:: Re: [DNG] ..setnet.sh, wicd and hea…
Página Inicial
Delete this message
Reply to this message
Autor: Arnt Karlsen
Data:  
Para: dng
Assunto: Re: [DNG] ..setnet.sh, wicd and heads-0.2 scorn, was:..vdev box recovery ideas?
On Mon, 24 Apr 2017 16:24:19 +0100, KatolaZ wrote in message
<20170424152419.GU14814@???>:

> On Mon, Apr 24, 2017 at 05:10:35PM +0200, Arnt Karlsen wrote:
>
> [cut]
>
> >
> > ..we don't warn them before we drop them online on wired networks
> > with heads-0.2.
> > The vdev iso does this right though, it stays offline until you
> > e.g. run setnet.sh.
> >
> > ..I agree this is a policy issue, and we should set it so at least
> > clueless heads-0.2 etc people stay offline until they change their
> > passwords away from the default ones.
> >
>
> So this should be implemented by the distro policy, e.g. in heads, not
> in setnet or wicd...


..will that distro policy survive when clueless people install
non-distro .debs or tarballs?

> [cut]
>
> >
> > ..I have the Knowledge, but still found myself Automagically Online
> > with heads-0.2's Default Passwords, Because I Forgot I still had the
> > network wire plugged in on boot-up. I'm just a human who err. ;o)
> > In my case, this endpoint security breach was no problem.
> > But that same blunder could kill any needy heads user.
> >
>
> It would be sufficient to deny ssh login with password, which I
> believe is already the default in heads. Or to disable sshd by
> default, which is unnecessary if the former holds.


..there are many other ways to attack a box online, and most bad
guys go after the weakest point they can find, usually in front
of the screen. ;o)

> Or maybe I have completely misunderstood what is the "endpoint
> security breach" you are referring to.


..the biggest problem for me was getting annoyed by the awesome
clunkyness with awesome and zsh, which had me do stupid mistakes
by accident. _That_ is an endpoint security problem, just like
we believe systemd is an endpoint security problem.

..in both cases we end users get tricked into bad things, the only
real difference is, systemd endpoint security is intentional and
controlled by _somebody_, while zsh+awesome endpoint security is
_accidential_, just because those 2 happen to work ever so great
for the heads developers, does not mean those 2 will work as great
for me and other whistleblowers.

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.