HomeGraffitiAboutSitemapVisualDevWorkEmail BrianGPG Key |
GRAFFITI -- November 15, 2004 thru November 21, 2004>> Link to the Current Week <<Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable. About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message. |
|
MONDAY
Tues
Wed
Thu
Fri
Sat
Sun
November 15, 2004
1901 - Good evening. More a little later, the dogs are fed, the trash and recycling by the curb and email reviewed. Now for supper and a little CSI on Spike. See you back here in a bit...
2159 - Back again, as promised, unusual as that may seem. I made progress today on one of the tasks I set myself for the week, doing the first diagram for a new network arrangement. It's surely a lie, but gives us the basis for discussion and critique necessary to generate the next lie. It'll all be a series of lies, until all of a sudden the document turns into an as-built. That'll be nice.
I'm also starting to work with PF, the OpenBSD Packet Filter. It's a powerful rules based filtering utility that in a number of places has IPTables beat hands-down, as far as I can tell from this ignorant perspective. More as I learn more. But first, to setup a small network of virtual machines with VMware, for testing purposes.
Hmm, so Powell's stepping down, leaving the road clear for Bush to put Ms. Rice in the Secretary of State slot. Let's see, that puts a black woman only four untimely events from the Presidency. That's a fair bit of progress for this young nation. Too bad it's going to happen on Bush's watch. Does she get the nod again when Cheney steps down with ticker trouble in the next year? Wouldn't that be a wowser! A black woman high in Jesusland's administration.
Sarah's photostream was the first link Google gave me to that image, so Sarah gets the credit. I live just outside the border of Jesusland, according to that map. I first came across the Jesusland meme on Moxie's site, this post here, a couple of days ago. But like a fine wine, I wanted the meme to breathe for a bit, gather a bit of momentum, bringing along with it jesusland.com, and 112K worth of Google linkage as of tonight. Heh. Ain't the Internet a wonderful place?.
Okay, time to wrap up this post. Have a lovely evening and a great week. I'll see you back here tomorrow.
Bonus: Five years ago on Orb Graffiti.
... leading to this remembrance:I don't suffer from insanity. I rather enjoy it.
G'night.
Mon
TUESDAY
Wed
Thu
Fri
Sat
Sun
November 16, 2004
2257 - Good evening. I may have mentioned that we have a houseguest...
Ebony is a good boy. And these pictures of him relaxing in my lap might be surprising to Lee and Jim, because in general Ebony isn't that kind of dog. But then he's more used to us after spending several visits with us, and possibly mellowing a bit to match.
Of course, Lucy and Molly had to jump in on the action. Well, Lucy did, anyway. Marcia's still looking for the perfect portrait shot of Molly for the final spot on the dog wall, to the left of her desk. This one wasn't it, as Molly looks like she's been rode hard and put away wet ... or perhaps just sedated. Neither is true, maybe she's learning her camera behaviour from me!
A copyright omnibus bill is coming up before Congress soon, and you may want to have a look at it and decide for yourself how much you want your "content" viewing to be legislated. According to the Wired article, using technology to skip "offensive" scenes will be permissible, but skipping commercials and other advertising is not allowed under the language of the bill. This bill, HR2391 (PDF link) also appears to include key features of the reviled INDUCE Act and other heinous copywrong provisions strongly lobbied by Hollywood and the music industry. The proponents are pushing for passage during the lame duck session. Contact your congresscritter with your opinion if you hold one on such matters. You know, I don't share music via peer-to-peer networks, I don't download music (except that which I purchase from Magnatune), I don't download pirated movies. But these money-grubbing bastards really, really get under my skin with their need to maintain their buggywhip business in this new era. And that they're coopting the courts and the legislative branch to make it so rankles deeply.
Okay, enough rant for tonight. I'm listening to a purchased copy of Strauss works, and it's very soothing. Have a great evening and a better tomorrow.
Mon
Tues
WEDNESDAY
Thu
Fri
Sat
Sun
November 17, 2004
1758 - Good evening. Instead of boring you myself this evening, I'll send you over to Rick Moen's place to learn the real lowdown about Linux Viruses. Follow some links from there, learn some stuff. Move along, nothing to see here...
Heh. Have a great evening.
Mon
Tues
Wed
THURSDAY
Fri
Sat
Sun
November 18, 2004
2216 - Good evening. A nice night on CSI ... death of a transgendered showgirl. Mmmm, not something Eugene O'Neill would have written, methinks. Me, I'm actually starting to get tired of the show. I mean, forensics is cool, but there's a limit to any morbid fascination, at least for me.
More on Linux and viruses. Bob took the ball and ran with it for a while yesterday, which is a good thing... And Svenson emailed me, threw the yellow flag, then walked the ball back ten yards. About halfway through his Virus Rant, Rick observes:
...By and large, you can be hit at all only by being really dumb. By and large, you can suffer system (root) compromise from malware only by being mind-bogglingly dumb.
This, Svenson observes, is the crux of the matter. There are a fair number of mind-bogglingly dumb people out there, and it's not their fault. Don't forget - 100 IQ is a mean, yes? Approximately half below the line? A safer choice for the world of Linux in the Heartland would be to have the root-perm stuff installed once, no external services running, and NEVER update it. All packages, from OpenOffice, to Firefox, Thunderbird and other upgradeable-type software can be installed as and run by users without ever compromising system security in that way. Because people is dumb. (Even I'm dumb, sometimes, but usually I notice).
Hell, disdain for (l)users is virtually built into the Linux admin gene structure. And it's funny, really, because we (as admins) mostly have to support people who will happily open an email apparently from their little niece Emily, and run the executable e-card, giving it every imaginable permission, because little Emily couldn't have gotten into anything dangerous, she just goes to kiddy sites. These are the people who are starting to use Linux, preinstalled on schlock hardware, fresh from Walmart's online store.
Now, don't get me wrong. I have a big place in my heart for the double-wide dwellers of America ... being the willing lightning rods for tornados across these 48 states takes a braver man than I. But when they buy that Lindows- Linspire-loaded Microtel PC, they're running as root all the time, from the get go. And they're probably safe, for the moment. The reason that they're safe is, in general, even a "virus" that lands on their system, infects it and mails out to hundreds and thousands, isn't going to hit but a couple more Linspire boxen, and maybe one of those people will also be socially engineered into running the executable manually. Remember, there's no automatic execution of code (no Active-X) as there is in the Windows world. It may even be true that Linspire is now not doing that anymore. I know that Xandros, which I continue to be extremely impressed with, has standard user account creation built into it's short yet effective installation routine. So does every other major distribution of which I am aware.
Besides, the important attack vector these days isn't in virii, really. It's in phishing, where the mind-bogglingly types can go and type their bank and credit card account information into a website that almost (or even just vaguely) resembles the real thing, having followed a link from their email that told them to verify their information or to decline to send a Paypal payment or some such nonsense. Phishing respects no operating system boundaries, except that wetware between the ears. Learn more about this at the Anti-Phishing Working Group.
The dogs are telling me it's time to go out. So I'll wrap this up. Be careful. Even if you run Linux, be careful. Think, read and understand the directions. Have a great evening and a better tomorrow!
Mon
Tues
Wed
Thu
FRIDAY
Sat
Sun
November 19, 2004
2123 - Good evening. Rick Boatwright writes:
Brian, I get it. I read Rick's rant all the way to the end.
Having said that, he dismisses something casually, that seems inappropriate to dismiss to me. I am copying him on this email, tho I suspect he's too busy to get to it.
He says: (paraphrasing) if you download and run something which comes to you in an email, which you CAN certainly do, then all it can damage is your own files, not anyone else's.
Uh Brian? Uh, if I'm running Linux on the desktop, my own files are all I have. :-( He just dismissed UTTERLY the risk that all the windows machines have. I.E., the complete loss of my files, and the applications I installed as my user self, not as root.
Sure, the machine will still BOOT, the base system software will still be there, but all my spreadsheets, all my databases, all my presentations, all my documents, all my email will all be gone.
How is this better?
Yes, yes, I get it that you can't get the Linux box to auto-run the evil code, but once I've downloaded some hunk of Java/perl/tcl/etc, which claims to play jingle bells while showing a google keyhole flight of Santa landing on my very own roof, then I am screwed aren't I? And is there some magic reason that the same code, which just wiped all my files couldn't have mailed itself to everyone in my address book? Why could it not have? I have access to my address book. Therefore, would not any code which I downloaded and chose to run as me, also have similar access?
Am I missing something in this discussion of the "magic inherent security of linux" then? I _get_ that the box still boots, and that the evil code can be excised rapidly and easily. But I think that he far to simply dismisses the impact on the (l)user, and that this sort of "exploit" hasn't been written much for linux _solely_ because there aren't many such (l)users running out there on linux desktops.
This, I think is about to change.
Please, if I'm wrong, I would love to know.
Rick Boatright
Well then. You'd best be keeping backups of your files, yes?
The point here, Rick, is that at the moment, it's HARD to have something that you download from the web, or that arrives in email, auto-execute without your intervention and intention on Linux, unlike WinBoxen, with their active-x and vb and all that crap...
If they can convince you to run the happy little code, and it's a WINDOWS box, the box is usually owned. Game over, format to bare metal and start over.
If they convince you to run the happy little code as Joe User on your Linux box, and it whacks your home directory, it hasn't "infected" the machine, you restore your backups and keep rolling. If they get you to type in your root password, you're toast anyway.
There's no way to protect against people who shoot themselves in the foot, so why get worked up over not being able to solve that part of the problem. It's unsolvable. Make backups. Keep them safe. Test them. They'll be there for you when you see the red pavement through the remains of your foot.
I'm sanguine about the probabilities myself, and casual about worrying over that which I cannot control. I DON'T run executables I receive by email. Period. That I can control.
> Uh Brian? Uh, if I'm running Linux on the desktop, > my own files are all I have.Yep. As I noted, he can't begin to help you not pull the trigger, once you've aimed at your foot. However, if you read, understood and followed all the directions in his rant *AND* you make backups, how likely are you to ACTUALLY lose data?
Additionally, as the non-root user, any process you start on your machine can't open non-privileged ports, meaning no zombie mailserver, no rogue standard FTP server, etc. Many advantages to being Joe User.
HTH,
.brian
And so endeth the workweek. Next week is going to be horrendous. Marcia's got the whole week off, and I'm only working Monday. That's a good thing, as spinning up to speed on the new job at (nfr) has been fun, but tiring. There's the technology stuff, which is pretty familiar. There's the usage habits that are different everywhere, and there's LOTS to learn about how I can help get the company from where it is, computing infrastructure-wise, to where we want it to be. It's always useful yet humbling to learn how much of a grip on reality I don't have. Heh. Anyway, I"m calling it a night. Have a great evening and Happy Friday!
2151 - A petition to Congress about that marine who shot a wounded Islamic terrorist. Sign it if you will. Thanks!
Mon
Tues
Wed
Thu
Fri
SATURDAY
Sun
November 20, 2004
2204 - Good evening. A crashing dang-dang headache accompanies me everywhere I go today. Very frustrating and unpleasant. But there's this to cheer me up - a quote from this threadon Slashdot:
...But I'm damn thankful that Firefox under Windows is still performing okay for me, because I'd rather slice off my nuts with a rusty tuna can lid than touch Internet Explorer again.
Yowza! With that image firmly in mind, I'll bid you good night. May we all have a better tomorrow.
Mon
Tues
Wed
Thu
Fri
Sat
SUNDAY
November 21, 2004
1509 - Double argh! That's twice I've killed my post, being stupid. I've been doing some recommended debugging on Crossover Office 4 and its interactions (its fatal interactions) with the ATI drivers and X.org. Honestly, I just don't feel like writing out the whole post yet again, so I won't. I did get the floor of my finishing room (just off the woodshop) painted yesterday:
On that note, I'll bid you farewell until tomorrow. Ciao!
Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2011 Brian P. Bilbrey.
Except where otherwise noted, this site is licensed under the
Creative
Commons Attribution-Noncommercial-Share Alike 3.0 United States
License.