"David Brown" <david@westcontrol.removethisbit.com> wrote in message news:45336c9d$0$1140$8404b019@news.wineasy.se...> CBFalconer wrote: > >> 5. All sorts of things just don't work without a network >> connection. When and if I allow such a machine to network, it will >> be via dial-up. > > If you don't have broadband, then obviously that's your choice - although > I find it hard to see how it's possible to work as a developer without > access to broadband on a regular basis. > > If you are thinking about security, then dial-up links are at risk just > like broadband. A windows machine without at least a software firewall > will be a zombie after about half an hour of dial-up connection, just as > surely as if you have a broadband connection - the low bandwidth of a > dial-up link gives you almost no protection. And since a hardware > firewall for a broadband link costs something like $30, you are very much > more secure using broadband and a hardware firewall than using dial-up. > While you are using linux, that doesn't much matter. Keep your root > password secure, disable services that are not in use (IIRC, Ubuntu does > not enable any network-available services out of the box), and you are > several orders of magnitude more secure than Windows + software firewall. > There is no reason not to add a hardware firewall as well - it makes the > network more modular, and makes it easier to add other machines to the > setup.I completely agree. I'm very security-conscious; I have to be, I run ecommerce systems. I run OpenBSD (both in production and at home) - it's not Linux, but it is *nix, and just a tad more secure ;). Re Ubuntu, I can confirm that it's already far more secure with broadband than e.g. Windoze and a modem. And I agree re a hardware firewall, for all the reasons mentioned, and a few more. To be clear, this will usually take the form of a NATing router, i.e. it separates two networks (the Internet and the LAN), and provides controlled traffic between the two. With this setup, it's the router that's online, not the clients. It will block unsolicited traffic - i.e. anything other than what you ask for. Properly setup, the benefits in terms of security of a router mean you're pretty safe from direct attack - whether with Linux, OpenBSD, or Windows. Steve http://www.fivetrees.com
Ubuntu 6.06 criticisms from a programmer
Started by ●October 14, 2006
Reply by ●October 16, 20062006-10-16
Reply by ●October 16, 20062006-10-16
Darin Johnson wrote:> CBFalconer wrote: > >> 3. While info is mounted, the proper .inf files are not. For >> example, for dd it simply accesses the obsolete man pages. > > Off topic, and perhaps a settled argument already. But I really > hate the way that distributions have gotten rid of useful man > pages and replaced them with info databases instead. Worst > are the man pages that say "I refuse to give you information, > so use info instead". I'd prefer to have both around thank you, > info for full reference, tutorial, etc, and man for quick reference. > I use emacs, so using info is easy, but I've got coworkers who > have to use the broken command line info program who gripe. > > Man pages are not obsolete, that just came from the attitude > of "if it's not new, it must not good" people.The info system can easily generate all the variants needed from the same source, i.e. man, info pages, pdf, ps, text, html. Note that in the absence of an inf file info will display the man file. Obsolete may have been a bad word in my original. The actual condition is 'not maintained' or 'not up-to-date'. -- Chuck F (cbfalconer at maineline dot net) Available for consulting/temporary embedded and systems. <http://cbfalconer.home.att.net>
Reply by ●October 16, 20062006-10-16
On Mon, 16 Oct 2006 19:26:59 +0100, Steve at fivetrees wrote:> And I agree re a hardware firewall, for all the reasons mentioned, and a few > more. To be clear, this will usually take the form of a NATing router, i.e. > it separates two networks (the Internet and the LAN), and provides > controlled traffic between the two. With this setup, it's the router that's > online, not the clients. It will block unsolicited traffic - i.e. anything > other than what you ask for. Properly setup, the benefits in terms of > security of a router mean you're pretty safe from direct attack - whether > with Linux, OpenBSD, or Windows.NAT firewalls should be required by law to be built into any consumer device that's designed for connecting a computer to the Internet.
Reply by ●October 17, 20062006-10-17
arachnid wrote:> On Mon, 16 Oct 2006 19:26:59 +0100, Steve at fivetrees wrote: > >> And I agree re a hardware firewall, for all the reasons mentioned, and a few >> more. To be clear, this will usually take the form of a NATing router, i.e. >> it separates two networks (the Internet and the LAN), and provides >> controlled traffic between the two. With this setup, it's the router that's >> online, not the clients. It will block unsolicited traffic - i.e. anything >> other than what you ask for. Properly setup, the benefits in terms of >> security of a router mean you're pretty safe from direct attack - whether >> with Linux, OpenBSD, or Windows. > > NAT firewalls should be required by law to be built into any consumer > device that's designed for connecting a computer to the Internet. >Absolutely. Failing that, ISPs should be required by law to have the same firewall functionality (especially the NAT, and blocking *all* incoming traffic unless explicitly allowed) for their customers. It would not even be hard or costly to do - all that's needed is a web interface around the linux iptables command (or the OpenBSD equivalent). Of the ISPs I've had dealings with over here, most seem to think that a CD with Norton is appropriate security. Some of these don't want you to have a firewall/router - they much prefer that customers have a single Windows PC + Norton connected to their ADSL modem, since that saves training their support droids to handle different situations. Others I've met are encourage the use of a firewall/router (and will sell you one at a reasonable price), while only one actively forces you to use a firewall/router. Unfortunately, this last choice is the most expensive (it's a good choice for businesses, but not for home users). It's reasonable to connect a *nix machine directly to the net (many hardware firewalls run linux), but even then it should of preference be a dedicated firewall box. Anyone connecting a windows PC to the net, by dial-up or broadband, without using a NAT firewall/router is acting out of ignorance (either their own ignorance, or their ISP's ignorance).
Reply by ●October 17, 20062006-10-17
David Brown wrote:> arachnid wrote: >> On Mon, 16 Oct 2006 19:26:59 +0100, Steve at fivetrees wrote: >> >>> And I agree re a hardware firewall, for all the reasons mentioned, >>> and a few more. To be clear, this will usually take the form of a >>> NATing router, i.e. it separates two networks (the Internet and the >>> LAN), and provides controlled traffic between the two. With this >>> setup, it's the router that's online, not the clients. It will block >>> unsolicited traffic - i.e. anything other than what you ask for. >>> Properly setup, the benefits in terms of security of a router mean >>> you're pretty safe from direct attack - whether with Linux, OpenBSD, >>> or Windows. >> >> NAT firewalls should be required by law to be built into any consumer >> device that's designed for connecting a computer to the Internet. > > Absolutely. Failing that, ISPs should be required by law to have the > same firewall functionality (especially the NAT, and blocking *all* > incoming traffic unless explicitly allowed) for their customers. It > would not even be hard or costly to do - all that's needed is a web > interface around the linux iptables command (or the OpenBSD equivalent). > > Of the ISPs I've had dealings with over here, most seem to think that a > CD with Norton is appropriate security. Some of these don't want you to > have a firewall/router - they much prefer that customers have a single > Windows PC + Norton connected to their ADSL modem, since that saves > training their support droids to handle different situations. Others > I've met are encourage the use of a firewall/router (and will sell you > one at a reasonable price), while only one actively forces you to use a > firewall/router. Unfortunately, this last choice is the most expensive > (it's a good choice for businesses, but not for home users). > > It's reasonable to connect a *nix machine directly to the net (many > hardware firewalls run linux), but even then it should of preference be > a dedicated firewall box. Anyone connecting a windows PC to the net, by > dial-up or broadband, without using a NAT firewall/router is acting out > of ignorance (either their own ignorance, or their ISP's ignorance).Forced by law? Isn't that a bit extreme and intrusive, do you think that the government can protect an fool from itself? These are the same kind of people that respond to Spam to get them to stop and are bewildered by the increase in Spam, feel free to educate them, but leave government out of it. The only thing government is good at is to force you to pay ever increasing taxes, so they can have more money to waste. Spinach is good for you, shall we have government force you to have to eat some every day? -- Cecil KD5NWA www.qrpradio.com www.hpsdr.com "Sacred Cows make the best Hamburger!" Don Seglio Batuna
Reply by ●October 17, 20062006-10-17
In <mp5Zg.28387$b23.28082@dukeread07> Don Seglio: [Snip...]> Spinach is good for you, shall we have government force you to have to > eat some every day?Free speech is good for you--shall we have spammers force you to eat some everyday? -- Regards, Weird (Harold Stevens) * IMPORTANT EMAIL INFO FOLLOWS * Pardon any bogus email addresses (wookie) in place for spambots. Really, it's (wyrd) at airmail, dotted with net. DO NOT SPAM IT. Kids jumping ship? Looking to hire an old-school type? Email me.
Reply by ●October 17, 20062006-10-17
On Tue, 17 Oct 2006 09:04:03 -0500, Don Seglio wrote:> Forced by law? Isn't that a bit extreme and intrusive, do you think that > the government can protect an fool from itself?That is kind of unfair. How many people driving cars know where the cylinder rod can be found. Everyone cannot be computer security experts. Here in the USA the law helps in removing dangerous product from the public, lead in kids toys as an example. With the failure of the unfair marketing practices case against M$ it would seem to make sense. Put the business on one subnet and firewall the mom/pop/granny/kids on another with firewalls in the ISP routers. We'll just ignore the that small network problem for the ISPs for sake of argument. :) I will have to say, something is going on. I run Shorewall with a blacklist of noisy ip subnets. About once a month if the counters show no inbound attempts, I remove the rule for that ip. The list is getting smaller not larger.
Reply by ●October 17, 20062006-10-17
Don Seglio wrote:> David Brown wrote: >> arachnid wrote: >>> On Mon, 16 Oct 2006 19:26:59 +0100, Steve at fivetrees wrote: >>> >>>> And I agree re a hardware firewall, for all the reasons mentioned, >>>> and a few more. To be clear, this will usually take the form of a >>>> NATing router, i.e. it separates two networks (the Internet and the >>>> LAN), and provides controlled traffic between the two. With this >>>> setup, it's the router that's online, not the clients. It will block >>>> unsolicited traffic - i.e. anything other than what you ask for. >>>> Properly setup, the benefits in terms of security of a router mean >>>> you're pretty safe from direct attack - whether with Linux, OpenBSD, >>>> or Windows. >>> >>> NAT firewalls should be required by law to be built into any consumer >>> device that's designed for connecting a computer to the Internet. >> >> Absolutely. Failing that, ISPs should be required by law to have the >> same firewall functionality (especially the NAT, and blocking *all* >> incoming traffic unless explicitly allowed) for their customers. It >> would not even be hard or costly to do - all that's needed is a web >> interface around the linux iptables command (or the OpenBSD equivalent). >> >> Of the ISPs I've had dealings with over here, most seem to think that >> a CD with Norton is appropriate security. Some of these don't want >> you to have a firewall/router - they much prefer that customers have a >> single Windows PC + Norton connected to their ADSL modem, since that >> saves training their support droids to handle different situations. >> Others I've met are encourage the use of a firewall/router (and will >> sell you one at a reasonable price), while only one actively forces >> you to use a firewall/router. Unfortunately, this last choice is the >> most expensive (it's a good choice for businesses, but not for home >> users). >> >> It's reasonable to connect a *nix machine directly to the net (many >> hardware firewalls run linux), but even then it should of preference >> be a dedicated firewall box. Anyone connecting a windows PC to the >> net, by dial-up or broadband, without using a NAT firewall/router is >> acting out of ignorance (either their own ignorance, or their ISP's >> ignorance). > > Forced by law? Isn't that a bit extreme and intrusive, do you think that > the government can protect an fool from itself? These are the same kind > of people that respond to Spam to get them to stop and are bewildered by > the increase in Spam, feel free to educate them, but leave government > out of it. The only thing government is good at is to force you to pay > ever increasing taxes, so they can have more money to waste. >You can't force people to use sensible behaviour on the internet (well, you could introduce a "drivers license", but that would be a bit much). So you can't force people to use a firewall. But it's not unreasonable to require ISPs to supply a firewall with every broadband connection (as I said, they could easily make a half-decent one on their side of the connection). Remember, every time somebody connects an unprotected windows machine to the net, it costs you and me time and money through increased spam, viruses, worms, attacks bots, and other nasties. And every time an ISP offers a customer a broadband connection without a firewall, they are acting irresponsibly - the average customer does not know anything more than the ISP tells them, and will suffer the consequences. The only thing that stops ISPs giving out firewalls is the cost, which would put them at a disadvantage compared to their competitors. Regulations requiring firewalls to be provided would keep the playing field even.> Spinach is good for you, shall we have government force you to have to > eat some every day? >No, but you have regulations forcing suppliers to inform customers about hidden dangers (like food labels saying "may contain nuts"). At the very least, ISPs should have to inform customers that they are not safe without a hardware firewall.
Reply by ●October 17, 20062006-10-17
On Tue, 17 Oct 2006 09:04:03 -0500, Don Seglio wrote:> David Brown wrote: >> arachnid wrote: >>> On Mon, 16 Oct 2006 19:26:59 +0100, Steve at fivetrees wrote: >>> >>>> And I agree re a hardware firewall, for all the reasons mentioned, >>>> and a few more. To be clear, this will usually take the form of a >>>> NATing router, i.e. it separates two networks (the Internet and the >>>> LAN), and provides controlled traffic between the two. With this >>>> setup, it's the router that's online, not the clients. It will block >>>> unsolicited traffic - i.e. anything other than what you ask for. >>>> Properly setup, the benefits in terms of security of a router mean >>>> you're pretty safe from direct attack - whether with Linux, OpenBSD, >>>> or Windows. >>> >>> NAT firewalls should be required by law to be built into any consumer >>> device that's designed for connecting a computer to the Internet. >> >> Absolutely. Failing that, ISPs should be required by law to have the >> same firewall functionality (especially the NAT, and blocking *all* >> incoming traffic unless explicitly allowed) for their customers. It >> would not even be hard or costly to do - all that's needed is a web >> interface around the linux iptables command (or the OpenBSD equivalent). >> >> Of the ISPs I've had dealings with over here, most seem to think that a >> CD with Norton is appropriate security. Some of these don't want you to >> have a firewall/router - they much prefer that customers have a single >> Windows PC + Norton connected to their ADSL modem, since that saves >> training their support droids to handle different situations. Others >> I've met are encourage the use of a firewall/router (and will sell you >> one at a reasonable price), while only one actively forces you to use a >> firewall/router. Unfortunately, this last choice is the most expensive >> (it's a good choice for businesses, but not for home users). >> >> It's reasonable to connect a *nix machine directly to the net (many >> hardware firewalls run linux), but even then it should of preference be >> a dedicated firewall box. Anyone connecting a windows PC to the net, by >> dial-up or broadband, without using a NAT firewall/router is acting out >> of ignorance (either their own ignorance, or their ISP's ignorance). > > Forced by law? Isn't that a bit extreme and intrusive, do you think that > the government can protect an fool from itself? These are the same kind > of people that respond to Spam to get them to stop and are bewildered by > the increase in Spam, feel free to educate them, but leave government > out of it. The only thing government is good at is to force you to pay > ever increasing taxes, so they can have more money to waste. > > Spinach is good for you, shall we have government force you to have to > eat some every day?No, but the law should put people who send you unsolicited fake spinach, or set fake spinach traps, in jail. And force the IDP of countries that allow sending unsolicited fake spinach or setting fake spinach traps. -- .sigzip:*
Reply by ●October 17, 20062006-10-17
CBFalconer wrote:> I have just mounted this on an IBM Thinkpad T30. It is driving me > up the wall. Problems:<snip />> 2. Nothing is mounted for program development. No gcc, no make, > etc. No diff.That is also one gripe of mine, eventhough I'm only program as a hobby. It seems that the people behind [(Ku)(Xu)U ]buntu insist in keeping all sorts of basic tools out of the default install and some even out of the damn CD. GCC is one good example but there are also other astonishing examples like ndiswrapper. I mean, if a laptop user whose laptop packs a non-supported wireless card wants an internet connection then he is forced to install ndiswrapper, which he can only install if he connects to ubuntu's repositories over the net. <snip />> 4. On a Thinkpad, at least, it is excessively easy to touch the > mouse movement area during typing, and this seems to generate > either unwanted mouse movements or unwanted clicks. There seems to > be no way to reduce the sensitivity. Nothing appeared in the bios > configuration area.I don't know if this is a problem exclusive to Ubuntu. I've ran Mandrake 9.2, the first Mandriva, Fedora core 4 and Kubuntu since 5.04 and each and every one of those distributions couldn't ignore my touchpad while typing. Moreover, I still can't manually turn the touchpad off.> 5. All sorts of things just don't work without a network > connection. When and if I allow such a machine to network, it will > be via dial-up. > > The Thinkpad is probably going back under the 7 day no questions > asked return policy. It came with absolutely no written manual, > and no restoration CDs or OS installation CDs. It came with > Micky$oft XP, which is now exterminated and which never ran, > because it took about two hours to install itself, and then it > wanted me to accede to the EULA. No thanks.There are all sorts of problems with Ubuntu. The problem which keeps nibling on my nuts is the dreaded overheating bug. Ubuntu is plaged by that problem since at least 5.04 and, at least acording to the bug report page, it will not be fixed in this new release. That means that Ubuntu is packing a showstopping bug for 4 releases. Not good. On a lighter note, you can always try out the new Ubuntu. Version 6.10 is going to be released in a few days. I believe that the beta version is already available. Why don't you give it a try? <snip /> Best regards Rui Maciel -- Running Kubuntu 6.06 with KDE 3.5.5 and proud of it. jabber:rui_maciel@jabber.org
