Yesterday, Jerry Feldman gleaned this insight:
> Or you have some corporate directive come down saying that ALL
> workstations must be physically turned off every night. If I could draw, I'd
> draw you the bucket :-)
Well, I'd just assume leave them on too, but you have to admit leaving
1000 c
Yesterday, [EMAIL PROTECTED] gleaned this insight:
> Blah blah blah
>
> We keep the screws down on the knowledgable folks with their fancy
> UNIX workstations and then blithely smile as the nice fellow from the
> department of what-color-should-the-product-logo-be (or whatever)
> hooks up to
From: Rodent of Unusual Size <[EMAIL PROTECTED]>
To: Greater New Hampshire Linux Users <[EMAIL PROTECTED]>
Sent: Thursday, June 22, 2000 6:53 AM
Subject: Printing from RH6.1 to a W95 printer
> On my home network, my printer is attached to my Windows 95 box.
> I want to print to it from Linux as we
On Thu, Jun 22, 2000 at 04:10:20PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Bob Bell said:
> >> Does it ask you for the old NIS passwd if you:
> >
> >Yes, in fact it still does.
>
> Well that's good to know. At least someone does it right :) Though, does
> running passwd as root als
It was Professor Plumb in the library with a candlestick...OH...sorry...wrong
house.
(Annoying checking sendmail since Flashcom was nice enough to change the
reverse on my IP without letting me know ;) )
SPAM glorious SPAM!!
On Thu, Jun 22, 2000 at 02:15:35PM -0400, Paul Lussier wrote:
>
> In
Please set your line wrap to < 79 characters so we don't have to re-format
when quoting. Thanks.
In a message dated: Thu, 22 Jun 2000 16:34:08 EDT
Warren Mansur said:
>At least in Linux, if you are root, and you don't know the other user's
>password, then you can go to /etc/shadow (/etc/passwd
Chris,
I don't know off the top of my head, but I remember that the flat panel
folks once said that the amount of money saved on extra AC for one year
for all your 'regular' monitors would more than pay for the extra cost
of a flat panel.
You might try checking out one of the flat panel vendors
On Thu, Jun 22, 2000 at 04:34:08PM -0400, Warren Mansur <[EMAIL PROTECTED]>
wrote:
> At least in Linux, if you are root, and you don't know the other user's password,
> then you can go to /etc/shadow (/etc/passwd on other unix systems). Once there,
> you completely remove the encrypted password.
On Thu, 22 Jun 2000, cdowns <[EMAIL PROTECTED]> wrote:
> does anyone have a general btu/hr output for a 15" standard monitor? the
> support pages tell you watts used but not btu's which in this case i
> need...
A textbook of mine says 1 BTU = 1055 Joule so:
1 BTU / hour = 1055/3
In a message dated: Thu, 22 Jun 2000 16:26:20 EDT
[EMAIL PROTECTED] said:
>Blah blah blah
>
>We keep the screws down on the knowledgable folks with their fancy
>UNIX workstations and then blithely smile as the nice fellow from the
>department of what-color-should-the-product-logo-be (or what
does anyone have a general btu/hr output for a 15" standard monitor? the
support pages tell you watts used but not btu's which in this case i
need...
thanks, chris
**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] wi
Ken,
I do this every day on my Linux boxes, using Red Hat 6.x.
I merely set up a printer, in my case the default printer,
using the RH / Gnome control panel -> printer tool.
I told the printer set up tool that the HP4000 is connected
by SMB, the host name of the printer server, the share name
of t
Paul Lussier wrote:
> In a message dated: Thu, 22 Jun 2000 15:44:21 EDT
> Bob Bell said:
>
> >> Does it ask you for the old NIS passwd if you:
> >
> >Yes, in fact it still does.
> [..snip..]
> >Tru64 has a man page for yppasswd in section 3, which says in part.
> >
> >yppasswd(oldpass, ne
On Thu, 22 Jun 2000, Jerry Feldman wrote:
> Or you have some corporate directive come down saying that ALL
> workstations must be physically turned off every night. If I could draw, I'd
> draw you the bucket :-)
>
---
\ /
\
On Thu, 22 Jun 2000 [EMAIL PROTECTED] wrote:
> Blah blah blah
>
> We keep the screws down on the knowledgable folks with their fancy
> UNIX workstations and then blithely smile as the nice fellow from the
> department of what-color-should-the-product-logo-be (or whatever)
> hooks up to the n
Or you have some corporate directive come down saying that ALL
workstations must be physically turned off every night. If I could draw, I'd
draw you the bucket :-)
On 22 Jun 2000, at 16:26, [EMAIL PROTECTED] wrote:
> OY! Somebody pass me the bucket ;-) ;-).
Jerry Feldman <[EMAIL PROTECTED]
Blah blah blah
We keep the screws down on the knowledgable folks with their fancy
UNIX workstations and then blithely smile as the nice fellow from the
department of what-color-should-the-product-logo-be (or whatever)
hooks up to the network with a shiny new Windows98 laptop that gives
him
In a message dated: Thu, 22 Jun 2000 15:44:21 EDT
Bob Bell said:
>> Does it ask you for the old NIS passwd if you:
>
>Yes, in fact it still does.
[..snip..]
>Tru64 has a man page for yppasswd in section 3, which says in part.
>
>yppasswd(oldpass, newpw)
> char *oldpass;
> struct passwd
On Thu, Jun 22, 2000 at 02:09:29PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
>
> In a message dated: Thu, 22 Jun 2000 13:41:01 EDT
> Bob Bell said:
>
> >On Thu, Jun 22, 2000 at 01:28:03PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote
> >:
> >> No, but you could su to pll, then use yppasswd
We tend to think of our desktop machines as an extension of our desks.
We should all lock our desks when we leave for an extended period,
especially any code or sensitive papers. We all keep personal
information in our desk as well as in our computers.
We as engineers must concede that the r
On Thu, 22 Jun 2000, Jerry Feldman wrote:
>
> I don't really disagree. But what makes a system admin person more or
> less trustworthy than an engineer. It is important that if engineers are to
> be entrusted with privileges, they must also understand the the rules.
> The engineers create and
Paul Lussier writes:
> Sorry for the typo :)
Yeah, I picked up on that instantly and knew what happened. (-:
I'm amazed at the number of typos I make when I post to this list
(especially minor spelling errors). Gee, you'd think I'd know how to
type by now.
No big deal.
--kevin
--
Kevin D.
In a message dated: Thu, 22 Jun 2000 14:07:03 EDT
Jerry Kubeck said:
>Hum, just a thought, but wonder who it was, a sys-admin, an engineer or
>the janitor that misplaced those drives at Los Alamos??? Ain't security
>clearances wonderful
My guess is that it was the secretary and the copy
In a message dated: Thu, 22 Jun 2000 14:04:42 EDT
"Jerry Feldman" said:
>BTW Derek and Paul,
>Did you really have to sic Mike Waite and Ledoux on us today :-)
Sorry about that, we got sick arguing, so we decided to send a couple of our
"people" over to make you see "our side" of things ;)
--
Today, Jerry Kubeck gleaned this insight:
> Hum, just a thought, but wonder who it was, a sys-admin, an engineer or
> the janitor that misplaced those drives at Los Alamos??? Ain't security
> clearances wonderful
>
> Jerry
>
We'll never know the true story there...
--
PGP/GPG Public
In a message dated: Thu, 22 Jun 2000 14:00:38 EDT
"Jerry Feldman" said:
>The issue is not really root access, but the protection of assets and
>secrets. We must understand that many of our personal work habits
>compromise these on a daily basis.
And that's the whole underlying crux of our
[apologies if you get this more than once]
Karl J. Runge writes:
> I'm beginning to think it is a hardware problem possibly with dropped
> interrupts.
Do you have a surge suppressor on the phone line going to the modem?
Are both modems hanging off of the same phone line?
If you swap out eith
In a message dated: Thu, 22 Jun 2000 13:47:31 EDT
Paul Lussier said:
>I've already mentioned most of them but the concerns are with you, trustworthy
>Kevin.
Whoops! This should've been "aren't with you" :)
Sorry for the typo :)
--
Seeya,
Paul
"I always explain our company via
Hum, just a thought, but wonder who it was, a sys-admin, an engineer or
the janitor that misplaced those drives at Los Alamos??? Ain't security
clearances wonderful
Jerry
>Most of the machines in the lab did. Before I had my clearance, I went
>into the lab (under escort) with a notebo
In a message dated: Thu, 22 Jun 2000 13:41:01 EDT
Bob Bell said:
>On Thu, Jun 22, 2000 at 01:28:03PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote
>:
>> No, but you could su to pll, then use yppasswd to change my password and
>> thereby gain access to my sudo priviledges, which most likely give
Today, Jerry Feldman gleaned this insight:
> BTW Derek and Paul,
> Did you really have to sic Mike Waite and Ledoux on us today :-)
I guess I'm out of the loop... I have no idea what that means...
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
In a message dated: Thu, 22 Jun 2000 13:34:16 EDT
"Kevin D. Clark" said:
>I'm telling you right now, if you call into question the
>trustworthiness of my friend, I'm going to be insulted.
Kevin, the point isn't that he's not trustworthy, it's that we can't know
he is. Consider this, most esp
BTW Derek and Paul,
Did you really have to sic Mike Waite and Ledoux on us today :-)
--
Jerry Feldman
Contractor, eInfrastructure Partner Engineering
508-467-4315 http://www.testdrive.compaq.com/linux/
Compaq Computer Corp.
200 Forest Street MRO1-3/F1
Marlboro, Ma. 01752
*
Most of the machines in the lab did. Before I had my clearance, I went
into the lab (under escort) with a notebook, and I took notes, mainly on
managing the V-CLass. The startup procedure for a 64 node system is
quite slow, so if one did not shut down properly it takes forever. Also,
since the
A haha Boston beat the Yankees into submission, I may have to have
two beers for you, and don't kid me. After this debate, you will be having
a 6 pack.
(Actually, I am rooting for the Red Sox, but!!!)
Jerry
>Today, Jerry Kubeck gleaned this insight:
>
>> If you all can take a minute
Today, Jerry Kubeck gleaned this insight:
> If you all can take a minute from your debate long enough to remember that
> there is a meeting tonight at Modern restaurant. It is around the corner
> and down 1 1/2 blocks from Martha's Exchange in Nashua.
>
> The topic tonight is DSL and SDSL. Dinn
Today, Kevin D. Clark gleaned this insight:
> We were both completely clear as to what was and what was not
> acceptable to do with these passwords. In the end, about the only
> thing we ever did was shut down each other's machines in the event
> that the other person wasn't in when the power wa
"Kevin D. Clark" wrote:
> I'm telling you right now, if you call into question the
> trustworthiness of my friend, I'm going to be insulted.
I'm not calling into question anything other than the possible chain of
events. Trust aside, carelessness is the number one cause of problems.
I'm also not
Actually, in this specific case, probably not. But, I have seen many
cases of unaugthorized people going through desks and using systems.
Employees must understand that protecting the assets of their company
is no different than protecting their own. Many people fail to realize that
one of the
In a message dated: Thu, 22 Jun 2000 12:39:10 EDT
"Kevin D. Clark" said:
>Please stop with these vague assertions. Please tell me in concrete
>terms what kind of security problems I'm going to run into if:
>
> o I have root access to my machine.
> o I'm getting work done and making mo
On Thu, Jun 22, 2000 at 01:36:11PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Ayup! Raytheon is like that too. But let me ask this, did any machine in th
> at secret lab have a tape drive, floppy, or other writeable and removable
> media. Did they chack everyone leaving the building for
If you all can take a minute from your debate long enough to remember that
there is a meeting tonight at Modern restaurant. It is around the corner
and down 1 1/2 blocks from Martha's Exchange in Nashua.
The topic tonight is DSL and SDSL. Dinner at 6 and meeting at 7 pm.
You can rsvp Paul or my
On Thu, Jun 22, 2000 at 01:28:03PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> No, but you could su to pll, then use yppasswd to change my password and
> thereby gain access to my sudo priviledges, which most likely give you any
> access you need on any machine at all. All this would be mo
Today, Jerry Feldman gleaned this insight:
> I don't really disagree. But what makes a system admin person more or
> less trustworthy than an engineer.
Nothing. The best you can do is interview people and try to get a sense
of them, maybe taking recommendations from people or hiring people yo
Kenneth E. Lussier writes:
> say... You come right out and state that you give out your root
> password. What other information do you give out? You may "completely
> trust" them, but does that make them trustworty? Since you ever so
> eligantly pointed out that Derek does not know what is going
In a message dated: Thu, 22 Jun 2000 12:28:31 EDT
Bob Bell said:
>Off topic, but I'll defend at least the one Lockheed Martin lab I
>worked at (I realized there are a *bunch*). At LM-ATL we did *not*
>have the root password to our machines. Additionally, there was a
>special lab for secret
Today, Jerry Feldman gleaned this insight:
> I think you are absolutely correct. In the case of the HP V-class server,
> there were only 2 admins in the entire facility who knew how to shut it
> down properly. (Note on the V-Class you log into the test station and
> send the shutdown command f
Today, Dana S. Tellier gleaned this insight:
> IMHO, I think the whole root password access situation comes down
> to engineers wanting to feel like they're "the ones in charge". (And no
> flaming me for this, as I know it's a feeling *I* have all the
> time) Whenever someone tells us, "yo
In a message dated: Thu, 22 Jun 2000 12:12:55 EDT
Bob Bell said:
> Root or sudo access isn't even required for this, so why bring it up.
To point this exact thing out. Security isn't only about who has root. But,
consider that you only work on True64, do you have access to the schematics of
Today, Kevin D. Clark gleaned this insight:
>
> Derek Martin writes:
>
> > Yeah, anyone responsible for developing products, and not responsible for
> > the security of the network will chime in here. It's not your job to
> > worry about security, so you don't.
>
>
> Gosh, I'm so glad you
"Dana S. Tellier" wrote:
> especially if it's
> considered to be our machine (which, if you work for a company, it is NOT
> yours).
I share this opinion. I love this opinion. I wish people understood that
there is no such thing as "MY MACHINE" when you are at work.
> If the sysadmins and engin
I don't really disagree. But what makes a system admin person more or
less trustworthy than an engineer. It is important that if engineers are to
be entrusted with privileges, they must also understand the the rules.
The engineers create and work with the software assets of the company
where t
Out of this whole, long, drawn out e-mail, I have but one thing to
say... You come right out and state that you give out your root
password. What other information do you give out? You may "completely
trust" them, but does that make them trustworty? Since you ever so
eligantly pointed out that Der
I think I can agree a bit with Paul about Raytheon. In the Bedford facility
the V-Class public machines were physically located in the classified
lab. I think there is a rule that the cables for the classified network must
be some minimum distance from any unclassified systems. If one had
the
I think you are absolutely correct. In the case of the HP V-class server,
there were only 2 admins in the entire facility who knew how to shut it
down properly. (Note on the V-Class you log into the test station and
send the shutdown command from there). One must also consider the
the way peop
Wow... I have neither the time nor the inclination to count the number of
messages in this thread, but after reading them all thoroughly (it's a
slow day today), I've come to several conclusions.
IMHO, I think the whole root password access situation comes down
to engineers wanting to feel
Today, Bob Bell gleaned this insight:
> On Thu, Jun 22, 2000 at 12:17:05PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> > Which environment would you want to work at. I'd prefer the latter, since
> > they take security seriously, I've worked in the former, and let me tell you,
> > security
I remember that there used to be a Janitor in ZKO who used to log into
systems at night. I believe that he is still there.
On 22 Jun 2000, at 12:12, Bob Bell wrote:
> Hmmm... Sure I'd bet not everyone locks their screens (I do, and
> rather quickly). Even without even granting sudo permissio
Today, Paul Lussier gleaned this insight:
>
> In a message dated: Thu, 22 Jun 2000 11:10:45 EDT
> Ted Knupke said:
>
> >All I have to say is that this entire discussion on root access
> >is making me very glad that I work in an establishment where
> >I not only have root access to the machine o
Today, Bob Bell gleaned this insight:
> Hmmm... Sure I'd bet not everyone locks their screens (I do, and
> rather quickly). Even without even granting sudo permissions or
> giving out the root password, Mr. Janitor/Spy would be able to get
> access to more than enough to cause problems. Fig
Derek Martin writes:
> Yeah, anyone responsible for developing products, and not responsible for
> the security of the network will chime in here. It's not your job to
> worry about security, so you don't.
Gosh, I'm so glad you know what's going on in my head.
(your assertion that I "don'
Today, Jerry Feldman gleaned this insight:
> Again there were some very good points, but remember both good
> engineers and good sysadmins are a valuable resource. Most software
> engineers are, or at least should be experienced enough to configure and
> manage their own workstations, and shou
In a message dated: Thu, 22 Jun 2000 12:10:51 EDT
"Jerry Feldman" said:
>company's rules. We are all a team with the same ultimate goal. While
>Bob Bell and I have pointed out many cases where root access must be
>given to the engineer, there are other cases where it is more than just a
>conv
Today, Ted Knupke gleaned this insight:
> All I have to say is that this entire discussion on root access
> is making me very glad that I work in an establishment where
> I not only have root access to the machine on my desk, but the
> sys admin doesn't.
>
> (And if any engineers are looking for
On Thu, Jun 22, 2000 at 12:17:05PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Which environment would you want to work at. I'd prefer the latter, since
> they take security seriously, I've worked in the former, and let me tell you,
> security there was a joke! (Rule of thumb, if the gov't
Today, Paul Lussier gleaned this insight:
> > There's *always* a way; the goal is really to make it too
> > hard to be reasonable, right?
>
>
> Absolutely. The only completely secure computer is the one that's not
> plugged in and has absolutely no physical access to it in any way
> shape or fo
On Thu, 22 Jun 2000, Rodent of Unusual Size wrote:
> All the Samba printing docco I've found so far has been focussed
> on things going the other way: Windows trying to print on a
> Linux-served printer. Would someone be so kind as to point me
> at something that can help me get things to go the
Today, Jerry Feldman gleaned this insight:
> I'll add another Raytheon Sudbury issue. We had a 16 cpu HP V2500
> system in the lab for testing. While this machine was available to other
> engineers on the program, the primary user was Charlie Murphy. Charlie
> was testing all sorts of things a
In a message dated: Thu, 22 Jun 2000 11:10:45 EDT
Ted Knupke said:
>All I have to say is that this entire discussion on root access
>is making me very glad that I work in an establishment where
>I not only have root access to the machine on my desk, but the
>sys admin doesn't.
>
>(And if any eng
In a message dated: Thu, 22 Jun 2000 10:53:10 EDT
Bob Bell said:
>The drawbacks (or even problems) with this setup are:
>(A) How do I handle information exchange between these networks? If
>they're separated for security, how do I put my latest patches onto
>the test machines, or telnet in and
Today, Bob Bell gleaned this insight:
> You could use sudo to log all my access, but there's
> really no point, as admins wouldn't care what I did to my test machine
> anyway.
Bob, that's just not true. If a monitoring tool reported an attack as
coming from your machine, I'd be marching down
On Thu, Jun 22, 2000 at 11:35:30AM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Okay, let me ask a few questions:
>
> Do you know every person in the building?
> Do you know all the security staff?
> Do you know all the custodial staff?
Yes. So there!
Okay, not re
Again there were some very good points, but remember both good
engineers and good sysadmins are a valuable resource. Most software
engineers are, or at least should be experienced enough to configure and
manage their own workstations, and should be able to work within the
company's rules. We a
Today, Paul Lussier gleaned this insight:
> to be run on NT. But, my point still stands, at least my script *can*
> run on NT, you can not say the same for bourne, korn, or c shell.
> (Okay, sure, the MKS toolkit has ksh for NT, but it's not 100%
> compatible with the real ksh, or even pdksh f
Today, Paul Lussier gleaned this insight:
> Additionally, if the admins are that busy that they can't accomodate
> your needs in a timely manner, it's time to either escalate your needs
> via management and have the sysadmins priorities changed, or start
> harassing management that you need more
In a message dated: Thu, 22 Jun 2000 09:43:52 EDT
Bob Bell said:
>(1) If an engineer is responsible for administering
>his own system, he should likely have the root password then
>(although, as mentioned, you may want to provide separation from the
>production environment).
Correct, sortof
Ray Bowles wrote:
> I'm trying to install XFree86 4 and RPM keeps telling me it doesn't support
> versions over 3 I even tried things like Netscape 4.73 it just says "this
> version of the manager does not support >= 3 packages.
> Help???
> Ray
>
Ray,
I had this problem with some other rpm a mo
All I have to say is that this entire discussion on root access
is making me very glad that I work in an establishment where
I not only have root access to the machine on my desk, but the
sys admin doesn't.
(And if any engineers are looking for a job, we're
hiring.)
Ted Knupke
The MITRE Corporat
In a message dated: Thu, 22 Jun 2000 09:42:34 EDT
Bob Bell said:
>On Thu, Jun 22, 2000 at 02:15:41AM -0400, Derek Martin <[EMAIL PROTECTED]
>aone.net> wrote:
>> > Since engineers are obviously completely untrustworthy, how do you preve
>nt
>> > them from bring their own laptop in and hooking i
I'll add another Raytheon Sudbury issue. We had a 16 cpu HP V2500
system in the lab for testing. While this machine was available to other
engineers on the program, the primary user was Charlie Murphy. Charlie
was testing all sorts of things and doing performance benchmarks. He
was also testin
Based on this (extended) conversion, here's what I here as far as
being applicable to my situation here. Perhaps the situation most
appealing to sysadmins that would still work would be:
(1) I need complete root access to my testing machines. I'm
mucking with a bunch of stuff, and I never know
In a message dated: Wed, 21 Jun 2000 19:58:39 EDT
Benjamin Scott said:
>On Wed, 21 Jun 2000, Paul Lussier wrote:
>>> (1) Programmer Brain Damage ...
>>
>> This is not a *language* problem, but human one. If the program is
>> written properly, it will run anywhere!
>
> Okay, Paul. Write me a
In a message dated: Wed, 21 Jun 2000 19:48:52 EDT
Benjamin Scott said:
>On Wed, 21 Jun 2000, Paul Lussier wrote:
>> True, but who gets the responsibility when the untrusted, non-secure host is
>
>> used to access confidential data which was only accessible because of the
>> inadequate security
On my home network, my printer is attached to my Windows 95 box.
I want to print to it from Linux as well. I added the printer
with the printtool control panel, but it doesn't work: specifically,
when I lpr -m a job from Linux, it vanishes into the bit bucket and
I get a confirmation message -- b
In a message dated: Wed, 21 Jun 2000 15:37:09 EDT
"Jerry Feldman" said:
>Ken,
>While this may be true to some extent, I do disagree. In my current role
>of porting, I do not require root privs, but I do need to install some beta
>software required for my system. However, in my previous contrac
On Wed, Jun 21, 2000 at 09:41:14PM -0400, Kenneth E. Lussier <[EMAIL PROTECTED]>
wrote:
> First off, no one said that engineers are untrustworthy. What was said
> was that no one *NEEDS* the root password other than those who are
> responsable for administering the system. As for how to prevent a
On Thu, Jun 22, 2000 at 02:15:41AM -0400, Derek Martin
<[EMAIL PROTECTED]> wrote:
> > Since engineers are obviously completely untrustworthy, how do you prevent
> > them from bring their own laptop in and hooking it up to that same ethernet?
>
> What, you didn't think we'd have an answer? Sta
Where did you get these RPMs from? I know some of the stuff in RedHat's
RawHide has been packaged with RPM 4.0 (which RPM3.x.x can't use). So you
would need to update to RPM 4.0.NOTE: I'm not saying you should do
this. Pulling RPM4.0 out of RawHide could be scary at best.
--rdp
On Wed, 21 J
88 matches
Mail list logo