From rick at linuxmafia.com Tue Feb 1 09:35:07 2000 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 1 Feb 2000 09:35:07 -0800 Subject: [buug] Web page update In-Reply-To: <200002010848.AAA12551@weak.org>; from ezekielk@iname.com on Mon, Jan 31, 2000 at 10:51:56PM -0800 References: <200002010848.AAA12551@weak.org> Message-ID: <20000201093506.C7532@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > Thanks for catching that. I have changed that sentence to: > > We meet every Thursday of each month, from 7-9pm at > Au Coquelot Cafe; EXCEPT on the fourth Thursday when > we jive with the BAFUG folks at Transbay/UC Computers, > 7:30-9pm. You're _sure_, now? If you say yes, I'll be changing the BUUG entry on BALE for the third time in three days, including adding back a bunch of dates I just removed yesterday. Remember: I have eleven months of entries to adjust, every time you change. Specifically, (1) you used to meet every Thursday. (2) Next, you met every 1st, 2nd, and 3rd Thursday at Cafe Au Cocquelot, and 4th Thursdays at Transbay/UC Computers. (3) Now, you're saying you'll be meeting every 1st, 2nd, 3rd, and 5th Thursday at Cafe Au Cocquelot, and 4th Thursdays at Transbay/UC Computers. Is that correct? > (Though the directions getting to Transbay may be somewhat in > error...I will walk the route Thurs. afternoon to make any need > connections.) I have this on BALE: "By car: From I-80, exit eastbound on University Avenue, and proceed two miles to the end, turning right (south) on Oxford Street. Proceed 11 blocks along Oxford (which becomes Fulton Street) to turn left (east) on Parker Street. Go three blocks to Telegraph, and park where you can. Transbay/UC Computers is at 2569 Telegraph. By BART: From the downtown Berkeley station, walk uphill (east) one block on Allston Way to Oxford Street at the edge of the UC campus, turning right (south) two blocks to turn left (east) onto Bancroft Way. Walk three blocks uphill to turn right (south) onto Telegraph Avenue. Transbay/UC Computers is 5 1/2 short blocks ahead, at 2569 Telegraph. By AC Transit bus: Routes 40 El Cerrito - Bayfair, 64 Downtown Berkeley - Merritt College, 51 Berkeley - Oakland - Alameda, 52 U.C. Village - U.C. Campus, 7 Del Norte BART - Rockridge BART, and "U" San Francisco - Berkeley stop nearby." -- Cheers, "Ceterum censeo Linux propaganda est." Rick Moen -- Seth David Schoen rick at linuxmafia.com From rick at linuxmafia.com Tue Feb 1 12:14:09 2000 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 1 Feb 2000 12:14:09 -0800 Subject: [buug] Web page update Message-ID: <20000201121408.J7532@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > That is correct as far as what we presently have set up. As originally > planned, BUUG meets *every Thursday (no skipping 5th Thursdays, when > they occur). And on the 4th Thurs. of each month, we will meet at > BAFUG's gathering. OK, corrected on BALE. > I just read your "Rick's Rants" and found them all very informative > and enjoyable reading. You're very welcome. If you ever decide to play with the Debian GNU/Linux distribution, youi'll find my Debian Tips document useful (prerequisite) reading. Apologies for its current state of disorganisation: It's due for a top-to-bottom rewrite: http://linuxmafia.com/debian/tips -- Cheers, "Ceterum censeo Linux propaganda est." Rick Moen -- Seth David Schoen rick at linuxmafia.com From ezekielk at iname.com Tue Feb 1 19:33:14 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Tue, 1 Feb 2000 19:33:14 -0800 Subject: [buug] Web page issues Message-ID: <200002020436.UAA18799@weak.org> TO SERVER HOST (presently Jon): You may assume that all updates to our website will be ready for download every Thursday (meaning that I will complete each weekly update no later than midnight on each Wednesday). On our BUUG home page, is now a link that says: Server host: please download website update BUUGWEB.zip each Thursday. So you may always download the update from that link, rather than keep a separate bookmark to the update link. I will remind you every Wednesday, by popping you a notice, that our site is ready for the next update...unless you request otherwise. I will include a "!readme.txt" file in any future BUUGWEB.zip's, which will include any simple, but important notes re. updates. TO ALL BUUG MEMBERS: Anyone is free to preview any updates by visiting our mirror site at: http://www4.50megs.com/buug/mirror/ That way, we can discuss certain additions or changes, w/o obligating the server host to change our page on more than a weekly basis. Consider the mirror site our "drawing board" for web page brainstorming...as well as an emergency backup. As for the graphic logos I created for our page-tops: I only put them there, to have *something a little unique. By no means, do I intend them to become our permanent logo. Chris ("feedle") said he'd make some sample designs for name tags...and perhaps he'd also like to create our permanent web logo. I'll ask him about this, next meeting. What do we want for a logo? Bring your ideas to our next meetings. Also, any other aspect of our web site's design, including colors, are up for grabs. Ergo: suggestions on web development are welcome. There is also the likelihood of my stepping down as webmaster, once our group grows larger, and some one or others would enjoy taking over this aspect. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From rick at linuxmafia.com Wed Feb 2 13:14:32 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 2 Feb 2000 13:14:32 -0800 Subject: [buug] Web page update In-Reply-To: <200002020437.UAA10940@hugin.imat.com>; from ezekielk@iname.com on Tue, Feb 01, 2000 at 07:09:28PM -0800 References: <200002020437.UAA10940@hugin.imat.com> Message-ID: <20000202131432.A261@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > Your tips on mailing list netiquette are enlightening, and a must for > Internet newbies. My recent messages to you, however, do *not seem to > also go to our list. Hmm. I see that you're using a Mail User Agent (MUA) called Phoenix Mail. It seems likely that you'll have to work around its lack of a send-to-group function until you find another MUA. (I like mutt, but it's a highly individual matter.) > If I go back to sending my replies *to the list, am I correct in > assuming that it would also be sent to all members's mailboxes, > including yours? (Or I can send a "cc" to the list, if my reply is to > you.) Well, yes, if the mailing-list software is working correctly. > I agree with the non-munging approach...but it does seem only fair > that a list message with an individual's e-mail in the "to" box should > also be expected to automatically cc the reply to the list. Think of it this way: Mailing lists are a medium whose one-to-many model poses difficult demands on e-mail software. E-mail was designed to handle the one-to-one communication model, not the one-to-many one. So, some technical awkwardness is not surprising. The trick is to distribute the inevitable awkwardness where it will do the least damage, most of the time. After mulling over the technical and social pitfalls Chip Rosenthal's essay (and the related forum) describe, most people tend to decide he's on balance correct -- at least for most situations, and conduct their list behaviour accordingly. As to this list, itself, I believe it's operating perfectly. You just aren't using an MUA with a group-reply function, and so need to bear that in mind. > Do you think, for a *nix newbie like me, it would be better to jump > from Mandrake to Debian, than from Mandrake directly to FreeBSD? Gee, I don't know. My own approach was that you lose nothing but a bit of your time, any time you try a new distribution (or other version of Unix). However, anyone who's really new to Linux would be well advised to browse some of the good introductory material, including Matt Welsh's (et al.) book _Running Linux_. -- Cheers, "Ceterum censeo Linux propaganda est." Rick Moen -- Seth David Schoen rick at linuxmafia.com From rick at linuxmafia.com Wed Feb 2 18:55:14 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 2 Feb 2000 18:55:14 -0800 Subject: [buug] Web page issues In-Reply-To: <200002020436.UAA18799@weak.org>; from ezekielk@iname.com on Tue, Feb 01, 2000 at 07:33:14PM -0800 References: <200002020436.UAA18799@weak.org> Message-ID: <20000202185514.H261@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > Anyone is free to preview any updates by visiting our mirror site at: > http://www4.50megs.com/buug/mirror/ The link you have on http://www4.50megs.com/buug/mirror/resources.htm for CABAL points to the Linuxcabal Web page. Different organisation. The link for CABAL is http://linuxmafia.com/cabal/ . What you probably _really_ want is links for both organisations. -- Cheers, "Ceterum censeo Linux propaganda est." Rick Moen -- Seth David Schoen rick at linuxmafia.com From ezekielk at iname.com Wed Feb 2 20:04:27 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 2 Feb 2000 20:04:27 -0800 Subject: [buug] Web page issues Message-ID: <200002030408.UAA24727@weak.org> Hi Rick Moen, you wrote on 2/2/2000 6:55:14 PM: >What you probably _really_ want is links for both organisations. Corrections have been made and updated. Thanx! --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Wed Feb 2 20:05:46 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 2 Feb 2000 20:05:46 -0800 Subject: [buug] Web page update Message-ID: <200002030902.BAA25431@weak.org> Hi Rick Moen, you wrote on 2/2/2000 1:14:32 PM: >Hmm. I see that you're using a Mail User Agent (MUA) called Phoenix >Mail. It seems likely that you'll have to work around its lack of a >send-to-group function until you find another MUA. (I like mutt, but >it's a highly individual matter.) Presently I still operate on the net with Wndoze95, and a freeware e-mail program that is very nice, in that it allows for multiple accounts. It is not designed like a Linux e-mail client, which I presume has the "group" feature by default. >As to this list, itself, I believe it's operating perfectly. You just >aren't using an MUA with a group-reply function, and so need to bear >that in mind. No problemo. I can just pop in the BUUG list e-mail in my "To" box. >However, anyone who's really new to Linux would be well advised to >browse some of the good introductory material, including Matt Welsh's >(et al.) book _Running Linux_. Got my PDA, just for that purpose: to take notes off books that I can't presently afford to purchase. You will find me often at Cody's, perusing _Running Linux_, PDA in hand. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Fri Feb 4 15:30:44 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Fri, 4 Feb 2000 15:30:44 -0800 Subject: [buug] Web Page Update: Lynx Friendly! Message-ID: <200002042338.PAA05291@weak.org> LATEST UPDATE: I have added Lynx-friendly pages to our BUUG website. Actually, they're more than Lynx-friendly: they're text-only withOUT even use of tables. This is in order to accommodate the vision impaired, for whom the best pages are simple linear text. You will not find the changes on our home site, until Jon has updated them...I sent him a msg. requesting the update. (He's very busy with many projects, and can't always update immediately.) Until then, you can examine the text version at our mirror site: http://www4.50megs.com/buug/mirror Right above the introductory paragraph, is the text-version link. MINOR PROBLEM: I have a separate page that describes the schedule and location of 2600 gatherings in S.F. For some reason that eludes me, that simple page does not show up in my Netscape window (I use the latest version, 4.7). This is the "text-version" page (the graphical equivalent does not have any problem.) But it displays just fine in Opera and Lynx. If anyone can figure this one out, I'd appreciate it. The page in question is: http://www4.50megs.com/buug/mirror/2600-t.htm --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Sat Feb 12 22:32:01 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Sat, 12 Feb 2000 22:32:01 -0800 Subject: [buug] Source Forge Message-ID: <200002130629.WAA20262@weak.org> Source Forge: Repository for Open Source Projects VA Linux, fresh from a record-setting IPO, has officially launched its Source Forge Web site. They've built an infrastructure where software authors can cache their source code, run discussions, track bugs, and collaborate on projects. It's all free, supported by ads, and at last count hosts over 900 projects and 4800 members. Some of the more popular projects hosted here include Licq, an ICQ clone written fully in C++, the Unreal Tournament open-source project to port the game to Linux, and RipperX, a program to rip CD audio and encode MP3s. While many of the projects here are Linux specific, the site is not restricted to Linux code and serves as a good resource for anybody who needs a collaborative home for their pet programming project. http://sourceforge.com/ --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Mon Feb 14 03:35:34 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Mon, 14 Feb 2000 03:35:34 -0800 Subject: [buug] Linux Security Site Message-ID: <200002141901.LAA28418@weak.org> Just found this gem of a site: Linux Security Home Page http://www.cslug.net/~jtmurphy/ Includes these sections: - Information to keep your Linux system safe - Programs to keep your Linux system safe - Other Linux security related links Great for newbies like me! Just ran Linux (Mandrake 6.1 w/KDE 1.1) on the 'net (as normal user, not root or super), and tested security: all my ports are open! I found this out by using the following online resource: Shields UP! -- Internet Connection Security Analysis http://grc.com/x/ne.dll?bh0bkyd2 Anyone who wants to test online security from *any OS, should include this site, IMO. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From rick at linuxmafia.com Mon Feb 14 12:25:19 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Feb 2000 12:25:19 -0800 Subject: [buug] Linux Security Site In-Reply-To: <200002141901.LAA28418@weak.org>; from ezekielk@iname.com on Mon, Feb 14, 2000 at 03:35:34AM -0800 References: <200002141901.LAA28418@weak.org> Message-ID: <20000214122518.J19069@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > Just found this gem of a site: > > Linux Security Home Page > http://www.cslug.net/~jtmurphy/ On-the-fly impressions: Murphy's statements on the "Mission" page _do_ seem to indicate that he has a clue: He's not one of the "everyone runs Red Hat" moron crowd, and he doesn't waste time tracking down extra bugs for a known-buggy version. He's skeptical of "exploits" posted without surrounding explanation. I like it already. The "Other Security Links" page: Decent, but vastly underdeveloped. "Programs to keep your system safe" page: SSH, check. (Good!) Tripwire, hmm: He apparently isn't aware that Tripwire is obsolete, and has gone proprietary. I'll have to write him, and tell him about AIDE. See: http://linuxmafia.com/pub/linux/security/tripwire-why-not.txt "crack"/"John the Ripper", good. "tcp wrappers", good. Hmm: Overall, this page makes a good start, but is incomplete. He needs to cover COPS, GNUPG, SATAN, proper configuration of anonymous ftp access, and various SSL implementations. The latter will become even more important when RSA Data Security's USA patent on the RSA algorithm (on which SSL is based) expires on Sept. 20, 2000. The SSH section of that page is likewise very incomplete. He doesn't even mention OpenSSH, and cites only two of the many client implementations. See: http://linuxmafia.com/pub/linux/security/ssh-clients "Information to keep your system safe" page: Outstanding! This is a rare jewel, and will benefit many. Overall site rating: B+ -- and I'm probably being a bit stingy. Added to my security bookmarks. > Just ran Linux (Mandrake 6.1 w/KDE 1.1) on the 'net (as normal user, > not root or super), and tested security: all my ports are open! Practically all Linux distributions install by default with miserable security. Since this isn't likely to change for a while, it behooves sysadmins (which includes anyone who installs Linux on a box with network access) to compensate for this by tightening down their systems, post-installation. A _lot_, actually. > I found this out by using the following online resource: > > Shields UP! -- Internet Connection Security Analysis > http://grc.com/x/ne.dll?bh0bkyd2 > > Anyone who wants to test online security from *any OS, should include > this site, IMO. I don't think using Gibson's snake-oil solution is any substitute for studying your system locally. Use nmap or a similar port-scanner on your local system, for one thing. Otherwise, you're relying on Gibson & co. to know what they're doing, and I wouldn't have much confidence in that. From ezekielk at iname.com Mon Feb 14 13:41:57 2000 From: ezekielk at iname.com (ezekielk at iname.com) Date: Mon, 14 Feb 2000 16:41:57 -0500 (EST) Subject: [buug] Linux Security Site Message-ID: <00021416415782.16922@weba1.iname.net> Hi Rick Moen, you wrote on 2/14/2000 12:25:19 PM: >Quoting Zeke Krahlin (ezekielk at iname.com): > > Just found this gem of a site: > > Linux Security Home Page > http://www.cslug.net/~jtmurphy/ > >On-the-fly impressions: > >Murphy's statements on the "Mission" page _do_ seem >to indicate that he has a clue: I *knew one of our wizards would be able to pick apart this site, and give additional leads to improve in this site. Much appreciated, Rick. >"Information to keep your system safe" page: >Outstanding! This is a rare jewel, and will >benefit many. I will certainly study this thoroughly, including of course the security "how-to". >Practically all Linux distributions install by >default with miserable security. Since this >isn't likely to change for a while, it behooves >sysadmins (which includes anyone who installs >Linux on a box with network access) to compensate >for this by tightening down their systems, >post-installation. A _lot_, actually. That is too bad, considering how many computer users would *like to dump Windoze, and switch to Linux w/minimal hassle. But once I master Linux, I can get some of these folks running their own Linux box with solid security. >I don't think using Gibson's snake-oil solution is >any substitute for studying your system locally. Thanks for all the excellent tips. Your rating a B+ for the Linux Security site is pretty high, considering your expertise with this OS, and what you demand from a resource. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 -------------------------------------------------------- Get free personalized email at http://netscape.iname.com From ezekielk at iname.com Mon Feb 14 13:45:04 2000 From: ezekielk at iname.com (ezekielk at iname.com) Date: Mon, 14 Feb 2000 16:45:04 -0500 (EST) Subject: [buug] FreeBSD Webmaster Position Offer Message-ID: <000214164504B0.09672@weba1.iname.net> I just received this job offer via e-mail, thanks to word-of mouth. However, I do not have the qualifications for this position (as I am a newbie to Linux & FreeBSD). Though I appreciate whoever referred me. So I post this message, in case someone *else would like to check out this potentially excellent position: ---begin job-offer msg. Zeke, We are a system integration company located in Oakland. Our company is looking for webmasters with FreeBSD expertise, and also sysads. Any available references will be appreciated. I got your name from FreeBSD website, and heard your name from Eric Dynamic of Transbay/UC Computers as well. Shams Naqvi Amroha Engineering, Inc. 436-14th Street, #410 Oakland, CA 941 Tel: 510.496.1180 Cell: 510.502.4507 ---end job-offer msg. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 -------------------------------------------------------- Get free personalized email at http://netscape.iname.com From rick at linuxmafia.com Mon Feb 14 15:02:15 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Feb 2000 15:02:15 -0800 Subject: [buug] Linux Security Site In-Reply-To: <00021416415782.16922@weba1.iname.net>; from ezekielk@iname.com on Mon, Feb 14, 2000 at 04:41:57PM -0500 References: <00021416415782.16922@weba1.iname.net> Message-ID: <20000214150215.D31978@uncle-enzo.imat.com> Quoting ezekielk at iname.com (ezekielk at iname.com): [Linux distributions tend to default to an insecure state] > That is too bad, considering how many computer users would *like to > dump Windoze, and switch to Linux w/minimal hassle. But once I master > Linux, I can get some of these folks running their own Linux box with > solid security. Unfortunately, they have to do this in the name of market acceptance. Why? Because security is inconvenient. Imagine a Linux distribution that installs by default in a fairly locked-down fashion: All network daemons are turned off initially. All lines in /etc/inetd.conf are initially commented out. There are no CGI scripts in the system cgi-bin directory. /etc/hosts.deny has everything disabled, and /etc/hosts.allow initially allows localhost only. Most services that require suid-root binaries aren't even installed. Even root-owned libraries aren't installed unless crucially needed. The system forces all users to change passwords monthly, and doesn't allow selection of passwords that fail quality tests. A cron job mails a daily report on security-sensitive system activity, and the system doesn't allow directing that mail to a "root" account whose may not get read. There's no NIS or NFS. (They're security weak points.) The network daemons installed -- even though initially disabled -- are chosen for their minimal, conservative nature, rather than for full functionality: E.g., you have exim or postfix instead of sendmail, pftpd instead of wuftpd or proftpd, and boa instead of Apache. The system installation forces the user to compile a new kernel from recent kernel revisions, and (somehow) forces the user to compile a monolithic kernel instead of a modular one. The installer also forces installation and configuration of AIDE (Tripwire's successor), OpenSSH, GNUPG, and COPS. COPS is run monthly by cron job. "telnetd" is present only as a symlink to sshd. This distribution would default to a fairly secure state, but (1) would be a pain in the ass for non-paranoid sysadmins to deal with, and (2) would appear to trail the competition in any checklist comparison of features. So, the distributions don't do this because they can't afford to. That's why they ship with over-featured network daemons like wuftpd and proftpd instead of more-modest, more-secure alternatives, and why they make it easy to shoot system security in the foot -- because to do otherwise would be to deprive people of what they think they want. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From tomd at sacefcu.org Mon Feb 14 14:22:22 2000 From: tomd at sacefcu.org (Tom DeSot) Date: Mon, 14 Feb 2000 16:22:22 -0600 Subject: [buug] Linux Security Site Message-ID: <0150CA5A623FD211B16400105A0463263B1A80@cecupdc.sacefcu.org> It sounds to me as though you are talking about OpenBSD. Most of what you have described is inherent in the install. -----Original Message----- From: Rick Moen [mailto:rick at linuxmafia.com] Sent: Monday, February 14, 2000 5:02 PM To: ezekielk at iname.com Cc: BUUG mailing list Subject: Re: [buug] Linux Security Site Quoting ezekielk at iname.com (ezekielk at iname.com): [Linux distributions tend to default to an insecure state] > That is too bad, considering how many computer users would *like to > dump Windoze, and switch to Linux w/minimal hassle. But once I master > Linux, I can get some of these folks running their own Linux box with > solid security. Unfortunately, they have to do this in the name of market acceptance. Why? Because security is inconvenient. Imagine a Linux distribution that installs by default in a fairly locked-down fashion: All network daemons are turned off initially. All lines in /etc/inetd.conf are initially commented out. There are no CGI scripts in the system cgi-bin directory. /etc/hosts.deny has everything disabled, and /etc/hosts.allow initially allows localhost only. Most services that require suid-root binaries aren't even installed. Even root-owned libraries aren't installed unless crucially needed. The system forces all users to change passwords monthly, and doesn't allow selection of passwords that fail quality tests. A cron job mails a daily report on security-sensitive system activity, and the system doesn't allow directing that mail to a "root" account whose may not get read. There's no NIS or NFS. (They're security weak points.) The network daemons installed -- even though initially disabled -- are chosen for their minimal, conservative nature, rather than for full functionality: E.g., you have exim or postfix instead of sendmail, pftpd instead of wuftpd or proftpd, and boa instead of Apache. The system installation forces the user to compile a new kernel from recent kernel revisions, and (somehow) forces the user to compile a monolithic kernel instead of a modular one. The installer also forces installation and configuration of AIDE (Tripwire's successor), OpenSSH, GNUPG, and COPS. COPS is run monthly by cron job. "telnetd" is present only as a symlink to sshd. This distribution would default to a fairly secure state, but (1) would be a pain in the ass for non-paranoid sysadmins to deal with, and (2) would appear to trail the competition in any checklist comparison of features. So, the distributions don't do this because they can't afford to. That's why they ship with over-featured network daemons like wuftpd and proftpd instead of more-modest, more-secure alternatives, and why they make it easy to shoot system security in the foot -- because to do otherwise would be to deprive people of what they think they want. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com _______________________________________________ Buug mailing list Buug at weak.org http://www.weak.org/mailman/listinfo/buug -------------- next part -------------- An HTML attachment was scrubbed... URL: From rick at linuxmafia.com Mon Feb 14 15:13:27 2000 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Feb 2000 15:13:27 -0800 Subject: [buug] Linux Security Site In-Reply-To: <0150CA5A623FD211B16400105A0463263B1A80@cecupdc.sacefcu.org>; from tomd@sacefcu.org on Mon, Feb 14, 2000 at 04:22:22PM -0600 References: <0150CA5A623FD211B16400105A0463263B1A80@cecupdc.sacefcu.org> Message-ID: <20000214151326.E31978@uncle-enzo.imat.com> Quoting Tom DeSot (tomd at sacefcu.org): > It sounds to me as though you are talking about OpenBSD. Most of what you > have described is inherent in the install. I respect Theo & co's efforts greatly -- although I don't currently run OpenBSD. I'm also grateful that they produced OpenSSH. -- Cheers, "Ceterum censeo Linux propaganda est." Rick Moen -- Seth David Schoen rick at linuxmafia.com From ezekielk at iname.com Mon Feb 14 21:37:56 2000 From: ezekielk at iname.com (ezekielk at iname.com) Date: Tue, 15 Feb 2000 00:37:56 -0500 (EST) Subject: [buug] For a good laugh, call... Message-ID: <0002150037560B.10365@weba2.iname.net> One of my active board members (FreeISPCubs BBS), turned me on to this hilarious invocation by Micro$oft: www.dot-truth.com http://www.microsoft.com/windows2000/news/dot-truth.asp Their page begins like so: ---begin quote: In a world of hype, wouldn't it be nice to get a refreshing dose of reality? The truth is out there. It's what real businesses are doing every day. From now until February 17th, you can get your daily dose of reality about the Internet and business computing right here. And then on February 17th, Windows 2000 arrives and reality gets even better. ---end quote Then they procede to bash Sun Microsystems...which is the real purpose of this site. Ha, ha, ha. Who's the joker that came up with this? S/he could get a great career started as stand-up comedian. ('Cause I don't think s/he'll have one much longer in the computer industry.) --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 -------------------------------------------------------- Get free personalized email at http://netscape.iname.com From ezekielk at iname.com Mon Feb 14 21:41:22 2000 From: ezekielk at iname.com (ezekielk at iname.com) Date: Tue, 15 Feb 2000 00:41:22 -0500 (EST) Subject: [buug] Free DSL? Message-ID: <00021500412213.28547@weba3.iname.net> Just learned of a free DSL service available "now" (actually, it takes 30-60 days after registering). This is: FreeX DSL http://www.freexdsl.com/ Their TOS says they can charge a subscriber $500 for opting out before 5 years of use...and that, if this company ever provides local or long distance phone service, or cable service, that subscribers to their DSL must switch their phone/cable service over to them. This sounds way over the top, and may ruin their chances of winning the free-DSL wars...which I guess will soon burst upon the scene. They *do provide, free of charge, the hardware needed to connect. However, Broadband Digital Group (BDG) also will offer free DSL service by April. I have already registered, to beat the rush. http://www.freedsl.com/ In their TOS, they say: "BDG, at its sole discretion, may control the content you may view through its network based on its business relationship with various content providers and other partnership agreements." But canceling subscription does not include and financial punishment. Can I still use a standard modem, alongside my DSL service? Or does installing DSL interfere with modem use on same line? I presently make use of numerous free ISP's...including one or two which I can fudge to work via Linux. I am a freebie hound, especially when it comes to Internet access. I think in a few more months, more free DSL options will be available, without such harsh TOS. --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 -------------------------------------------------------- Get free personalized email at http://netscape.iname.com From ezekielk at iname.com Tue Feb 15 02:27:41 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Tue, 15 Feb 2000 02:27:41 -0800 Subject: [buug] Linux Security Site Message-ID: <200002151039.CAA10435@weak.org> Quoting ezekielk at iname.com (ezekielk at iname.com): [Linux distributions tend to default to an insecure state] >> That is too bad, considering how many computer users would *like to >> dump Windoze, and switch to Linux w/minimal hassle. But once I master >> Linux, I can get some of these folks running their own Linux box with >> solid security. >Unfortunately, they have to do this in the name of market acceptance. >Why? Because security is inconvenient. I certainly appreciate your accurate descriptions of what's involved to secure a Linux box. I was thinking, however, of just a workstation, not any sort of server. Trying to think in terms of your "average" PC user switching from Windoze to a Linux platform. In such a case, there is no need to make things compliant and flexible for network administration tweaking. This would just be a stand-alone work station, with no network, not even local. I'd like to see some versions of Linux specifically set up for a single workstation...with active security right from the day of installation. I'll need to learn how to do this myself, for clients who'd like to use Linux, but do not have the time to get under the hood themselves. I'd like to be able to say, "Sure, I'll install Linux for you, and make it completely secure with no fuss from your end." >So, the distributions don't do this because they can't afford to. Because, I presume, they are keeping in mind, the needs of network adminstrators. But a dedicated workstation version would not need to have such flexibility...and therefore could be set up with far greater security and stability than Windoze ever could (at least, not right from the box). I'm saving your informative messages for my own reference, as I know they will be very helpful while I plod through the administation and security exercises. And...very happy to finally have some time again, to progress with learning Linux. So it *is getting easier for me, very fast. There is nothing in the world for Micro$oft users, that could ever compare to the vibrant Unix/Linux/etc.*nix community. Really good people. "Linux/BSD is more than an OS: it's a life!" (And M$ doesn't have one.) --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From feedle at feedle.net Tue Feb 15 15:20:02 2000 From: feedle at feedle.net (Christopher Sullivan) Date: Tue, 15 Feb 2000 15:20:02 -0800 (PST) Subject: [buug] Free DSL? In-Reply-To: <00021500412213.28547@weba3.iname.net> Message-ID: On Tue, 15 Feb 2000 ezekielk at iname.com wrote: > Just learned of a free DSL service available "now" (actually, it takes 30-60 days after registering). This is: > > FreeX DSL > http://www.freexdsl.com/ > > Their TOS says they can charge a subscriber $500 for opting out before > 5 years of use...and that, if this company ever provides local or long > distance phone service, or cable service, that subscribers to their DSL > must switch their phone/cable service over to them. This sounds way > over the top, and may ruin their chances of winning the free-DSL > wars...which I guess will soon burst upon the scene. They *do provide, > free of charge, the hardware needed to connect. Ouch. So, what this means is, when we offer $50/month local dialtone, you must subscribe to it if you want to keep your "free" DSL service. Call it a hunch, if there are no up-front guarantees as to how much these services will cost, they will be considerably more expensive than what the incumbant providers charge. > However, Broadband Digital Group (BDG) also will offer free DSL service > by April. I have already registered, to beat the rush. > > http://www.freedsl.com/ > > In their TOS, they say: "BDG, at its sole discretion, may control the > content you may view through its network based on its business > relationship with various content providers and other partnership > agreements." But canceling subscription does not include and financial > punishment. ... but they may restrict your access if, say, Yahoo! makes a deal blocking access to AskJeeves. They may also censor access if one of their "business relationships" decides they don't want you seeing hotchix.com or downloading MP3s through Napster. This brings up some very interesting points about free Internet providers in general, not just Free DSL ones. How much data mining are the performing on your traffic? How much personal information are they gathering about you? Most free 'net providers have provisions in their service agreements that specify that they reserve the right to "collect and distribute.." information about you, your browsing habits, and your online purchases. Even if you circumvent their provided software, it is still plausable that a lot of data mining could be occurring. Are you willing to sacrifice, completely, your privacy on the net, in exchange for $50/month? This seems an awfully low price to put on your online privacy. Now, I know that there are ways that PBI could probably be doing the same thing with my traffic. However, there is a certain legal precident that makes this of questionable legality in the first place.* Also, a conventional provider is working for ME, after all, I'm paying the bill. Finally, since they have no control over what operating system I use (let alone what name servers I look at, or even what protocols I run) it is probematic at best for them to obtain a complete picure of my usage. I haven't even touched on paralegal elements of the way free ISPs work. If a cracker wanted to steal your identity, how hard would it be if they broke the proxying technology the ISP uses? They'd now know not only the information you signed up with, but your online habits, online accounts, and maybe even debit/credit card information. I don't trust free Internet providers. They are under no obligation to provide you any service, and you are under no obligation to demand privacy. It's a "trojan horse" to your personal data. I find it fascinating that some of the free DSL providers are either outright owned by direct-mail marketers (like bluelight.com), or have DMA members as investors (like worldspy.com... why do you think they call it worldspy, anyway?). You don't think they're doing this to be nice, do you? > Can I still use a standard modem, alongside my DSL service? Or does > installing DSL interfere with modem use on same line? DSL does not affect normal use of the phone. A conventional modem is within the definition of "normal use." > I presently make use of numerous free ISP's...including one or two > which I can fudge to work via Linux. I am a freebie hound, especially > when it comes to Internet access. I think in a few more months, more > free DSL options will be available, without such harsh TOS. To me, any loss of my privacy is a harsh TOS term, especially when it's for a service that costs so little compared to the quantity of enrichment I get from it. $50 for Internet access, compared to my $400 monthly grocery bill, is a bargain. My privacy is not for sale for such a low bid. -Fedl * There was an incident in the 80's regarding cable companies selling viewship data to the Neilson ratings company. It was decided that doing this without notification and agreement by the customer was not legal. It is likely (I haven't read the decision, nor am I a lawyer) that this ruling would apply to an Internet provider, given their common law status as a "common carrier." From rick at linuxmafia.com Tue Feb 15 16:40:53 2000 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 15 Feb 2000 16:40:53 -0800 Subject: [buug] Linux Security Site In-Reply-To: <200002151039.CAA10435@weak.org>; from ezekielk@iname.com on Tue, Feb 15, 2000 at 02:27:41AM -0800 References: <200002151039.CAA10435@weak.org> Message-ID: <20000215164053.C4731@uncle-enzo.imat.com> Hmm. You may be onto something, there. It should be a lot easier to harden a workstation than a server. However, there aren't any firm distinctions between workstation and server, in Unix. A workstation operator decides he wants to publish an NFS export, or put up a Web page, and suddenly it's a server for that function. For that matter, if he runs X, he's already publishing services potentially usable to anyone who can see his IP address. > This would just be a stand-alone work station, with no network, > not even local. But that would be a very sad situation, indeed -- in which the user wouldn't get to see what's distinctively good about Linux. You'd be trying to fit Linux into a Windows-sized box, which just isn't the way to make it shine. Think of it this way: Automobiles made extremely poor horses, eh? It's only when people started thinking of what cars do well that you'd _never think of on a horse_ that their advantages became clear. This is why I try to get people out of the one-computer mindset, when they talk to me about Linux. I tell them: _Don't_ dual-boot your Win9x box as a part-time Linux box. Instead, get somebody's cast-off P90, run Linux on that, and make it furnish services to you on a cheap local LAN (which can be as simple as a single crossover cable and two $30 Tulip cards).. Of course, people are afraid of LANs. That's the other obstacle I try to help them overcome. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From ezekielk at iname.com Tue Feb 15 23:59:10 2000 From: ezekielk at iname.com (ezekielk at iname.com) Date: Wed, 16 Feb 2000 02:59:10 -0500 (EST) Subject: [buug] Intriguing 1-floppy OS Message-ID: <00021602591021.18086@weba2.iname.net> Do you guys know about QNX, a single-floppy OS that lets you browse the web in GUI format? I tried it last year, and was astounded. It really works: you can get on the web like normal. To run the OS, you need to download, and install it to just a single 1.44MB floppy...then reboot from that floppy. They have just come out with version 4, which includes a network version. The URL: http://www.qnx.com/iat/index.html From their site: "Companies around the world are using QNX technology to build everything from consumer appliances to automotive systems. Find out more in our Real World applications." --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Berkeley Unix User Group http://www.weak.org/buug/ --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 -------------------------------------------------------- Get free personalized email at http://netscape.iname.com From ezekielk at iname.com Wed Feb 16 01:11:55 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 01:11:55 -0800 Subject: [buug] Linux Security Site Message-ID: <200002161140.DAA18403@weak.org> Hi Rick Moen, you wrote on 2/15/2000 4:40:53 PM: >Hmm. You may be onto something, there. It should be a lot easier to >harden a workstation than a server. I suppose that, connecting any box to the Internet, pretty much opens up a can of security worms...more so than just a LAN. So what I'll do, then, is get all the security issues down pat, and come up with a system, a "package", where I can quickly set up a client's PC to be maximally secure. I will *not be working on office networks, or any connected systems...other than a single PC connected to the Internet. My hunch is, though, that about 50% of the security issues would be eliminated, if the only networking will be with an Internet connection. >But that would be a very sad situation, indeed -- in which the user >wouldn't get to see what's distinctively good about Linux. You'd >be trying to fit Linux into a Windows-sized box, which just isn't >the way to make it shine. Linux might shine as a fully functioning network system...but those aren't the clients I work with: I work strictly with stand-alone PCs, most at people's homes...where they don't *want a network. Other than the Internet, of course. So I'd have to shut down all servers as part of my security settings. These are not clients who want to run a web host, ftp host, or any other kind of server. They just want to get away from the Windoze OS; and Linux is the way to go, for most of them. Naturally, I am aware that I am speaking from a semi-clueless point of view, and do not yet grasp fully, your perspective. In other words: I must RTFM re. Linux security and administration, as well as post questions. >Of course, people are afraid of LANs. That's the other obstacle I >try to help them overcome. I'd love to set up two PCs, per your suggesion (one a Linux box, totally)...but my consideration is *space, as I occupy a single room. I do have a P120 in storage...which I could set up as the Linux box...but the only way I'd do that, space-wise, is to share one monitor and modem between the two. I already have a split cable for the modem, but I'd need one for the monitor, too. I already have the spare HD, VGA card, and even sound card (all Linux compatible). Well, at *least my Windoze98 and Mandrake 6.1 reside on separate hard drives. The *only thing keeping me from going *full steam ahead* on Linux, and removing 80% of all my Windoze software, is the security issue...because *most of my PC activities are on the Internet. I am otherwise quite at home running word processors, browsers, image editors, etc. on a Linux system. I have begun cracking the Linux security books, and will come back with some questions which, I hope, will not be as clueless as my present ones. And I also hope that I can eventually serve as a bridge between newbies and wizards, in our group...so that the experts won't become exhausted by newbie questions, in that I, perhaps, can provide some answers and directions, too. I'll take notes! --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Wed Feb 16 01:39:04 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 01:39:04 -0800 Subject: [buug] Free DSL? Message-ID: <200002161141.DAA18411@weak.org> On Tue, 15 Feb 2000 Christopher Sullivan feedle at feedle.net wrote: >On Tue, 15 Feb 2000 ezekielk at iname.com wrote: >> Their TOS says they can charge a subscriber $500 for opting out before >> 5 years of use... >Ouch. So, what this means is, when we offer $50/month local dialtone, you >must subscribe to it if you want to keep your "free" DSL service. Not quite *that bad, as I believe there is a conditional clause stating "if the switch to their service is no more expensive than what you are currently paying". But the *quality may be lacking and/or there may be unpleasant changes for the customer. But I don't use LD or cable...and I'll even shut down my local phone service, once I have a DSL or cable connect to the 'net. >> In their TOS, they say: "BDG, at its sole discretion, may control the >> content you may view through its network based on its business >> relationship with various content providers and other partnership >> agreements." >... but they may restrict your access if, say, Yahoo! makes a deal >blocking access to AskJeeves. They may also censor access if one of their >"business relationships" decides they don't want you seeing hotchix.com or >downloading MP3s through Napster. I'm also thinking about any Christian advertisers who may coerce the service to censor *any gay or lesbian site (as part of their broadly prejudiced definition of "pornography"). In effect, the service would silently, but effectively, shut down any and all gay and pro-gay sites and links. We (gays) would become, for all practical purposes, completely invisible. Of course, if that happened, you can bet I'd be the first in line with a lawsuit, drooling for the big bucks. >Are you willing to sacrifice, completely, your privacy on the net, in >exchange for $50/month? This seems an awfully low price to put on your >online privacy. Well, *some services that charge an upfront fee may ensure the privacy of all your personal data. But the pressure of commercial entities is overwhelmingly in favor of access to any and all personal data. So I don't really think my paying $50/month will protect me very much. This invasion of our privacy is so ubiquitous, as to be a massive social dilemma, which only changes in privacy laws will correct. >I haven't even touched on paralegal elements of the way free ISPs work. >If a cracker wanted to steal your identity, how hard would it be if they >broke the proxying technology the ISP uses? The identity profile I'd create would be from one of my false profiles, of which I have many. So what data they mine from me would not in any way impose upon my privacy. But they could still track my online habits...unless I use anonymous proxies pumped with Proxomitron and Black Ice. Though it *is possible a free-DSL company would prohibit anonymous surfing, as part of the contract. (I'd *still find a way around this, somehow.) >I don't trust free Internet providers. I don't either. And that is why my personal data they have on file, is false. And that is *also why they promote things I couldn't be less interested in, like Furbee collectibles, American flag lollipops, gold ingots, and moose antlers. ;( >I find it fascinating that some of the free DSL providers... > >have DMA members as investors (like worldspy.com... why do >you think they call it worldspy, anyway?). Ha, ha. Not very subtle, are they? Maybe they think they're being cute. NOT. >You don't think they're doing this to be nice, do you? If they actully knew my low income, and materially-minimal lifestyle, they'd *censor me from their service! >DSL does not affect normal use of the phone. A conventional modem is >within the definition of "normal use." Okay. I thought about it today, and figured no problem...if you can use a voice phone, you can use a dial-up modem. But perhaps (I also thought) a free-DSL company might put a *block against such modem use. >To me, any loss of my privacy is a harsh TOS term, especially when it's >for a service that costs so little compared to the quantity of enrichment >I get from it. $50 for Internet access, compared to my $400 monthly >grocery bill, is a bargain. $50/month is over-budget for me. The maximum I'd consider is $25. Plus: I also gain much pleasure helping other low income people access the 'net for free, and using free LD sites, and other free online services. These are often disabled people, who live with serious budget cutbacks, and who could never afford to pay for Internet access. Having such access frees them for a better social life, job training, and opportunities. But I *do instruct them on how to create dummy data, keeping it in a text file for future reference in order to keep the story "straight". >My privacy is not for sale for such a low bid. Certainly not. But I don't believe we should have to pay *anything to hold onto our right to privacy. So my tactic is to not give these free services, real data. While it is VERY tempting to get that free DSL service NOW...just because the SPEED is so alluring (and that's what they're counting on)...and I have suffered SO long dragging this slooow modem across cyberspace as if it were my own Via Dolorosa...I am waiting to see how many more such companies crop up...and hopefully, will find one without such strict conditions. Competition should lower the bar on this (I hope, I hope, I hope). Or also: fee-based services may charge considerably less than they do now, such as: $25/mo. for non-busy time slots only (1am - 7am, or something like that). --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From feedle at feedle.net Wed Feb 16 12:06:21 2000 From: feedle at feedle.net (Christopher Sullivan) Date: Wed, 16 Feb 2000 12:06:21 -0800 (PST) Subject: [buug] Free DSL? In-Reply-To: <200002161141.DAA18411@weak.org> Message-ID: > Not quite *that bad, as I believe there is a conditional clause stating "if > the switch to their service is no more expensive than what you are > currently paying". But the *quality may be lacking and/or there may be > unpleasant changes for the customer. But I don't use LD or cable...and I'll > even shut down my local phone service, once I have a DSL or cable connect > to the 'net. First off, you will need local phone service to subscribe to DSL in most areas. I do not believe it is possible to get DSL without having conventional dial tone. I may be incorrect in that assertion, however. You touched on one of the points I was (subtely) trying to make. Free access providers will be under no obligation to provide you with any quality of service. They will be working for their advertisers, and provided you are seeing their ads and/or have an adequate enough connection for them to collect the data they need, that's all they need to do. > I'm also thinking about any Christian advertisers who may coerce the > service to censor *any gay or lesbian site (as part of their broadly > prejudiced definition of "pornography"). In effect, the service would > silently, but effectively, shut down any and all gay and pro-gay sites and > links. We (gays) would become, for all practical purposes, completely > invisible. Of course, if that happened, you can bet I'd be the first in > line with a lawsuit, drooling for the big bucks. You'd lose, unfortunately. Since you are not paying them for the services they are performing, they will (most likely) not fall under the terms of a "common carrier". Even removing that portion of the argument, their argument (which will be successful in court, I'm afraid) would be that you agreed to that term and condition when you applied for the service. Your only hope is that the negative PR generated from such a block would do more damage than it's worth... frightfully, I fear that would not be the case in the present marketplace. In a common law sense, you are also the loser. Since you are not paying for the service, you cannot dictate terms of it being provided to you. In the Libertarian movement, we have a saying "He who pays, says." The meaning of this is: it is typically accepted that if somebody is paying your way, they have the right to dictate the terms under which you use whatever they are paying for. > Well, *some services that charge an upfront fee may ensure the privacy of > all your personal data. But the pressure of commercial entities is > overwhelmingly in favor of access to any and all personal data. So I don't > really think my paying $50/month will protect me very much. This invasion > of our privacy is so ubiquitous, as to be a massive social dilemma, which > only changes in privacy laws will correct. You are not 100% correct on this. First off, there are laws preventing Pacific Bell (read: a common carrier) from collecting and distributing personal data without my explicit permission. Transactional data on such providers is protected under the TCPA and other similar laws. Additionally, I'd reckon that Pacific Bell recieves the majority of their money from ratepayers in this State. If they were to start doing data collection and selling it to the highest bidder, it is likely that they would lose customers, and this would probably not be in line with their business model (or their stockholder's interests, either). Since free Internet providers exempt themselves from "common carrier" status by the way they do business, they are not subject to the same laws. They can (and do) mine traffic. I'd be interested in any evidence you have of Pacific Bell Internet doing the same to their (paid) customers, because that would be a deusey of a lawsuit. > The identity profile I'd create would be from one of my false profiles, of > which I have many. So what data they mine from me would not in any way > impose upon my privacy. But they could still track my online > habits...unless I use anonymous proxies pumped with Proxomitron and Black > Ice. Though it *is possible a free-DSL company would prohibit anonymous > surfing, as part of the contract. (I'd *still find a way around this, > somehow.) Somebody skilled enough at the ISP can still hack your traffic. Keep in mind that proxy services only cover your traffic from the proxy to the rest of the net: somebody skilled enough sitting at your dialup can still gather the information they need. This to me seems like a lot of trouble to go through for a service that costs me so little. Granted, it's a small percentage of my monthly wage, so I'm in the position to afford it. > I don't either. And that is why my personal data they have on file, is > false. And that is *also why they promote things I couldn't be less > interested in, like Furbee collectibles, American flag lollipops, gold > ingots, and moose antlers. ;( I won't mention the fact that providing somebody with an address that is not your own is actually a felony under the postal regulations. :) > If they actully knew my low income, and materially-minimal lifestyle, > they'd > *censor me from their service! I don't believe that. Having worked in the direct-marketing business at one point, I can tell you that low-income people are often targets of specific ad campaigns. You don't think Western Union is interested in people that make under $30,000/yr and tend to be late paying on their bills? Their entire business nowadays is based on providing financial services to a class of people that generally nobody else wants as customers. They may be interested in knowing where low-income people surf, if for no other reason, so websites can know if they are attracting the "wrong crowd." Don't underestimate what data they want. They want it all, on everybody. > Okay. I thought about it today, and figured no problem...if you can use a > voice phone, you can use a dial-up modem. But perhaps (I also thought) a > free-DSL company might put a *block against such modem use. I would think this would, to a limited extent, be counter-productive. > $50/month is over-budget for me. The maximum I'd consider is $25. Plus: I > also gain much pleasure helping other low income people access the 'net for > free, and using free LD sites, and other free online services. These are > often disabled people, who live with serious budget cutbacks, and who could > never afford to pay for Internet access. Having such access frees them for > a better social life, job training, and opportunities. > > But I *do instruct them on how to create dummy data, keeping it in a text > file for future reference in order to keep the story "straight". > > >My privacy is not for sale for such a low bid. > > Certainly not. But I don't believe we should have to pay *anything to hold > onto our right to privacy. So my tactic is to not give these free services, > real data. Unfortunately, in this day and age, you do have to pay for privacy. Sometimes, that is in trivial ways, like refusing to provide information to companies and agencies that have no business to ask for it. Other times, it's more overt: right now, in the United States, privacy does cost money. > While it is VERY tempting to get that free DSL service NOW...just because > the SPEED is so alluring (and that's what they're counting on)...and I have > suffered SO long dragging this slooow modem across cyberspace as if it were > my own Via Dolorosa...I am waiting to see how many more such companies crop > up...and hopefully, will find one without such strict conditions. > Competition should lower the bar on this (I hope, I hope, I hope). Or also: > fee-based services may charge considerably less than they do now, such as: > $25/mo. for non-busy time slots only (1am - 7am, or something like that). This may happen at some point. As DSL becomes more universal, you may see discounted plans along these lines. I think, actually, at some point you are going to see "hybrid" services: ones that charge a small amount (say $10 or so) and provide a modicum of privacy, and generate their revenue by you committing to purchase a set amount of dollars on their website(s) (through a point system not unlike what Yahoo! and others are doing). This would act in the same way that those "frequent shopper" cards at grocery stores work. But like the "frequent shopper" cards, there is a different price to be paid, and that price is privacy. Unfortunately, the majority of people in this country are willing to sell their souls for a $1 discount on their $300 grocery bill, and so we end up with this garbage being foisted upon us. I don't shop at Safeway anymore primarily because of this crapola. The problem isn't with the companies, they're just finding a way to build a better mousetrap. It's the people that are willing to sell their privacy for such a low cost that sucks. Any rate, back to talking about UNIX. :) -Faedl From rick at linuxmafia.com Wed Feb 16 13:22:11 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Feb 2000 13:22:11 -0800 Subject: [buug] Linux Security Site In-Reply-To: <200002161140.DAA18403@weak.org>; from ezekielk@iname.com on Wed, Feb 16, 2000 at 01:11:55AM -0800 References: <200002161140.DAA18403@weak.org> Message-ID: <20000216132209.O4731@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > Linux might shine as a fully functioning network system...but those aren't > the clients I work with: I work strictly with stand-alone PCs, most at > people's homes...where they don't *want a network. Other than the Internet, > of course. What they "want" is based on what they're familiar with. Having been a consultant, I know that your value lies in guiding the customer to what will benefit him best in his circumstances. If you _don't_ do that, you're not really a consultant, only a technician. Clients told me they "wanted" me to install NT-based firewalls, become an MCSE, and such. I said no. So: One of the places where you have to say no is where the customer says he cannot conceive of having more than one computer because he has, after all, one computer, one car, one religion, one political affiliation, etc. This mindset stands in the way of the customer coming into the modern age and enjoying the benefits of the last thirty years of computer science. If such a hypothetical customer refuses to budge from this blinkered mindset, then I doubt he would benefit from Linux. You would do neither him nor the Linux community nor yourself any benefit by assisting him in cramming Linux into a Windows-sized box. I strongly advise you against doing that. > ...but the only way I'd do that, space-wise, is to share one monitor > and modem between the two. I see no problem, here. Put the modem on the Linux box, and run it "headless" (no monitor). It could even be in your closet. Let the Linux box run your Internet connectivity for both boxes, running IP masquerading (Network Address Translation) and the Squid Web cached. > I already have a split cable for the modem, but I'd need one for > the monitor, too. No. Wrong. You appear to suffer from a bit of a case of one-computer disease yourself, Zeke. A bit too long on legacy Microsoft OSes will do that to you. > Well, at *least my Windoze98 and Mandrake 6.1 reside on separate hard > drives. http://linuxmafia.com/~rick/faq/#partition -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From rick at linuxmafia.com Wed Feb 16 13:28:05 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Feb 2000 13:28:05 -0800 Subject: [buug] Intriguing 1-floppy OS In-Reply-To: <00021602591021.18086@weba2.iname.net>; from ezekielk@iname.com on Wed, Feb 16, 2000 at 02:59:10AM -0500 References: <00021602591021.18086@weba2.iname.net> Message-ID: <20000216132805.P4731@uncle-enzo.imat.com> Quoting ezekielk at iname.com (ezekielk at iname.com): > Do you guys know about QNX, a single-floppy OS that lets you browse > the web in GUI format? I tried it last year, and was astounded. It > really works: you can get on the web like normal. To run the OS, you > need to download, and install it to just a single 1.44MB floppy...then > reboot from that floppy. Yes, it's very good -- but proprietary. You can run a Linux-based Internet filtering gateway and NAT (Network Address Translation) box for all your other machines on a discarded 386/486 with no hard drive, using the Linux setups from the Linux Router Project: http://linuxrouter.org/ Of course, that doesn't include a graphical Web browser. It's worth also knowing about Tom's Root-Boot, a one-floppy Linux distribution with an amazing amount of stuff crammed into it: http://www.toms.net/rb/ Tom's doesn't include a Web browser, either, but it's an indispensible maintenance tool. If you need to do disk repair on a system that doesn't boot, it's just the thing. Can be created from either Linux or MS-DOS. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From rick at linuxmafia.com Wed Feb 16 18:08:05 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Feb 2000 18:08:05 -0800 Subject: [buug] Security threads on Slashdot Message-ID: <20000216180805.H9542@uncle-enzo.imat.com> http://slashdot.org/article.pl?sid=00/02/16/1836215&mode=thread There are numerous comments on that story that contain excellent security tips, for Unix people. Recommended. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From ezekielk at iname.com Wed Feb 16 18:52:58 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 18:52:58 -0800 Subject: [buug] Linux Security Site Message-ID: <200002170329.TAA21614@weak.org> Hi Rick Moen, you wrote on 2/16/2000 1:22:11 PM: >If such a hypothetical customer refuses to budge from this blinkered >mindset, then I doubt he would benefit from Linux. I know people who *really want to dump Windoze, and who do not need to run a local network or servers. But they cannot go through the learning curve re. setting up security. If I can take care of this myself, they can then procede with their Internet activities as a normal user (not root). They don't mind going through any learning curve for actually using any program (such as word processor, spreadsheet, etc.). These people have never had the time to go through the learning curve of maintaining and troubleshooting Windoze, either. But they used the OS, anyway. My plan is to learn Linux very well, so my clients will need minimal maintenance. In fact, since Linux is more robust than Windoze, I expect they'll be calling me a lot less. These are clients who do not want to get under the hood of *any OS...they just want to run a reliable system...minus the creepy overhead and bad politics that comes with Windoze. >I see no problem, here. Put the modem on the Linux box, and run it >"headless" (no monitor). It could even be in your closet. Let the >Linux box run your Internet connectivity for both boxes, running IP >masquerading (Network Address Translation) and the Squid Web cached. I *like that idea very much. But this is just for the Internet connection. I also want to run Linux for local use, for all my computer needs (eventually). And *that is why I need a monitor. I just don't want *two CRTs for this. Okay, I'll break out my older system, and prep it for Linux. Thanks for the great ideas. >You appear to suffer from a bit of a case of one-computer disease >yourself, Zeke. A bit too long on legacy Microsoft OSes will do that to >you. No argument there, Rick! I was a DOS nut from day one...though always resented Windoze, and was among the very last users to put it on my system. > Well, at *least my Windoze98 and Mandrake 6.1 reside on separate hard > drives. > >http://linuxmafia.com/~rick/faq/#partition Partition Magic kept crashing on me, and finally ceased to function. A nasty experience overall, which I care not to repeat more than I already have. With two separate hard drives, I can easily claim additional partitions from my Windoze drive, as I pare down my use of that horrid OS. That's because that HD is set up with four distinct partitions. And this, then, makes it easy to expand Linux space w/o a tool like Partition Magic. But I will definitely look into the *other partition utilities you mention on your page. Thanks! --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Wed Feb 16 19:13:03 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 19:13:03 -0800 Subject: [buug] Intriguing 1-floppy OS Message-ID: <200002170336.TAA21678@weak.org> Hi Rick Moen, you wrote on 2/16/2000 1:28:05 PM: >Quoting ezekielk at iname.com (ezekielk at iname.com): > > Do you guys know about QNX, > >Yes, it's very good -- but proprietary. It's a marvel, nonetheless. >You can run a Linux-based Internet filtering gateway and NAT (Network >Address Translation) box for all your other machines on a discarded >386/486 with no hard drive, using the Linux setups from the Linux Router >Project: http://linuxrouter.org/ Really? That's great. >It's worth also knowing about Tom's Root-Boot, a one-floppy Linux >distribution with an amazing amount of stuff crammed into it: >http://www.toms.net/rb/ Very cool. "The most Linux on 1 floppy disk". I'm downloading it right now. I can see why this teeny OS makes an excellent maintenance tool. From ezekielk at iname.com Wed Feb 16 18:52:15 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 18:52:15 -0800 Subject: [buug] Security threads on Slashdot Message-ID: <200002170336.TAA21732@weak.org> Hi Rick Moen, you wrote on 2/16/2000 6:08:05 PM: >http://slashdot.org/article.pl?sid=00/02/16/1836215&mode=thread > >There are numerous comments on that story that contain excellent >security tips, for Unix people. Recommended. Good stuff, thanx. From ezekielk at iname.com Wed Feb 16 18:08:22 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 18:08:22 -0800 Subject: [buug] Free DSL? Message-ID: <200002170336.TAA21733@weak.org> Hi Christopher Sullivan, you wrote on 2/16/2000 12:06:21 PM: >First off, you will need local phone service to subscribe to DSL in most >areas. I do not believe it is possible to get DSL without having >conventional dial tone. I may be incorrect in that assertion, however. I have been told otherwise, by some Unix-heads. Though the actual fact on this remains to be tested. >You touched on one of the points I was (subtely) trying to make. Free >access providers will be under no obligation to provide you with any >quality of service. I have found, as have others, that quality of service is no better for fee-based services...unless, perhaps, the fee you pay is way higher than the many generic services out there, that do not charge a lot. >Even removing that portion of the argument, their >argument (which will be successful in court, I'm afraid) would be that you >agreed to that term and condition when you applied for the service. Their terms re. this matter, are so general, as to be open to abuse by this company...and thus, if they become so draconic as to censor so broadly as to omit large segments of reasonable web sites (such as non-porno gay sites; as well as pagan links, left-leaning activist resources, etc)....the law as it now stands in our country, could override such restrictions. Assuming, of course, a reasonable (non- homophobic, non-right-wing) judge and jury. This is similar to private BBS's, which reserve the right to refuse or censor any topics or visitors they so desire. But there are limits to this, where basic laws re. civil rights override such limits if deemed "extreme". Likewise, any shop's "right to refuse service to anyone". Example: If a shop run by an Aryan Nation owner refused to sell its products to people of color and Asians...you bet they'd be challenged in court, and lose. >In a common law sense, you are also the loser. Since you are not paying >for the service, you cannot dictate terms of it being provided to you. In >the Libertarian movement, we have a saying "He who pays, says." We also pay taxes and subsidies to maintain communication infrastructures, not least of which is the Internet. As for the "terms dictated"...there is no clause present that distinctly says "no gay sites allowed". If they should include such a clause later on, it is open to challenge, as their definition of future possible (but not described) censors could easily be questioned. Again...if they should censor sites catering to African Americans (as example), you bet they'd be in hot water. There are basic laws which *no private or non-fee company can violate, or shape to their whims. The notion of "he who pays, says", can wrongly be used to further violate the innate civil rights of the low income, the poor, and the homeless...who in fact *do pay subsidies to both local and federal gov't whenever they purchase a taxed item, or pay income tax for menial or temporary labor. >You are not 100% correct on this. First off, there are laws preventing >Pacific Bell (read: a common carrier) from collecting and distributing >personal data without my explicit permission. I understand...but businesses are now rife with violations of their contracts to customers. So we are forced to strengthen laws, and be more vigilant than ever. (Example: the Banks' attempts to share customer data with other institutions.) Unfortunately, at this time, we customers have the odds stacked against us. I do not breathe any sigh of relief re. my privacy, just because I pay for some service or product. >I'd be interested in any evidence you >have of Pacific Bell Internet doing the same to their (paid) customers, >because that would be a deusey of a lawsuit. If a person does not pay his long distance fees, Pac Bell will discontinue their local service...even though the LD Company is not part of Pac Bell. While they have been forced by law to do so, I'd say this is an example of sharing personal data between two distinctly different companies...without first requesting permission from the customer. >Somebody skilled enough at the ISP can still hack your traffic. Of course. But paying for an ISP still does not protect you from all the *other activities online, which attempt to gather data w/o your permission or knowledge. You might be assured by your ISP, that they will never give anyone else access to your subscription data. But they do *not, usually, provide you with security armor to protect you from all the *other impositions on your privacy while connected. And their *own security of customers' personal data may leave much to be desired. I believe they *should provide security armor, as part of the package. However, they do not. Thus, even those who pay super-bucks for the hottest and fastest service around...must still secure her privacy on her own, with constant learning and use of additional utilities...and probably, with more fees. >I won't mention the fact that providing somebody with an address that is >not your own is actually a felony under the postal regulations. :) Even the most generic PC and Internet columnists are advising Internet users to key in false data, to protect their privacy. So I'm in good company. If I am ever charged with a felony for this, I'll bring in the news clippings of being advised to do this, by savvy reporters. >I don't believe that. Having worked in the direct-marketing business at >one point, I can tell you that low-income people are often targets of >specific ad campaigns. Many companies become wealthy by selling massive amounts of inexpensive items or services. I call this the "Pet Rock Phenomenon". For low income types, the Internet has proven a very cost-effective tool. I just bought a sound card via the WWW for $29, that would have cost me $59 at any local retail store. So, yes, on second thought I have to agree with you. >Unfortunately, in this day and age, you do have to pay for privacy. Agreed. But this is a violation of one's civil rights, regardless. We have laws to protect everyone's privacy...they just need to be enforced. The keystones to individual freedom should not be up for sale, as they have now become. Even reasonably affluent folks cannot afford the best privacy...a right that is supposed to be one's right from birth, with no consideration for one's financial status or property. >Unfortunately, the majority of people in >this country are willing to sell their souls for a $1 discount on their >$300 grocery bill, and so we end up with this garbage being foisted upon >us. I don't shop at Safeway anymore primarily because of this crapola. I don't shop at any large chain markets, with rare exception. Primarily, for the reason you just mentioned. And I am definitely pro-active re. privacy and civil rights. There are some who are fighting this, like myself, who also do use plenty of free services...but they do so, well-armed and informed, and thus preserve their privacy. >The problem isn't with the companies, they're just finding a way to build >a better mousetrap. It's the people that are willing to sell their >privacy for such a low cost that sucks. "The government is only as good as the people". I think that's a quote from Pres. Truman. >Any rate, back to talking about UNIX. :) Sounds like a plan. --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From rick at linuxmafia.com Wed Feb 16 20:59:57 2000 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Feb 2000 20:59:57 -0800 Subject: [buug] Linux Security Site In-Reply-To: <200002170329.TAA21614@weak.org>; from ezekielk@iname.com on Wed, Feb 16, 2000 at 06:52:58PM -0800 References: <200002170329.TAA21614@weak.org> Message-ID: <20000216205957.A11572@uncle-enzo.imat.com> Quoting Zeke Krahlin (ezekielk at iname.com): > These are clients who do not want to get under the hood of *any OS...they > just want to run a reliable system...minus the creepy overhead and bad > politics that comes with Windoze. I don't think Linux is a good option for such people. They will inevitably evaluate Linux by how closely it approximates what they're used to, while being blind to what it has that they've never seen. Worse, in a no-network environment, those advantages are crippled or absent, such that they cannot even be discovered by accident. So, you're setting up a situation where they will decide "I've tried Linux, and it's not as good." That doesn't do them any good, and definitely doesn't do Linux any good. > I *like that idea very much. But this is just for the Internet > connection. I also want to run Linux for local use, for all my > computer needs (eventually). And *that is why I need a monitor. I just > don't want *two CRTs for this. No, you don't. You can get non-graphical access from MS Windows to your Linux box using telnet or ssh (latter preferred -- see http://linuxmafia.com/pub/linux/security/ssh-clients). You can get your graphical Linux apps (X apps) from your MS Windows desktop by either installing an X server on MS Windows, or installing VNC software at both ends. http://www.uk.research.att.com/vnc/ > But I will definitely look into the *other partition utilities you mention > on your page. Thanks! You're welcome. However, the point of that essay was not just to document which such utilities exist, but to present an argument as to why _not_ to use any of them. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From ezekielk at iname.com Wed Feb 16 23:19:28 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Wed, 16 Feb 2000 23:19:28 -0800 Subject: [buug] Linux Security Site Message-ID: <200002171030.CAA22766@weak.org> Hi Rick Moen, you wrote on 2/16/2000 8:59:57 PM: >I don't think Linux is a good option for such people. They will >inevitably evaluate Linux by how closely it approximates what they're >used to, while being blind to what it has that they've never seen. I don't find that to always be the case. I have five clients who already took my advice to drop AOL, and go for one of the local services for a lot less cost (and some even chose a free service). They are all glad they did so. Any client who would not consider taking the brave leap from AOL to a generic ISP, I do not bother to offer any other PC alternatives (like Linux). These 5 clients also have Linux running on a separate partition, to see for themselves what it's about. They like it, and they like the idea of dropping Windoze. The only thing stopping them from switching over, is the same reason I have: incorporating the necessary security settings. In a few months, though, I should have this resolved, and be able to get their Linux boxes optimally running. Once I reach that point, I will uninstall Windoze to make their systems pure Linux. I've already arranged their data for easy backup and use by Linux software. These clients are not dependent on any work that would require running one Windoze program or another. Mostly, they'll be browsing the web...and the rest of their PC activities will entail the conventional types of software (word processing, calculator, PIM, check balancing, etc.). Star Office or Corel Word Perfect Suite will meet all their needs just fine. These are *not lame Windoze sheep, but a several cuts above that. They are intellectually active, curious, and have a great desire to boycott Windoze. IOW: they are not beyond redemption. ;) >You can get non-graphical access from MS Windows to your Linux box >using telnet or ssh (latter preferred -- see >http://linuxmafia.com/pub/linux/security/ssh-clients). Thanx. I've downloaded puTTY. But It seems repugnant to use Windoze to access Linux. Are there methods to accomplish same via DOS? (If so, would it be only non-graphics?) >You can get >your graphical Linux apps (X apps) from your MS Windows desktop by >either installing an X server on MS Windows, or installing VNC software >at both ends. http://www.uk.research.att.com/vnc/ The VNC site is not accessible...but maybe it's just temporary downtime. Though a search for "VNC" did get me a site to download this little freeware gem: http://softseek.zdnet.com/Utilities/Remote_and_Mobile_Computing/D_26637_inde x.html But why would this method of accessing the Linux box be more practical, than using a split video cable, where I can run Linux directly...with no Windoze shell holding it all up? Is this method almost just as fast and robust as using Linux directly? --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From tomd at sacefcu.org Thu Feb 17 06:25:42 2000 From: tomd at sacefcu.org (Tom DeSot) Date: Thu, 17 Feb 2000 08:25:42 -0600 Subject: [buug] Intriguing 1-floppy OS Message-ID: <0150CA5A623FD211B16400105A0463263B1AB5@cecupdc.sacefcu.org> Take a look at http://www.freesco.org -----Original Message----- From: Zeke Krahlin [mailto:ezekielk at iname.com] Sent: Wednesday, February 16, 2000 9:13 PM To: @ BUUG Mailing List Subject: Re: [buug] Intriguing 1-floppy OS Hi Rick Moen, you wrote on 2/16/2000 1:28:05 PM: >Quoting ezekielk at iname.com (ezekielk at iname.com): > > Do you guys know about QNX, > >Yes, it's very good -- but proprietary. It's a marvel, nonetheless. >You can run a Linux-based Internet filtering gateway and NAT (Network >Address Translation) box for all your other machines on a discarded >386/486 with no hard drive, using the Linux setups from the Linux Router >Project: http://linuxrouter.org/ Really? That's great. >It's worth also knowing about Tom's Root-Boot, a one-floppy Linux >distribution with an amazing amount of stuff crammed into it: >http://www.toms.net/rb/ Very cool. "The most Linux on 1 floppy disk". I'm downloading it right now. I can see why this teeny OS makes an excellent maintenance tool. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ezekielk at iname.com Thu Feb 17 12:20:59 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Thu, 17 Feb 2000 12:20:59 -0800 Subject: [buug] Intriguing 1-floppy OS Message-ID: <200002172027.MAA00357@weak.org> Hi Tom DeSot, you wrote on 2/17/2000 6:25:42 AM: >Take a look at http://www.freesco.org Another great freeware product...that can be installed on a single floppy. I'm beginning to wonder what I've been doing with a hard drive in the first place. ;] --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Thu Feb 17 12:36:18 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Thu, 17 Feb 2000 12:36:18 -0800 Subject: [buug] Website Update & Requests Message-ID: <200002172051.MAA00478@weak.org> I've added more links to our resources page. Looking for additional personal pages (should still have BUUG-relevant content), newbie and hacker resources, zines, e-mail lists and message boards. Check out the current resources page at our mirror site, for your consideration: http://www4.50megs.com/buug/mirror/resources.htm Suggestions on any aspect of this page (and site at large) are welcome, as well. This is *our site, not mine. TIA P.S.: I have removed the text-only pages, and just made the usual pages 100% Lynx-friendly. Why be redundant when there's no point to it? (If anyone can make a point as to keeping separate, text-only pages, I will change my mind on this.) --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc From rick at linuxmafia.com Thu Feb 17 13:55:10 2000 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 17 Feb 2000 13:55:10 -0800 Subject: [buug] Essay: Recipe for a Successful Linux User Group Message-ID: <20000217135509.G14367@uncle-enzo.imat.com> I have a new essay at http://linuxmafia.com/~rick/essays/newlug.html that may be of use to some list members. Although written specifically for Linuxers, the material therein should also be useful to our BSD brethren. -- Cheers, Linux: It is now safe to turn on your computer. Rick Moen rick (at) linuxmafia.com From ezekielk at iname.com Thu Feb 17 14:25:18 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Thu, 17 Feb 2000 14:25:18 -0800 Subject: [buug] Essay: Recipe for a Successful Linux User Group Message-ID: <200002172226.OAA00882@weak.org> Hi Rick Moen, you wrote on 2/17/2000 1:55:10 PM: >I have a new essay at http://linuxmafia.com/~rick/essays/newlug.html >that may be of use to some list members. Very useful. Thanks for another helpful faq. I'll incorporate the addtional suggestions there, to the ones you already provided. Escpecially re. getting on the main LUG lists. I'll discuss this with our group, tonight. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Thu Feb 17 14:33:32 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Thu, 17 Feb 2000 14:33:32 -0800 Subject: [buug] You know you're a Linxu geek when... Message-ID: <200002172249.OAA06034@weak.org> Some funny stuff from members of FreeISPCubs BBS: -------------------------------- From: UART6550 Feb-15 10:47 pm To: ALL [harvested freely from the www.taclug.org website; I added a few at the end] You know you're a Linux Geek when: When someone mentions "The Other OS", you think they are talking about FreeBSD. You start using penguins in your web site design. You've programmed your spell checker to replace "knew" and"new" with "gnu". When you find . -name "what" -type F| xargs grep "where"| cut -t "when"| grep "who"> now! is a reality! Every job interview that you go to becomes a session of Linux Advocacy. You know over 20 different people by their uid on Slashdot, but have never met them in person. When they say "lie low" you think about booting linux. You keep track of your highest uptime, and try to break your record. The only thing you ever do online is read the latest linux news, linux software releases, linux HOWTOs, usenet linux threads, etc., etc. You use /. as your homepage. Typing 'locate Bitch' at the command prompt makes perfect sense. You try to cat your AUTOEXEC.BAT file. You can reconstruct your fstab from scratch, and not even think about it. When in MS Word, you type :wq You are hitting the TAB key in the DOS-Shell You feel patronized when your Wintel box at work asks you if you "really want to log out?" You wish Windows had virtual desktops. You enjoy getting fsck'd when your computer boots. You know how to attain Enlightenment. In Windows, you keep referring to your drives as /dev/hdx Freeing the mallocs seems a worthier cause than freeing the whales. You ask yourself why Windows 9X has a login screen with a Cancel button. Someone tells you command line options for an application and you need toilet paper to write it down. While at a hip party someones asks "Hey wanna burn one?".You ask if they have a blank CDR. When other people talk about their exotic animals you think they're talking about O'Reilly books. With the boot disk you're always carrying, a debian and redhat CD accompany. You find the thought of rebooting after installing a piece of software utterly absurd. Tour definition of a tarball has nothing to do with fossil fuels. When you hear the words 'Fresh meat' you think of software. You feel the desire to master vi. You have more than 10 network services enabled on your home network. You think "Microsoft" is a brand-name for toilet paper. The only time your computer reboots is to try out a new kernel. You type "/" when trying to change directories in Windows. You carry a Linux boot-floppy wherever you go. You feel an undefined sense of shame when the advice you give on Windows 9X works. You're on your first date and all you can think about is open source. You dream of penguins. You scan hardrives in public places for enough space to install Linux on. You expect all your software to be FREE. In fact, you expect EVERYTHING to be FREE! :-O -------------------------------- From: PEEN_IS Feb-15 11:16 pm OK, I'll top that....speaking from experience.... ______________________________________ You know you are a Linux user when.... Your wife threatens to leave you. Your kids don't know you. You call DELL for a pre-load Linux system and the salesperson has to refer you to 10 different people. You need 20 keystrokes for every single one under Winbloze. You need to read the boxes of hardware to make CERTAIN it is supported under Linux. You don't bathe preferring instead to compile Linus's latest kernel. You expect your car to be fixed for free. You expect Ford parts to fit in your Chevy. You use Latex and like the feel of rubber. Your boss yells at you for sending out undecipherable memos written in Star Office. You call your corporate support desk with a question about LInux and they tell you it's "unsupported". You look for decent software and there is none unless it is either geek programmer stuff or is free. You are forced to run Netscape. You actually LIKE text-based browsers like Lynx. You end up looking for software deals in some dusty corner of CompUSA. You don't find that software you were looking for. You enjoy reading a thread like this and standing in a circle with the other LinoWankers ex"trolling" the virtues of that Luser of an operating system, Mircoslut Windbloze. You like documentation and document everything. You like looking up header in dejanews. You spend endless hours trying to track down a software company that doesn't even exist..... LMAO! ------------------------------------- From: Bernei_m Feb-17 02:45 pm To: ALL Here's what my Random House electronic dictionary says about "geek": geek (gEEk) n. Slang 1. a carnival performer billed as performing sensationally morbid or disgusting acts, as biting off the head of a live chicken. So who's hiding all the chickens? (Do penguins count?) --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc From ezekielk at iname.com Thu Feb 17 14:27:46 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Thu, 17 Feb 2000 14:27:46 -0800 Subject: [buug] Linux Security Site Message-ID: <200002172249.OAA06078@weak.org> From FreeISPCubs BBS, comes this excellent resource referral by one "31337IT": ---begin message: Add this to the collection, for the UNIX security in general, http://staff.washington.edu/dittrich/R870/security-checklist.html Authored by Mr. Security himself, Dave Dittrich at the University of Washington. If the name sounds familiar, it is, he's the guy the media is climbing all over to get the meat on the recent distributed denial-of-service attacks on Yahoo, CNN, ETrade, etc. More about Dave Dittrich here, http://www.washington.edu/People/dad/ ---end message From ezekielk at iname.com Fri Feb 18 03:38:39 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Fri, 18 Feb 2000 03:38:39 -0800 Subject: [buug] User Lists: more than Linux Message-ID: <200002181300.FAA21905@weak.org> Rick Moen's list of LUG lists has proven a real time saver, as I have registered BUUG with them all, in a short half hour. These are: http://www.ssc.com/glue/ http://lugww.counter.li.org/ http://nlug.org/webring/ http://www.LinuxMall.com/LinuxUserGroups.html http://www.redhat.com/community/ http://www.linux.org/users/ http://www.linux.com/links/Community/User_Groups/LUGs/ http://www.linux.com/lug/ http://dmoz.org/Computers/Software/Operating_Systems/Linux/User_Groups/ One of them is a web ring, which requires their HTML fragment to be displayed on our home page. Fine, but for one thing: we are not just a LUG, but an UUG! To have just a Linux ring displayed would be unfair to other Unix users (BSD, Unix, etc). So I want to also sign up with similar group lists (or web rings) for BSD, Unix, Solaris, etc. users. Does anyone know a URL to one or more such lists? Due to my newbie- ness, I have to resort to search engines, which may not give the best results. So far, I've found just this: UNIX Users' Groups (UUGs) Aound The World http://www.sluug.org/~newton/othr_uug.html --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at iname.com Sat Feb 19 09:12:25 2000 From: ezekielk at iname.com (Zeke Krahlin) Date: Sat, 19 Feb 2000 09:12:25 -0800 Subject: [buug] This Thursday at UC Computers Message-ID: <200002190937.BAA25000@weak.org> A reminder that BUUG members will meet this Thursday, Feb. 24, with the BAFUG (Bay Area FreeBSD User Group) crowd at UC Computers/Transbay, from 7:30-9pm. This is at 2569 Telegraph Ave., between Blake and Parker. For more detailed directions and a map, go to our home page at http://www.weak.org/buug Bring a few bucks if you want to partake in a slice or two of pizza, soda and/or coffee. (And show up by 7:15 to partake.) Based on BAFUG's invite to last month's meeting, I presume that anyone who plans to attend should inform either Nicole Harrington , or Josef Grosch on or before Feb. 24th, so they'll have an idea how much pizza, soda, and coffee to bring. I very much look forward to meeting BAFUG folk. FYI, I will be hanging out at the Cafe Mediterraneum a block north of UC Computers, from 5:30-7:00pm.I invite anyone to join me there. I'll probably be sitting in the balcony, glaring into my PDA over Linux Security How-To. (That, or playing Solitaire!) --- FreeISP Cubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 From ezekielk at netzero.net Sun Feb 20 22:21:59 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Sun, 20 Feb 2000 22:21:59 -0800 Subject: [buug] Linux Security for stand-alone PC's Message-ID: <38B0D987.5B198EB7@netzero.net> One of the excellent members from FreeISPCubs message board, has contributed the following security tips for non-networked Linux boxes. I will be securing my system tonight, based on his advice. Anyone who'd care to peruse this document: did he miss anything? spot something wrong? any additional tips not mentioned here in? TIA ---begin document: LINUX SECURITY 101 Forum: the FreeNetCubs BBS & Chat Forum Subject: Linux security 101 From: (P_NIS) To: (ALL) DateTime: 1/9/00 1:15:02 AM OK for all new recent Linux converts out there, here are a few simple security tricks you can use to make your surfing safe and anonymous. These tips are mainly applicable to modem DUN connects, but some may be useful for LAN's as well. The config files I will mention are those for the RedHat distribution and may be slightly different for other distributions, YMMV. OK, here we go.... 1. Disable the ability to telnet and ftp to your machine. To do this, open the file /etc/inetd.conf, and simply insert a hash mark '#' in front of each line to uncomment that line. To disable telnetting and ftp'ing to your machine, make sure to insert # in front of the lines that beging with 'ftp' and 'telnet'. You should uncomment each of the other lines as well, unless you know for sure that you need to have those services running. For a plain old dial-up connection that you don't need to network to other computers, UNCOMMENT EVERYTHING. Keep in mind that you will disable telnetting and ftp'ing TO your machine, but you will still be able to telnet and ftp to OTHER machines. 2. Disable the ability of other machines to 'ping' your machine. This maneuver is useful for combatting mass pings that identify machines that are online. For example, if I knew that ISP X's client numbers began with a 129.23.xx.xx, I could do a mass ping of that subnet to find out the exact addresses of machines that are online, and thus establish my cracking targets. Turning off your ability to get pinged effectively makes you invisible on the internet. As root, run this command: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all Note that you will still be able to ping OTHER machines, it's just that nobody will be able to ping you. To restore your ability to get ping'd, run this command: echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all (Notice the 1 becomes a 0.) 3. Disable unnecessary services that are started at boot time. The way to do this depends on your distribution, but for RedHat just run (as root) linuxconf (type 'linuxconf' as root at the command prompt), then look at Control > Control Panel > Control Service Activity. As a stand-alone dial-up networked client, you can safely TURN OFF the following services: apmd (advanced power management; useful only for laptops to tell you how much battery is remaining) atd (I don't know what it's for but has something to do with scheduled tasks) httpd (starts the Apache webserver; DEFINITELY turn this one off unless you are running a web server off your machine) linuxconf (turn this one off so nobody will be able to change your configuration remotely; you can still run linuxconf as root locally) mars-nwe (something for LANS only) named (only needed if you are running a DNS server from your machine) netfs (DEFINITELY turn this one off, something for network file systems) nfs (DEFINITELY turn this one off, this is for network file systems (No farking Security) which is a huge Linux security hole.) pcmcia (you don't need this unless you have a pcmcia card in a laptop) portmap (only needed if you are using nfs) routed (for network routing; not needed for dial-up connections) rstatd (I don't know what this is for but it ain't needed for DUN) ruserd (who knows what this is for but not needed for DUN) rwhod (not needed for DUN) sendmail (not needed for DUN; only necessary if you run email on a LAN) smb (SAMBA, i.e. port 139, only needed if you are doing file-sharing or networking with Windoze machines) snmpd (something, something, but not needed for DUN) ypbind (again only for LAN's but not needed for DUN's) Basically, if you have services running and YOU DON'T KNOW WHAT THEY ARE FOR, it's better you just turn them off rather than leave a potential gaping security hole open. 4. Use a proxy. A good one is junkbuster, which has been mentioned several times before on this board. Check it out at http://www.junkbuster.com or http://www.waldherr.org Yes, there's even a Windoze version available. Aside from filtering out those farking adds on webpages and leading to quicker page loads, junkbuster allows you to 1) forward your URL requests through a separate proxy, thus concealing your true IP address, 2) change the reported operating system and reported web browser you are surfing from, 3) disable or manipulate referring so that websites don't get private information such as what site you just visited prior to visiting their's. You can also choose the site that gets reported on the 'referred from:' line, i.e. Referred From: www.farkoff.org; and 4) disable or selectively enable cookies. Well that's all for now. After implementing these measures, test them by going to http://crypto.yashy.com/nmap.php3 to see which ports are still open (make sure to turn off your proxy or your proxy gets scanned), or Shields-Up at http://www.grc.com. As you can see, there are TONS of security holes in a typical Linux distribution as it comes out of the retail box. I guess those distributors assumed that you as a buyer were going to install Linux on a 'trusted' network. Thus it's YOUR responsibility to plug all them holes up! But wait, we're not finished yet! Let me tell you about 'Netscape Tricks'.... ============================================================= LINUX NETSCAPE SECURITY TRICKS Forum: the FreeNetCubs BBS & Chat Forum Subject: Netscape 'security tricks' From: (P_NIS) To: (ALL) DateTime: 1/9/00 1:46:03 AM The thing that makes Netscape a much more favorable browser over Internet Exploiter/Exploder is the ability to 'secure' your browsing, aside from the fact that it doesn't crash as much as IE. These 'Netscape tricks' have been garnered from others as well as my own experience, and mainly apply to the 4.6 - 4.7 versions in Linux, but can easily be adapted to the Windoze versions as well. 1. Make cookies vanish into thin air. First go to your netscape home directory, i.e. /home/yourname/.netscape. Do an 'ls' and you will see a file named 'cookies'. Delete it. Next, create a symbolic link called 'cookies' that is linked to /dev/null. Run this command at a prompt: ln -s /dev/null cookies Now, Netscape will ACCEPT ALL COOKIES, but they ALL GET WRITTEN INTO OBLIVION (/dev/null). The sites that planted cookies into your machine will never know the difference! (For all you Windoze users out there, the same trick can be done by deleting cookies.txt and creating a DIRECTORY called cookies.txt) 2. Make your Netscape cache invisible. Believe it or not, sites that you visit have the capability to read your browser's cache and gather information about all the sites you have visited. To disable this, quit Netscape, then go to your /home/yourname/.netscape directory again. Now delete the 'cache' directory (rm -rf cache). Next make a text file called 'cache' in your .netscape directory. Alternatively, you can create a symbolic link from cache to /dev/null: ln -s /dev/null cache 3. Disable the 'global history' option. Any veteran Netscape users will know what I mean...at the URL prompt, type the following: about:global history ....and what you will see will make you wet your pants. Yep, there it is, a complete listing of EVERY site you have visited since installing Netscape. For all the world to see. For all the sites you visit to see. This information is stored in the file /home/yourname/.netscape/history.db So, to get rid of it permanently, first delete the file, then create a symbolic link to oblivion: ln -s /dev/null history.db 4. And finally, most importantly, use a proxy, i.e. junkbuster (http://www.junkbuster.com). My apologies to all you Internet Exploder users out there who cannot apply these techniques and whose security will forever be at the mercy of malicious websites and Active X. Care to make the switch? ---end of document --- FreeISPCubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From tomd at sacefcu.org Tue Feb 22 14:59:51 2000 From: tomd at sacefcu.org (Tom DeSot) Date: Tue, 22 Feb 2000 16:59:51 -0600 Subject: [buug] Hylafax Message-ID: <0150CA5A623FD211B16400105A0463263B1B3F@cecupdc.sacefcu.org> Is anyone using Hylafax in a Windows environment? I'm looking for a networked fax solution that won't cost me an arm and a leg. I'd like to know the pitfalls as well as the good stuff. Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: From ezekielk at netzero.net Tue Feb 22 21:31:26 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Tue, 22 Feb 2000 21:31:26 -0800 Subject: [buug] Is BAFUG meeting this Thursday? Message-ID: <38B370AE.90CD9C5A@netzero.net> Does BAFUG plan to meet this Thurs., the 24th, even though there is a sign up at UC Computers, that says it will be closed till the 25th? (I just tried calling Jon McClintock on his cell phone, but no answer.) Our new member, Lorenzo, just sent me an e-mail, telling about this sign, so now I'm posting here. He asked if we should meet this Thurs. at the usual place (Au Coquelot)...and I don't know what to tell him. If at all possible, can someone who knows the answer, please post back to the board ASAP! --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From jammer Tue Feb 22 21:56:30 2000 From: jammer (Jon McClintock) Date: Tue, 22 Feb 2000 21:56:30 -0800 Subject: [buug] Is BAFUG meeting this Thursday? In-Reply-To: <38B370AE.90CD9C5A@netzero.net>; from ezekielk@netzero.net on Tue, Feb 22, 2000 at 09:31:26PM -0800 References: <38B370AE.90CD9C5A@netzero.net> Message-ID: <20000222215630.B617@weak.org> I've sent mail to the individual who posted the meeting announcement on the BAFUG mailing list. I will keep everyone posted. -Jon On Tue, Feb 22, 2000 at 09:31:26PM -0800, Zeke Krahlin wrote: > Does BAFUG plan to meet this Thurs., the 24th, even though there > is a sign up at UC Computers, that says it will be closed till > the 25th? (I just tried calling Jon McClintock on his cell phone, > but no answer.) > > Our new member, Lorenzo, just sent me an e-mail, telling about > this sign, so now I'm posting here. He asked if we should meet > this Thurs. at the usual place (Au Coquelot)...and I don't know > what to tell him. If at all possible, can someone who knows the > answer, please post back to the board ASAP! From ezekielk at netzero.net Wed Feb 23 13:59:23 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Wed, 23 Feb 2000 13:59:23 -0800 Subject: [buug] BAFUG meeting still on schedule Message-ID: <38B4583B.C9B7BC84@netzero.net> I was just informed by BAFUG organizer, that even though UC Computers is closed, the BAFUG meeting is still on. Quote: "Nicole Harrington." wrote: > > As far as I know it will be. The main owners are > out of town but it will be available to us for >the meeting. But if there is a problem, we can then all meet one block north, at Cafe Mediteranneum. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From ezekielk at netzero.net Wed Feb 23 13:59:23 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Wed, 23 Feb 2000 13:59:23 -0800 Subject: [buug] BAFUG meeting still on schedule Message-ID: <38B4583B.C9B7BC84@netzero.net> I was just informed by BAFUG organizer, that even though UC Computers is closed, the BAFUG meeting is still on. Quote: "Nicole Harrington." wrote: > > As far as I know it will be. The main owners are > out of town but it will be available to us for >the meeting. But if there is a problem, we can then all meet one block north, at Cafe Mediteranneum. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From ezekielk at netzero.net Wed Feb 23 15:47:55 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Wed, 23 Feb 2000 15:47:55 -0800 Subject: [buug] BAFUG meeting still on schedule References: <0150CA5A623FD211B16400105A0463263B1B78@cecupdc.sacefcu.org> Message-ID: <38B471AB.D76614FF@netzero.net> > Tom DeSot wrote: > Will anyone be posting the minutes or at least discussion > notes? Sorry, but BUUG was created to be a casual, weekly get-together. Thus, no minutes are taken. As for BAFUG, I don't know if they do either, or if their minutes are thorough and/or posted on their site. But I will ask...as well as take notes for your benefit. > However, I like the your board, it carries a lot of good > information. Hence the reason I subscribed to it. Thanx! Actually, we are presently recovering from a nasty attack by M$ zealots, who tried to silence any and all anti-M$ sentiment. We had a plethora of incredible information stored in numerous threads, which have all been totally wiped out, when my board was shut down w/o warning or reason. Delphi's format is one that makes it difficult to harvest valuable information from threads and messages...and I couldn't do this all myself, so before any volunteers appeared, it was too late. This "FreeISPCubs BBS & Chat" grew out of a friendly takeover of the original "NetZero Hero" board. "Friendly" because the original webmaster's board was too simple to be useful once it became popular...thus I offered, free of charge, to set him up with a multi-forum board. Eventually, he pooped out and offered me the whole enchilada. --- FreeISPCubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From mhigashi at hooked.net Wed Feb 23 19:48:56 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Wed, 23 Feb 2000 19:48:56 -0800 (PST) Subject: [buug] Linux InstallFest, Saturday 2/26 Message-ID: Hi, I just joined this list and hope you don't mind if I send an announcement as my first posting. The CABAL (Consortium of All Bay Area Linux) and BALUG (Bay Area Linux Users Group) will be having their next Linux InstallFest this Saturday, February 26th, as part of the Robert Austin Computer Show, at the Oakland Convention Center. If you or a friend needs help installing Linux, please feel free to bring your system. (Don't forget to bring your monitor, keyboard, and mouse.) Check your equipment in at security desk before bringing it in. BAFUG will be holding their FreeBSD Install-a-thon there as well. Location: Robert Austin Computer Show Oakland Convention Center 10th and Broadway, Oakland Directions and Map: http://www.robertaustin.com/directions.htm Time: 10am to 4pm Saturday, Feb 26 Cost: $8 - Computer Show General Admission (Adults) $3 - Adult admission with coupon (your own, or the one below) free - for volunteers arriving before 9:30am ** Volunteers are needed ** If you can assist others install or configure Linux, or can just help explain what this Linux thing is to the many show attendees who stop by and ask questions, please come by and help out. Volunteers arriving early, to help set up, should come in through the loading dock on Clay Street. Discount Coupon If you are not already on the Robert Austin mailing list for discount coupons, please feel free to print out the one below and bring it with you. Upcoming InstallFests The next CABAL/BALUG InstallFest after this will be at the Cow Palace on March 25th, and won't return to the Oakland Convention Center until April 22nd. Hope to see you there, Mike Higashi ******* 154336 ************** 1364 E ********************** **** CUT HERE *** CUT HERE *** CUT HERE ** BELOW IS YOUR COUPON *** ******* 154336 ************** 1364 E ********************** Coupon for Michael Higashi, mhigashi at hooked.net & friends 154336 One Coupon per person required. Print one for all your friend! ** This is your $5 off discount coupon and SHOW PROGRAM for the ** Saturday February 26, Oakland Convention Center Computer Show. ** Bring this discount coupon to the show and present it at the ** ticket booth when you purchase your ticket to receive your $5 discount. ** Show prices are $8 Adults, $6 Children 5 through 15, Under 5 Free ** Show hours are from 10:00 am to 4:00 PM ** This Coupon must be legible to be used for discount. ** For additional Registrations or changes to your registration ** Please see our web site at Http://www.RobertAustin.com From mhigashi at hooked.net Wed Feb 23 21:22:05 2000 From: mhigashi at hooked.net (Michael Higashi) Date: Wed, 23 Feb 2000 21:22:05 -0800 (PST) Subject: [buug] Linux InstallFest, Saturday 2/26 In-Reply-To: Message-ID: On Wed, 23 Feb 2000, Michael Higashi wrote: > Hi, I just joined this list and hope you don't mind if I send an > announcement as my first posting. > > The CABAL (Consortium of All Bay Area Linux) and BALUG (Bay Area Linux > Users Group) will be having their next Linux InstallFest this Saturday, > February 26th, as part of the Robert Austin Computer Show, at the Oakland > Convention Center. Oops, I just realized I left a very important line out of the announcement: Rick Moen will be there, will you? Regards, Mike From ezekielk at netzero.net Thu Feb 24 00:00:11 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Thu, 24 Feb 2000 00:00:11 -0800 Subject: [buug] Linux InstallFest, Saturday 2/26 References: Message-ID: <38B4E50B.85E9297C@netzero.net> Michael Higashi wrote: > > Hi, I just joined this list and hope you don't mind if I send an > announcement as my first posting. Of course not. This is what BUUG is all about: a social network for all the various Unix-type groups in and around Berkeley. Announcements of relevant events are much appreciated. Welcome aboard, Michael! --- FreeISPCubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From ezekielk at netzero.net Thu Feb 24 04:23:54 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Thu, 24 Feb 2000 04:23:54 -0800 Subject: [buug] DSL look-up service Message-ID: <38B522DA.1D005CDD@netzero.net> Received this in my mailbox today, re. a free DSL look-up service. Quote: 2Wire's DSL Lookup Service is the nation's most comprehensive and organized resource for determining where to buy high speed DSL internet service. The report is free and customized to your exact location. http://www.2wire.com/dsllookup/finddsl.asp?id=131 The report first tells you if DSL is available to your home or business. If so, you'll get a detailed list of providers, speeds, pricing, installation offers, and more. --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From ezekielk at netzero.net Sat Feb 26 00:06:28 2000 From: ezekielk at netzero.net (Zeke Krahlin) Date: Sat, 26 Feb 2000 00:06:28 -0800 Subject: [buug] Re: [Buug-admin] Defaced FreeISPCubs board!! References: Message-ID: <38B78984.6DB57195@netzero.net> Paulina K Nis wrote: >I am sorry to be a bearer of bad news. I know how *that feels; I've been there too! :( >The start page of FreeISPCubs has been defaced, as you probably have learned by now. No, I was too busy to log on for a couple days. Well, I kind of expected those M$ zealots who last got the board shut down, to be very upset to see us rise up again. No rest for the wicked (even less for the good). >Rest assured I had nothing to do with it. Goes without saying. You've been not just an excellent teacher, but a great sport through it all. >In fact, I think I know who did this....PIMPP. Quite possibly, as he led the previous battle. His board at http://www0.delphi.com/dunetcentral/, seems completely free of any defacement. >Click on his profile in Delphi and you will see that this nasty >spoiled brat has listed our defaced page as one of his favorite sites! Well, my "favoite sites" list (under a different handle) also says that now, too. Apparantly, whoever had access to my sysop account, just changed the title of my site...and this was reflected on anyone's account. But my own account is defunct, so I can't log in and correct things. I just checked out Delphi's host forum, and there is no mention of any hacker defacement activity; and therefore strongly indicates our likely attacker as one or more from DuNetCentral. >Did you by any chance make him or anyone else a board administrator, >with rights to make such changes? Nope. Only I have access to sysop controls...under "normal" circumstances. >Or perhaps a cronie Delphi employee was in on it as well. This is very likely, as the M$ zealots like PIMPP are not the bright hackers they think they are. And someone did mess with my account. >Oh well. Will have to rise from the ashes, again... Thanks again, for alerting me to this. Let's continue our discussion off-list, so as not to distract others. I will create a new account tonight, and set up a new board. Then, the message board link from my home page will take visitors to our second resurrection. --- FreeISPCubs BBS & Chat http://www5.50megs.com/fnc --- Toll-free voice/fax mailbox (USA only): 1-888-830-5746 (ext. 8275) ICQ#: 8485235 __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html From TiffanyT at Unitek.com Tue Feb 29 16:03:53 2000 From: TiffanyT at Unitek.com (Tiffany Turner) Date: Tue, 29 Feb 2000 16:03:53 -0800 Subject: [buug] (no subject) Message-ID: <077D765EB090D311A19800A0C9FC37862F7125@EXCHANGE> From TiffanyT at Unitek.com Tue Feb 29 16:04:57 2000 From: TiffanyT at Unitek.com (Tiffany Turner) Date: Tue, 29 Feb 2000 16:04:57 -0800 Subject: [buug] Do you like Penguins? :) Message-ID: <077D765EB090D311A19800A0C9FC37862F7126@EXCHANGE> Do you like Penguins? We are DestinationLinux.com a site geared specific for Linux Users and Groups. What we are about is Linux and Open Source-related technologies. We also feature games, mp3's and free educational information. Our goal is to establish a real Internet community for Linux users. Our site is geared so that a Person new to Linux can get the knowledge base to make Linux a more acceptable alternative to the "Big M". As well as technical tips and tricks for the Expect. We feature "Linux Beginnings, FAQs, Tips and Tricks, User Groups, the newest Linux Companies, Products, Newsletters and other links to sites showing the Linux world. Just Click here http://www.destinationlinux.com Our site is rated "G" for Great! From rick at linuxmafia.com Tue Feb 29 17:07:27 2000 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 29 Feb 2000 17:07:27 -0800 Subject: [buug] Do you like Penguins? :) In-Reply-To: <077D765EB090D311A19800A0C9FC37862F7126@EXCHANGE>; from TiffanyT@Unitek.com on Tue, Feb 29, 2000 at 04:04:57PM -0800 References: <077D765EB090D311A19800A0C9FC37862F7126@EXCHANGE> Message-ID: <20000229170726.H10284@uncle-enzo.imat.com> Quoting Tiffany Turner (TiffanyT at Unitek.com): > Do you like Penguins? We are DestinationLinux.com [...] Whoa! Look at those META tags: "Welcome to our site, we thank you for visiting, please pass it on and lets grow this puppy, Linux, Support, Gallery, Release, DestinationLinux, Application, Software, Handbook, FAQ, Tutorials, Bugs, CVS, Linux, Apache, MySQL, PHP, LINUX, APACHE, MYSQL, linux, apache, mysql, php CVSup, News, Commercial Vendors, Homepage, CTM, software, hardware, support, help, information, resources, drivers, manual, documentation project, FAQ, howto, Redhat, Slackware, Yggdrasil, Debian, LinuxPro, OpenLinux, FTP, download, projects, application, usergroup, user group, mailing list, kernel, GPL, shareware, unix, software, freeware, shareware, gnu, themes, demos, kde, windowmaker, fvwm, desktop, redhat, ratings, reviews, free, software, programs, news, Utilities, Desktop, Games, Internet, Software, WindowMaker, tucows, x11, daemon, manager, window, new, download, source, codeLinux Portal Site, Rehat, products, commuity, chat, free email, System Administration, PHP, LINUX, APACHE, MYSQL, Chat, email, freestuff, funstuff, kidsafe, learning, education, guides, RedHat Software, slackware, jobs, antionline.com, slashdot.net, andover.net, freshmeat.net, rufus.net, kde.org, themes.org, linux.com," Somehow, you seem to have omitted "DAY ZERO GPL WAREZ". Hope that helps! -- Cheers, Founding member of the Hyphenation Society, a grassroots-based, Rick Moen not-for-profit, locally-owned-and-operated, cooperatively-managed, rick (at) linuxmafia.com modern-American-English-usage-improvement association From ezekielk at iname.com Tue Feb 29 22:47:33 2000 From: ezekielk at iname.com (ezekielk at iname.com) Date: Wed, 1 Mar 2000 01:47:33 -0500 (EST) Subject: [buug] Do you like Penguins? :) Message-ID: <000301014733AD.00393@weba7.iname.net> Tiffany Turner wrote: >Do you like penguins? Please, don't insult my intelligence. > Our goal is to establish a real Internet community > for Linux users. A "community" is not created by promotional blurbs, such as your message was. This list group is not here to post advertisements, even if they encompass our specific interests. Your message was definitely *not a personal participation on your part, but merely a way to draw potential visitors (and consumers) to your site. *Not appreciated, as it was *not considerate of the members on this definitely *non- commercial list. For this reason, I will intentionally *not include your advertised website on our page of links. You are certainly welcome to share any Internet goodies you may find, relevant to Unix-type issues; but if you can't participate in this group as an active member, then this list is not for you. Any further promotional mailing will only get you censored from our list (if Jon hasn't done so already). --- Zeke Krahlin, webmaster --- Voice-mail me (toll free, USA only): 888-830-5746 x8275 Fax me: 507-226-4426 ICQ me: 8485235 -------------------------------------------------------- Get free personalized email at http://netscape.iname.com