> It is the bind 1:8.2.3-0.potato.1
> Is there any fixes/know problems to this version?
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=bind
>From a security standpoint there are always problems with bind, but no
matter, there are much better DNS servers out there. I believe I saw
maradns enter
I have some problems on one server.
Some times bind doesn't respond any more until it is restarted.
Then I only see domain traffic outgoing, not incoming and no reponses from
others servers.
It is the bind 1:8.2.3-0.potato.1
Is there any fixes/know problems to this version?
--
Carlos Barros.
> It is the bind 1:8.2.3-0.potato.1
> Is there any fixes/know problems to this version?
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=bind
>From a security standpoint there are always problems with bind, but no
matter, there are much better DNS servers out there. I believe I saw
maradns enter
I have some problems on one server.
Some times bind doesn't respond any more until it is restarted.
Then I only see domain traffic outgoing, not incoming and no reponses from
others servers.
It is the bind 1:8.2.3-0.potato.1
Is there any fixes/know problems to this version?
--
Carlos Barros.
On Wed, 30 May 2001, Aaron Dewell wrote:
>
> Having a crypto install option (even if it's a little more complex to
> get) is still better than not having one.
I agree. I just wanted to remind people that we would need two sets of
install disks if we were to bundle crypto into the installation p
Having a crypto install option (even if it's a little more complex to
get) is still better than not having one.
At this point, all one can do is encrypt a filesystem off of a non-
encrypted root partition. Like removable media or something else that
is mounted by hand. There are some logistical
On Wed, 30 May 2001, Zak Kipling wrote:
> Although in some countries (eg Britain) you can be required by law to
> disclose the decryption keys, and imprisoned if you fail to do so. The
> only way around this is to use a steganographic approach where, in the
> absence of the passphrase for a given
On Wed, 30 May 2001, Aaron Dewell wrote:
>
> Having a crypto install option (even if it's a little more complex to
> get) is still better than not having one.
I agree. I just wanted to remind people that we would need two sets of
install disks if we were to bundle crypto into the installation
Having a crypto install option (even if it's a little more complex to
get) is still better than not having one.
At this point, all one can do is encrypt a filesystem off of a non-
encrypted root partition. Like removable media or something else that
is mounted by hand. There are some logistica
On Wed, May 30, 2001 at 11:55:33AM +0200, kjfsgjks ksjgkfhfd wrote:
>
> >- use things like tripwire (but that?s only 100% safe if you set it up
> > before the machine?s connected to the net the first time)
> Yeah I wanted to do that, but unfortunately I already had it connected for
> like 24h o
On Tue, May 29, 2001 at 11:54:29PM -0800, Ethan Benson wrote:
> trouble is when your dealing with corrupt/fascist/evil
> government/regimes encryption isn't going to do you much good, either
> they will throw you in prison for refusing to disclose the decryption
> key or worse they will use methods
> >Sounds like you've almost everything covered. About the only things I
> >could recommend would be to run nessus against yourself and install
> >snort in IDS mode.
> I could try that, I'd have to look up some info on the program. I assume
> nessus checks for known vulnerabilities? Sounds ok, neve
On Wed, 30 May 2001, Zak Kipling wrote:
> Although in some countries (eg Britain) you can be required by law to
> disclose the decryption keys, and imprisoned if you fail to do so. The
> only way around this is to use a steganographic approach where, in the
> absence of the passphrase for a given
On Wed, May 30, 2001 at 02:30:48AM -0700, Jon Leonard wrote:
> I'm not aware of any actual implementations, unfortunately.
Rubberhose, www.rubberhose.org, implements deniable crypto,
exactly as you described.
--Jim
--
Jim Zajkowski
System Administrator
ITCS Contract Services
On Wed, May 30, 2001 at 11:55:33AM +0200, kjfsgjks ksjgkfhfd wrote:
>
> >- use things like tripwire (but that?s only 100% safe if you set it up
> > before the machine?s connected to the net the first time)
> Yeah I wanted to do that, but unfortunately I already had it connected for
> like 24h
On Tue, May 29, 2001 at 11:54:29PM -0800, Ethan Benson wrote:
> trouble is when your dealing with corrupt/fascist/evil
> government/regimes encryption isn't going to do you much good, either
> they will throw you in prison for refusing to disclose the decryption
> key or worse they will use method
> >Sounds like you've almost everything covered. About the only things I
> >could recommend would be to run nessus against yourself and install
> >snort in IDS mode.
> I could try that, I'd have to look up some info on the program. I assume
> nessus checks for known vulnerabilities? Sounds ok, nev
it should also be possible to include basic network support
into the initrd to enable 'entering' a password remote.
we can't support all methods allowed by /etc/network/interfaces
(ppp/wvdial should be omitted..) but static/dhcp/bootp are
possible.
there authorization process could beneath readin
On Wed, May 30, 2001 at 12:17:35PM +0900, Curt Howland wrote:
> [cut]
> but that only works at startup. if the system is running,
> having the entire disk encrypted is no different than the
> fact it's all in hex already. an individual user based
> encryption means all you have to do is logout, no
On Tue, May 29, 2001 at 08:02:50PM -0700, Paul Lowe wrote:
> I like this. Would it be difficult to modify Debian, so that
> upon install, it creates an encrypted root volume and starts
> things off the right way?
3 things are needed to that upon installation:
- losetup -e /dev/loop0 /dev/
(for
On Wed, May 30, 2001 at 10:46:19AM +0200, Jan Niehusmann wrote:
> On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
> > Couldn't you say something like "I'm so sorry, I can't remember the pass
> > phrase, my mind has failed me...etc?"
> What about a more provable approach:
>
> Th
On Wed, May 30, 2001 at 02:30:48AM -0700, Jon Leonard wrote:
> I'm not aware of any actual implementations, unfortunately.
Rubberhose, www.rubberhose.org, implements deniable crypto,
exactly as you described.
--Jim
--
Jim Zajkowski
System Administrator
ITCS Contract Services
--
To UNSUBSC
it should also be possible to include basic network support
into the initrd to enable 'entering' a password remote.
we can't support all methods allowed by /etc/network/interfaces
(ppp/wvdial should be omitted..) but static/dhcp/bootp are
possible.
there authorization process could beneath readi
From: "Ingmar Schrey" <[EMAIL PROTECTED]>
Real system administrators are a bit paranoid I´m told...
...so that´s ok I think. ;)
hehe they *made* me paranoid!
- use things like tripwire (but that´s only 100% safe if you set it up
before the machine´s connected to the net the first time)
Yeah
On Wed, May 30, 2001 at 12:17:35PM +0900, Curt Howland wrote:
> [cut]
> but that only works at startup. if the system is running,
> having the entire disk encrypted is no different than the
> fact it's all in hex already. an individual user based
> encryption means all you have to do is logout, n
On Tue, May 29, 2001 at 08:02:50PM -0700, Paul Lowe wrote:
> I like this. Would it be difficult to modify Debian, so that
> upon install, it creates an encrypted root volume and starts
> things off the right way?
3 things are needed to that upon installation:
- losetup -e /dev/loop0 /dev/
(fo
On Wed, May 30, 2001 at 10:46:19AM +0200, Jan Niehusmann wrote:
> On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
> > Couldn't you say something like "I'm so sorry, I can't remember the pass
> > phrase, my mind has failed me...etc?"
> What about a more provable approach:
>
> T
On Wed, 30 May 2001, Jon Leonard wrote:
> I'm not aware of any actual implementations, unfortunately.
http://www.mcdonald.org.uk/StegFS/
On Wed, May 30, 2001 at 10:46:19AM +0200, Jan Niehusmann wrote:
> On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
> > Couldn't you say something like "I'm so sorry, I can't remember the pass
> > phrase, my mind has failed me...etc?"
>
> What about a more provable approach:
>
>
On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
> Couldn't you say something like "I'm so sorry, I can't remember the pass
> phrase, my mind has failed me...etc?"
What about a more provable approach:
The passphrase could be changed automatically on every system
boot, and the n
Couldn't you say something like "I'm so sorry, I can't remember the pass
phrase, my mind has failed me...etc?"
Are there real truth serums?
hehe,
Paul
Ethan Benson wrote:
> On Wed, May 30, 2001 at 03:01:17AM +0200, clemens wrote:
> >
> > SAWFASP^*
> >
> > as laws around the globe are forged to
On Wed, May 30, 2001 at 03:01:17AM +0200, clemens wrote:
>
> SAWFASP^*
>
> as laws around the globe are forged to weak personal privacy,
> police knocking on one's door, because of portscanning a
> previously hacked website, and - i don't have to tell those
> of you, which are reading slashdot -
On Tue, 29 May 2001 [EMAIL PROTECTED] wrote:
> I see it as more than this. I see it as ensuring that the data on the disk
> does
> not get accessed by anyone never intended to see it. (physically, of course).
> I guess this would mostly be cool for thwarting things like police raids,
Although in
>From: "Ingmar Schrey" <[EMAIL PROTECTED]>
>Real system administrators are a bit paranoid I´m told...
>...so that´s ok I think. ;)
hehe they *made* me paranoid!
>- use things like tripwire (but that´s only 100% safe if you set it up
> before the machine´s connected to the net the first time)
Y
On Wed, 30 May 2001, Jon Leonard wrote:
> I'm not aware of any actual implementations, unfortunately.
http://www.mcdonald.org.uk/StegFS/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, May 30, 2001 at 10:46:19AM +0200, Jan Niehusmann wrote:
> On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
> > Couldn't you say something like "I'm so sorry, I can't remember the pass
> > phrase, my mind has failed me...etc?"
>
> What about a more provable approach:
>
On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
> Couldn't you say something like "I'm so sorry, I can't remember the pass
> phrase, my mind has failed me...etc?"
What about a more provable approach:
The passphrase could be changed automatically on every system
boot, and the
I see it as more than this. I see it as ensuring that the data on the disk does
not get accessed by anyone never intended to see it. (physically, of course).
I guess this would mostly be cool for thwarting things like police raids,
servers vulnerable in remote locations (e.g. colocation, etc). My o
Couldn't you say something like "I'm so sorry, I can't remember the pass
phrase, my mind has failed me...etc?"
Are there real truth serums?
hehe,
Paul
Ethan Benson wrote:
> On Wed, May 30, 2001 at 03:01:17AM +0200, clemens wrote:
> >
> > SAWFASP^*
> >
> > as laws around the globe are forged t
On Wed, May 30, 2001 at 03:01:17AM +0200, clemens wrote:
>
> SAWFASP^*
>
> as laws around the globe are forged to weak personal privacy,
> police knocking on one's door, because of portscanning a
> previously hacked website, and - i don't have to tell those
> of you, which are reading slashdot
On Tue, 29 May 2001 [EMAIL PROTECTED] wrote:
> I see it as more than this. I see it as ensuring that the data on the disk does
> not get accessed by anyone never intended to see it. (physically, of course).
> I guess this would mostly be cool for thwarting things like police raids,
Although in s
41 matches
Mail list logo
