From nick at netaxs.com Tue Aug 1 09:09:26 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Tue, 1 Aug 2000 12:09:26 -0400 (EDT) Subject: [buug] weak.org mailing list memberships reminder (fwd) Message-ID: Uh, why? This is obnoxious. I don't appreciate having passwords (especially my passwords) e-mailed to me in plain text monthly. I often check my e-mail in public places and somebody with a packet sniffer on the first of the month could get all of our passwords. In addition, it's completely superfluous. The url of a site we can log in, get our passwords mailed to us, change membership info, etc.. at the bottom of each e-mail would be sufficient. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ ---------- Forwarded message ---------- Date: Tue, 1 Aug 2000 05:00:06 -0700 (PDT) From: mailman-owner at weak.org To: nick at netaxs.com Subject: weak.org mailing list memberships reminder This is a reminder, sent out once a month, about your weak.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, buug-request at weak.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to mailman-owner at weak.org. Thanks! buug at netaxs.com Passwords for nick at netaxs.com: List Password // URL ---- -------- buug at weak.org XXXXXXXXXX http://www.weak.org/mailman/options/buug/nick at netaxs.com If god had intended for people to smoke, he would have lit them on fire. From rick at linuxmafia.com Tue Aug 1 09:29:26 2000 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 1 Aug 2000 09:29:26 -0700 Subject: [buug] weak.org mailing list memberships reminder (fwd) In-Reply-To: ; from nick@netaxs.com on Tue, Aug 01, 2000 at 12:09:26PM -0400 References: Message-ID: <20000801092926.E25161@linuxmafia.com> begin Nicolai Rosen quotation: > Uh, why? It's a Mailman default notice, sent out monthly. The list-owner can disable it for all users on a per-list basis, if he wishes. (I don't run this list, but am familiar with Mailman.) > I don't appreciate having passwords (especially my passwords) e-mailed > to me in plain text monthly. You mean some HAX0R D00D could put you in digest mode, enable MIME headers, put you in vacation mode, or make you get acknowledgement notices when you post? Oooh, how scary. If you've used for Mailman list options a password you also use in more meaningful situations, well, as the old joke says, Don't Do That, Then. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From jammer at weak.org Tue Aug 1 09:50:35 2000 From: jammer at weak.org (Jon McClintock) Date: Tue, 1 Aug 2000 09:50:35 -0700 Subject: [buug] weak.org mailing list memberships reminder (fwd) In-Reply-To: ; from nick@netaxs.com on Tue, Aug 01, 2000 at 12:09:26PM -0400 References: Message-ID: <20000801095035.A6475@weak.org> On Tue, Aug 01, 2000 at 12:09:26PM -0400, Nicolai Rosen wrote: > Uh, why? This is obnoxious. I don't appreciate having passwords > (especially my passwords) e-mailed to me in plain text monthly. I often > check my e-mail in public places and somebody with a packet sniffer on the > first of the month could get all of our passwords. In addition, it's > completely superfluous. The url of a site we can log in, get our passwords > mailed to us, change membership info, etc.. at the bottom of each e-mail > would be sufficient. Blah. Seeing as some people are smart enough to _forward_ their list password to the mailing list, I've disabled this option. -Jon From nick at netaxs.com Tue Aug 1 09:57:59 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Tue, 1 Aug 2000 12:57:59 -0400 (EDT) Subject: [buug] weak.org mailing list memberships reminder (fwd) In-Reply-To: <20000801095035.A6475@weak.org> Message-ID: On Tue, 1 Aug 2000, Jon McClintock wrote: > On Tue, Aug 01, 2000 at 12:09:26PM -0400, Nicolai Rosen wrote: > > Uh, why? This is obnoxious. I don't appreciate having passwords > > (especially my passwords) e-mailed to me in plain text monthly. I often > > check my e-mail in public places and somebody with a packet sniffer on the > > first of the month could get all of our passwords. In addition, it's > > completely superfluous. The url of a site we can log in, get our passwords > > mailed to us, change membership info, etc.. at the bottom of each e-mail > > would be sufficient. > > Blah. Seeing as some people are smart enough to _forward_ their list > password to the mailing list, I've disabled this option. > > -Jon If anybody wants to try changing my info using the password XXXXXXXXXX, they're welcomed to go ahead and try :) Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ everyone i know goes away in the end -nine inch nails, hurt From jammer at weak.org Tue Aug 1 10:04:57 2000 From: jammer at weak.org (Jon McClintock) Date: Tue, 1 Aug 2000 10:04:57 -0700 Subject: [buug] weak.org mailing list memberships reminder (fwd) In-Reply-To: ; from nick@netaxs.com on Tue, Aug 01, 2000 at 12:57:59PM -0400 References: <20000801095035.A6475@weak.org> Message-ID: <20000801100457.B6475@weak.org> On Tue, Aug 01, 2000 at 12:57:59PM -0400, Nicolai Rosen wrote: > If anybody wants to try changing my info using the password XXXXXXXXXX, > they're welcomed to go ahead and try :) Heh. Sorry. Long weekend. Really long. -Jon From zk_lists at yahoo.com Wed Aug 2 01:14:32 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Wed, 2 Aug 2000 01:14:32 -0700 (PDT) Subject: [buug] Using "cp" to backup/clone Message-ID: <20000802081432.2096.qmail@web5504.mail.yahoo.com> --- Rick Moen wrote: > My standard list of the sysadmin's secret weapons: > If you play with those for a while, you'll find that they have hidden > virtues and become incredibly useful after a while, such that you'll > wonder what you did without them. (Some take a while to warm to. > You'll get lost in the manpage for GNU "find", for example.) Thanks! I look forward to tackling with them. I'm getting more comfortable with the Linux format and extensive documentation...in that, I can more readily absorb the worthwhile stuff without getting bogged down in any particular section. Feel no pain, get no gain! (As true for brain muscle as it is for, er...muscle muscle?) ===== Zeke Krahlin zk_lists at yahoo.com --- Linux: the people's OS. A billion communists can't be wrong! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Wed Aug 2 01:19:22 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Wed, 2 Aug 2000 01:19:22 -0700 (PDT) Subject: [buug] weak.org mailing list memberships reminder (fwd) Message-ID: <20000802081922.8696.qmail@web5501.mail.yahoo.com> --- Rick Moen wrote: > If you've used for Mailman list options a password you also use in more > meaningful situations, well, as the old joke says, Don't Do That, Then. True enough. However, BUUG is as much for newbies as it is for advanced Unix/Linux/BSD users...for which reason, I'd prefer to have this montly password posting disabled as the default (and any member can enable it, if s/he so wishes). ===== Zeke Krahlin zk_lists at yahoo.com --- Linux: the people's OS. A billion communists can't be wrong! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Wed Aug 2 01:28:54 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Wed, 2 Aug 2000 01:28:54 -0700 (PDT) Subject: [buug] weak.org mailing list memberships reminder (fwd) Message-ID: <20000802082854.3938.qmail@web5504.mail.yahoo.com> --- Nicolai Rosen wrote: > Uh, why? This is obnoxious. I don't appreciate having passwords > (especially my passwords) e-mailed to me in plain text monthly. I agree. If a newbie had a mailing list, which posted passwords to members, he'd be blasted by wizards for doing so. This is a violation of well-established protocol. There is a plethora of faq sheets out there, warning new users to avoid doing precisely this, and more than enough reprimands against newbies who do so. The public has been well-informed by numerous Internet zines and advisors, against sending personal data unencrypted, via e-mail...particularly advising against mailing lists and other group services, for sending such reminders in plain text. Such lax protocol does *not instill good habits in new advocates. ===== Zeke Krahlin zk_lists at yahoo.com --- Linux: the people's OS. A billion communists can't be wrong! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From rick at linuxmafia.com Wed Aug 2 07:57:30 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 2 Aug 2000 07:57:30 -0700 Subject: [buug] weak.org mailing list memberships reminder (fwd) In-Reply-To: <20000802081922.8696.qmail@web5501.mail.yahoo.com>; from zk_lists@yahoo.com on Wed, Aug 02, 2000 at 01:19:22AM -0700 References: <20000802081922.8696.qmail@web5501.mail.yahoo.com> Message-ID: <20000802075730.G3724@linuxmafia.com> begin Zeke Krahlin quotation: > ...I'd prefer to have this montly password posting disabled as the > default (and any member can enable it, if s/he so wishes). The latter isn't possible -- _but_ any subscriber can have Mailman send a password reminder on a non-automatic basis, from the Web interface. (There's a way to send this command to the list-server via e-mail, too.) -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From zk_lists at yahoo.com Sat Aug 5 01:55:42 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 01:55:42 -0700 (PDT) Subject: [buug] Secure Shell Success? Message-ID: <20000805085542.8188.qmail@web5503.mail.yahoo.com> Well, I finally *can connect to weak.org, via Secure-Shell in Linux (I had been using a simple secure-shell utility in Windoze). This is after installing the necessary "openssl"/"openssh" libraries. However, I can only do this as super-user, not as regular user. Is this how it's supposed to work? Since "ssh" is "secure", is logging on as root as safe as user? As super-user, I access weak.org like so: ssh weak.org -l ezekielk But when I perform the same command as a plain old user, I get the following retort: You don't exist, go away! Now, that response is probably from my own system, due to having secured it a la Chris Stoddard's "Building a Secure Gateway, part II ". If I must run ssh as user, I'll have to "reverse engineer" my secured gateway, to find out which switch is denying me ssh-access. Perhaps I need to recreate "hosts.allow" and add "weak.org" to it? (Per Stoddard's instructions, I deleted "hosts.allow", and in "hosts.deny" I added the line "ALL: ALL".) I could go back and un-edit all the security changes I made...but I'm first checking if perhaps the solution to my present problem is obvious and simple to those in the know. TIA. ===== Zeke Krahlin zk_lists at yahoo.com --- Linux: the people's OS. A billion communists can't be wrong! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From nick at netaxs.com Sat Aug 5 02:23:44 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sat, 5 Aug 2000 05:23:44 -0400 (EDT) Subject: [buug] Secure Shell Success? In-Reply-To: <20000805085542.8188.qmail@web5503.mail.yahoo.com> Message-ID: On Sat, 5 Aug 2000, Zeke Krahlin wrote: > Well, I finally *can connect to weak.org, via Secure-Shell in Linux (I had > been using a simple secure-shell utility in Windoze). This is after > installing the necessary "openssl"/"openssh" libraries. However, I can > only do this as super-user, not as regular user. Is this how it's supposed > to work? Since "ssh" is "secure", is logging on as root as safe as user? Doing anything as anybody is unsafe to a certain degree. Assuming you can be relatively sure of the security of the computer you're going out from, then yes, sshing in as root is secure. > As super-user, I access weak.org like so: > > ssh weak.org -l ezekielk Uh, I have no idea what you're talking about here. Looks like you're loggin in as the user ezekielk, not root. > But when I perform the same command as a plain old user, I get the > following retort: > > You don't exist, go away! > > Now, that response is probably from my own system, due to having secured > it a la Chris Stoddard's "Building a Secure Gateway, part II > ". If I must run ssh as > user, I'll have to "reverse engineer" my secured gateway, to find out > which switch is denying me ssh-access. Perhaps I need to recreate > "hosts.allow" and add "weak.org" to it? (Per Stoddard's instructions, I > deleted "hosts.allow", and in "hosts.deny" I added the line "ALL: ALL".) Sounds like this could be the problem. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ Life's a game I cannot win Both good and bad Must surely end The mirrors Always tell the truth I love myself For hating you -Type O Negative, Everyone I Love Is Dead From zk_lists at yahoo.com Sat Aug 5 03:05:31 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 03:05:31 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000805100531.14431.qmail@web5503.mail.yahoo.com> Thanks to contributors from my FreeNetCubs BBS, come these excellent security resources: ---begin article 1 of 2: Linux Security Quick Reference Card Posted by Shark on 8/3/2000 http://linuxsecurity.com/articles/documentation_article-1208.html Although by no means is it all-inclusive, it is a handy reference when you want a good checklist of things that should be done to secure your boxen. It's in *.pdf format, so make sure you got Acrobat Reader or xpdf. ---end article 1 of 2 ---begin article 2 of 2: Re: A pair of GREAT security articles! Posted by sam on 8/3/2000 http://www.sans.org/topten.htm http://www.sans.org/mistakes.htm ---end article 1 of 2 ===== Zeke Krahlin zk_lists at yahoo.com --- Linux: the people's OS. A billion communists can't be wrong! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Sat Aug 5 03:14:11 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 03:14:11 -0700 (PDT) Subject: [buug] Secure Shell Success? Message-ID: <20000805101411.3035.qmail@web5504.mail.yahoo.com> --- Nicolai Rosen wrote: > Doing anything as anybody is unsafe to a certain degree. Okay, that goes without saying. Unplugging my computer is the most secure, yet the least practical. :( > Assuming you can be relatively sure of the security of the > computer you're going out from, then yes, sshing in as root is > secure. I figured, what with high-level encryption and all, that it boiled down to being no more risky than logging in as a user. > > As super-user, I access weak.org like so: > > > > ssh weak.org -l ezekielk > Uh, I have no idea what you're talking about here. Looks like you're > loggin in as the user ezekielk, not root. Right. I am logging in via my user name for that shell account, which is user "ezekielk". I was only talking about loading the ssh *client as root, from my system. I was not talking about actually logging on to the server as root. Sorry for not making this clearer. > > Now, that response is probably from my own system, due to having > > secured it a la Chris Stoddard's "Building a Secure Gateway, > Sounds like this could be the problem. Well, I suppose for the sake of become more Linux-knowledgeable, I ought to unravel this problem. But in the meantime, as long as it's safe to load ssh client as root, I'd prefer to connect in Linux, rather than in Windoze. Thanks a lot, Nicolai! ===== Zeke Krahlin zk_lists at yahoo.com --- Linux: the people's OS. A billion communists can't be wrong! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From rick at linuxmafia.com Sat Aug 5 11:07:47 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 5 Aug 2000 11:07:47 -0700 Subject: [buug] Secure Shell Success? In-Reply-To: <20000805085542.8188.qmail@web5503.mail.yahoo.com>; from zk_lists@yahoo.com on Sat, Aug 05, 2000 at 01:55:42AM -0700 References: <20000805085542.8188.qmail@web5503.mail.yahoo.com> Message-ID: <20000805110747.F21503@linuxmafia.com> begin Zeke Krahlin quotation: > Well, I finally *can connect to weak.org, via Secure-Shell in Linux (I > had been using a simple secure-shell utility in Windoze). This is > after installing the necessary "openssl"/"openssh" libraries. However, > I can only do this as super-user, not as regular user. Is this how > it's supposed to work? Nope. Your system is partially broken. In particular: > But when I perform the same command as a plain old user, I get the > following retort: > > You don't exist, go away! If memory serves, this is the error you tend to get when a process double-checks to see if you're in the authentication database (e.g., /etc/shadow or wherever the user passwords are kept) and unexpectedly finds that you're not a valid user. This might happen if, for example, the process can't get to the authentication database at all because its effective user ID (under whose authority the user operates) lacks permission to read it. (The above rests on my slightly shaky recollection of what the quoted error means in this context, but I _believe_ that's right.) Unfortunately, I'm not sure where the breakage has occurred. You might have altered something in the PAM (Pluggable Authenication Modules) layer stuff, or it could be one of those SUID-bit removals or other permission changes that Chris Stoddard's article recommended to you. Or you might have made some error in compiling OpenSSH or OpenSSL. You might try removing your current OpenSSH/OpenSSL installation. (You _did_ install it to the /usr/local/ tree, right?) Then, install via RPM the (international-version) OpenSSH and OpenSSL pacakges from Linux-Mandrake's off-shore cryptographic archives, discussed earlier. Then try remote login, again. If it still fails, then your system is still damaged from the foray into Chris Stoddard's recommendations. By the way, I'm making current versions of OpenSSH and OpenSSL available at http://linuxmafia.com/pub/linux/security/openssh/ , including a patch to fix an old, long-known problem of occasional deadlocking that you sometimes got on large files when using rsync over SSH transport. A long-time free-software hacker, Ton Hospel, actually found and fixed the cause of that deadlock in Tatu Yl?nen's reference SSH implementation, years ago, but declined to contribute his patch because he was annoyed at Yl?nen's company (SSH Communications Security, Ltd.) having taken his prior contributions proprietary. So, Hospel created a GPLed C-code wrapper program for the reference SSH. People who run that implementation (and who use rsync) should consider getting the wrapper. It's at http://linuxmafia.com/pub/linux/security/ylonen-ssh/ssh-rsync-wrapper > Since "ssh" is "secure", is logging on as root as safe as user? I can answer that question, but it's not the question you really mean to ask. You really should ask "Is this behaviour a problem?" Yes, it is. Your system appears to have a fundamental problem that you need to fix. It may also have other problems of which is the tip of the iceberg. To address your question, there is a minor disadvantage to even _allowing_ the root user to SSH in: If you configure sshd to disallow such access, and thereby require that users SSH in as a regular user first, and then use "su" or "sudo" to wield root authority, the system retains records in its logs as to _which_ remote user wielded root authority at a given time, which can be valuable information. (Often, when I mention this recommendation to people, they immediately object that you cannot identify a system cracker from "su" or "sudo" logs, because he can alter those upon cracking root. True, but irrelevant to my point: I _didn't say_ you could use this information to chase down crackers. I said it helps in routine administration, under _non_-attack conditions, in tracing back which remote user did what, and when, using root authority.) > As super-user, I access weak.org like so: > > ssh weak.org -l ezekielk By the way, a better syntax also works: ssh ezekialk at weak.org This also works in scp'ing (secure cp'ing) between machines where you need to specify some non-default username. Let's suppose I'm "rick" on the machine I'm typing on, but "rmoen" on a different machine, inigo: scp /tmp/* rmoen at inigo.linuxmafia.com:/tmp This copies all files from the local /tmp directory over an SSH tunnel to the /tmp directory on the remote machine, inigo, logging into inigo as "rmoen" rather than using my local username (rick) by default. Notice the colon at the end of the remote machine's name, which is how scp knows that the destination isn't just a local filespec. (Believe me, you'll forget that colon a few times, resulting in a few bizarrely named local files.) > If I must run ssh as user, I'll have to "reverse engineer" my secured > gateway, to find out which switch is denying me ssh-access. You got that right. > Perhaps I need to recreate "hosts.allow" and add "weak.org" to it? Nope, that's not it. If it were a TCP Wrappers (tcpd, or libwrap) problem, you'd not be allowed to connect to that service from the source machine, for any user. TCP Wrappers doesn't even know anything about which user is connecting, only about IP addresses and socket numbers. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From rick at linuxmafia.com Sat Aug 5 11:39:12 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 5 Aug 2000 11:39:12 -0700 Subject: [buug] Secure Shell Success? In-Reply-To: <20000805101411.3035.qmail@web5504.mail.yahoo.com>; from zk_lists@yahoo.com on Sat, Aug 05, 2000 at 03:14:11AM -0700 References: <20000805101411.3035.qmail@web5504.mail.yahoo.com> Message-ID: <20000805113912.G21503@linuxmafia.com> begin Zeke Krahlin quotation: > I figured, what with high-level encryption and all, that it boiled > down to being no more risky than logging in as a user. But you lose the information that would otherwise be on record as to which regular user employed root authority. This is why most of us disable root logins, in /etc/ssh/sshd_config . ("PermitRootLogin no") However, you're going to have to fix your apparently rather severe system permissions problem, before you deal with such things. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From bill at wiliweld.com Sat Aug 5 11:34:28 2000 From: bill at wiliweld.com (Bill Schoolcraft) Date: Sat, 05 Aug 2000 11:34:28 -0700 (PDT) Subject: [buug] Secure Shell Success? In-Reply-To: <20000805110747.F21503@linuxmafia.com> Message-ID: At Sat, 5 Aug 2000 it looks like Rick Moen composed: RM-->Then try remote login, again. If it still fails, then your system is RM-->still damaged from the foray into Chris Stoddard's recommendations. Hello Family, This is real funny for I just got through printing the 'Stoddard' page to relax on the couch and read for I wanted to make sure I FULLY understand anything I'm going to do at this level of administration. Having always studied any recommendations by Rick Moen and always found them to be solid in their foundation I'd like to ask the group, time permitting, if there is any particular items in Stoddard's recommendations that should cause alarm, or is the whole list of suggestions suspect to question. I ask this not from a provocative nature but from someone who just finished a course in (Unix) System_Administration. -- Bill Schoolcraft http://wiliweld.com PO Box 210076 San Francisco, CA 94121 " Ofortunatos nimium, sua si bona norint! " From rick at linuxmafia.com Sat Aug 5 11:57:13 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 5 Aug 2000 11:57:13 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000805100531.14431.qmail@web5503.mail.yahoo.com>; from zk_lists@yahoo.com on Sat, Aug 05, 2000 at 03:05:31AM -0700 References: <20000805100531.14431.qmail@web5503.mail.yahoo.com> Message-ID: <20000805115713.H21503@linuxmafia.com> begin Zeke Krahlin quotation: > > Linux Security Quick Reference Card > Posted by Shark on 8/3/2000 > > http://linuxsecurity.com/articles/documentation_article-1208.html It's really annoying when people make these things available _only_ in frigging PDF format. Although you can convert the documents to PostScript or ASCII, the conversions can have a bit of a problem with disorganisation when the authors, as is the case here, used multiple-column format. I ran those things through pdftotext, just so I could quote from them, but the columnar format makes the result difficult to use. So, dammit, I'll have to type from my xpdf screen: SHARK> Password-protect LILO for servers in public environments.... Only a real bonehead would put a server physically in a public environment, and password-protecting LILO is just rearranging the deck chairs on the Titanic. Doing the former is incompatible with system security. More about this (and possibly other highly questionable advice in "shark's" screed) later, as I'm out of time, now. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From zk_lists at yahoo.com Sat Aug 5 13:34:25 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 13:34:25 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000805203425.9438.qmail@web5504.mail.yahoo.com> --- Rick Moen wrote: > SHARK> Password-protect LILO for servers in public environments.... > > Only a real bonehead would put a server physically in a public > environment, and password-protecting LILO is just rearranging the deck > chairs on the Titanic. I'll pass this on to my FreeNetCubs board (including the "pdf" issue). Thanks! ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Sat Aug 5 14:07:37 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 14:07:37 -0700 (PDT) Subject: [buug] Secure Shell Success? Message-ID: <20000805210737.27392.qmail@web5501.mail.yahoo.com> --- Rick Moen wrote: > However, you're going to have to fix your apparently rather severe > system permissions problem, before you deal with such things. Okay, that's my next project. Thanks again, Rick. ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Sat Aug 5 14:33:51 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 14:33:51 -0700 (PDT) Subject: [buug] Secure Shell Success? Message-ID: <20000805213351.23782.qmail@web5505.mail.yahoo.com> --- Rick Moen wrote: > If memory serves, this is the error you tend to get when a process > double-checks to see if you're in the authentication database (e.g., > /etc/shadow or wherever the user passwords are kept) and unexpectedly > finds that you're not a valid user. This might happen if, for example, > the process can't get to the authentication database at all because its > effective user ID (under whose authority the user operates) lacks > permission to read it. Chris Stoddard's recommendation to lock down /etc/shadow is in this statement: ---begin stoddard quote: Other files we don't need to alter, but need to be locked down are, /etc/services, /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow. If you plan to change your passwd or add a user you will have to run "chattr -i filename" on /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow or you will get an error message. ---end stoddard quote So I think this is part of the problem, though not entirely. I ran "chattr -i" on those files, but still cannot run ssh as user. > You might try removing your current OpenSSH/OpenSSL installation. (You > _did_ install it to the /usr/local/ tree, right?) I just installed the RPM versions, which placed the programs in their proper areas: "/usr/bin", "/usr/doc", "/usr/man" and "/usr/lib". I didn't uninstall any "~.tar.gz" stuff. > Then try remote login, again. If it still fails, then your system is > still damaged from the foray into Chris Stoddard's recommendations. I think I need to completely undo all of Stoddard's instructions, then try secure-shell. Assuming it then runs, I will put back Stoddard's instructions one by one, testing ssh each time, to discover what thwarts it. > By the way, I'm making current versions of OpenSSH and OpenSSL available > at http://linuxmafia.com/pub/linux/security/openssh/ , including a patch > to fix an old, long-known problem of occasional deadlocking that you > sometimes got on large files when using rsync over SSH transport. I just downloaded 'em. Thanks! > A long-time free-software hacker, Ton Hospel, actually found and fixed > the cause of that deadlock in Tatu Yl?nen's reference SSH > implementation, years ago, but declined to contribute his patch because > he was annoyed at Yl?nen's company (SSH Communications Security, Ltd.) > having taken his prior contributions proprietary. That does stink, and I don't blame Ton for no longer cooperating with that company. > So, Hospel created > a GPLed C-code wrapper program for the reference SSH. People who run > that implementation (and who use rsync) should consider getting the > wrapper. It's at > http://linuxmafia.com/pub/linux/security/ylonen-ssh/ssh-rsync-wrapper Wonderful, got it! > > Since "ssh" is "secure", is logging on as root as safe as user? > > I can answer that question, but it's not the question you really mean > to ask. You really should ask "Is this behaviour a problem?" I understand: it's a bad habit to get into. Thus, I will forge ahead and figure out wherein the problem really lies, that keeps me from running ssh as a user. And thanks for all the additional tips you provided, which I have not included in this response. Much appreciated. ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Sat Aug 5 15:38:14 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 15:38:14 -0700 (PDT) Subject: [buug] /etc/service Message-ID: <20000805223814.6931.qmail@web5501.mail.yahoo.com> Another tip from my FreeNetCubs board. Does it sound like a good security measure, or too much on the brute-force side? (I know Stoddard recommends a similar method for "/etc/indetd.conf".) ---begin tip What do all those ports mean? Posted by Paranoid Chick on 8/2/2000 Your computer has tons and tons of ports available for connection from outside hosts. Like "8080", "21", 3128", etc..... Well, what do all these ports mean? Well the IANA has assigned specific port numbers to particular services on your box. If you are running Linux (as you SHOULD be if you are reading this) just have a look at the /etc/services file and you'll get an eyefull. It's a good idea to comment out (put a '#' in front of) those services you know you are not running, like datametrics on port 1645 and radius on port 1812. In fact, if you don't know what a particular service is, chances are you don't need it and should comment it out! ---end tip ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Sat Aug 5 16:06:22 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sat, 5 Aug 2000 16:06:22 -0700 (PDT) Subject: [buug] Dirty Pool Linux Message-ID: <20000805230622.2917.qmail@web5505.mail.yahoo.com> From my FreeNetCubs board, comes this: ---begin article Now here's a tantalizing thought.... Posted by Shark on 8/3/2000 Is it time for Linux to start playing dirty? Read the article and lend us your thoughts: http://www.osopinion.com/Opinions/BenHarris/BenHarris1.html ---end article ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From rick at linuxmafia.com Sun Aug 6 00:01:23 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 00:01:23 -0700 Subject: [buug] /etc/service In-Reply-To: <20000805223814.6931.qmail@web5501.mail.yahoo.com>; from zk_lists@yahoo.com on Sat, Aug 05, 2000 at 03:38:14PM -0700 References: <20000805223814.6931.qmail@web5501.mail.yahoo.com> Message-ID: <20000806000123.A3291@linuxmafia.com> begin Zeke Krahlin quotation: > Another tip from my FreeNetCubs board. Does it sound like a good > security measure, or too much on the brute-force side? Neither. It's a sign that somebody has no idea what the function of the /etc/services (not "/etc/service") file is, and is fooling around with his system without reading relevant documentation. > (I know Stoddard recommends a similar method for "/etc/indetd.conf".) _That_ is a different matter entirely. Zeke, at the risk of being a bit rude: Please tell your friends that they cannot expect to improve their systems by acting on the basis of spurious analogies, without understanding what the heck they're doing. Obviously, somebody thought, hey, this file is called "services"! Let's comment things out, and that should have the effect of disabling services. This is cargo-cult system administration, Zeke! Here's a better idea: Don't touch root-owned system files without having some idea what the hell you're doing! Let me say that again: Don't touch root-owned system files without having some idea what the hell you're doing! Right. Let's say you wanted to understand /etc/services. What does the manpage say? services is a plain ASCII file providing a mapping between friendly textual names for internet services, and their underlying assigned port numbers and protocol types. In other words, /etc/services is a lookup table that (e.g) lets you (and sundry programs) use the word "telnet" instead of "23" to identify the TCP port on which that service lives. And the fact that there's a line that maps the word "smtp" to TCP port 25 is what allows me to hold discussions with my copy of Exim (my system mailer) by typing telnet linuxmafia.com smtp ...instead of having to remember what numerical port the SMTP protocol uses, and thus having to type telnet linuxmafia.com 25 So, it should be readily apparent that you will accomplish nothing worthwhile -- nada, zip, rien du tout -- by commenting out lines of this lookup table. All you're doing is shooting yourself in the foot, and making your system less usable. What you are _not_ doing is adding to security in any way, since the numerical ports either have services running on them or not, depending on other system configuration details entirely. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From zk_lists at yahoo.com Sun Aug 6 02:24:02 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Sun, 6 Aug 2000 02:24:02 -0700 (PDT) Subject: [buug] /etc/service Message-ID: <20000806092402.4513.qmail@web5503.mail.yahoo.com> --- Rick Moen wrote: > begin Zeke Krahlin quotation: > > > Another tip from my FreeNetCubs board. Does it sound like a good > > security measure, or too much on the brute-force side? > > Neither. It's a sign that somebody has no idea what the function of the > /etc/services (not "/etc/service") file is, and is fooling around with > his system without reading relevant documentation. Thanks for the warning. It didn't really make sense to me, because Stoddard would have included that file, along with /etc/inetd.conf. > _That_ is a different matter entirely. Zeke, at the risk of being a bit > rude: Please tell your friends that they cannot expect to improve their > systems by acting on the basis of spurious analogies, without > understanding what the heck they're doing. I don't find your response rude. Instead I find it highly informative. I have passed this onto my board, so that visitors there may not be fooled by a naive Linux user. ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From rick at linuxmafia.com Sun Aug 6 10:57:16 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 10:57:16 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000805203425.9438.qmail@web5504.mail.yahoo.com>; from zk_lists@yahoo.com on Sat, Aug 05, 2000 at 01:34:25PM -0700 References: <20000805203425.9438.qmail@web5504.mail.yahoo.com> Message-ID: <20000806105715.B3291@linuxmafia.com> begin Zeke Krahlin quotation: >> Only a real bonehead would put a server physically in a public >> environment, and password-protecting LILO is just rearranging the >> deck chairs on the Titanic. > > I'll pass this on to my FreeNetCubs board (including the "pdf" issue). > Thanks! Here's part of what's bothering me, Zeke (and I hope this doesn't strike you as just ill temper): _How_ can you decide that something is a "great link regarding Internet/Linux security", before having a good grasp of that topic? I do not intend that as a rhetorical question. It's a real one: There's always a serious bootstrapping problem, when you're just setting out to learn a subject, and are trying to decide what's good information and what is not. How can you determine which information is correct, not yet knowing the subject yourself? If you try to pass off the problem on somebody else, by asking someone to recommend a source of information, how do you determine _whose_ views to listen to? I'm not raising this problem in order to provide a pat answer. It's a thorny problem without any good, simple answer. But it's a highly relevant problem to always bear in mind, anyway. It's worth bearing in mind particularly because so many people try to finesse it in some classically bad, ineffective ways. One of the numerous ways to go wrong is to decide that some information source must be "good" if you can understand it and it seems to speaking with in confident, authoritative tone. One of the better ways to deal with the problem is to test supposed authorities by learning one small subset of the field, and seeing what the authority says about that part. Also, see if what the authority says is internally consistent. Also, see if what he says seems to give you greater insight and understanding. Above all, be skeptical. Confident-sounding authorities can be and often are dead wrong, me included. Anyhow: The notion of password-protecting the boot process presupposes that random people are going to be allowed physical access to the console (keyboard & monitor) and (usually) also the system box that has the drives and motherboard in it. Give the public physical access to the system box, and the game is over. You then have no system security -- if only because the bad guys can extract your hard drives and take them home. You can play cat and mouse with the public, by password-protecting LILO, setting the BIOS so it will not boot from removable media, password-protecting the BIOS, etc., but you've really already lost, if you allow physical access. The notion of allowing physical access to server boxes was promoted by Microsoft Corporation in order to sell MS Windows NT for boxes run by unwary business types. Microsoft claimed that MS Windows NT Server boxes could be deployed in the middle of one's workspace without security risk, because NTFS partitions could not be read by hostile parties, e.g., from boot floppies. This statement turned out to be _both_ a non-sequitur _and_ to rest on an incorrect premise: It is a non-sequitur because the bad guys could always extract the hard drive and break into it as an additional drive on their own NT box. It rested on an incorrect premise because the Linux community quickly created Linux boot floppies incorporating NTFS filesystem support. And so it goes. Anyhow, getting back to my overall point, just as with the "tip" about /etc/services, you can't just assume that this source of information is "good" just because it's there and you can follow it. If can't find much wrong with the rest of those two pages except for a mild Red Hat bias and the fact that Dave Wreski (the author) didn't mention that the Tripwire security-auditing package he recommends is proprietary software. The publisher says it intends to open-source it later this year, but has not done so yet. There's already an open-source (GPLed) equivalent by Rami Lehti of Finland, "AIDE", http://www.cs.tut.fi/~rammer/aide.html . -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From nick at netaxs.com Sun Aug 6 11:50:15 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 14:50:15 -0400 (EDT) Subject: [buug] /etc/service In-Reply-To: <20000805223814.6931.qmail@web5501.mail.yahoo.com> Message-ID: On Sat, 5 Aug 2000, Zeke Krahlin wrote: > Another tip from my FreeNetCubs board. Does it sound like a good security > measure, or too much on the brute-force side? (I know Stoddard recommends > a similar method for "/etc/indetd.conf".) This is a good idea with a but. but first you should go in and learn what you're commenting out. Everything you don't need should go, but you shouldn't get rid of stuff you haven't a clue about. In terms of services offered by inetd, I only have auth (for irc). Other than that I consider everything else more information than I feel like giving out. > ---begin tip > > What do all those ports mean? > Posted by Paranoid Chick on 8/2/2000 > > Your computer has tons and tons of ports available for connection from > outside hosts. Like "8080", "21", 3128", etc..... > > Well, what do all these ports mean? > > Well the IANA has assigned specific port numbers to particular services on > your box. If you are running Linux (as you SHOULD be if you are reading > this) just have a look at the /etc/services file and you'll get an > eyefull. > > It's a good idea to comment out (put a '#' in front of) those services you > know you are not running, like datametrics on port 1645 and radius on port > 1812. In fact, if you don't know what a particular service is, chances are > you don't need it and should comment it out! > > ---end tip I really can't imagine that this would help anything. If you have no services running on these ports then it can't do you any harm. There's nothing on the other end to connect to and they're all standard ports anyway. It's probably not a good idea to go messing aroudn with this stuff if you don't know what you're doing and should you implement things later on it could screw you over. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ There are some who argue that this decreases readability. They are wrong. -Learning Perl on the use of sort { $a <=> $b } @list Randal L. Schwartz & Tom Christiansen From nick at netaxs.com Sun Aug 6 12:08:22 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 15:08:22 -0400 (EDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000806105715.B3291@linuxmafia.com> Message-ID: On Sun, 6 Aug 2000, Rick Moen wrote: > Here's part of what's bothering me, Zeke (and I hope this doesn't strike > you as just ill temper): _How_ can you decide that something is a > "great link regarding Internet/Linux security", before having a good > grasp of that topic? Oooh, that's a burn! > Anyhow: The notion of password-protecting the boot process presupposes > that random people are going to be allowed physical access to the > console (keyboard & monitor) and (usually) also the system box that > has the drives and motherboard in it. > > Give the public physical access to the system box, and the game is over. > You then have no system security -- if only because the bad guys can > extract your hard drives and take them home. You can play cat and mouse > with the public, by password-protecting LILO, setting the BIOS so it > will not boot from removable media, password-protecting the BIOS, etc., > but you've really already lost, if you allow physical access. No. The world isn't black and white. There are many different levels of physical security. Should you lose all physical security, then you're screwed (with a few exceptions). However, there are a lot of situations where you have partial physical security, semisupervised computers, i.e. computer labs, colo (unless you're talking nice, expensive shit in which case you've got almost complete physical security, cages, lockers *drool* *drool*.. ah, but any way, I digress. I'll take computer labs as my example. Many places, i.e. libraries, schools, etc.. have computers in areas where people are. You could somewhat easily compromise security if you made sure nobody was really paying attention to you (I know, I've done it). You can't open up computers (especially when additional bolted down type physical security is provided) without becoming very noticable. While it's still possible to get around that sort of thing it's much harder and a completely higher level of a breech. So in many circumstances, those extra measures go the extra mile in stopping what amounts to mostly script kiddies from screwing with stuff you want to keep as is. > And so it goes. Anyhow, getting back to my overall point, just as with > the "tip" about /etc/services, you can't just assume that this source of > information is "good" just because it's there and you can follow it. This is true. While there a great deal of intuitive information out there, some of it's not quite so obvious and the unix community has spent decades learning this sort of thing the hard way. It's usually a good idea (especially in the realm of security) to check your information by going to a few different sources that are vastly different and of course by checking what the experts/authorities say. > If can't find much wrong with the rest of those two pages except for a > mild Red Hat bias and the fact that Dave Wreski (the author) didn't > mention that the Tripwire security-auditing package he recommends is > proprietary software. The publisher says it intends to open-source it > later this year, but has not done so yet. There's already an > open-source (GPLed) equivalent by Rami Lehti of Finland, "AIDE", > http://www.cs.tut.fi/~rammer/aide.html . Ugh, my commentary on this will have to wait until I get a chance to read it. For now though, I really must get off to work. It's past 3 & I'm not even done getting dressed. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ i am the truth from which you run -nine inch nails, mr self destruct From nick at netaxs.com Sun Aug 6 13:03:39 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 16:03:39 -0400 (EDT) Subject: [buug] Dirty Pool Linux In-Reply-To: <20000805230622.2917.qmail@web5505.mail.yahoo.com> Message-ID: On Sat, 5 Aug 2000, Zeke Krahlin wrote: > >From my FreeNetCubs board, comes this: > > ---begin article > > Now here's a tantalizing thought.... > Posted by Shark on 8/3/2000 > > Is it time for Linux to start playing dirty? Read the article and lend us > your thoughts: > > http://www.osopinion.com/Opinions/BenHarris/BenHarris1.html > > ---end article I just can't decide what I think of this. Bad satire or merely full of shit? Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ Earth is a single point of failure. -Quote from Patrick Greenwell's signature From rick at linuxmafia.com Sun Aug 6 13:14:00 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 13:14:00 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from nick@netaxs.com on Sun, Aug 06, 2000 at 03:08:22PM -0400 References: <20000806105715.B3291@linuxmafia.com> Message-ID: <20000806131400.C3291@linuxmafia.com> begin Nicolai Rosen quotation: > No. The world isn't black and white. There are many different levels of > physical security. [...] Right, then. You have a bank of x86 Linux machines on which I (among other users) am allowed to use the console, including physical access to the floppy drives. You have charged someone with supervising the room. You've password-protected LILO, and the system ROM BIOS. Question, Nicolai: Can I get root inside of 60 seconds, anyway? And how much do you want to bet on that? -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From nick at netaxs.com Sun Aug 6 13:22:39 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 16:22:39 -0400 (EDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000806131400.C3291@linuxmafia.com> Message-ID: On Sun, 6 Aug 2000, Rick Moen wrote: > begin Nicolai Rosen quotation: > > No. The world isn't black and white. There are many different levels of > > physical security. [...] > > Right, then. You have a bank of x86 Linux machines on which I (among > other users) am allowed to use the console, including physical access to > the floppy drives. You have charged someone with supervising the room. > You've password-protected LILO, and the system ROM BIOS. Question, > Nicolai: Can I get root inside of 60 seconds, anyway? > > And how much do you want to bet on that? I'd like so see how (with the additional provision that the boot sequence is set properly in the bios so you can't boot off of floppy, something any sane setup would include). And no cheap tricks involving security holes in specific implementations of protocols and the like. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ All of us who were connected with computers lusted after them. To have a computers was better than sex. -Ed Roberts, Inventor of the altair 8800 From rick at linuxmafia.com Sun Aug 6 13:39:55 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 13:39:55 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from nick@netaxs.com on Sun, Aug 06, 2000 at 04:22:39PM -0400 References: <20000806131400.C3291@linuxmafia.com> Message-ID: <20000806133955.D3291@linuxmafia.com> begin Nicolai Rosen quotation: > I'd like so see how (with the additional provision that the boot > sequence is set properly in the bios so you can't boot off of floppy, > something any sane setup would include). And no cheap tricks involving > security holes in specific implementations of protocols and the like. I'll bet you didn't know about the standardised service passwords for BIOS Setup access, did you? The Linux setups at City College of San Francisco and at The Coffeenet were designed with knowledge of those in mind. We figured a sizeable number of people would know of the service passwords for the AMI BIOS. So, those machines are set up such that, if you crack root, you actually have _fewer_ rights on that LAN (both were NIS+/NFS-based) than if you stuck to your regular user account. There remains, of course, the possibility that such a user would eventually "rm -rf /" (or such) on a given machine's console. That's why there were disk images stored on the NFS server, to untar onto the workstations if necessary. The NIS+/NFS servers were, of course, situated in locked rooms. Thereby returning us to my original point. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From nick at netaxs.com Sun Aug 6 15:36:20 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 18:36:20 -0400 (EDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000806133955.D3291@linuxmafia.com> Message-ID: On Sun, 6 Aug 2000, Rick Moen wrote: > begin Nicolai Rosen quotation: > > > I'd like so see how (with the additional provision that the boot > > sequence is set properly in the bios so you can't boot off of floppy, > > something any sane setup would include). And no cheap tricks involving > > security holes in specific implementations of protocols and the like. > > I'll bet you didn't know about the standardised service passwords for > BIOS Setup access, did you? Ah, forgot about that angle. Not all bioses have them though (I forget what the breakdown is) so you can still run a secure system if you do it right. Also, it's important to keep in mind that few people know about the backdoor passwords and any additional security you can provide, from passwords in LILO to locked down boxes reduce your chance of getting cracked. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ A language that doesn't affect the way you think about programming, is not worth knowing. -Alan J. Perlis From rick at linuxmafia.com Sun Aug 6 16:05:09 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 16:05:09 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from nick@netaxs.com on Sun, Aug 06, 2000 at 06:36:20PM -0400 References: <20000806133955.D3291@linuxmafia.com> Message-ID: <20000806160509.E3291@linuxmafia.com> begin Nicolai Rosen quotation: > Ah, forgot about that angle. Then, you have been wasting my time. > Not all bioses.... > Also, it's important.... I'm sorry, but I've gotten _really_ tired people expecting me to debate them because they've had some insight allowing open physical host access to become safe. If you would like to see one of the innumerable places where this discussion has been done to death, check the SVLUG list archives. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From nick at netaxs.com Sun Aug 6 16:10:32 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 19:10:32 -0400 (EDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000806160509.E3291@linuxmafia.com> Message-ID: On Sun, 6 Aug 2000, Rick Moen wrote: > > Not all bioses.... > > > Also, it's important.... > > I'm sorry, but I've gotten _really_ tired people expecting me to debate > them because they've had some insight allowing open physical host access to > become safe. If you would like to see one of the innumerable places > where this discussion has been done to death, check the SVLUG list > archives. Yeah, you're right. We should really just follow you blindly. It's much more efficient if not particularly effective at creating secure systems. Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ A language that doesn't affect the way you think about programming, is not worth knowing. -Alan J. Perlis From rick at linuxmafia.com Sun Aug 6 16:15:21 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 16:15:21 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from nick@netaxs.com on Sun, Aug 06, 2000 at 07:10:32PM -0400 References: <20000806160509.E3291@linuxmafia.com> Message-ID: <20000806161521.F3291@linuxmafia.com> begin Nicolai Rosen quotation: > Yeah, you're right. We should really just follow you blindly. I'm sorry, but which part of "You're wasting my time" did you not understand? There seems to be a mental disease spread by both life in California and college life that causes certain people to think other people owe them free tutoring upon demand. Good luck with that, but I think you'll find it doesn't work too well. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From nick at netaxs.com Sun Aug 6 16:25:35 2000 From: nick at netaxs.com (Nicolai Rosen) Date: Sun, 6 Aug 2000 19:25:35 -0400 (EDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000806161521.F3291@linuxmafia.com> Message-ID: On Sun, 6 Aug 2000, Rick Moen wrote: > > Yeah, you're right. We should really just follow you blindly. > > I'm sorry, but which part of "You're wasting my time" did you not > understand? Oh, I understood, I just didn't care. Your time is worthless to me. > There seems to be a mental disease spread by both life in California and > college life that causes certain people to think other people owe them > free tutoring upon demand. Good luck with that, but I think you'll find > it doesn't work too well. I don't live in California, I'm not in college life, and I hardly need your tutoring. I unlike you however feel a moral obligation to help others rather than merely berating them so while I found you amusing before, now you're just getting on my nerves. For Zeke, don't take anybody's word as gospel. Rick's wrong about security. He doesn't "get" it. by his logic it would be a waste to use ssh because it could be brute forced given enough time so you might as well use telnet. Security is about minimalism and vigilance so any additional layer of security you add can help. If the computer is publicly accessable, then adding a password to LILO will make you just that more secure, so go for it. Just don't get overconfident about it (we've seen what that can do :) Nicolai Rosen, nick at netaxs.com http://www.netaxs.com/~nick/ Earth is a single point of failure. -Quote from Patrick Greenwell's signature From rick at linuxmafia.com Sun Aug 6 16:26:53 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 6 Aug 2000 16:26:53 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from nick@netaxs.com on Sun, Aug 06, 2000 at 07:25:35PM -0400 References: <20000806161521.F3291@linuxmafia.com> Message-ID: <20000806162653.A28118@linuxmafia.com> begin Nicolai Rosen quotation: > Oh, I understood, I just didn't care. Your time is worthless to me. Splendid! Thanks for clarifying that. You can talk to my /dev/null from now on. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From zk_lists at yahoo.com Mon Aug 7 00:14:27 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Mon, 7 Aug 2000 00:14:27 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000807071427.8170.qmail@web5502.mail.yahoo.com> --- Rick Moen wrote: > "Open your present...." > "No, you open your present...." > Kaczinski Christmas. > -- Unabomber Haiku Contest, CyberLaw mailing list Oh my deity, that's a good one! "Unabomber Haiku Contest"? Har! __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Mon Aug 7 00:36:21 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Mon, 7 Aug 2000 00:36:21 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000807073621.10695.qmail@web5502.mail.yahoo.com> --- Rick Moen wrote: > Here's part of what's bothering me, Zeke (and I hope this doesn't strike > you as just ill temper): _How_ can you decide that something is a > "great link regarding Internet/Linux security", before having a good > grasp of that topic? No, I really *can't make such a decision. What to me may seem *great could make Linux wizards groan. I hope though, that my batting average, even as a beginner, will rate reasonably high overall. > I'm not raising this problem in order to provide a pat answer. It's a > thorny problem without any good, simple answer. But it's a highly > relevant problem to always bear in mind, anyway. And as you already pointed out, the suggestion to mess with /etc/services was totally bogus. So for me to pass it off as *great was unfair, though not intentionally. I will post my references more fairly in future, knowing that I really know very little in this subject. It is "great" that I have members of my board eager to share...but this is not the same thing as the references themselves being "great". I have already forwarded your advice to my board, re. not messing with /etc/services, so that this newbie (and others) may realize that caution is advisable when newbies recommend tips to other newbies. > Give the public physical access to the system box, and the game is over. > You then have no system security -- if only because the bad guys can > extract your hard drives and take them home. You can play cat and mouse > with the public, by password-protecting LILO, setting the BIOS so it > will not boot from removable media, password-protecting the BIOS, etc., > but you've really already lost, if you allow physical access. Yes, I see what you mean, Rick. Protection of a network, and every computer connected to it, is based on software methods with adminstration vigilance. If anyone has access to the physical parts, he or she can just crush a hard drive with a hammer, or walk away with it. So to finagle software tricks to protect a system from physical proximity of a potential abuser, is essentially a ruse. The only way to provide physical protection is with a better lock, a better case, a better door...or some other physical layer of protection; including *distance from unwelcome visitors. > If can't find much wrong with the rest of those two pages except for a > mild Red Hat bias and the fact that Dave Wreski (the author) didn't > mention that the Tripwire security-auditing package he recommends is > proprietary software. The publisher says it intends to open-source it > later this year, but has not done so yet. There's already an > open-source (GPLed) equivalent by Rami Lehti of Finland, "AIDE", > http://www.cs.tut.fi/~rammer/aide.html . Thanks for another juicy tip. I have tripwire on a CD that came with "Linux Administration for Dummies". Instead, I'll use AIDE. ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Mon Aug 7 00:44:46 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Mon, 7 Aug 2000 00:44:46 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000807074446.16922.qmail@web5504.mail.yahoo.com> --- Nicolai Rosen wrote: > On Sun, 6 Aug 2000, Rick Moen wrote: > > _How_ can you decide that something is a > > "great link regarding Internet/Linux security", before having a good > > grasp of that topic? > > Oooh, that's a burn! I'll say! I bruise easily, so I'm *still licking my wounds. > So in many circumstances, those extra measures go the extra mile > in stopping what amounts to mostly script kiddies from screwing > with stuff you want to keep as is. Point well made. It may *not be a waste of time to add *some additional software tricks to thwart the most common attempts to compromise system security. ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Mon Aug 7 01:08:16 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Mon, 7 Aug 2000 01:08:16 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000807080816.20017.qmail@web5504.mail.yahoo.com> --- Nicolai Rosen wrote: > I don't live in California, I'm not in college life, and I hardly need > your tutoring. I unlike you however feel a moral obligation to help > others rather than merely berating them so while I found you amusing > before, now you're just getting on my nerves. You both strike me as being Linux wizards...though with certain strong differences in ideology. I think that when one holds valuable knowledge in a major student region, and touches upon that community often...one does get drained by all the spoiled people who expect all solutions to be handed on a silver platter. As a result, many experts get sensitized to these situations, and are quick to deflect anyone who seems to be approaching them in such a manner. In some cases, they jump the gun; and I think Rick did so in your case. > For Zeke, don't take anybody's word as gospel. Rick's wrong about > security. He doesn't "get" it. As I said, there may be an ideological clash--albeit minor--between yourself and Rick. I have great respect for hard-working minds that acquire the excellent knowledge it takes to be Linux/Unix wizards. Don't mistake my respect for taking what any expert says as the final truth, including when it comes from Rick. I have much respect for what he says, and for what you say, too. And sometimes, people clash, even among wizards (or especially). __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From zk_lists at yahoo.com Mon Aug 7 01:49:23 2000 From: zk_lists at yahoo.com (Zeke Krahlin) Date: Mon, 7 Aug 2000 01:49:23 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security Message-ID: <20000807084923.1833.qmail@web5505.mail.yahoo.com> --- Nicolai Rosen wrote: > hah, no, I will not waste my time on a brick wall. Should he not know > something he passes it off as you're "wasting his time". Some of the most brilliant thinkers and leaders in history were regarded as "brick walls" in some circles. The appearance of a brick-wall personna, from someone with knowledge to impart, is usually a sign that such a person values what he has to share...and does not care to exhaust himself to the ground, with those who don't want to take his lessons to heart. He doesn't want to waste his time, when there are the few out there, who could more considerately take his lessons, and build on them. > I called him on the whole physical security thing and his response > was basically "that point that proves me wrong is so far beneath > me...". I do believe I'll unsubscribe to this list now. That is your prerogative, though I hate to see you go. I think you exaggerate Rick's sometimes caustic replies...and are too quick to act offended, and march on out of here. I believe if you hold your ground, and continue participating, things will balance out, and your contributions which differ from Rick's philosophy on some points, will add value to our archives. Before you arrived, Rick was the *only person who bothered to expend his energy and time, to answer in detail, messages I have posted. > You post something completely absurd (no offence, but read some books. Oh, well now *that's the kind of statement you accuse Rick of making, that you label as rude. I *am reading books...three have been read, six more to go...plus reading material on the 'net, as well as running a hacker-friendly message board with all sorts of clashing opinions. I am on the beginning of a steep learning curve. > I can reccomend good ones if you give me topics you're interested in), Thanks, I'll keep your offer in mind. > I respond w/ a point for point, Rick responds and berates you to > boost his ego and demonstrate to you his obvious superiority, > and you lap up the bone he throws you I have had teachers before Rick, including in topics not at all relating to computers (philosophy, anthropology, etc.) who were caustic on the surface, seemingly "arrogant"...but who turned out (with patience and fortitude) to be some of the kindest people on the face of this planet. Perhaps such previous experiences have led me to be far less reactive to apparant sharp remarks, than I'd otherwise be. > shove your lips farther up his ass. Well, a certain level of diplomacy is required by a sysop, or manager of any group...where you must juggle different personalities, and attempt to keep things running smoothly. You do exaggerate. > Many of my friends are tech heads. Most know more than me and > a few know less (what can I say, I'd rather be a small fish in a > big pond than the other way around). The important thing though is > that none of them are conceited about it. I have met many tech heads myself. Some are conceited, some are not. Among the conceited type, I have found most of them to turn out to be really good people...even better than those who *don't seem conceited on the surface (who often turn out to be intolerably bland). > I've known many people who think they know everything, but usually > they know nothing. They're so unreceptive to learning and changing > their misconceptions that they stagnate. This certainly does not sound like Rick Moen. I have dialogued with him long enough to know at least that much. You are welcome to disagree with him, or anyone else on this list. I expect occassional clashes/differences of opinion. I think that, in groups organizing in cyberspace, a little more thick-skin-edness is expected, in order to get along. After all, we are only ghosts. > Articles are usually fringe freaks who have baseless theories and > moronic notions that won't work. But at least *two members of my FreeNetCubs board are extremely knowledgeable, and have stuck with me through all its ups and downs, for over a year now. (We have suffered ongoing sabotage by M$ zealots, which has damaged our membership severely.) So not *all articles on my board are "baseless" or "moronic" (two more words which you'd be upset to see if Rick used 'em). ===== Zeke Krahlin zk_lists at yahoo.com --- FreeNetCubs BBS & Chat http://www5.50megs.com/fnc __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From rick at linuxmafia.com Mon Aug 7 09:35:29 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 7 Aug 2000 09:35:29 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000807071427.8170.qmail@web5502.mail.yahoo.com>; from zk_lists@yahoo.com on Mon, Aug 07, 2000 at 12:14:27AM -0700 References: <20000807071427.8170.qmail@web5502.mail.yahoo.com> Message-ID: <20000807093529.D30596@linuxmafia.com> begin Zeke Krahlin quotation: > Oh my deity, that's a good one! "Unabomber Haiku Contest"? Har! There's a bunch of 'em at http://linuxmafia.com/pub/humour/unabomber-haikus . Some are pretty good, others lame. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From mhigashi at hooked.net Mon Aug 7 16:07:42 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Mon, 7 Aug 2000 16:07:42 -0700 (PDT) Subject: [buug] /etc/service In-Reply-To: <20000806000123.A3291@linuxmafia.com> Message-ID: On Sun, 6 Aug 2000, Rick Moen wrote: > So, it should be readily apparent that you will accomplish nothing > worthwhile -- nada, zip, rien du tout -- by commenting out lines of this > lookup table. All you're doing is shooting yourself in the foot, and > making your system less usable. What you are _not_ doing is adding to > security in any way, since the numerical ports either have services > running on them or not, depending on other system configuration details > entirely. Hmm... Would it be possible to create a hole by altering /etc/services so that a port number of a service considered secure was associated with a vunerable service? This would also require alterations to /etc/inetd.conf, I think. Just speculating, Mike -- Michael Higashi mhigashi at hooked.net pager: 415-541-6820 From mhigashi at hooked.net Mon Aug 7 16:17:42 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Mon, 7 Aug 2000 16:17:42 -0700 (PDT) Subject: [buug] Secure Shell Success? In-Reply-To: Message-ID: On Sat, 5 Aug 2000, Nicolai Rosen wrote: > On Sat, 5 Aug 2000, Zeke Krahlin wrote: > > Perhaps I need to recreate "hosts.allow" and add "weak.org" to it? > > (Per Stoddard's instructions, I deleted "hosts.allow", and in > > "hosts.deny" I added the line "ALL: ALL".) > Sounds like this could be the problem. Only if the ssh daemon was launched through tcp wrappers in the inetd.conf file. _Very_ unlikely. Mike -- Michael Higashi mhigashi at hooked.net pager: 415-541-6820 From rick at linuxmafia.com Mon Aug 7 16:32:12 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 7 Aug 2000 16:32:12 -0700 Subject: [buug] /etc/services In-Reply-To: ; from mhigashi@hooked.net on Mon, Aug 07, 2000 at 04:07:42PM -0700 References: <20000806000123.A3291@linuxmafia.com> Message-ID: <20000807163212.E10100@linuxmafia.com> begin Michael Higashi quotation: > Hmm... Would it be possible to create a hole by altering /etc/services > so that a port number of a service considered secure was associated > with a vunerable service? Assuming the process opens ports by name rather than port number, I suppose so. But please note that this is a total change of topic from that of the preceding thread. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From mhigashi at hooked.net Mon Aug 7 16:40:18 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Mon, 7 Aug 2000 16:40:18 -0700 (PDT) Subject: [buug] /etc/services In-Reply-To: <20000807163212.E10100@linuxmafia.com> Message-ID: On Mon, 7 Aug 2000, Rick Moen wrote: > begin Michael Higashi quotation: > > > Hmm... Would it be possible to create a hole by altering /etc/services > > so that a port number of a service considered secure was associated > > with a vunerable service? > > Assuming the process opens ports by name rather than port number, I > suppose so. > > But please note that this is a total change of topic from that of the > preceding thread. Well, the thread started with a quote from Stoddard saying to secure /etc/services with the 'chattr' command. I was just speculating on why he might consider that file worth securing. Mike -- Michael Higashi mhigashi at hooked.net pager: 415-541-6820 From rick at linuxmafia.com Mon Aug 7 16:45:03 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 7 Aug 2000 16:45:03 -0700 Subject: [buug] /etc/services In-Reply-To: ; from mhigashi@hooked.net on Mon, Aug 07, 2000 at 04:40:18PM -0700 References: <20000807163212.E10100@linuxmafia.com> Message-ID: <20000807164503.F10100@linuxmafia.com> begin Michael Higashi quotation: > Well, the thread started with a quote from Stoddard saying to secure > /etc/services with the 'chattr' command. I was just speculating on why he > might consider that file worth securing. OK, got it. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From feedle at feedle.net Fri Aug 11 09:56:06 2000 From: feedle at feedle.net (Christopher Sullivan) Date: Fri, 11 Aug 2000 16:56:06 +0000 (GMT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000805115713.H21503@linuxmafia.com> Message-ID: I'm so sorry I missed the flamewar. That being said, some interesting observations I have about Linux security, based on real-world experience. 1. There is no substitute for good physical security. Especially on the Intel platform, if somebody has physical access to the box, there's going to be little to stop them from gaining access to the data. This is why every datacenter I've ever been in has uber-anal security. 2. Linux, as software goes, is a reasonably secure operating system when properly configured. Unfortunately, many Linux distributions (Debian, noteably, NOT being one of them) have bad default security policies. In all cases, however (even with Debian), there's no substitute for good sysadmin practices. 3. As with anything in life, test frequently and often. If you never try to "hack" your way in to your own equipment, you'll never know how secure your environment is. Added bonus: hacking requires critical thinking skills, something that is a Good Thing to exercise, anyway. 4. Most importantly, encrypt frequently and often, and know how to properly use encryption tools. Assume that any data on your machine that is in cleartext can be read by anybody, regardless of the security permissions on the machine. And, for deity's sake, keep your private keysets on a floppy that you keep in your pocket, and ideally don't unencrypt stuff on a multi-user machine (I keep a box around that only runs in single-user mode specifically for performing crypto functions). 5. Lastly, risk assessment is an important part of security. Obviously, if you run a small semi-public shell server like I do, you have different security requirements than a bank. A super-tight box is great, but it may be unusable. Learn about the implications of your day-to-day computing activities, and make intelligent decisions on the level of risk you want to accept. This is perhaps the biggest mistake most Windows users make: they allow all sorts of cookies, JavaScript, VBScript, etc. full access to their systems without considering the implications of each in the environment they work in. (Personal note: the first thing I did when I installed MSOutlook a long time ago was wander through the configuration options. VBScript in E-Mail? Hell, no!) Keep this in mind: Even Windows is capable of providing reasonable security if you properly configure it. and intelligently choose what options you turn on/off. -Fedl (why am I always missing the good flamewars?) From rick at linuxmafia.com Fri Aug 11 10:25:13 2000 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 11 Aug 2000 10:25:13 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from feedle@feedle.net on Fri, Aug 11, 2000 at 04:56:06PM +0000 References: <20000805115713.H21503@linuxmafia.com> Message-ID: <20000811102513.D4949@linuxmafia.com> begin Christopher Sullivan quotation: > 4. Most importantly, encrypt frequently and often, and know how to > properly use encryption tools. That reminds me: The monthly Cypherpunks South Bay gathering is this Saturday, noon to 5:30 PM, at Tressider Student Union at Stanford U. (Berkeyites can attend under a flag of truce.) Also, a bunch of the Cypherpunks are evidently going to migrate in the evening over to the CABAL meeting and barbecue at my house, which starts at 4 PM. Among the topics of conversation will be planning for RSA petent expiration celebrations. > And, for deity's sake, keep your private keysets on a floppy that you > keep in your pocket.... I've often thought that the credit-card-sized CD-ROM format used for the Linuxcare Bootable Business Card and similar things would be just the ticket, if you could store it in some kind of hard case. Unfortunately, the plastic used will crack, if stored in one's pocket the regular way, including putting it in your wallet. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From rick at linuxmafia.com Fri Aug 11 10:27:58 2000 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 11 Aug 2000 10:27:58 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000811102513.D4949@linuxmafia.com>; from rick@linuxmafia.com on Fri, Aug 11, 2000 at 10:25:13AM -0700 References: <20000805115713.H21503@linuxmafia.com> <20000811102513.D4949@linuxmafia.com> Message-ID: <20000811102758.E4949@linuxmafia.com> I forgot to post the URLs: > That reminds me: The monthly Cypherpunks South Bay gathering is this > Saturday, noon to 5:30 PM, at Tressider Student Union at Stanford U. > (Berkeyites can attend under a flag of truce.) Also, a bunch of the > Cypherpunks are evidently going to migrate in the evening over to the > CABAL meeting and barbecue at my house, which starts at 4 PM. http://www.cryptorights.org/cypherpunks/2000/0812-SF.html Stanford http://linuxmafia.com/bale/#cabal CABAL http://linuxmafia.com/~rick/map-2033Sharon.jpeg Map http://linuxmafia.com/~rick/directions.html Directions -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From feedle at feedle.net Fri Aug 11 10:37:58 2000 From: feedle at feedle.net (Christopher Sullivan) Date: Fri, 11 Aug 2000 17:37:58 +0000 (GMT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000811102513.D4949@linuxmafia.com> Message-ID: > That reminds me: The monthly Cypherpunks South Bay gathering is this > Saturday, noon to 5:30 PM, at Tressider Student Union at Stanford U. > (Berkeyites can attend under a flag of truce.) Also, a bunch of the > Cypherpunks are evidently going to migrate in the evening over to the > CABAL meeting and barbecue at my house, which starts at 4 PM. > > Among the topics of conversation will be planning for RSA petent > expiration celebrations. Too bad I'll be in LA attending a friend's wedding. Boo hoo. When is the exact date of the RSA patent expiration? > I've often thought that the credit-card-sized CD-ROM format used for the > Linuxcare Bootable Business Card and similar things would be just the > ticket, if you could store it in some kind of hard case. Unfortunately, > the plastic used will crack, if stored in one's pocket the regular way, > including putting it in your wallet. I was referring to a chest pocket, but the idea remains the same. Actually, these new "thumb drives" that plug into the USB port are a good idea. I don't know what Linux support for such things is like, however. -Fedl From rick at linuxmafia.com Fri Aug 11 10:49:40 2000 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 11 Aug 2000 10:49:40 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from feedle@feedle.net on Fri, Aug 11, 2000 at 05:37:58PM +0000 References: <20000811102513.D4949@linuxmafia.com> Message-ID: <20000811104940.G4949@linuxmafia.com> begin Christopher Sullivan quotation: > When is the exact date of the RSA patent expiration? Interesting question. The bizarre thing is that it's probably _literally_ indeterminate. http://lwn.net/2000/0727/backpage.php3 : Date: Thu, 20 Jul 2000 16:54:03 -0700 To: letters at lwn.net Subject: RSA Patent Expiration From: Rick Moen Dear Mr. Corbet and Ms. Coolbaugh: You may be amused to hear that the data and time the (USA) patent on RSA expires may be literally indeterminate! The RSA algorithm is covered by US patent #4,405,829, which was issued September 20, 1983 (and thus is a 17-year patent) to Ronald Rivest, Avi Shamir, and Leonard Adleman. Everyone says it therefore expires this September 20. Here in the Bay Area, we have tentative plans for a celebration party and informational event concerning RSA and other crypto software, when the patent expires. But, the question is, when exactly? 5 PM Washington DC time on the 20th? 8 AM Washington DC time on the 21st? Hoping to find out when exactly the algorithm can be freely used in the USA without royalties or infringement, we posed that question to some friendly and knowledgeable patent attorneys at the firm Bever, Hoffman, and Harms, LLC (http://www.beverlaw.com/), in San Jose. Partner Julie Stephenson kindly responded, with an e-mail from that firm (which presumably should not be considered legal advice): ------ I researched the question right after we spoke. Unfortunately, the answer is that there is no answer. According to Chisum (a premiere researcher in the field), the caselaw on the subject is in conflict. Thus, if a patent has a date of June 28, 1983, and the term of the patent is 17 years, then the last day of coverage of the patent has been interpreted to be both June 27, 2000, and June 28, 2000, in different cases. I looked around a little further, and found no information relating to the time of expiration of a patent. Because the caselaw is still in conflict on the date of expiration, I can't imagine a situation where the *time* on the date of expiration (much less the time zone of the time on the date of expiration) would have been litigated without clarifying that whole date of expiration mess. So I can give you no direction as to *when* you should begin partying. What does this mean for you? Well, you can either party on September 20, 2000, and be prepared to change the name of your party from "the first day of no coverage by the RSA patent" to "the last day of oppression by the RSA patent" while knowing that anyone partying from 11:55 pm to 12:05 am will have actually partied on the right day (ignoring that whole time zone thing) OR you can party on September 21, 2000, and be assured that you are partying on a no-patent coverage day. However, in the minds of some people, you would be partying on the day after the day the patent expires. :) If it helps at all, it appears that generic drug manufacturers would begin selling their drugs on (in the example above) June 29, 2000. (Note that this ignores the issue of then manufacturing the drugs prior to the expiration of the patent, which was one of the bases for litigation in one of the conflicting cases mentioned above.) Sorry I couldn't be more clear - that is the pitfall of working in the law.... There is often no right answer, only opinions and arguments. On the bright side, you can choose a reasonable time and date of expiration (say, 11:59 pm EST on September 20, 2000), and have some caselaw basis for choosing that date. If you think of it, please let me know what you decide. I'll have a drink at that time in celebration. :) Have fun, Julie ------ Happily, after one notices that the 20th is a Thursday, the alternative of skirting all these issues by holding the party on Saturday the 23rd, instead, became (er...) patently obvious. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From mhigashi at hooked.net Fri Aug 11 16:39:10 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Fri, 11 Aug 2000 16:39:10 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000811102513.D4949@linuxmafia.com> Message-ID: On Fri, 11 Aug 2000, Rick Moen wrote: > > And, for deity's sake, keep your private keysets on a floppy that you > > keep in your pocket.... > > I've often thought that the credit-card-sized CD-ROM format used for the > Linuxcare Bootable Business Card and similar things would be just the > ticket, if you could store it in some kind of hard case. Unfortunately, > the plastic used will crack, if stored in one's pocket the regular way, > including putting it in your wallet. There are CD-R discs in that size format. Mike -- Michael Higashi mhigashi at hooked.net pager: 415-541-6820 From ezekielk at weak.org Mon Aug 14 20:38:14 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Mon, 14 Aug 2000 20:38:14 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: Message-ID: On Fri, 11 Aug 2000, Christopher Sullivan wrote: > I'm so sorry I missed the flamewar. It was actually just a quick spark that came and went in a flash. But it was cute. > That being said, some interesting observations I have about Linux > security, based on real-world experience. > Keep this in mind: Even Windows is capable of providing reasonable > security if you properly configure it. and intelligently choose what > options you turn on/off. Thanks for your opinions regarding security in Linux systems...and why the methods vary depending upon what is being done with the OS in the fist place. When delving into Linux for the first time (early this year), I was suprised and not a little disappointed to learn that most of the popular distros were installed with a poor level of security, just like Windoze. My original impression was that and version of Linux would be very secure out of the box. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From ezekielk at weak.org Mon Aug 14 20:48:49 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Mon, 14 Aug 2000 20:48:49 -0700 (PDT) Subject: [buug] New Economy of Cyberspace = Social Democracy Message-ID: So here's an enticing article that describes the Internet culture as evolving from a gift-giving subculture that sprang from the sixties revolution. www.firstmonday.dk/issues/issue3_12/barbrook/ Includes these subtopics: The Legacy of the New Left The Net as Really Existing Anarcho-Communism The 'New Economy' is a Mixed Economy --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From rick at linuxmafia.com Mon Aug 14 20:55:20 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Aug 2000 20:55:20 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from ezekielk@weak.org on Mon, Aug 14, 2000 at 08:38:14PM -0700 References: Message-ID: <20000814205520.A9443@linuxmafia.com> begin Zeke Krahlin quotation: > When delving into Linux for the first time (early this year), I was > suprised and not a little disappointed to learn that most of the > popular distros were installed with a poor level of security, just > like Windoze. Um, no. Not at all like Windows. Most of the popular distributions have historically had poor security by Unix standards, and even the most security-minded Linux distributions need some work compared to, say, OpenBSD. But the Linux kernel and TCP/IP stack have had security miles ahead of both the Win9x and WinNT kernels and TCP/IP stacks, the user-level security is miles ahead of those other two platforms', and its network-level security generally ditto. > My original impression was that any version of Linux would be very > secure out of the box. That wouldn't sell: Security is inherently inconvenient. Sun's Solaris does a default installation that's a really bad joke in the security department. Compentent Solaris admins go to some lengths to fix that, during and after installation. The same is true of most otherwise-good OSes. And at least they're fixable. The holes that Win9x and WinNT are riddled with tend to be pervasive and systemic. And one cannot even hope for genuine OS security unless and until one is willing to put in some serious time studying the subject -- since, as Bruce Schneier says, security isn't a product; it's a process. http://www.counterpane.com/crypto-gram.html -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From rick at linuxmafia.com Mon Aug 14 21:03:54 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Aug 2000 21:03:54 -0700 Subject: [buug] New Economy of Cyberspace = Social Democracy In-Reply-To: ; from ezekielk@weak.org on Mon, Aug 14, 2000 at 08:48:49PM -0700 References: Message-ID: <20000814210354.B9443@linuxmafia.com> begin Zeke Krahlin quotation: > So here's an enticing article that describes the Internet culture as > evolving from a gift-giving subculture that sprang from the sixties > revolution. > > www.firstmonday.dk/issues/issue3_12/barbrook/ Barbrook is at best a semi-clued policy wonk. My eyes happened to fall onto his footnotes, and #21 and #28 immediately stand out as completely failing to understand: "Shareware is also often known as freeware or open source software." Bzzt! No, I'm sorry. Wad the paper up and start over, Richard. It might be smarter to skip the watered-down, middle-brow _Nation_-mag refugee public affairs esssays and go directly to http://www.opensource.org/ http://www.tuxedo.org/~esr/writings/ -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From ezekielk at weak.org Mon Aug 14 21:52:13 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Mon, 14 Aug 2000 21:52:13 -0700 (PDT) Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: <20000814205520.A9443@linuxmafia.com> Message-ID: On Mon, 14 Aug 2000, Rick Moen wrote: >Zeke wrote: > > When delving into Linux for the first time (early this year), I was > > suprised and not a little disappointed to learn that most of the > > popular distros were installed with a poor level of security, just > > like Windoze. > > Um, no. Not at all like Windows. Only superficially, I admit. Both OS's are not secure right out of the box (excepting Debian). Though certainly, as you pointed out, Linux exceeds Windoze by a quantum leap, when it comes to *inherent security potentials. Though you must study the methods to achieve them...whereas in Windoze you can't really do all that Linux can, no matter how much you study. Windoze just doesn't cut the mustard. > > My original impression was that any version of Linux would be very > > secure out of the box. > > That wouldn't sell: Security is inherently inconvenient. I see that now. > Bruce Schneier says, security isn't a product; it's a process. > > http://www.counterpane.com/crypto-gram.html Thanks! I have just subscribed to the "Crypto-Gram Newsletter". Good reading. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From ezekielk at weak.org Mon Aug 14 21:55:08 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Mon, 14 Aug 2000 21:55:08 -0700 (PDT) Subject: [buug] New Economy of Cyberspace = Social Democracy In-Reply-To: <20000814210354.B9443@linuxmafia.com> Message-ID: On Mon, 14 Aug 2000, Rick Moen wrote: > onto his footnotes, and #21 and #28 immediately stand out as completely > failing to understand: "Shareware is also often known as freeware or > open source software." Bzzt! No, I'm sorry. That did stick in my craw. > It might be smarter to skip the watered-down, middle-brow _Nation_-mag > refugee public affairs esssays and go directly to > > http://www.opensource.org/ > http://www.tuxedo.org/~esr/writings/ Will do! Straight to the penguin's mouth. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From rick at linuxmafia.com Mon Aug 14 22:01:17 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Aug 2000 22:01:17 -0700 Subject: [buug] Great Links re. Internet/Linux Security In-Reply-To: ; from ezekielk@weak.org on Mon, Aug 14, 2000 at 09:52:13PM -0700 References: <20000814205520.A9443@linuxmafia.com> Message-ID: <20000814220117.C9443@linuxmafia.com> begin Zeke Krahlin quotation: > Both OS's are not secure right out of the box (excepting Debian). A _secure_ computer is one you unplug from the network, disconnect the telephone line from, unplug from the AC power, pour concrete around, and lock inside a guarded vault. Whose guards you trust. Anything short of that is somebody's idea of a good compromise. The trick is to get to the point where it's more _your_ compromise than someone else's. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From isla0005 at tc.umn.edu Tue Aug 15 00:36:26 2000 From: isla0005 at tc.umn.edu (Apu) Date: Tue, 15 Aug 2000 00:36:26 -0700 Subject: [buug] Ip Address References: Message-ID: <3998F2FA.92292BF6@tc.umn.edu> Is there a way to find the ip address of the machine I am using on freeBSD ? Also is there a way to register a name associated with that IP to the DNS ? Your help is much appreciated. Apu From feedle at feedle.net Tue Aug 15 07:20:06 2000 From: feedle at feedle.net (Christopher Sullivan) Date: Tue, 15 Aug 2000 14:20:06 +0000 (GMT) Subject: [buug] Ip Address In-Reply-To: <3998F2FA.92292BF6@tc.umn.edu> Message-ID: On Tue, 15 Aug 2000, Apu wrote: > Is there a way to find the ip address of the machine I am using on freeBSD ? Generically, just about all flavors of *nix have a program called "ifconfig" that will tell you the current configuration of the network interfaces. Try "/sbin/ifconfig -a". > Also is there a way to register a name associated with that IP to the DNS ? Yes. If you just want it to be resolvable, you can find one of these free DNS services that will give you a hostname under their domain name. If you want it to be box.somedomain.com, you'll need to have the system administrator responsible for somedomain.com to add it to his name server. Good luck, unless he's an old chess buddy or something. -Fedl From ezekielk at weak.org Wed Aug 16 20:44:45 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Wed, 16 Aug 2000 20:44:45 -0700 (PDT) Subject: [buug] Streaming Audio Question Message-ID: I want to make my interviews available on the web. They'll need to be played as streaming audio, however I haven't found yet, some utility that will let me convert these sound files into .ram format (Real Audio). At first, I jsut assumed that .mp3 is a de facto streaming audio format, but I gues that was a wrong assumption. (Or maybe there's a streaming audio utility or plug-in for mp3, that I don't know about?) I didn't realize that Real had a monopoly on sttreaming audio...for which I'd need Real Producer, which costs $299! Someone suggested I use Windows Media, which will convert my sound files into .wpm, which is also streaming audio...but I hate the idea of making my files available only to users of Windoze98. So, am I missing something here? Is there perhaps a utility dedicated to simply converting a sound file into streaming audio? (Or plug-in?) My interviews are in 10mb segments: eqivalent to 10 minutes each. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From rick at linuxmafia.com Wed Aug 16 23:53:08 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Aug 2000 23:53:08 -0700 Subject: [buug] Streaming Audio Question In-Reply-To: ; from ezekielk@weak.org on Wed, Aug 16, 2000 at 08:44:45PM -0700 References: Message-ID: <20000816235307.B10145@linuxmafia.com> begin Zeke Krahlin quotation: > ...I haven't found yet, some utility that will let me convert these > sound files into .ram format (Real Audio). If memory serves, Real Networks sued a company that made a compatible product, and won. (I think that was video, but the lesson is still present.) > At first, I jsut assumed that .mp3 is a de facto streaming audio > format, but I gues that was a wrong assumption. It's not streaming, nor is it free (as in freedom[1]). It's patented. Implementations either are paying royalties or are playing legal brinksmanship. > Someone suggested I use Windows Media.... Microsoft threatened with litigation a programmer who produces an open-source video player, for introducing compatibility with Microsoft's streaming video format. It seems that Microsoft claims its patent rights apply to the document format. Creepy little bastards. > So, am I missing something here? If you don't need _streaming_, there's Sun's .au (ULAW) format. Or {shrug} even .wav format. What you're really looking for in the long term is something like the Ogg Vorbis project's work-in-progress: http://www.xiph.org/ogg/vorbis/ 100% free formats and free code, but it's not really usable, yet. I expect that Xiphophorus (the people behind Ogg Vorbis) will follow up that work _very_ quickly with a good free streaming video format based on MPEG video standards. But that's all yet to come. [1] Every use of the word "free" in the above post concerns freedom, rather than cost. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From mhigashi at hooked.net Thu Aug 17 09:27:49 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Thu, 17 Aug 2000 09:27:49 -0700 (PDT) Subject: [buug] [BayFF] BayFF - Thursday August 17 -spread the word! (fwd) Message-ID: The Electronic Frontier Foundation will put on this presentation regarding privacy issues at UC Berkeley this evening. -- Michael Higashi mhigashi at hooked.net pager: 415-541-6820 ---------- Forwarded message ---------- Date: Wed, 16 Aug 2000 12:18:11 -0700 From: Katina Bishop Subject: [BayFF] BayFF - Thursday August 17 -spread the word! Hi everyone, Please come tomorrow night, and put this on appropriate lists that you have access to. I'll see you tomorrow! Katina Media Advisory BayFF Addresses Privacy on the Net -"Is It Too Late?" Karen Coyle and Ted Wham Debate Your Privacy Rights WHO: Electronic Frontier Foundation, Karen Coyle, Ted Wham and music by Patrick Norager WHAT: "BayFF" Meeting on privacy issues WHEN: Thursday, August 17th, 2000 at 7:30PM WHERE: UC Berkeley Law School (Boalt Hall) rm 140 http://www.law.berkeley.edu/bclt/ See DIRECTIONS below. In honor of its 10th Anniversary of defending civil liberties online, EFF presents a series of monthly meetings to address important issues where technology and policy collide. These meetings, entitled "BayFF" kicked off on July 10th, and will continue throughout the year. The upcoming BayFF features digital librarian Karen Coyle, and entrepreneur Ted Wham, formally of Excite at Home. They will engage in debate surrounding privacy issues on the Net. It's sure to be lively. Ted Wham is President of "Database Marketing for the Internet," an independent consultancy operating in Silicon Valley, California. Prior to starting his own business Wham worked in various managerial positions at the top-ten Internet portal and broadband service provider Excite at Home with responsibility for the company's registration products, outbound email marketing programs, website traffic analytics, and customer data privacy policies. Prior to joining Excite at Home he held database marketing positions at Hewlett-Packard, Viacom, and a closely held direct marketing firm in Seattle. Karen Coyle is a librarian by trade with nearly 20 years experience developing computer systems for libraries. She currently works at the University of California in the California Digital Library. While active in developing digital libraries, she is outspoken about the effects, both negative and positive, electronic information is having on society. She is active in Computer Professionals for Social Responsibility, a non-profit organization for people concerned with the impact of computer technology on society. She speaks and writes on the effect of computer culture on privacy, intellectual property, social equality and gender image. **** You can subscribe to EFF's mailing list to receive the regular BayFF annoucements. To subscribe, email majordomo at eff.org and put this in the text (not the subject line): subscribe BayFF. The Electronic Frontier Foundation (http://www.eff.org) is a leading global nonprofit organization linking technical architectures with legal frameworks to support the rights of individuals in an open society. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world. For complete information on online privacy, see: http://www.eff.org/Privacy ---------------------------------------------------------------------------- ---- DIRECTIONS Directions from the East Bay: Take Interstate 880 (Nimitz Fwy) towards Berkeley. In Oakland, follow signs for Interstate 580 (MacArthur Fwy). Take I-580 towards Berkeley (along this stretch of road, I-580 is also sometimes called I-80). Take the University Avenue exit. Follow University for approximately 2 miles. University ends at a T intersection with Oxford. Take a right onto Oxford and then, after 6 blocks or so, make a left on Durant. Follow Durant for about 6 blocks until you get to the intersection with Piedmont. Take a left onto Piedmont and then a quick left on Bancroft Way. Boalt Hall is the first building on your right. (Walking east on Bancroft, Boalt Hall is on your left, next to the open space with the fountain.) There are several parking lots in the near vicinity on Bancroft. Please take note of parking lot fees and restrictions. There is also plenty of metered street parking in the neighborhood surrounding Boalt Hall. Directions from San Francisco, the Pennisula, and the North Bay: Take the 101 North from the Peninsula or 101 South (across Golden Gate Br.) from the North Bay, and through city of San Francisco, following signs for the Bay Bridge. Proceed across Bay Bridge towards Oakland & Berkeley. A mile or so after you have crossed the bridge into the East Bay, the freeway will split, with the right fork heading down to San Jose, and the left fork heading north towards Berkeley, Richmond and points north. You want to take the left fork (north), which will be labeled "80/580." Proceed on Interstate 80/580 for a few miles, and take the University Avenue exit (on the right). Follow University for approximately 2 miles. University ends at a T intersection with Oxford. Take a right onto Oxford and then, after 6 blocks or so, make a left on Durant. Follow Durant for about 6 blocks until you get to the intersection with Piedmont. Take a left onto Piedmont and then a quick left on Bancroft Way. Boalt Hall is the first building on your right. (Walking east on Bancroft, Boalt Hall is on your left, next to the open space with the fountain.) There are several parking lots in the near vicinity on Bancroft. Please take note of parking lot fees and restrictions. There is also plenty of metered street parking in the neighborhood surrounding Boalt Hall. Directions via BART train + walking: Take BART to Downtown Berkeley station. Walk south along Shattuck to Shattuck & Bancroft (2-3 blocks) Walk east up Bancroft for about 10 minutes. You will pass Telegraph and the art museum. Boalt Hall is on your left, next to the open space with the fountain, near the end of the block (Bancroft @ Piedmont). Directions via BART + bus: Take BART to Downtown Berkeley station. Walk a short ways east along Center. Turn north along Oxford. On your right will be a bus stop for the "Campus Conductor" buses. Wait and one will come along shortly. Get off at Boalt Hall (ask conductor if necessary). Boalt Hall is on Bancroft, next to the open space with the fountain, near the end of the block (Bancroft @ Piedmont). Contacts: Katina Bishop - EFF Communications Manager +1 415 436 9333 x101 katina at eff.org Larry R. Trask - Chief Administrator Berkeley Center for Law and Technology +1 510 642 8073 ltrask at law.berkeley.edu From feedle at feedle.net Thu Aug 17 09:58:19 2000 From: feedle at feedle.net (Christopher Sullivan) Date: Thu, 17 Aug 2000 16:58:19 +0000 (GMT) Subject: [buug] RE: Customer Service Ticket #29277 (fwd) Message-ID: Boy I'm in a foul mood. I don't normally spout this kind of stuff on the list, but this really (for whatever reason) ignited feedle's fuse. Is this typical of the kind of customer service experience you get from "free" services, Zeke? This also brings out why many of these services will fail. People will only tolerate so much BS before they just give up. I had: in fact, when I didn't get a customer service reply in 48 hours, I went ahead and checked out xdrive, which I am now using instead. Laugh at it, cry at it... but keep in mind that this is the wave of the future: marginal customer service, and plenty of it. -Fedl (an apologies to people who are on both bayhack and buug for seeing this twice.) ---------- Forwarded message ---------- Date: Thu, 17 Aug 2000 09:51:50 -0700 (PDT) From: feedle at yahoo.com To: Don Johnson Subject: RE: Customer Service Ticket #29277 --- Don Johnson wrote: > > Hello, > > We could not duplicate the error for the FreeDrive > registered to > feedle at yahoo.com. > We need to know if you were using a PalmPilot, and No, I'm using a Microsoft CE-based Casio. (duhh) I did say "Palm VII", did I not? Does your FreeDrive Palm VII PQA even run on anything other than a Palm VII? Just a note: The Palm VII is not a PalmPilot. The "PalmPilot" was a specific model manufactured by Palm Computing around 5 years ago. Newer Palm Computing machines are not "PalmPilots": they are simply "Palms". Using the correct terminology with your customers will go a long way to helping them solve their problems. > please send your user > name > along with the problem. My user name is "feedle". Actually, an associate who also uses the Palm VII PQA was having the same problem, so it was not specific to my user account with FreeDrive. The problem was specifically stated in my previous message. Since you did not catch the fact that I indicated I was using the Palm VII PQA (thereby establishing without a doubt I was using a Palm), it is understandable that you didn't read the part where I specifically stated what problem I was having, including providing you with the exact VBScript error your web server was passing. When I was selecting a file to read (a .htm, or a .txt) I was getting an error message that was obviosly not generated locally. This had been going on for a week or more. The problem seems to have "magically" corrected itself sometime in the last two days. I suspect a customer service rep who was more responsive and/or paying attention got the information to your sysadmin and/or engineering staff and the problem was rectified. 8-day turnaround on a customer service issue. A new world's record, BTW. > Don > Customer Support > Don at FreeDrive.com > > -----Original Message----- > From: customer support > [mailto:rdestiny at freedrive.com] > Sent: Tuesday, August 08, 2000 5:14 PM > To: rdestiny at freedrive.com > Subject: Customer Service Ticket #29277 > > > Date: 8/8/00 > Ticket Number: 29277 > E-Mail: feedle at yahoo.com > Where problem was: Downloading > Problem description: Just a note: The Palm VII PQA > (or, more accurately, the > VBScript that drives it) is broken. Whenever I try > to access a .txt or > .html file, I get a VBScript error "Microsoft > VBScript runtime error > '800a01c1' Argument Not Optional: 'PalmGetFile' > /Palm/PalmFile.asp, line > 191. > > Cookies Enabled: Yes > Browser: Other > OS: Other > ISP: Other > Behind a firewall: yes > Using a proxy: yes > > User Agent: Mozilla/4.0 (compatible; MSIE 5.01; > Windows NT 5.0) > IP: 208.177.225.96 > HTTP_COOKIE: FreedriveCookieTest=true > > __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ From ezekielk at weak.org Thu Aug 17 12:23:55 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Thu, 17 Aug 2000 12:23:55 -0700 (PDT) Subject: [buug] Streaming Audio Question In-Reply-To: <20000816235307.B10145@linuxmafia.com> Message-ID: On Wed, 16 Aug 2000, Rick Moen wrote: > If memory serves, Real Networks sued a company that made a compatible > product, and won. (I think that was video, but the lesson is still > present.) Thank you for your well-informed account of the present situation with streaming audio. You have spared me from wasting a lot of time, only to discover what I need is not available for a reasonable price. I am familiar with all the other sound formats, including .au and .wav. However, I can't do this without streaming audio. My interviews run about 20-40 minutes, which I have broken down into 10mb audio file segments. No one on the web is going to bother to download such long files, before listening to them. The demo for Real Player has the conversion to .ram option disabled, so I can't even sample it. So as last resort I may be stuck with Windoze Media format .wmf. So I downloaded their package, including "Windows media encoder", which is supposed to convert large audio files into streaming format. However, after installing it, the actual executable remains nonexistant. I've search my entire hard drive for it, and it is not here. So the install is crippled for some reason. Anyway, where there's a will, there's a way, and I will have my way! > What you're really looking for in the long term is something like the > Ogg Vorbis project's work-in-progress: http://www.xiph.org/ogg/vorbis/ > 100% free formats and free code, but it's not really usable, yet. Well, more power to them! Streaming audio has become, IMO, a de facto standard, and should not be held prisoner to the profit motive. Thanks again, Rick. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From ezekielk at weak.org Thu Aug 17 12:40:53 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Thu, 17 Aug 2000 12:40:53 -0700 (PDT) Subject: [buug] [BayFF] BayFF - Thursday August 17 -spread the word! (fwd) In-Reply-To: Message-ID: On Thu, 17 Aug 2000, Michael Higashi wrote: > Date: Thu, 17 Aug 2000 09:27:49 -0700 (PDT) > From: Michael Higashi > To: Berkeley Unix Users Group > Subject: [buug] [BayFF] BayFF - Thursday August 17 -spread the word! (fwd) I'd LOVE to attend, but we have our BUUG meeting tonight, also. But I don't blame anyone for skipping BUUG and going to that lecture. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From ezekielk at weak.org Thu Aug 17 12:56:01 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Thu, 17 Aug 2000 12:56:01 -0700 (PDT) Subject: [buug] RE: Customer Service Ticket #29277 (fwd) In-Reply-To: Message-ID: On Thu, 17 Aug 2000, Christopher Sullivan wrote: > I don't normally spout this kind of stuff on the list, but this really > (for whatever reason) ignited feedle's fuse. Is this typical of the kind > of customer service experience you get from "free" services, Zeke? No, it is not typical, in that this lousy cutomer service attitude is not limited to free services. I have found this to be typical of both free and fee services. Xdrive has turned out to be very poor in this matter. I have paid for some services, which have wiped out my data, shut down my account, and in other ways made for a miserable experience. Example: West Coast Online, my first ISP, started meddling with my mail and newsgroup access, because someoen complained that I am "gay"! And I was paying $25/month. Another ISP, 2xtreme.net, cut off my access for over six weeks...claiming there's nothing wrong at their end. Turns out there was, but I went ahead and dumped them anyway...as they refused to credit me for those lost weeks. I have observed an overall degeneration of many online services, both fee and free...and I believe this is due to the philosophy of our "new economy", not to the trite belief "you get what you pay for". I have experienced excellent service from free arrangements, as compared to equivalent services that charge a fee. In fact, sometimes even *better service. However, you need to look around before diving in...and this goes for both free and fee. And even then, what was once an excellent service can change at any moment to a crappy one...whether free or fee. Because you pay for something is no guarantee you'll get good service. What seems to be happening, is a tendency to get customers to pay A WHOLE LOT MORE, before they'll get decent service...not just pay a small or moderate amount. Similar to the glut of exorbitant wealth impacting S.F. Bay Area. The same machinery is happening on the 'net. --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From physic at tempusmud.com Thu Aug 17 15:21:48 2000 From: physic at tempusmud.com (physic) Date: Thu, 17 Aug 2000 17:21:48 -0500 (CDT) Subject: [buug] fips on my laptop Message-ID: Hey. I have a laptop I cant get fips to work on. Firtly I cant get the win98 defragmentor to move some files at the end of the drive, even though they are marked as movable. Secondly, fips seems to lockup. Does anyone have any ideas how I can overcome this problem so I can get linux on my laptop? I dont want to have to pay 60 bucks for partition magic. --physic physic at tempusmud.com From rick at linuxmafia.com Thu Aug 17 23:05:56 2000 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 17 Aug 2000 23:05:56 -0700 Subject: [buug] fips on my laptop In-Reply-To: ; from physic@tempusmud.com on Thu, Aug 17, 2000 at 05:21:48PM -0500 References: Message-ID: <20000817230556.I10145@linuxmafia.com> begin physic quotation: > I have a laptop I cant get fips to work on. First, I can't get the > Win98 defragmenter to move some files at the end of the drive, even > though they are marked as movable. Then, you can't expect fips to work, until you fix that. > Does anyone have any ideas how I can overcome this problem, so I can > get Linux on my laptop? Sure. Make sure you possess or acquire the ability to re-install your Microsoft OS and applications. Put your laptop on a friendly person's LAN. (If necessary, borrow a PCMCIA ethernet card.) Copy your data files and configuration files across the LAN to a different machine for safekeeping. Blow away the contents of your laptop's hard drive. Create a smaller FAT partition, using an MS-DOS/Win8x floppy or bootable Win98 CD-ROM. Reinstall MS Windows 98. Reinstall your applications. Copy your data and configuration files back across the LAN. Later, at your leisure, install a Linux distribution. http://linuxmafia.com/~rick/faq/#partition -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list From ezekielk at weak.org Sun Aug 20 01:15:39 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Sun, 20 Aug 2000 01:15:39 -0700 (PDT) Subject: [buug] Upcoming BAFUG meeting, Aug. 24 Message-ID: Reminder: this coming Thrusday, August 24, is our BAFUG meeting at Transbay/UC Cmputers in Berkeley (2569 Telegraph Ave.), from 7:30-9:00 p.m.. Please e-mail me if you also want to partke in the celebrated "pizza inhalation therapy", that I may order the proper amount. You are expected to pay for your fair share (some time before leaving the meeting): approx. $2 per slice and 50 cents per glass of soda, as well as show up 15 mintues early, that is: 7:15 p.m.. Please bring any comments or questions re. BSD, that we may find some interesting discussion. Thanks! cc: BAFUG list --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From ezekielk at weak.org Fri Aug 25 01:46:45 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Fri, 25 Aug 2000 01:46:45 -0700 (PDT) Subject: [buug] FreeBSD vs. Linux Message-ID: Here's a review with subject "FreeBSD vs. Linux": www.futuresouth.com/~fullermd/freebsd/bsdvlin.html --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From rick at linuxmafia.com Fri Aug 25 09:55:20 2000 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 25 Aug 2000 09:55:20 -0700 Subject: [buug] FreeBSD vs. Linux In-Reply-To: ; from ezekielk@weak.org on Fri, Aug 25, 2000 at 01:46:45AM -0700 References: Message-ID: <20000825095520.B17423@linuxmafia.com> begin Zeke Krahlin quotation: > Here's a review with subject "FreeBSD vs. Linux": > > www.futuresouth.com/~fullermd/freebsd/bsdvlin.html That's been on-line for a long time. There are good parts in it, but it's of limited current value because most of it's too dated. At this point, FreeBSD retains better virtual-memory performance and a faster SCSI subsystem (because it has about the best of those on any OS). On the other traditional points of technical comparison, especially TCP performance and NFS quality, the two are close enough that there's no clear winner any more. Hardware support for the BSDs is not quite as extensive as for Linux, but it's close. The BSDs remain somewhat more careful (conservatively designed), and better grounded in seasoned computing computer science. Linux remains more adventuresome as to its techniques and with a much faster development pace. Also, FreeBSD remains tops in uniprocessor (but not SMP) performance, NetBSD remains tops in portability, and OpenBSD remains tops in out-of-the-box security -- those being their respective specialties. The other differences tend to be strictly matters of personal taste. -- Cheers, Bad Unabomber! Rick Moen Blowing people all to hell. rick (at) linuxmafia.com Do you take requests? -- Unabomber Haiku Contest, CyberLaw mailing list From ezekielk at weak.org Fri Aug 25 21:26:48 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Fri, 25 Aug 2000 21:26:48 -0700 (PDT) Subject: [buug] FreeBSD vs. Linux In-Reply-To: <20000825095520.B17423@linuxmafia.com> Message-ID: On Fri, 25 Aug 2000, Rick Moen wrote: > That's been on-line for a long time. Leave it to a raw newbie like me, to find outdated reviews. It's ALL new to me, when it comes to BSD! > There are good parts in it, but > it's of limited current value because most of it's too dated. Okay. Thanks for the clarification re. present situation of "BSD vs. Linux". The features in which BSD shine are irrelevant to my own needs. And I *am into this for the adventure, so I appreciate the savage Linux frontier. > The other differences tend to be strictly matters of personal taste. Something which I tend to lack, anyway. :) --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From ezekielk at weak.org Sat Aug 26 22:16:43 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Sat, 26 Aug 2000 22:16:43 -0700 (PDT) Subject: [buug] A1-Yippee freeware/shareware Message-ID: Yesterday, I stumbled onto a rather impressive service that archives very handily, tons of shareware and freeweare...for not just Windoze, but Linux, Mac, BE, and Palm! www.yippee.net --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From rick at linuxmafia.com Sun Aug 27 00:08:00 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 27 Aug 2000 00:08:00 -0700 Subject: [buug] A1-Yippee freeware/shareware In-Reply-To: ; from ezekielk@weak.org on Sat, Aug 26, 2000 at 10:16:43PM -0700 References: Message-ID: <20000827000800.B22717@linuxmafia.com> begin Zeke Krahlin quotation: > Yesterday, I stumbled onto a rather impressive service that archives very > handily, tons of shareware and freeweare...for not just Windoze, but > Linux, Mac, BE, and Palm! > > www.yippee.net Feh. I'm sorry to seem like a naysayer, but this place has such a clue deficiency that it says "Licence: Freeware" for things that are very clearly proprietary software, e.g., Tripwire ASR 2.0[1]. And a brief survey of the security category suggests that their offerings aren't very recent. I'd recommend using Freshmeat first: http://www.freshmeat.net/ And Sourceforge. On the plus side, Yippee does have ratings. Counter to that, though, I have no idea whether they're competent to rate this software. [1] Not to mention rsync, which they claim is at v. 1.0, although it's at 2.4.x! -- Cheers, Bad Unabomber! Rick Moen Blowing people all to hell. rick (at) linuxmafia.com Do you take requests? -- Unabomber Haiku Contest, CyberLaw mailing list From feedle at feedle.net Sun Aug 27 11:02:52 2000 From: feedle at feedle.net (Feedlebom) Date: Sun, 27 Aug 2000 18:02:52 +0000 (GMT) Subject: [buug] TonStanco@aol.com Message-ID: Stanco has sent another diatribe between him and RMS to the mailing list. It's quite large, and I don't think we should chew up major bandwidth sending it around, especially considering that some of us have already had the 30k message in our mailbox (Hi, rick). If you want to see it, (it's actually quite interesting), it is up on the newsletter site today, along with some of the things I've collected. http://home.feedle.net/buug. -Fedl From rick at linuxmafia.com Sun Aug 27 13:16:32 2000 From: rick at linuxmafia.com (Rick Moen) Date: Sun, 27 Aug 2000 13:16:32 -0700 Subject: [buug] TonStanco@aol.com In-Reply-To: ; from feedle@feedle.net on Sun, Aug 27, 2000 at 06:02:52PM +0000 References: Message-ID: <20000827131632.A30612@linuxmafia.com> begin Feedlebom quotation: > Stanco has sent another diatribe between him and RMS to the mailing > list. It's quite large, and I don't think we should chew up major > bandwidth sending it around, especially considering that some of us have > already had the 30k message in our mailbox (Hi, rick). Arguments between RMS and other people _can_ be quite enlightening. If you're not familiar with Stallman's _real_ stances, as opposed to the derogatory impression his detractors try to maintain, reading his part of the Stanco dialogue is worthwhile. Unfortunately, Stanco himself has nothing to say. He is slow in grasping the subject, and litters the dialogue with a great deal of noisy, uninformative ideology surrounding vanishingly little substantive content. (My opinions; yours for a small licence fee.) -- Cheers, Bad Unabomber! Rick Moen Blowing people all to hell. rick (at) linuxmafia.com Do you take requests? -- Unabomber Haiku Contest, CyberLaw mailing list From ezekielk at weak.org Wed Aug 30 01:03:31 2000 From: ezekielk at weak.org (Zeke Krahlin) Date: Wed, 30 Aug 2000 01:03:31 -0700 (PDT) Subject: [buug] FreeOS.com Message-ID: Here's a site dedicated to free operating systems: www.freeos.com --- "Zeke Krahlin" Linux: the people's OS. A billion communists can't be wrong! From martink at asia.com Thu Aug 31 01:08:26 2000 From: martink at asia.com (Kretz Martin) Date: Thu, 31 Aug 2000 04:08:26 -0400 (EDT) Subject: [buug] BSDfr Message-ID: <380618397.967709308602.JavaMail.root@web443-mc.mail.com> hi, I am sorry to give you a french adress here but we made BSDfr www.bsdfr.org with news, security and traduction for the faq of the OpenBSD project. So if someone understand the french.... best Regards ;> Martin ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup