FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-26-2008, 01:18 AM
"s. keeling"
 
Default Root sending messages to users

Dotan Cohen <dotancohen@gmail.com>:
> 2008/6/24 s. keeling <keeling@nucleus.com>:
> > You're that machine's god. That machine's users(! you, her, and root)
> > need their god to do the right thing.
>
> When my users strap bombs to themselves and start blowing up their

Trying to think coherently, ... [How's the weather/shrapnel? :-P]

Think scenarios. What's the screen door on a house good for? It'll
keep out a not too determined paperboy. They also piss off burglars
because they're noisy to deal with. Many new homes don't bother with
screen doors.

That scenario shows opportunities for baddies ranging from paperboys
through to determined burglars (and worse). That's a lot of
territory, and that's just one port into your house.

Think about it, and you'll see it's much better to:

- login your box.

- ssh-add your key.

- ssh somebox (anybox)

somebox ~Dotan_ % su -c 'aptitude update && aptitude upgrade'
Password:

Alternatively, one day you may find that your nephew/neice, who you've
invited in and told about Linux, has cracked root and blown away your
wife's documents. How's your backup situation? What are you going to
say to her? You're that machine's god. It and they need you to do
the right thing if it's going to continue being useful.

Worst case, one day you find out you're apparently part of a botnet
and have been unwittingly contributing to the spam/malware problem.
There've been Linux based botnets.

You certainly don't have to, but you certainly should.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-26-2008, 07:18 AM
"Dotan Cohen"
 
Default Root sending messages to users

2008/6/26 s. keeling <keeling@nucleus.com>:
> Trying to think coherently, ... [How's the weather/shrapnel? :-P]
>

Hehe, they're both getting hotter.

> Think scenarios. What's the screen door on a house good for? It'll
> keep out a not too determined paperboy. They also piss off burglars
> because they're noisy to deal with. Many new homes don't bother with
> screen doors.
>

I thought that screen doors were meant for keeping out insects. In
computer terms, that would be unwanted visitors who just happen by,
not those determined to enter.

> That scenario shows opportunities for baddies ranging from paperboys
> through to determined burglars (and worse). That's a lot of
> territory, and that's just one port into your house.
>

At home, I leave the door wide open and only the screen door protects
us. The insects stay out. However, we do not have the petty crime
problems that I am aware that some areas have. The Internet _does_
have a petty crime problem, I know.

> Think about it, and you'll see it's much better to:
>
> - login your box.
>
> - ssh-add your key.
>
> - ssh somebox (anybox)
>
> somebox ~Dotan_ % su -c 'aptitude update && aptitude upgrade'
> Password:
>
> Alternatively, one day you may find that your nephew/neice, who you've
> invited in and told about Linux, has cracked root and blown away your
> wife's documents. How's your backup situation? What are you going to
> say to her? You're that machine's god. It and they need you to do
> the right thing if it's going to continue being useful.
>

I do not think that they can crack root without my 8 character
upper/lower/number password. Can they? How would having my own account
help?

As for the backup situation, it is excellent. I back up /home to an
encrypted tar file once a month, and put it on a separate drive on the
same computer. My laptop backups go there as well. Occasionally, I
copy recent tar backups to a spare hard drive that I leave at the
mother in law's. I am fanatical about backups, and test them about
twice a year (when I reinstall the OS).

> Worst case, one day you find out you're apparently part of a botnet
> and have been unwittingly contributing to the spam/malware problem.
> There've been Linux based botnets.
>

Again, how would having my own account, as opposed to sshing as the wife, help?

> You certainly don't have to, but you certainly should.
>

I simply fail to see the benefit.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
 
Old 06-26-2008, 09:33 AM
Ron Johnson
 
Default Root sending messages to users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/26/08 02:18, Dotan Cohen wrote:
[snip]
>
> I do not think that they can crack root without my 8 character
> upper/lower/number password. Can they? How would having my own account
> help?

http://www.guardian.co.uk/world/2008/jun/16/nuclear.pakistan
http://www.nytimes.com/2008/06/15/world/asia/15nuke.html

- From these articles, I infer that the Swiss secret intelligence
service cracked encrypted files in 1-3 years. Maybe they had help
from the NSA? Maybe it was weak encryption? Maybe the Swiss
decrypters are very good?

- --
Ron Johnson, Jr.
Jefferson LA USA

"Kittens give Morbo gas. In lighter news, the city of New New
York is doomed."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhjYmUACgkQS9HxQb37XmdoPACeO1nklzBhl4 Q5XIsmXEuizSvC
CNoAoO4r+1MVFskUaEaNWfU4tA49cZao
=IDji
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-26-2008, 10:03 AM
Kevin Mark
 
Default Root sending messages to users

On Tue, Jun 17, 2008 at 12:09:09PM +0300, Dotan Cohen wrote:
> Thanks, all. xmessage seems to work fine for popping up simple
> one-liners, which is exactly what I had wanted to do. talk and write
> may be of use in the future, however. Thanks.
I am partial to computer-generated speech. I use espeak/festival
to announce things(time, battery %). Dont know about non-english speech
support. I also stated to use teamspeak(client & server voice chat) for
long-distance communication. Have it 'on' on both systems like a
walkie-talkie/intercom/etc.. (not free software but free as in beer for
most basic use)
-K
--
| .'`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
|_______ Unless I ask to be CCd, assume I am subscribed _______|


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-26-2008, 10:11 AM
"Dotan Cohen"
 
Default Root sending messages to users

2008/6/26 Ron Johnson <ron.l.johnson@cox.net>:
>> I do not think that they can crack root without my 8 character
>> upper/lower/number password. Can they? How would having my own account
>> help?
>
> http://www.guardian.co.uk/world/2008/jun/16/nuclear.pakistan
> http://www.nytimes.com/2008/06/15/world/asia/15nuke.html
>
> - From these articles, I infer that the Swiss secret intelligence
> service cracked encrypted files in 1-3 years. Maybe they had help
> from the NSA? Maybe it was weak encryption? Maybe the Swiss
> decrypters are very good?
>

That's fine. To even get to the encrypted files they will need to
crack the password on the machine. Then they will need to suspect that
I have files as valuable as the nuclear secrets in the article. That
to me is acceptable risk. Thanks.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
 
Old 06-26-2008, 10:13 AM
"Dotan Cohen"
 
Default Root sending messages to users

2008/6/26 Kevin Mark <kevin.mark@verizon.net>:
> I am partial to computer-generated speech. I use espeak/festival
> to announce things(time, battery %). Dont know about non-english speech
> support. I also stated to use teamspeak(client & server voice chat) for
> long-distance communication. Have it 'on' on both systems like a
> walkie-talkie/intercom/etc.. (not free software but free as in beer for
> most basic use)

Thanks, that is an interesting alternative to what I was trying to do.
I will look into it, and maybe adapt computer-generated speech for my
needs.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
 
Old 06-26-2008, 01:45 PM
Daniel Burrows
 
Default Root sending messages to users

On Thu, Jun 26, 2008 at 10:18:19AM +0300, Dotan Cohen <dotancohen@gmail.com> was heard to say:
> 2008/6/26 s. keeling <keeling@nucleus.com>:
> > Alternatively, one day you may find that your nephew/neice, who you've
> > invited in and told about Linux, has cracked root and blown away your
> > wife's documents. How's your backup situation? What are you going to
> > say to her? You're that machine's god. It and they need you to do
> > the right thing if it's going to continue being useful.
> >
>
> I do not think that they can crack root without my 8 character
> upper/lower/number password. Can they? How would having my own account
> help?

Anyone with physical access to your machine can get root access
regardless of what the password is and whether it's locked (unless you
take some fairly extreme measures). But I don't see how having an extra
user account helps avoid this.

Daniel


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-27-2008, 08:16 PM
Paul Johnson
 
Default Root sending messages to users

On Thu, 2008-06-26 at 13:11 +0300, Dotan Cohen wrote:
> 2008/6/26 Ron Johnson <ron.l.johnson@cox.net>:
> >> I do not think that they can crack root without my 8 character
> >> upper/lower/number password. Can they? How would having my own account
> >> help?
> >
> > http://www.guardian.co.uk/world/2008/jun/16/nuclear.pakistan
> > http://www.nytimes.com/2008/06/15/world/asia/15nuke.html
> >
> > - From these articles, I infer that the Swiss secret intelligence
> > service cracked encrypted files in 1-3 years. Maybe they had help
> > from the NSA? Maybe it was weak encryption? Maybe the Swiss
> > decrypters are very good?
> >
>
> That's fine. To even get to the encrypted files they will need to
> crack the password on the machine.

Or pull the drive and put it in their own machine. Unless we're talking
LUKS password...

--
Paul Johnson
baloo@ursine.ca
 
Old 06-27-2008, 08:36 PM
"Dotan Cohen"
 
Default Root sending messages to users

2008/6/27 Paul Johnson <baloo@ursine.ca>:
>> > - From these articles, I infer that the Swiss secret intelligence
>> > service cracked encrypted files in 1-3 years. Maybe they had help
>> > from the NSA? Maybe it was weak encryption? Maybe the Swiss
>> > decrypters are very good?
>> >
>>
>> That's fine. To even get to the encrypted files they will need to
>> crack the password on the machine.
>
> Or pull the drive and put it in their own machine. Unless we're talking
> LUKS password...
>

And in that case as well, having my own account on the system will not help.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
 

Thread Tools




All times are GMT. The time now is 03:23 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org