrote: Remember, I'm your test case--the Windows user who wants to say good-bye to Microsoft but does not want to and will not become a command line/console sort of gal. Mandrake 8 claims to have me in mind.g While it's true that Mandrake may require less command line usage than other Linux distributions, I find it hard to imagine that MDK or anybody else would claim that you can avoid the command line altogether. And quite frankly, I don't know why you'd want to go without it. Linux is based on the command line. Its power and speed comes from the command line. Desktop interfaces are great, but you can't go without some understanding of Linux' blood and guts. Honestly, if you want to ditch M$ but aren't willing to become familiar with the command line, I think you should be looking at Macs rather than Linux. Don't get me wrong-I'm not trying to drive you away from Linux; I just think you seriously need to re-evaluate your attitude towards the command line. It can be demanding, but its really necessary, and well worth the trouble. So do the desktop thing, but don't cut yourself off from the command line. Miark I concur with Mark's assessment, Macs probably will be more one's cup of tea if one doesn't wish to use the command line. Almost necessary to at some point. -- Cheers, Steve - ICQ 35454764 Toronto
Re: [newbie] Internet security + Harddisk optimise danger + Wheel mouse.
I can address only one of the issues, and that is security. I have installed PMFirewall in the past, but now use Linux-Bastille. It is a free firewall and has a very nice gui for configuration. It will explain a bit about what each of the selections are about and advise what is the best thing to be done, although some choices may not fit your setup, in which case you can elect not to take the advice. Anyway it seems to be thorough and lets you know a lot more about what is going on than does PMFirewall. Current release is stable and is a final release candidate. Take a look at the website and then you can decide,http://www.bastille-linux.org/ Enjoy On Saturday 07 April 2001 22:21, you wrote: Hi, I've just installed Linux Mandrake 7.2. It's early days yet, but after years of frustration with that other poor excuse for an OS, I'm really looking forward to a stable, sensible environment. All is going well so far, but I do have a couple of concerns, mentioned below. I very much appreciate any advice from the list. -- Harddisk Optimise Danger -- During the installation, I selected 'Use harddisk optimisations', even though there was a warning about possible data corruption in some cases. Is there a real risk of data corruption ? If there is corruption, will it be immediately evident, or might my file system suddenly disappear 6 months down the track ? In case its relevant, my system has a Quantum Fireball Plus LM 15GB disk and a Pentium III 733MHz processor on a Gigabye GA-60XM7E (Intel 815E AGPset) motherboard. -- Internet Security -- Another concern I have is internet security, an issue I unfortunately know very little about. I use the internet throught a dialup connection (PPP) and browse/download with Netscape. I don't forsee any additional needs in the near future. I simply want to ensure that no one can "snoop/mess with" my system while I'm online. I've read a couple of earlier mail's on the subject and I will try the pmfirewall configured with all the defaults (except external interface which I'll set to ppp0), in conjunction with portsentry. I hope this will do the job ? I am not altogether sure what command line arguments I should pass to portsentry or what mode to start it in. Also, can I automate the process of starting portsentry, so that it will be running whenever I make a PPP connection (I understand that pmfirewall does this somehow) ? -- Wheel Mouse -- I have a Trekker Wheel mouse, but haven't been able to configure my system to recognise it. The mouse works fine, as a two-button mouse, under the default configuration, but I've found the wheel/third button very useful under Windows. Does Linux support the wheel, and if so, how might I configure the system to use it ? If there are any other important first steps I should take after a fresh installation, I'd like to hear of them. I think updating the RPM's might be something to look into, but I want to be sure of my internet security before I spend too much time downloading. Thanks for any advice, regards, Charlie. -- Dennis M. registered linux user # 180842