EMAIL - I publish email sometimes. If you send me an email and you want privacy, say so, I will respect that. If I don't know that you want your email address published, then I won't. Be aware, though, that I am (usually) human and make mistakes.

I have noticed (on more than one occasion, without doing anything about it) that since I put the redirection page in place a few months ago, directing readers straight to the current page and day, that I no longer maintain the Page Highlights section very well... Heck, I don't even see it anymore. I am wondering if I am not better off simply making that a Sunday task, reviewing the week and poking in some highlights at that point - they're really more useful for going back anyway. Hmmm. Any other thoughts, people? Or should I just bag the idea altogether?

A very short way to finish Chapter 16, now. I have only to write a section on mutt, then read, review, slash and burn. This writing thing is getting easier (just a bit), but as I keep going, my standards keep going up - I move backwards through the Chapter, re-reading and saying to myself, "That needs more information to back up that statement!" Then I spend 2 hours reading resources and doing tests to validate just one more paragraph - LaTeX is a good example. Just another huge bundle of functionality, show the minimum functionality, a little source, a little output and move on. Seems easy, but knowing nothing going into that section, Latex, all 1.5 pages of it (including a figure) took 2.5 hours. Aaargh. I really wanted to be done last night and on to scripting today. Sigh.

Oh... I was just sitting here, staring blankly at this monitor, knowing that there was something I wanted to take note of. Not for the life of me am I able to remember . . . STATS!!!

THANK YOU, Thank you. Bob Thompson noted just last week how continually pleasant and surprising it is to have a growing readership. For April, a huge bump in hits, I presume mostly due to patio farm pictures ... page views are not up at record levels, but then I am strictly using jpgs, rather than page-embedded PNG graphics like I did back in December for the original report on running Win2K in a VM on Linux, or January, same thing with installing Mandrake 7 in a VM 2.0 Beta install over Win98.

The point to all this: 23,430 hits & 6,988 page views. I am honored by your presence. Thanks. Have a lovely week, and thanks again for sharing part of your time with me. Please, always feel free to write me at [email protected]. TTFN.


Top (& search)  /   Index & Links  /   Orb Home  /  Email Bilbrey

First, an iflammatory snippet culled from one of the far-too-many mailing lists...

Standardizing Linux:

  http://www.linuxbase.org/

Filesystem Hierarchy Standard:

  http://www.pathname.com/fhs/

2010 edition of the Hacker's Dictionary:

  Solaris - an old non-standard version of Unix that predates
  the widespread use of Linux.  See SunOS, BSD Unix, HPUX...

Chapter 16 is (temporarily) out of my hands - I finished and put it to Tom's in-basket. If you don't hear from Tom for a couple of days, it will be my fault, as the writing will have made him violently ill (though I rather hope this isn't the case). No, I am not trolling for comps, I have just been too close to this chapter for too long to properly see any flaws left in it at this time. At least I get to start on something new tonight - Scripting.

One fun sidelight, I dropped into Hydras during the day yesterday, to see if (a) it was up, and (b) if Tom was around. He wasn't, but Moshe was. We had a nice little chat. Lastly for the moment, if you have way too much free time, check out RMS' interview on Slashdot. Overall, I found it interesting and useful. Be prepared for strong opinions, though.

Have a lovely day. Later.

18:00 - Welcome to the madhouse... A reader question, and valid, too...

Hey,

You tell us all about how you found the secret to setting up an HP burner
with Linux, but then you don't share!!!! ;)

Can you pass along the details, please?

Thanks,
Ken Scott

-- 
><>   Ken Scott   [email protected]   http://www.pcisys.net/~kscott   
                                                                      
              This is the day that the Lord has made;             
              I will rejoice and be glad in it!          -- Psalm 118:24

More reports onsite later, but it's looking good.

And here is the text of the mail that sent me in the right direction... (also check out the CD Writing HOWTO on linuxdoc)

I have done exactly the following steps under Mandrake 7.0 and it works
perfectly, it should work in a similar way also in 7.1:

Configuring IDE CD-ROM drives (writers) for use under SCSI emulation
====================================================================

Red Hat Linux and derivatives, Kernel >= 2.2.14

 - Recompile kernel:

     Overtake distribution configuration:

        cd /usr/src/linux
        cp /usr/doc/kernel-doc*/config/kernel-xxx.config .config
        make menuconfig
     
     Only change in kernel configuration (the settings in brackets
should
     work, too, but I didn't test them, my settings are also the best
for
     universal distribution kernels):

        'Block Devices'/'IDE CD-ROM support' as module (or off)
        'Block Devices'/'IDE SCSI emulation' as module (or on)
        'SCSI'/'SCSI support' on (or as module)
        'SCSI'/'generic SCSI' as module (or on)

     Compile including the modules:

        time make dep clean bzImage modules modules_install bzlilo

 - Edit /etc/lilo.conf to include new kernel as default:

     # Entry for newly compiled kernel
     image=/vmlinuz
        label=linux
        root=/dev/hda6
        append=""
        read-only
     # Original entry with changed 'label'
     image=/boot/vmlinuz
        label=linux.old
        root=/dev/hda6
        append=""
        read-only 

   Activate changes:

      lilo

 - Create /etc/rc.d/rc.modules (or add line if file already exists):

      modprobe ide-scsi

   and make it executable so that the IDE SCSI emulation is loaded at
   boot time. Alternatively the loading of the module can be done
   before or after the loading of the sound modules in
   /etc/rc.d/rc.sysinit.

 - Redirect CD-ROM link:

      rm /dev/cdrom
      ln -s /dev/scd0 /dev/cdrom

 - Reboot, enter 'lsmod', 'dmesg', and 'cdrecord -scanbus' for further
   checking, CD-ROM should be supermounted on access to /mnt/cdrom.
   X-CD-Roast (both 0.96xxx and 0.98) should run out-of-the-box.

19:20 - Success - here's a script file from the route that worked, as advertised.

Script started on Tue May  2 18:20:32 2000
[root@grinch bilbrey]# mount -t iso9660 -o ro,loop=/dev/loop0 redhat-6.2-i386.iso
o /mnt/iso
[root@grinch bilbrey]# cd /mnt/iso
[root@grinch iso]# ls
COPYING   RELEASE-NOTES  RedHat/       autorun     doc/          images/   rr_moved/
README    RPM-GPG-KEY     TRANS.TBL  mboot.cat  mdosutils/  misc/
[root@grinch iso]# cd /home/bilbrey
[root@grinch bilbrey]# umount /mnt/iso
[root@grinch bilbrey]# cdrecord -scanbus
Cdrecord release 1.8a29 Copyright (C) 1995-1999 J�rg Schilling
Using libscg version 'schily-0.1'
scsibus0:
	0,0,0	  0) 'IDE-CD  ' 'R/RW 4x4x24     ' '1.04' Removable CD-ROM
	0,1,0	  1) *
	0,2,0	  2) *
	0,3,0	  3) *
	0,4,0	  4) *
	0,5,0	  5) *
	0,6,0	  6) *
	0,7,0	  7) *
[root@grinch bilbrey]# cdrecord -v speed=4 dev=0,0,0 -data redhat-6.2-i386.iso 
Cdrecord release 1.8a29 Copyright (C) 1995-1999 J�rg Schilling
TOC Type: 1 = CD-ROM
scsidev: '0,0,0'
scsibus: 0 target: 0 lun: 0
Using libscg version 'schily-0.1'
atapi: 1
Device type    : Removable CD-ROM
Version        : 0
Response Format: 1
Vendor_info    : 'IDE-CD  '
Identifikation : 'R/RW 4x4x24     '
Revision       : '1.04'
Device seems to be: Generic mmc CD-RW.
Using generic SCSI-3/mmc CD-R driver (mmc_cdr).
Driver flags   : SWABAUDIO
Drive buf size : 1572864 = 1536 KB
FIFO size      : 4194304 = 4096 KB
Track 01: data  640 MB        
Total size:     735 MB (72:54.25) = 328069 sectors
Lout start:     736 MB (72:56/19) = 328069 sectors
Current Secsize: -1
ATIP info from disk:
  Indicated writing power: 4
  Is not unrestricted
  Is not erasable
  Disk sub type: 3
  ATIP start of lead in:  -11775 (97:25/00)
  ATIP start of lead out: 359849 (79:59/74)
Disk type unknown
Manuf. index: 80
Manufacturer: ILLEGAL: TDK ???
Blocks total: 359849 Blocks current: 359849 Blocks remaining: 31780
RBlocks total: 374002 RBlocks current: 374002 RBlocks remaining: 45933
Starting to write CD/DVD at speed 4 in write mode for single session.
Last chance to quit, starting real write in 9 seconds .... 1 seconds.
Waiting for reader process to fill input-buffer ... input-buffer ready.
Starting new track at sector: 0

Track 01:   0 of 640 MB written.
Track 01:   1 of 640 MB written (fifo 100%).
Track 01:   2 of 640 MB written (fifo 100%).
Track 01:   3 of 640 MB written (fifo 100%).

  *  *  *

Track 01: 639 of 640 MB written (fifo 100%).
Track 01: 640 of 640 MB written (fifo 100%).

Track 01: Total bytes read/written: 671881216/671881216 (328067 sectors).
Writing  time: 2203.393s
Fixating...
Fixating time:  126.291s
cdrecord: fifo had 20505 puts and 20505 gets.
cdrecord: fifo was 0 times empty and 20254 times full, min fill was 98%.
[root@grinch bilbrey]# mount /mount/cdrom2
mount: can't find /mount/cdrom2 in /etc/fstab or /etc/mtab
[root@grinch bilbrey]# mount /mnt/cdrom2
[root@grinch bilbrey]# cd /mnt/cdrom2
[root@grinch cdrom2]# ls
COPYING   RELEASE-NOTES  RedHat/       autorun     doc/          images/   rr_moved/
README    RPM-GPG-KEY     TRANS.TBL  mboot.cat  mdosutils/  misc/
[root@grinch cdrom2]# exit

Script done on Tue May  2 19:04:28 2000

Sorry for the delay - Email ate the early morning. Now at ETS, things are hopping, big orders rolling in the door and on my list for today is finishing a PCB design, generating the gerber files and sending it off for quotes (done). Also more catalog work (perhaps 2 days to completion), some test fixture design and process exploration. Heh. Just a little busy.

As you note from yesterday, burning on Grinch in Linux was successful. Now if I can solve the problem of VMware setting the ethernet interfaces into promiscuous mode... I know, can I just decide? Probably in a week or so. Back to work now. Later.

16:00 ...

Subject: VMWare
    Date: Wed, 03 May 2000 16:06:35 -0500
    From: Dave Farquhar
      To: [email protected]

Brian,

Wouldn't VMWare have to use promiscuous mode? Since each virtual PC gets its 
own IP address, I would think it would have to use promiscuous mode to grab 
packets intended for NICs that don't truly exist in the network.

Dave

But if I were still on Grendel for everything, as I was last fall, when I was playing with VMware under Linux, I was doing silly things, since Grendel was a combo-box at the time, rather than just a firewall/web/mailserver. Then again, silly things... That's what village idiots like me were born to do. <G>

Crossing the eyeballs: The last book, found on an IBM site. Regards electronic ink and books, etc. Worthy. Build a packet filtering firewall during your lunch hour, over here, at LinuxMonth. For Linux on laptops, have a look at Linux on Laptops (well, duh), the 4mb Laptop HOWTO, Linux Laptop - HOWTO, and for extreme mobility, the Wearable - HOWTO, all from linuxdoc.org. Coming soon to a high-end desktop near you, the IBM Roentgen display screen, at 200 PPI. Sounds like a nice Christmas present.

That concludes this run through my recent bookmarks, hope you had fun, I did. Well, since this morning, (73) mail in the PBI mailbox (already processed, including Dave's), and about 85 or so on the Orb box, yet to be scanned. Hmmm. Guess I'll knock that back next... Decision time is, to PHP or not to PHP - it's SVLUG meeting night, but I have work to do and I am *tired*. Coffee, a concentrated chocolate-sugar bar, and I will be right as rain. TTFN.


Top (& search)  /   Index & Links  /   Orb Home  /  Email Bilbrey

Good morning. Last night I reinstalled OLeD (OpenLInux eDesktop 2.4), overwriting the test installation of Mandrake 7.1b2 Hydrogen - done playing with that, time to get down to work. I also shot some more patio farm pictures (less than last week) and should have them up tonight. While that was going on, I worked on printing issues. Marcia's $EMPLOYER has sent home a brand spanking new (ooooh, more spankings?) brand spanking new HP OfficeJet all in one thingy boxes that prints, scans, faxes, copies, makes coffee and gives a not-half-bad shiatsu massage. This was good news from my perspective, since the Epson Stylus 600 that has been hooked up to either Grinch or Grendel since the beginning of this escapade was trying to save time by feeding 2 - 5 sheets of paper at every go... annoying. So I inherit the Canon BJC-2000, a *cheap* razorblade handle (in Thompson parlance). Terrible on the consumables, but one thing at a time, one thing at a time. There are some printer recognition problems with Mandrake 7.02 ... I'll get them figured out yet.

First book income is going towards a laptop so's I can write while I am on the road, even a couple hours a day. Oh, found this link last night, going to look into it real soon now, but will share in the meantime - Emacspeak -- the Complete Audio Desktop. I was conversing with Moshe about a audio email reader (he wants to be able to call his mailbox)... hmmm. More on this later (perhaps much later).

Speaking of later, I'm outta here - have fun looking at Bruce 2.0!

Virus Alert 18:33 - You've probably seen it 17 other places before now, and you may have been afflicted, or you might be living in a cave. Email's that are entitled "ILOVEYOU" are dangerous. They probably have an attached visual basic script (VBS) that does a few system modes, including setting some registry keys for reboot behaviour, then rests. Upon reboot, the auto run code downloads other things from a site somewhere on the 'Net (details elsewhere), then emails everyone in your address book (not clear to me whether we mean .PAB, or contacts in the .PST, or what), litters itself around a network, craps on image and audio files and generally makes a nuisance of itself.

Personally, I think the key piece of information is in the nuking of audio files. This has "RIAA Covert Ops" written all over it. If you can't stop the kids from trading music, infect their machines and kill the MP3 files, then spread and burn. HEH, Heh, heh... Sure I'm joking, aren't I???

Here is a link to a place called thepope.org, There is a variety of information on the page, including a vbs that strips LoveLetter from your system (apparently - advice from a VBS specialist would be helpful here), pointers to the McAffee tool, sendmail.cf script additions to guard the gates, and a procedure for cleaning. Oh, new message, regarding the sendmail.cf script...

Some list server systems add a tag at the front of the subject line
identifying the list ( a real good thing IMHO ), which will cause
the fix below to pass this virus.  

Changeing the lines like:
 R${MPat} $*     $#error $: 553 ${MMsg}
to:
 R$*${MPat} $*     $#error $: 553 ${MMsg}

to make this fix slightly more general.

So here's the whole sendmail.cf snippet, revised and in all it's glory:

#By KH
  HSubject: $>Check_Subject
  D{MPat}ILOVEYOU
  D{MMsg}This message may contain the ILOVEYOU virus
  SCheck_Subject
  R$*${MPat} $* $#error $: 553 ${MMsg}
  RRe: ${MPat} $* $#error $: 553 ${MMsg}
  RFW: ${MPat} $* $#error $: 553 ${MMsg}

Now I don't know enough (yet) about sendmail to determine that it does what it says it does, but it passed the gauntlet of an admin list or two, and no one said, "Boo!" (except for the enhancement), so I presume it's fully functional. Then there was this email:

This is a nice little set of scripts which helps sanitize some 
of the garbage emails floating around....
http://www.wolfenet.com/~jhardin/procmail-security.html

It has some neat quarentine features which should be used to completely
block .exe and .vbs files. Just setup policy on your corporate network
that bans the emailing and blocks the reception of any email containing
such junk, and you no longer have NEAR the problem.

Note that there is another virus almost identical with the subject
Joke and a Very Funny.vbs attachment also floating around today.

Now THAT one looks interesting... Marcia and I already have our DutchGirl and Orb Designs mail run through Grendel - time to look into procmail, perhaps this weekend. Then I can have all of our accounts just autoforward through the home account, which will clean up everything I know (or learn) about, this in addition to using the appropriate software condoms on all Windows boxes.

More farm pictures for those who express interest... And then on the right, one of the ducks. Ducks have found the swimming pools at our complex (there are 8 pools spread between the twenty buildings). The Health and Safety people want the ducks GONE (contaminating the swimming pool water and such), and the tree huggers want the ducks protected, probably by declaring our swimming pools a nationally preserved overflight wetlands, and require that we creep in and out of our buildings via a set of duck-blinded corridors in order to not bruise their little ducks psyches... sigh. Later.


Top (& search)  /   Index & Links  /   Orb Home  /  Email Bilbrey

Happy "I love worms" day ][. Hope all is well in your world - I blew most of my day working on putting the latest Symantec software condom patches in place ... people say "Keep your virus defs updated!" which is great - I do all the monthly updates, but that doesn't help me when the update is 3 weeks old and the virus was released yesterday. Oh, and user's that, despite EVERYTHING you tell them, still execute files sent to them by their grand-nieces and nephews... {major} SIGH.

Nothing really new other than that - I have been researching and laying bones in the scripting chapter, I should get Commands back from Tom this morning for a last review before submission on Monday. Editors should go in on Tuesday/Wednesday, Scripting and Chapter 1 later in the week. That should put us a little over 20% of the way through the book. (Heh, with 33% of the time gone by... WHAT???) - but the writing is flowing more easily for me.

A quick troll through the Orb mail reveals the standard fare of viral dissection messages, a large count of [cooker] (Mandrake development list) and a few backchannel messages on a variety of interesting topics that you may read about at various Daynotes pages over the coming days and weeks. In my PBI box, we have a security alert from Big Brother - there's a buffer overflow vulnerability that they are warning registered downloader's about at the same time as they notify Bugtraq and Freshmeat... Go to the site and get version 1.4d, and don't run BB as root.

Subject: RH 6.1 Xconfigurator & HP 8650C Pavilion
    Date: Fri, 05 May 2000 05:15:09 -0400
    From: "Richard H. Brown Jr."
      To: [email protected]

Dear Mr. Bill (Sorry can't resist)

 Have a stupid problem I can't seem to correct in configuring Xfree86
to  run on a HP Paviliion 8650C. All I can get runnin gis it in a vga16 
mode (as far I as I can tel). The Windows 98 Contorl Panel Applet 
reports the graphics chip set as Intel(R) 810 chipset Graphics Driver 
PV 2.1 on a Intel (r) 82810 system and graphics controller.

 I'm attempting to run the Red Hat 6.1 version off the_Red Hat Linux 
Bible_ by Christopher Negus,  IDG Books ,ISBN 0-7645-4574-4.

 Problem 1. The Conexant combo modem/audio card isn't supported, but I
 can live with that temporarily.
 
 Main Problem: Can you advise me on which video selection in the  
Xconfigurator board menu, other than the "Unlisted" could possibly 
 work? Or do I give up and splurge for a video card?

 The H.P. help desk seems to not read the marketing droids claim that
HP  is supporting Linux installations, and evidently the
Sales/Marketing  droids don't bother reading the propaganda and didn't
bother to have  the sub-assembly mfr's write up linux drivers for the
audio/modem  boards.

 Any suggestions are greatfully acknowledged.

 Richard H. Brown Jr.

Let me do a leetle sleuthing this day, and I will get back to you later, after noon.

Th-th-th-that's all (for now), folks! Have a great day!! Later.

14:00 - Well, I've looked at someone else assembling systems for me, and I am not happy. Why can't I save some money, here. Let me look at this for a moment...

• Case, Mid-tower min, 250-300W PS ATX
• Mobo, 600 PIII, dual capable 100MHz FSB 440BX AGP, PCI, ISA, Integrated IDE
• 256M SDRAM
• Maxtor Diamond Max 40, Ultra ATA 7200
• Matrox G400
• Creative SBLive
• CD-Rom
• CD-R/RW (HP or Plextor ATAPI)
• Floppy
• 10/100 NIC

17:25 - Incoming...

Sounds a bit high to me. At the high end of the prices I put below, you're
around $2,000. But my guess is that the people quoting you $2,000 aren't
using the more expensive components.

Well, I've looked at someone else assembling systems for me, and I am not
happy. Why can't I save some money, here. Let me look at this for a
moment...

$75 - $150	(Antec KS288 to PC Cool with PS) Case, Mid-tower min, 250-300W PS
ATX
$150 - $400	(EPoX KP6-BS to Asus/Tyan/Supermicro) Mobo, 600 PIII, dual
capable 100MHz FSB 440BX AGP, PCI, ISA, Integrated IDE
$250		(Pentium III/600)
$250		(Crucial, approximate) 256M SDRAM
$125 - $200	(depending on size and model) Maxtor Diamond Max 40, Ultra ATA
7200
$125 - $225	(depending on model, memory, etc.) Matrox G400
$50 - $150	(depending on model) Creative SBLive
$50		CD-Rom
$200 - $250	CD-R/RW (HP or Plextor ATAPI)
$15		Floppy
$30		10/100 NIC

--
Robert Bruce Thompson
[email protected]
http://www.ttgnet.com

.../redhat-6.1/i386/RedHat/RPMS/ is the location of the RPMS list for RH6.1... yup, XFree86 3.3.5xxx and .../redhat-6.2/i386/RedHat/RPMS/ is the location for the RH6.2 RPMS, which includes XFree86 3.3.6-20 ... [The second link is in red, because in my original letter, I duplicated links instead of putting the 6.2 directory reference in. Too busy, too fast. Sorry!]

Use gnorpm (or whatever RPM management tool the book talks about) to determine which XFree86 packages you have installed. Then get the equivalent RPM's in 3.3.6-20 version from the second link above (or elsewhere). Then upgrade the packages, then rerun Xconfigurator... I think that you should be fine following that...

Spelunking on the XFree86.org page, I found http://www.xfree.org/3.3.6/i810.html, which should provide some assistance, as well.

Furthermore, the RH ftp site is sucking small boulders through a 1/4" ID piece of Tygon tubing. Here are a couple of mirror alternatives: Well, one anyway, at freesoftware.com

I am informed by un-named reliable sources who used to be a rocket scientist that some cheery soul has modified the ILOVEYOU .vbs terror to look like an email from Symantec (reportedly Subject: Don't get bitten by the Love Bug virus) (thanks, Steve - close shave, there), called the executable "protect.vbs", etc., etc. Sigh. I know I am preaching to the choir here, but maybe if we just lock up their keyboards for a while... no, wait, the virus might do that for us... Sigh.


Top (& search)  /   Index & Links  /   Orb Home  /  Email Bilbrey

.sig of the moment ... another gem from the master:

"Linux means never having to delete your love mail." - Don Marti

And let's be clear here - in fundamental ways, Linux is NO SAFER than Windows when it comes to virus, worm or trojan horse activity. There is less activity in Linux space because it is a smaller pond to play in, with a generally higher-clued average population. Those numbers are going to change. It is the user's responsibility to choose to execute a program or not. Currently (other than javascript in some MUA's (like Netscape) there is very little to auto-execute as a Linux client. (Hint - disable javascript). This state of affairs may change as the userspace popularizes (read dumbs down, perhaps), and demands "ease of use features" similar to the products that assist users in creating gaping security holes in their Windows systems.

This round of virii was a wonder of social engineering, not coding. Nothing especially tricky going on - but getting that many people to open and execute the .vbs, first in its ILOVEYOU incarnation, then in others, leading to the "Message from Symantec" version with it's corresponding protect.vbs (nailing the clue-free, right left and sideways). Sheesh, people, get a grip.

Now for some caffeine and much writing. Later.


Top (& search)  /   Index & Links  /   Orb Home  /  Email Bilbrey

Heh. "Had this been a real virus, you would not be happy." is a link to an interesting article on c|net. Good morning, happy Sunday! The caffeine is starting to circulate, I got a fair hunk of writing done yesterday, with another whack due out today to finish a draft of the scripts chapter, as well as a final on Tom's edit of Chapter 16, which I sent him last week. Between us, we're going to pile IDG's plate so high they won't know what to think. Cool.

PBI no-mail non-servers were going at full tilt yesterday, delivering no mail whatsoever. Not only that, but when they start up, it usually takes several days for the servers to catch up. I will be seeing mail from Friday through today all through this week. And they never have a decent explanation for their sucky equipment (shh, maybe it's not the equipment...?).

Of course the Orb mail kept right on coming... however, I have unsubscribed from my one _really_ high-traffic list, Mandrake-Cooker, which is the development list for my current favorite distribution. I unloaded the beta of the new release, Hydrogen 7.1b2, and put OpenLinux eDesktop on Grendel's back spindle. I need to stay focused.

Speaking of focused... There's a message from the good Dr. Syroid himself - two more chapters back on my plate for seconds. Busy, busy day. Must fly. Later.

21:30 - A productive day - No more work done on scripts, but Chapters 16 and 15 are headed into the maw of IDG tomorrow. Scripts (17) complete by Tuesday, then into the breach of System Administration. I can learn that in, what, three days, right, Moshe? <SEG> Speaking of that fine Mr. Bar...

Dear Brian,

I have to object to your statement that Linux is no safer than windows.
Hmmm... not quite sure that is fully true.

If a user receives an email with an attachment containing a virus (it really
needed to be a program, since we don't have yet 'active' scripting languages
in Linux, automatically executing themselves as in Windows), it can at most
harm that user's files and environment, but not the whole system. Unless the
users is running as root or similarly privileged user himself. That is a
no-no, obviously, but most people know that by now.

There is also a cultural difference in *nix systems. For one, usually every
user installs his own software he needs, in the *nix world. You might
actually end up having different versions of the same software running on
the same *nix system. Only standard software is installed by the sysadmin
and made available to everyone. The diligent sysadmin, checks carefully if
the particular version of standard software he or she is installing contains
any known security flaws and patches accordingly. Also, he or she might
first check MD5 checksums of the software before downloading it.

The users themselves are generally more knowledgeable about computers and
therefore also more careful about what programs they run.

Back in the 80s, when a single *nix server was sometimes running hundreds of
on-line users (nowadays, everybody has her own *nix box) I actually
encountered *nix viruses. They were mostly university-environment related
and most were benevolent. One very funny virus would logically switch the
keyboards of users in the same user-group and it made for amusing confusion.
I guess those days are gone.

But since then, I have not yet met a real *nix virus.

*nix sysadmin just do it better :-)

Moshe

And then, in a bout of late optimism, I followed that up with...

Moshe, my dear friend,

Having read, and re-read my response, I find that I agree with myself. What a shock. Heh.

But in all seriousness, of course you are right, in that properly administered and used, Linux is more secure than Windows. To restate my thesis more succinctly, I believe that inherent OS security is but a fraction of the overall picture. In some ways, we're only as secure as the people who perpetrated Waco will allow us to be.

Here's the real deal. The trick is to keep your head down. No password is secure in the face of chemical and physical interrogation. If you know something they want, they'll get it, whether they hack your machine, send in the Treasury Department boys and girls like they did in the case of Steve Jackson Games, or send in the people who brought us Ruby Ridge and Waco.

Alright, perhaps that was a bit extreme, since none of us play in leagues that are likely to affect those states of affairs. Next level of security - if someone wanted the information on my box, they could walk in to my apartment and get onto the box. What defenses do I have against that? None, effectively.

In a business where the goal is to prevent walk-by traffic, password locked screen-savers and password protected single boot modes are just fine. But if the physical box can't be secured, the data is at risk.

Protecting your box across the network... OK - here Linux beats windows hands down. Well, it can anyway, if you secure the box. A default RH 5.2 or 6.0 install behaved like a $2.00 roundheel at Mardi Gras - open at every port. Windows boxes can be fairly well secured too, using third-party software.

The drill is social engineering. If I were a script kiddie, I would soon be getting out of the business of portscanning, and instead work on things like writing test messages to elicit specific behaviors, whether that means going to a website (which initiates scan-backs), executing a script to open a hole, install a root kit or whatever. Sheep are stupid. It's a rule of the universe, like black holes suck, and other axioms. There are more suckers born every minute than there were when David Hannum (not P.T. Barnum) first uttered the eternal truth.

All we can do is the best we can.

PS: Ya, sorry, it *is* depressing, but I am very tired and at odds with the world right now. Sure it'll be better one day. Sigh. Just remember, just because you're paranoid doesn't mean they aren't watching.

Had a nice little chat with Matt just now... I wasn't able to help him I fear - TCP/IP communication problems with his router/firewall box... I gave some diagnostic steps that might help isolate a problem, but perhaps not. I have been spoiled by only ever running Linux on fairly modern hardware - I've never had to configure an ISA NIC. Oh, sorry. I think it's time to retire from the machine for the night. TTFN.


Top (& search)  /   Index & Links  /   Orb Home  /  Email Bilbrey