similar to: Fedora change that will probably affect RHEL

On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote: > Just because one particular method of prophylaxis fails to protect against all threats doesn?t mean we should stop using it, or increase its strength. Actually it does.There is no more obvious head butting than with strong passwords vs usability. Strong login passwords and usability are diametrically opposed.

On Thu, Jul 30, 2015 at 9:54 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> Now I use Google. They offer MFA opt in. And now I'm more secure than >> I was with the myopic ISP. > > "More secure" only to the level one can trust google ;-) Yes I know, but I put them in approximately the same ballpark as having to trust my proprietary CPU, and

On Wed, July 29, 2015 4:16 pm, Chris Murphy wrote: > On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote: >> Just because one particular method of prophylaxis fails to protect >> against all threats doesn???t mean we should stop using it, or increase >> its strength. > > Actually it does.There is no more obvious head butting than with >

On Tue, Jul 28, 2015 at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote: > On Jul 28, 2015, at 4:37 PM, Nathan Duehr <denverpilot at me.com> wrote: >> Equating this to ?vaccination? is a huge stretch. > > Why? It's not just an imperfect analogy it really doesn't work on closer scrutiny. Malware itself is not a good analog to antigens. Vaccinations provide

On Thu, July 30, 2015 11:54 am, Chris Murphy wrote: > On Thu, Jul 30, 2015 at 9:54 AM, Valeri Galtsev > <galtsev at kicp.uchicago.edu> wrote: > >>> Now I use Google. They offer MFA opt in. And now I'm more secure than >>> I was with the myopic ISP. >> >> "More secure" only to the level one can trust google ;-) > > Yes I know, but I

On Thu, Jul 30, 2015 at 12:20 PM, Warren Young <wyml at etr-usa.com> wrote: > On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists at colorremedies.com> wrote: >> >> On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote: >> >>> Security is *always* opposed to convenience. >> >> False. OS X by default runs only signed

On 07/30/2015 12:35 PM, Chris Murphy wrote: > No fail2ban, no firewall rules, sshd by default, challengeresponseauth > by default, ChallengeResponseAuth is not on by default, on Red Hat derived systems. I'm pretty sure that was already clarified, much earlier in this thread. > and a 9 character (even random) passphrase, and that shit > is going to get busted into. Against a

On Jul 29, 2015, at 3:16 PM, Chris Murphy <lists at colorremedies.com> wrote: > > On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote: >> Just because one particular method of prophylaxis fails to protect against all threats doesn?t mean we should stop using it, or increase its strength. > > Actually it does.There is no more obvious head

On Tue, Jul 28, 2015 at 11:27 AM, Warren Young <wyml at etr-usa.com> wrote: > Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > > Your freedom to use any password you like stops at the point where exercising that freedom creates a risk

On Tue, 2015-07-28 at 14:27 -0600, Chris Murphy wrote: > The reality is all the bad practices happen because this > quickly provisioned machine is forgotten about for one reason or > another, and then it gets owned. Linux users take a lot more care, and pride, in maintaining their systems well and reading the daily logs too. Most increase security on their machines. They have no wish to

On Tue, Jul 28, 2015 at 5:29 PM, Warren Young <wyml at etr-usa.com> wrote: > On Jul 28, 2015, at 2:27 PM, Chris Murphy <lists at colorremedies.com> wrote: >> >> On Tue, Jul 28, 2015 at 11:27 AM, Warren Young <wyml at etr-usa.com> wrote: >> >>> Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to

On Jul 28, 2015, at 1:06 PM, Chris Adams <linux at cmadams.net> wrote: > > Once upon a time, Warren Young <wyml at etr-usa.com> said: >> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > > Since most of that crap comes

On Jul 29, 2015, at 6:19 PM, Nathan Duehr <denverpilot at me.com> wrote: > >> On Jul 28, 2015, at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote: >> >> Now we have entrenched commercial interests that get paid more when you get DDoS?d. I?ll give you one guess what happens in such a world. > > What happens? Folks have to think harder about connecting

On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists at colorremedies.com> wrote: > > On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote: > >> Security is *always* opposed to convenience. > > False. OS X by default runs only signed binaries, and if they come > from the App Store they run in a sandbox. User gains significant > security

On Sat, Jul 25, 2015 at 9:40 AM, Scott Robbins <scottro at nyc.rr.com> wrote: > This might show up twice, I think I sent it from a bad address previously. > If so, please accept my apologies. > > > In Fedora 22, one developer (and only one) decided that if the password > chosen during installation wasn't of sufficient strength, the install > wouldn't continue.

On 25/07/15 18:24, Scott Robbins wrote: > On Sat, Jul 25, 2015 at 11:16:18AM -0600, Chris Murphy wrote: >> On Sat, Jul 25, 2015 at 9:40 AM, Scott Robbins <scottro at nyc.rr.com> wrote: >>> This might show up twice, I think I sent it from a bad address previously. >>> If so, please accept my apologies. >>> >>> >>> In Fedora 22, one

On 07/25/2015 05:00 PM, Gordon Messmer wrote: > On 07/25/2015 11:45 AM, Jake Shipton wrote: >> I think a better solution to suite both worlds would be to simply have a >> boot flag on the installation media such as maybe >> "passwordcheck=true/false" > > https://xkcd.com/1172/ > > It's practically a law that every time someone's workflow is

On Jul 25, 2015, at 6:22 PM, Bob Marcan wrote: > > 1FuckingPrettyRose > "Sorry, you must use no fewer than 20 total characters." > 1FuckingPrettyRoseShovedUpYourAssIfYouDon'tGiveMeAccessRightFuckingNow! > "Sorry, you cannot use punctuation." > 1FuckingPrettyRoseShovedUpYourAssIfYouDontGiveMeAccessRightFuckingNow > "Sorry, that password is

On 07/28/2015 02:06 PM, Chris Adams wrote: > Once upon a time, Warren Young <wyml at etr-usa.com> said: >> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > > Since most of that crap comes from Windows hosts, the security of Linux

On 07/28/2015 01:46 PM, Chris Murphy wrote: > Future concern is IPv6 stuff, now that Xfinity has forcibly changed > their hardware to include full IPv6 support. I have no idea if this is > NAT'd or rolling IPs or what. All of the routers I've seen merely firewall inbound traffic, allowing none. There's no need for NAT or rolling IPs.