Michael,
As a Linux newbie(finally got ppp working after a year though I've
managed to have three distributions plus OS/2 3.0 running on my machine)
I appreciate the advice you handed out in this email.
I decided to take a shot at Linux because I was impressed by Unix(A
friend was giving me a tour around the EE Dept. at Michigan Tech; my
intro. Sun Sparc stations). I was not a computer person at the time; and
minimal programming experience. Linux would give me opportunities!
I did notice many suggestions concerning security and was a little lax,
but decided that with ppp now working I'd better follow acceptable
practice.
My interest in hacking comes from the perspective that the more I
understand the system the better I can head off the hacker. At this time
Linux is still a large question mark(I work in AutoCAD and
Microstation), which in itself me how far Linux has come from being
merely a hacker OS.
SuSE is my primary OS now, though I do like Debian, and I've tried to
follow their suggestions. And I appreciate hearing from people like you,
who take it seriously.
We just installed NT and a network where I work. It was unfortunate that
my knowledge of Linux and networking were so miniscual as I would loved
to have been able to demonstrate stability and security.
Until Linux is taken seriously by the general community of users it will
not be looked at seriously by the larger businesses. When it comes to
big money M$ "appears" to be the best choice. Mere impressions carry
over to reality in one's mind. If you had met Albert Einstein on the
street, not knowing, who he was, you would probably not thought much of
him. How wrong you would have been.
I was told last fall, by a friend, in not so many words, that I was
foolish to take any time with Linux as it has a bunch of "back doors"
left by programmers and was very dangerous from a security perspective.
I don't know that isn't true, so I must take every precaution I can.
I think Linux is worth it for I have access to some great apps; I've
wanted to learn C/C++ among others, not to mention some nice graphics
apps like The Gimp and Blender to name only two. I, for one, want to
enlarge my knowledge base, while contributing to the respectability of
Linux.
Just my two cents!
Happy New Year,
Bob
Powered by Linux
Michael Johnson wrote:
>
> On Thu, 7 Jan 1999, Rick Chandler wrote:
> > >You should have your machine secure if you are connected to the
> > >internet at all....not just because you are using IRC. There are
> > >other ways to discover your IP than having it discovered on IRC. IRC
> > >isn't the culprit...its poor administration.
> > I'll give you that. How many newbies do we have using Linux who don't
> > know about security at all? My statement is that if your going to use a
> > program that will easily give you someones IP address, then you'd better
> > secure your system. I didn't have mine secure because, I really don't
> > care, if it gets distroyed then I just simply re-install it. Others
> > system are most likely more valuable to them than me.
>
> With all due respect, someone who doesn't even bother having a password
> for the root
> account is certainly the LAST person who should be giving advice TO
> ANYONE on system adminstration and unix/linux security. There is no
> rational justification for it. There is nowhere
> reputable you will EVER find that says that is acceptable behavior or a
> good idea EVER. I've been following Unix and Linux for
> a long time and been on many groups and discussions and it amazes me
> some of the things people do. Even if you don't care what happens to your
> machine, it's just common sense to not get into horrendously poor habits.
> Some of my Solaris and BSD buddies often make derisive jokes about Linux
> users being 'hacker wanna be's and 'pseudo-wanna-be sys-admins' etc---
> ( The implication is not that all Linux users are poseurs, but there just
> happen to be more poseurs and pseudo-hackers and pseudo-admins using Linux
> than, say, Solaris or HP-UX, and as much as I hate to say it, I keep
> finding nothing to contradict this. I think the 'hacker mystique' of Linux
> seems to attract alot of people who have no idea what the hell they're
> doing.) I couldn't believe some of the stuff I heard was a 'common
> occurence' in that they see all the time among Linux users ( for example,
> doing everything as root and not even creating a user account is another
> true classic..
> something they do until they do one day they do the wrong 'rm -rf' by
> accident and frag
> '/usr/local' or whatever --this from a recent Solaris/Linux thread on the
> Solx86 list )
> This takes the cake--> "I have no password for root, who cares if
> someone hacks me, I'll just reinstall.." Do you have ANY IDEA how
> ridiculous that sounds? This isn't me flaming, but I just find this really
> hard to believe. At times like this I wonder why people don't just stick
> with Windows, I really do. This kind of behavior shows a mentality
> somewhat unsuited to administering a Unix or Linux box. I remember one guy
> actually arguing the virtues of doing everything as root with a bunch of
> real admins! He was dead serious. That was another 'classic'.
>
> A few things for the record that may seem obvious but knock on wood:
>
> Use good password protection. Test your machine. Try to break into it
> yourself a few times, using cracking programs etc. This is one good step
> to, not neccesarily being a 'hacker' , 'cracker' or whatever, but
> more 'security conscious'.
>
> Try not to use root all the time. Do stuff as a normal user and if you
> must root use sudo. Doing everything as root is a bad habit, and frankly
> it makes you look like a lamer.
>
> Don't install developmental software --or for that matter build alot of
> source packages-- as root. It's not necesary and there are severe damages
> you can do to your system without even realizing it, if there's a problem
> with the code.
>
> Try to aquire good habits, even if you think your machine
> is safe and privvy to no one but you. It's a good idea, because if you
> ever get on a real system or network or have to handle administration in a
> more responsible situation with repercussions you won't have to
> uncondition all that baggage.
>
> Inform yourself and try to have a clue about what you're doing. Knowledge
> is safety. When you embark to do something, inform yourself FIRST,
> don't just go around doing stuff, and then when you frag your system go
> crying on #linux or alt.os.linux or the mailing lists. Documentation and
> books are your friends. Good habits are your friends. If you can't follow
> these ( and many others I didn't mention ) simple habits, you really are
> better off using a lame OS like Windows, cause it doesn't really require
> any system administration other than knowing how to reboot it when you get
> the inevitable blue screen of death.
>
> A billion other things, but you get the point. If you use Linux, Solaris,
> FreeBSD, it is not like using Windows. It's a different mentality. I don't
> mean to preach, but I feel like even though all this sounds insanely
> obvious, that it apparently needed saying.
>
> Michael
>
> -
> To get out of this list, please send email to [EMAIL PROTECTED] with
> this text in its body: unsubscribe suse-linux-e
> Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
> archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html
