:: Re: [DNG] ..setnet.sh, wicd and hea…
Page principale
Ce message fait partie du fil suivant :
M\Arborescence complète du fil triée par date
MMArnt Karlsen à <-
MMArnt Karlsen à ->
Supprimer ce message
Répondre à ce message
Auteur: Arnt Karlsen
Date:  
À: dng
Sujet: Re: [DNG] ..setnet.sh, wicd and heads-0.2 scorn, was:..vdev box recovery ideas?
On Mon, 24 Apr 2017 16:24:19 +0100, KatolaZ wrote in message
<20170424152419.GU14814@???>:

> On Mon, Apr 24, 2017 at 05:10:35PM +0200, Arnt Karlsen wrote:
>
> [cut]
>
> >
> > ..we don't warn them before we drop them online on wired networks
> > with heads-0.2.
> > The vdev iso does this right though, it stays offline until you
> > e.g. run setnet.sh.
> >
> > ..I agree this is a policy issue, and we should set it so at least
> > clueless heads-0.2 etc people stay offline until they change their
> > passwords away from the default ones.
> >
>
> So this should be implemented by the distro policy, e.g. in heads, not
> in setnet or wicd...

..will that distro policy survive when clueless people install
non-distro .debs or tarballs?

> [cut]
>
> >
> > ..I have the Knowledge, but still found myself Automagically Online
> > with heads-0.2's Default Passwords, Because I Forgot I still had the
> > network wire plugged in on boot-up. I'm just a human who err. ;o)
> > In my case, this endpoint security breach was no problem.
> > But that same blunder could kill any needy heads user.
> >
>
> It would be sufficient to deny ssh login with password, which I
> believe is already the default in heads. Or to disable sshd by
> default, which is unnecessary if the former holds.

..there are many other ways to attack a box online, and most bad
guys go after the weakest point they can find, usually in front
of the screen. ;o)

> Or maybe I have completely misunderstood what is the "endpoint
> security breach" you are referring to.

..the biggest problem for me was getting annoyed by the awesome
clunkyness with awesome and zsh, which had me do stupid mistakes
by accident. _That_ is an endpoint security problem, just like
we believe systemd is an endpoint security problem.

..in both cases we end users get tricked into bad things, the only
real difference is, systemd endpoint security is intentional and
controlled by _somebody_, while zsh+awesome endpoint security is
_accidential_, just because those 2 happen to work ever so great
for the heads developers, does not mean those 2 will work as great
for me and other whistleblowers.

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.

Ce message a été envoyé sur les listes de diffusion suivantes :
dng
Informations sur la liste de diffusion | Messages voisins		<-Re: [DNG] ..setnet.sh, wicd and heads-0.2 scorn, was:..vdev box recovery ideas?Re: [DNG] ..setnet.sh, wicd and heads-0.2 scorn, was:..vdev box recovery ideas?->

Donate to Dyne.org

dyne.org open discussions
administré par dyne.org hackers		Lurker (version 2.3)