:: Re: [DNG] ..setnet.sh, wicd and hea…
Página Principal
Delete this message
Reply to this message
Autor: KatolaZ
Data:  
Para: dng
Assunto: Re: [DNG] ..setnet.sh, wicd and heads-0.2 scorn, was:..vdev box recovery ideas?
On Mon, Apr 24, 2017 at 03:05:42AM +0200, Arnt Karlsen wrote:
> On Wed, 19 Apr 2017 22:47:59 +0100, KatolaZ wrote in message
> <20170419214759.GC14814@???>:
>
> > On Wed, Apr 19, 2017 at 11:37:32PM +0200, Arnt Karlsen wrote:
> >
> > [cut]
> >
> > >
> > > ..what nasty command line tricks do I use to get online with
> > > devuan_jessie_RC_amd64_minimal_live_vdev.iso?
> > > (Ideally wifi, but eth0 will work.)
> > >
> >
> >
> > Hi Arnt,
> >
> > if it comes from a minimal-live RC, you have setnet in there. Just
> > run:
> >
> > # setnet.sh
> >
> > It also has a manpage, but simple comfiguration should be pretty
> > straightforward. Any feedback is welcome.
>
> ..setnet.sh works nicely, but it and wicd should check for unchanged
> default passwords and _refuse_ to go online until you do the "passwd
> passwd devuan ||passwd heads " dance, espescially since we're here
> because we don't trust systemd endpoint security in e.g. Tails-2.12.
>


uh? setnet and wicd are just *tools*, which allow to facilitate the
interaction with *mechanisms* related to network configuration.

What you are asking for (refuse to put a machine online if the
password of a given user is such and such) is a *policy*, which has
nothing to do with tools, since it ultimately (and rightfully) stays
in the hands of the system administrator.

Most of the problems we are facing nowadays with bloated software and
ill-defined hypercomplicated solutions to non-existing problems is the
lack of recognition that mechanisms and policy *must* remain separate.

If a user does not understand that putting their machine online with a
devuan/devuan user might be a security risk, there is no automagic
tool that case save their ass.

Knowledge is the cure. Automagic is just dust in your eyes, and
enormous PITAs when somethings goes wrong.

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]