Re: [Discuss] free email less intrusive than google

[Edward Ned Harvey (blu)]

Political correctness is synonymous with respect for other people.

Anytime someone says they're sick of being politically correct, it means they 
want to be disrespectful of other people, without any backlash.

The white man in the room doesn't get to tell us what's racist and what's not 
racist. If the majority of black people would feel that's a racist term, then 
by definition, it is.

Cotton pickin isn't racist, just like the confederate flag isn't racist. 
Meaning - they both are. Because the majority of African Americans feel they 
are.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] free email less intrusive than google

[Edward Ned Harvey (blu)]

You can get encrypted, private mail, at https://protonmail.com and 
https://tutanota.com

"Cotton pickin" is a racist term. Please learn to eliminate it from your 
vocabulary.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Converting "rich" (MIME) email to plain text

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Michael Tiernan
> 
> I'm sure that I'm not the first who tried to find an easy way to filter
> a piece of email so that only the plain text comes out.
> 
> I can find lots of things about going plain to HTML but I've not seen
> anything that allows you to just extract the "Content-Type: text/plain"
> section of an email.
> 
> Any pointers available? I don't want to try and reinvent the reinvented
> wheel.

Where is the original? I like C# / mono programming, so I would personally 
write a 10-line program to download mail and extract the parts I want, using 
MailKit.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] looking for non-cisco router and firewall

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of John Boland
> 
> my colo folks just notified me that the firewall and router we're using is
> subject to another set of exploits.
> the equipment we're using is no longer maintained and we're in the midst of
> changing colo providers.  the new colo provides firewall services. we've
> already setup the rules with them.
> in the meantime, i need something reasonably priced (i.e., cheap) to tide
> us over for the next couple of months.
> 
> for now, does anyone know if just dropping udp packets will mitidate this
> exploit?

I'm confused by several things - 

You have a question if dropping udp packets will mitigate this exploit. What 
exploit? Are you talking about a specific exploit?

For "reasonably priced," I would immediately suggest pfsense, but you said that 
entails learning curve, which suggests to me that you've never tried it. I 
would say there is zero learning curve to setup pfsense, until you start trying 
to do more advanced things with it, like openvpn or something like that. The 
only thing you need to know is: First connect the LAN side to a switch (or 
crossover cable) with your laptop. Install it from a CD or ISO or bootable USB 
or whatever. During install, assign a LAN IP address. Then browse to it via 
http or https from the laptop. All of this is explained by the bootable install 
media. Especially just for a couple of months, it seems silly to buy a new 
hardware firewall.

I would certainly say, that setting up pfsense is faster and easier than 
setting up any cisco device, even if you're a cisco expert who knows nothing 
about pfsense. It's just way, way easier.

You said you need 100Mbit externally and 1Gbit internally. This confuses me. If 
there's an upstream bottleneck of 100Mbit, then why do you need >100Mbit on the 
LAN side?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] DMARC, SPF, DKIM

[Edward Ned Harvey (blu)]

> From: Dan Ritter [mailto:d...@randomstring.org]
> 
> I have been perfectly happy running randomstring.org (at home)
> and $WORKPLACE's mail servers with none of DMARC, SPF or DKIM
> for years and years now.

Ignorance is bliss.  :-)  Or some phrase involving "head in the sand."  :-)  
Ignoring climate change doesn't make it not real.  :-)

Because of not using any spf/dkim/dmarc, the mail you send is more likely to 
land in other peoples' spam folders, so you don't reach them and you'll rarely 
ever know. Also, when some spammer wants to spam your friends, they forge 
messages from you, and your friends are more likely to receive it, and fall for 
whatever the phishing bait is.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] DMARC, SPF, DKIM

[Edward Ned Harvey (blu)]

Because I'm pretty sure there's a relatively high concentration of people here 
who maintain their own mail servers, I want to bring this up as an often 
overlooked practice you should be following:

It is advisable to use DMARC (https://dmarc.org/), in addition to SPF and/or 
DKIM. DMARC addresses common problems of SPF and DKIM; specifically, DMARC was 
created because so many domains have SPF and DKIM misconfigured, resulting in 
recipient mail servers often ignoring the SPF and DKIM failures.

Utilizing *all* SPF, DKIM, and DMARC, yields the highest confidence threshold, 
and best result.

>From 
>http://www.mcafee.com/us/resources/solution-briefs/sb-spf-dkim-dmarc-demystified.pdf

"using DMARC feedback, an organization may determine that there are valid IP 
ranges that are not included in their SPF records, allowing them to update the 
records and increase the accuracy of their DMARC posture."
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Delivering mail to folders

[Edward Ned Harvey (blu)]

> From: j...@gapps.blu.org [mailto:j...@gapps.blu.org] On Behalf Of John
> Abreau
> 
> Apparently I've been doing it "wrong" all these years. I've always created my
> own CA and signed my certificates with it, and I thought that's what the term
> "self-signed" meant.

That's the opposite of "doing it wrong."

If you create a CA, for example by a process like this: 
http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php 
in which you have a CA root private key, which signs itself as a CA, and you 
keep that directory full of files sitting around someplace secure, and the root 
private key is used only for signing certs (is not used directly as a website 
cert), and you generate a different private key for each website cert, and then 
you install the CA root cert (with public key) into the trusted root store of 
your clients... Then you've done it exactly right. (Assuming proper 
implementation choices, such as key length and stuff like that). But this 
process is complex enough that very few people do it, especially when you can 
get free certs from a publicly recognized CA.

When people say they have a webserver with a self-signed cert, in virtually all 
cases, that means they followed a process like this (the top result I got by 
searching for "generate self signed certificate"): 
http://www.akadia.com/services/ssh_test_certificate.html  In this process, you 
generate a key, and use that key to sign a certificate of itself. There was 
never any CA.

A good clue to look for is whether or not the "openssl ca" command was used, 
and if the CA root cert is separate and distinct from the server cert. The CA 
root private key should never exist on any of the servers. It should be 
air-gapped, encrypted, kept in a bank vault.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Delivering mail to folders

[Edward Ned Harvey (blu)]

The important characteristic is whether or not the CA root private key is ever 
exposed to any servers or clients. For example, if you used a self-signed cert 
(no separate CA) on a server, that server requires the CA root private key in 
order to serve webpages, and if you installed that cert into the CA root trust 
store of your clients, then if the server gets compromised, the attacker can 
impersonate literally any domain on any server, completely undermining your 
entire SSL/TLS infrastructure, with the ability to MITM attack every connection.

If you generate a CA, keep its private key private, and use it to sign a 
separate server cert, then if the server gets compromised, the worst the 
attacker can do is malicious things with the compromised server.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Delivering mail to folders

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Tom Metro
> 
> > Ever-so-slightly better than no encryption.
> 
> Huh? We're talking about using a self-signed cert for IMAP access, right?
> 
> Self-signed certs have all the same cryptographic benefits as a CA
> signed cert, including having your client validate the cert, if you
> install your own root cert on your clients.
> 
> The only down-side to self-signed certs is the inconvenience of having
> to install the root certs on your clients. This is why they aren't used
> for public web sites.

Creating a self-signed cert isn't the same thing as creating your own CA and 
installing the CA root as a trusted root on your clients. If you create your 
own CA and distribute your own CA root to all your clients - as you said - 
you'll get pretty good security (unless you screw something up). A self-signed 
cert is one which certifies itself. The client cannot follow any chain to a 
trusted root, so the client needs to either reject the cert, or prompt for user 
interaction (in which case, users almost invariably click "accept," and thus 
are easy to attack via MITM). If the user accepts the cert, some clients (such 
as firefox) have the option to do certificate pinning, so it won't prompt again 
when it sees the same self-signed cert, similar to the way ssh behaves when 
connecting to a new unrecognized server.

But if you have a client that prompts you to accept a self-signed cert, and you 
accept it, and the client pins it, and at a later time the cert changes (MITM 
attack)... Does the client prompt you again? Openssh refuses to talk to a 
server with a pubkey different from the pinned key, as it should. But every SSL 
client I've ever seen (firefox, chrome, ie, etc) will prompt you again to 
accept the unrecognized cert, so even highly technical and reasonably alert 
people are still vulnerable to the MITM attack on a self-signed cert. ... As 
David in particularly would be, because he mentioned a checkbox for "ssl accept 
any certificate," and asked "is that a good option?"
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Delivering mail to folders

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of David Kramer
> 
> would
> it be reasonable and possible to use a self-signed cert for starters

Ever-so-slightly better than no encryption. The only difference is whether or 
not it's possible for someone to accidentally see your traffic, or if they have 
to make a point of intentionally looking into it.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Delivering mail to folders

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of David Kramer
> 
> I also complicated
> things by trying to use an SSL certificate from https://letsencrypt.org
> instead of self-signed,

I'm a huge fan of free certs from https://startssl.com, and personally I don't 
think letsencrypt deserves the hype. But I have nothing against letsencrypt. No 
matter how you do it, making the internet a better place is a good thing.


> Current status:
> I backed up /etc and nuked Postfix and Dovecot and starting over.

You should be using ansible or something to make these changes. That way you 
can easily rebuild and test systems, and the next time you have to migrate to a 
new server (because centos 10 came out and centos 7 will stop receiving 
updates, or something like that)... You'll know exactly how the old one was 
configured. The migration process is *way* easier.


> I also coudn't log in from my Android phone (certs prolly)

Let's encrypt has a root (they named it ISRG Root), and an intermediate (they 
named it Let's Encrypt Authority, which I'll abbreviate LEA). Normally the 
intermediate gets signed by the root, and so it is, but since their root isn't 
trusted by clients yet, they partnered with IdenTrust, so IdenTrust *also* 
signs the LEA intermediate. When you install your cert into your server, you 
have to make sure you install the right chain. That is - You have to install 
the LEA intermediate that's signed by IdenTrust, and not the one that's signed 
by ISRG Root.


> - letsencrypt sounded like a good option at the time, but it is still
> kinda in beta, and I couldn't connect my phone to the mail server, even
> saying "ssl accept any certificate".  Is that a good option?

Eek. No, that is NOT a good option. You should literally never do that, if your 
traffic goes over the internet. Although not trivial, it is *nearly* trivial 
for an attacker to hack a router, configure it to automatically detect 
self-signed certs flying by, and automatically perform a MITM attack.


> I'm willing
> to pay a reasonable price for a cert if I can use it for web and mail
> and there are advantages over free ones.

There are only two free options. Let's encrypt, and startssl. The complaint 
people sometimes have about startssl is that revokation is $25. The cheapest 
non-free cert is RapidSSL from namecheap for $11. So to determine which is the 
best option for you, you need to calculate the probability of needing a 
revokation (let's say 1%) and compare 1% of $25 versus $11 to get a new one 
that includes free revokation.

Sorry, I neglected to mention - The *actual* cheapest non-free cert is 
PositiveSSL, for $9, but it's signed by two intermediates, which is so unusual 
that a lot of clients don't test that configuration well, so a lot of clients 
aren't compatible with PositiveSSL. Ask me how I found out. ;-) Fortunately, 
they issued me a refund that I applied toward RapidSSL.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Local ISP Recommendations?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Kent Borg
> 
> I am toying with getting faster dynamic IP service for less, but
> bouncing through a static IP in the cloud. Maybe I have two networks

You can always run a tor service. Assuming http.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Local ISP Recommendations?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Derek Martin
> 
> Thank you for reminding me why I refuse to do business with Comcast...

Agreed, but most of us probably don't use Comcrap, unless there's no 
alternative.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Local ISP Recommendations?

[Edward Ned Harvey (blu)]

> From: Mike Small [mailto:sma...@sdf.org]
> 
> Has this scenario, [...] ever happened to anyone
> in a real legal case where the innocent party wasn't able to
> establish his or her innocence?

Dunno. Those people aren't called "innocent." There's no way to identify false 
convictions, except by later exonerations. It's not like new forms of 
innocence-proving evidence are being created, like DNA evidence etc.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Local ISP Recommendations?

[Edward Ned Harvey (blu)]

Since I've been in security for the last few years, I've talked to a zillion 
people about a zillion things, and one IT guy told me he ran the company's 
mailserver, which apparently got hacked and used to distribute some sort of 
illegal material. He found out when the FBI showed up and confiscated the 
server. They determined it was probably not the company's fault, so they 
returned the server (without any hard drives, a couple months later). By that 
time, the company had already resumed email service on some external provider 
(users are bound to notice and complain about several weeks of outage).

I think if you run your own mail server, unless you do mailservers 
professionally (24/7, with IPS/IDS, and watch the RedHat security channels and 
patch critical vulnerabilities in < 1day, etc etc) you expose yourself to 
unnecessary spam, and risk of being hacked.

The risk of being hacked is *not* so much the risk of someone accessing your 
mail. It's the risk of someone doing illegal shit on your system, and you 
getting the blame for it. Try 10 years in prison, and being permanently 
registered as a sex offender, probably getting divorced, because someone 
thought that was *your* kiddie porn. You find yourself in the position of being 
presumed guilty, having to prove your innocence, because illegal material was 
indeed found in your system, or in your account.

P.S. The same risk applies to cloud services, if you don't use strong passwords 
and 2-Factor on dropbox/gmail/etc. Using a password manager is a very important 
part of keeping yourself safe online.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] cheap realiable web hosting service

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Bouman MC
> 
> I need a reliable and cheap web hosting service that won't delete the
> web site for spite and entertainment when they're have a bad
> day...which just happened to me today. Any suggestions? MCB

Are you looking for shared hosting like dreamhost?

Or are you looking for something like distributed & shared application hosting, 
like Azure and AWS hosted applications?

Or are you looking for a VPS, like EC2/Digitalocean and others, where you 
manage your own service?

Some of the above have free and/or cheap ($5/mo) entry-level offerings.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Local ISP Recommendations?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Kent Borg
> 
> I am looking for ISP recommendations. In Somerville.

When I lived in Somerville a few years ago, the only choices were Comcast and 
RCN cable. We had both, and while customer service is shitty for both, RCN 
seems to be considerably less evil in opposition to net neutrality, bring your 
own hardware, and stuff like that. I don't know if you can get a static IP, but 
you can use dynamic dns. I use FreeDNS. Be aware that all the ISP's that I know 
of will block inbound access when/if they feel like it.

In Arlington, we have Fios, and I expected it to be much greater than 
comcast/rcn, but it's not. I daresay the signal quality is probably better on 
fios (fiber optic leading to the house, and then coax splitter from the 
basement, instead of coax splitting at the street) and the uplink speed is 
probably better (30Mbit symmetric), but aside from that, it's the same old 
shitty customer service and shitty internet, with boat loads of frustration 
anytime you need to deal with them. Still provided by an evil company. I 
daresay verizon is even more evil than comcast - one of our experiences on 
verizon was the "channel realignment," where they took away half our channels 
in the middle of the 2yr contract, and when I argued with them for hours over 
the phone, I eventually caved in and agreed to pay the extra $5/mo to get our 
channels back - and then they slapped us with a $400 early termination fee on 
the first contract, while enrolling us in a *new* 2yr contract at the higher 
rate. T
 hey have earned all the bad karma the world can deliver them.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] one vs many static IP addresses

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Dan Ritter
> 
> ... in which case you really, really want one of those DNS
> servers to be located in a different network, perhaps on the
> other side of a continent.

Yeah, I thought it was funny to suggest multiple IP's on the same server or 
network, in order to satisfy the redundant DNS requirement.  ;-) 

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] External security Re: one vs many static IP addresses

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Rich Braun
> 
> It's 2016 and the whole concept of passwords for user auth is obsolete;
> they're hard to remember, don't get changed enough, and fairly easy to
> break.

*cough* 
There are very real weaknesses to using passwords, sure, but to say it's 
obsolete means you're living on a different planet.


> If you're relying solely on a memorized pass-phrase to access anything via a
> public IP address, you're not doing it right these days. Does this include
> you?

Seriously, what you just said is impossible. Even if you're using a password 
manager, or some type of cloud storage (something other than a USB fob) to keep 
some sort of private key with you at all times, backed up and safe from 
compromise by a pickpocket or mugger...

You have to login to your password manager with a password.

The right thing to do is memorize one really strong password, and use it to 
secure all your other randomly generated passwords.

PS. Something I'm working on right now is a cryptographic random sentence 
generator using small words (2-4 chars). Sentences like:

ads have down if god fits last
seas date max as air uses zone
land tries fair and rock owns sign

These are easily memorizable, and about 40 bits each. Certainly strong enough 
to use in a password manager to protect against thugs. String a couple of them 
together and it would be strong enough to thwart sophisticated attacks, and if 
you string 3 of them together it would be sufficient to thwart a hostile 
government.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] 4K (or 5K) resolution for Linux desktop

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Stephen Adler
> 
> I personally will never buy another bit of apple hardware because apple
> is "evil".

Pah. Name a competitor that isn't "evil."

Remember we're talking about massive international corporations with tens of 
thousands (sometimes hundreds of thousands) of employees, all having different 
minds. Labeling any of them "evil" is like labeling any other group.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] one vs many static IP addresses

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Stephen Adler
> 
> the use of apache virtual
> hosting, the question I have is if there is any reason to use more then
> 1 static IP address to run my web and sshd services from my basement
> server?

In the distant past, you needed multiple IP addresses to name based virtual 
hosting with SSL, but that problem was solved by SNI, Server Name Indication. 
Some very old clients (old versions of XP, and Android 2, and very few others) 
still don't support SNI, but those clients are inherently insecure, so maybe 
it's *good* to drop SSL support for those clients, and make no pretense that 
anything they do is secure. SNI was introduced in TLS 1.0, which is currently 
the oldest unbroken version of SSL/TLS. Anything older than TLS 1.0 is SSLv2 
and SSLv3, both of which are deprecated and broken.

If you have more than one physical server (and no firewall/NAT box/load 
balancer) then you might need more than one IP address. 

Aside from these issues, apache can serve all your content over a single IP 
just as well as it can over multiple IP's.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Linux on laptops

[Edward Ned Harvey (blu)]

I'm looking for a small, light, cheap, laptop to run linux. I prefer either 
ubuntu desktop or fedora.

I know there's a very good chance that any random linux will work fine on any 
random laptop I buy, but I certainly prefer to have some greater assurance - 
ideally it's an officially supported distro, or maybe there's some unofficial 
guide that demonstrates support.

Any suggestions?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Linux on laptops

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Kent Borg
> 
> Something that has intrigued me recently is the idea of running a fairly
> standard Linux on a Chromebook. They are small and cheap, and have long
> battery life.

The issue that leads me here today is as follows:

I have an Acer Chromebook C710. Dual core Celeron 1.1GHz, 2GB ram (one slot 
populated, one slot available), 320GB hard drive, multitouch pad. It's pretty 
nice. So I looked up how to install linux on it. The answer is Chrubuntu, 
http://chromeos-cr48.blogspot.com/2013/05/chrubuntu-one-script-to-rule-them-all_31.html

This got ubuntu 12.04 installed (quite painfully I might add). So the first 
thing I did was apply updates, and suddenly there's no graphics anymore. Text 
only login.

Needless to say, that's not acceptable.

The root cause is the Chromebook BIOS can't boot a standard bootloader. Linux 
is assuming grub, which is not correct, so weird things happen loading the 
wrong kernel or the wrong initrd. You can't boot from a USB into rescue mode to 
fix it. You have to restore to factory from a Chromebook USB recovery fob, and 
start all over.

I strongly discourage getting a chromebook with the intent of using it for 
anything other than a chromebook. But if you already have one - Sure, give it a 
try. Worst case, you have to download a Chromebook recovery fob in order to get 
back to a supported chrome OS.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Linux on laptops

[Edward Ned Harvey (blu)]

So far, all the good responses seem to say, basically, pay more money. The 
system76 and zareason (and base model Dell and Lenovo) laptops start around 
$700 minimum.

What I really want is exactly this:
http://www.newegg.com/Product/Product.aspx?Item=1TS-000X-000J1

With a different OS.

A few years ago, they sold laptops like these in Toys-R-Us, as laptops for 
kids, that you didn't have to worry about viruses. (Which is slightly 
misleading, but not entirely).

So far, what I'm inclined to do, is go to a local store such as Microcenter or 
BestBuy, ask them what their return policy is, create a "dd" image of the 
internal hard drive before first power-on, and then simply blow it away with a 
linux installer. See what happens. 

If I return one because I don't like it, I won't be in any trouble. If I return 
two, they might be suspicious. If I return three, they might give me a hard 
time.

Depending on the store, sometimes you can say, "Can I buy 3 laptops, and then 
return 2 after I decide which one I like best?"
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Dropping obsolete commands (Linux Pocket Guide)

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Chuck Anderson
> 
> According to Ted Ts'o (filesystem developer), it is NOT a recommended
> way to backup your filesystem:
> 
> http://www.gossamer-threads.com/lists/linux/kernel/1197768
> 
> "It does read the mounted block device directly, and so it's certainly
> not a _recommended_ way to back up your ext4 filesystem. It should

That's correct, but unfortunately, it doesn't leave you with anything else you 
can use. The problem is that the live filesystem can have stuff changing while 
the operation is in progress. Because you're not using a block-level snapshot. 
So even if you use something like rsync or rsnapshot, the tool will walk the 
live filesystem (on top of the filesystem layer, unlike dump which operates 
below the filesystem layer, but that distinction is irrelevant) the filesystem 
could be changing while in the middle of an rsync operation. Or tar, or cpio, 
or whatever. Your database files are not safe with *any* of these tools, 
because of no block-level snapshot.

If you make a block level snapshot, for example with lvm, you could then safely 
backup the snapshot block device, just as you could safely mount the snapshot 
and run rsync. But god, lvm snapshot, what a nightmare.

This is the reason ZFS was invented. Maybe btrfs will be good someday too 
(maybe it already is).
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Dropping obsolete commands (Linux Pocket Guide)

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Daniel Barrett
> 
> 
> 1. dump and restore
> 
> I grew up with these commands, but personally haven't used them in
> well over a decade. What do you think?

If you want to backup your filesystem and preserve every little tiny detail 
that people don't normally think of - like named pipes, and character special 
devices, and hard links, and weird stuff like that, dump & restore are the only 
sure-fire ways to do it, because the dump & restore source code is written by 
the same people who write the EXT filesystem code.

You might make a comment about use netcat instead of telnet, for network 
diagnostics, but aside from that, telnet is obsolete as a remote terminal 
protocol.

And all the other stuff, I agree, is obsolete. 

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] laptop as router

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Mike Small
> 
> Speaking of routers, are there any caveats to using an old laptop as a
> router?  I'm about to move into a 1 BR.  The retail router we have now

I've done this with laptops, desktops, soekris, and vmware systems running the 
router OS as a guest VM.

With a laptop, the main caveat is the 2nd NIC. Previously I carefully selected 
a PCMCIA card that would be compatible. Nowadays I guess you probably have to 
use a carefully selected USB adapter.

I recommend using pfSense or monowall instead of rolling your own BSD. Way, 
way, way easier, more featureful, probably more secure.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] [kind of off topic] noise canceling headphones

[Edward Ned Harvey (blu)]

There's a major difference between
Active Noise Cancellation
and
Passive Noise Isolation

Passive can be extremely cheap, block out everything except what the headphones 
are generating. Active is usually expensive, and usually does a really good job 
of blocking periodic or repetitive noise waves, like machine noise and hum from 
noisy equipment. I've often heard people say their active (Bose) headphones 
allow peoples' voices to pass through while blocking machine noise and stuff 
like that.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] 19,000 person company passwords stolen via HTTPS

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Dr. Anthony Gabrielson
> 
> > On Oct 6, 2015, at 10:52 AM, Rich Pieri  wrote:
> >
> > The problem isn't encryption or lack thereof. The problem is that the way
> > we handle authentication is fundamentally broken. Centralized
> > authentication is literally an all eggs in one basket deal. Steal the 
> > basket and
> > you get all the eggs.
> 
> You are describing one specific approach, not all authentication systems have
> the problem you outline.

I have no idea what RP was talking about, or if there was a point at all, but 
Anthony, you're right. I know in CBCrypt, there is no basket with all the eggs.


> > The problem is further compounded by the belief that encrypting
> > everything will save the world and make everything better. It won't.
> > Encrypting a broken authentication system and a bass-ackwards verification
> > system will not make them any less broken and bass-ackwards.
> 
> It may not make everything better - but you will can cut down on the MiTM
> and increase the noise. Increasing the noise will go along way to make an
> adversaries job more difficult.

Again, I don't know if RP was making any real point, but Anthony, you're right. 
When passwords are exposed to servers, it makes it very easy for hackers such 
as referenced in the Ars article, to steal their passwords, and then compromise 
their accounts on other services, as well continued breach of the compromised 
service. For point of comparison, if a hacker breaches the TLS channel on a 
CBCrypt server, they still cannot access the users' information on *either* the 
compromised server, or anything else.

When bad guys want to sell bad material, they don't use their own accounts. 
They find somebody's hacked accounts and use them instead. Peoples' usernames 
and passwords are sold on the black market every minute of every day. There is 
a monetary value for bad employees to steal their users' passwords and sell 
them. The weaker the security in the world, the more innocent people the bad 
guys have available to hide behind, and the more innocent people get mistakenly 
arrested for having kiddie porn (for example) discovered in their Dropbox (for 
example).

Weaker security can be proven to never be effective at catching bad guys ( 
http://bit.ly/1K9gEFP ), and weaker security leads to more victimized innocent 
people. So yes, the absolute correct response is more encryption, more 
security. Save the world, make everything better. Yes.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] 19,000 person company passwords stolen via HTTPS

[Edward Ned Harvey (blu)]

This is the reason why you should care about authentication and encryption 
happening without exposing passwords or encryption keys to servers. In this 
case, it was hackers planting a malicious DLL to capture plaintext passwords 
received during HTTPS login sessions, but there's nothing preventing bad 
employees from doing this exact type of thing - by editing a PHP file or 
whatever. This type of attack affects not only the employees of the compromised 
company, and the company's private information, but all the customers, 
partners, and users of the company who happen to use that server or service. 
All because your password gets sent to the company over the HTTPS connection. 
There is zero upside to sending the password, when there exist standard 
techniques to prove you know something without exposing the thing.

http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/

Somebody on this list once called me a corporate shill for promoting 
https://cbcrypt.org, but this is MIT open source, free work that we produce at 
work and distribute to the world. We gain nothing if you use it. Even if our 
competitors use it, then suddenly our competitors would become not-the-problem, 
and the world is better, which means we're winning. We gain a good feeling if 
you use it, even our competitors.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Fwd: Hey FCC, Don't Lock Down Our Wi-Fi Routers | WIRED

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Shirley Márquez Dúlcey
> 
> A router locked down in that way could not incorporate any GPLv3 code.

I don't see any reason locked-down firmware would violate GPLv3. As long as you 
announce what code you're using, and distribute the code.


> Eliminating the ability to install alternative firmware will hurt a
> lot of people

Agreed.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of John Abreau
> 
> When I backup Postgresql databases, I use pg_dumpall to dump the data into
> a text file; I don't try to backup the binary database files.
> 
> I'm not familiar with MongoDB, but I would be surprised if it didn't have a
> similar option to dump its data to a text file.

Databases, indeed, cannot be backed up by naively copying the database file 
while the daemon is alive. The daemons are, however, smart enough to leave the 
file(s) in a consistent state (or use something akin to journaling) so the 
daemon is able to recover after an interruption. I am confident saying that 
literally every database has these characteristics - even Mongo and Sqlite. I 
have specifically verified this is correct with Sqlite.

As for the filesystem being in an "inconsistent" state after interruption - 
That's what journaling is for. If you were in the middle of a "rm" or "mv" 
operation or something like that, journaling remembers it and correctly handles 
it after system restore - either by completing the operation or by backing it 
out as if it never happened. Automatically.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Bill Bogstad [mailto:bogs...@pobox.com]
> 
> While some OSes/filesystems handle power interruption well at this
> point, it seems to me that there are lots of apps/servers which do not
> and which people still need to use.   Particularly in a VM environment
> where you might be running legacy OS/app combinations because you
> can't replace them, it seems to me that suggesting this method as a
> generic way to backup VMs is not really appropriate.   Sure we should
> all replace our old software systems with ones that use transactions
> to protect against this kind of failure, but I don't think we are
> there yet.

I haven't seen an OS, Filesystem, or a daemon, it at least 15 years, that 
couldn't gracefully survive a power interruption. Except ownCloud.  ;-)
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Bill Bogstad [mailto:bogs...@pobox.com]
> 
> > 2- Use a snapshotting filesystem like btrfs or zfs in the host, so the host 
> > can
> replicate the guest storage to another location seamlessly.
> 
> I don't see how this can work in a way that would be useful.
> Filesystem snapshots of your emulated disk images by the host OS may
> give you a single point in time copy, but they don't guarantee that
> the copy is in any way consistent. 

This is one of my favorite modes of operation. I run a ZFS host, and have guest 
VM's residing in zvol's, which get snapshotted and replicated periodically to 
additional attached storage, and offsite and offline.

If something happens, like the whole machine explodes or whatever, then I 
restore the guest snapshot, and power it on. The behavior of the guest machine 
is exactly as if the guest machine had been running and then suddenly the guest 
power was yanked or kernel panic or something. The guest storage device is a 
precise snapshot of what the guest storage would have looked like at the 
instant that the storage snapshot occurred.

If you're running an OS or some daemon that can't survive a power interruption, 
time to find a new OS or switch to a different daemon.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Daniel Barrett
> 
> One piece I've never fully worked out is backing up the live VM's
> (VMware Workstation) running on my Linux box. 

For VM's, you only have three choices:

1- Install backup software or something in the guest, let the guest back itself 
up.
2- Use a snapshotting filesystem like btrfs or zfs in the host, so the host can 
replicate the guest storage to another location seamlessly.
or
3- Shutdown the guest, and then use some sort of "regular" copy method. Tar, 
cp, whatever. It's very difficult to do this in any sort of time or space 
efficiency, but it might be possible, and sometimes you have no other choice.

Y'know - or just don't backup the guest machine. If you do all your work in git 
or something, and you can easily rebuild the guest from scratch.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Accidental rm -rf (was Cloud-backup solutions for Linux?)

[Edward Ned Harvey (blu)]

> From: Kent Borg [mailto:kentb...@borg.org]
> 
> -kb, the Kent who also never types scary commands like "rm -rf
> /home/jruser/somedirectory" in left-to-right order, for fear he might
> bump the return too soon; rather he types out the base command, then the
> entire path complete... and only then goes back and adds the dangerous
> "-rf"-part.

Heheh, what I do is this:

ls -ld /foo/bar/*

Did I see it display precisely the things I want to destroy? If so, hit the 
up-key and replace "ls -ld" with "rm -rf"
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Matt Shields
> 
> What's
> sad about this back and forth is that a few people already made up their
> minds to dismiss my solution because it doesn't fit their needs or
> definition.

Most people care about ownCloud destroying data on network interruptions, 
because with mobile devices and laptops, that's a normal part of life. I've 
talked with hundreds of IT people about file sync, being that it's my business, 
and of all the people I've ever talked with about ownCloud, exactly two of them 
have said they recommend it. You're the second one.

Most people don't care (but should) about privacy in the cloud, which ownCloud 
also doesn't do. You only get privacy with ownCloud if you operate your own 
physical server physically secured on-premise in your basement or network 
closet or something. Even if you enable server-side encryption on ownCloud, the 
encryption keys are stored on the server, so it's almost pointless.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Matt Shields
> 
> Check out ownCloud.  It let's you run your own cloud based backup service.

Oh god, no. If you're thinking about ownCloud, try Synctuary instead.

I probably can't make a statement about ownCloud without getting sued (I work 
for Concept Blossom and am a developer who works on Synctuary), so I'll just 
ask you to ask yourself these questions:

What happens if you're in the middle of a file transfer, and the wifi drops, or 
the ethernet cable is removed, or you roam from one wifi to another, or close 
the lid of your computer?

What happens if you create a file with a character in its name, that's not 
allowed on some other platform? The two most common ways this happens are: 
Someone on the mac creates a file with a ":" colon character in its name, which 
is not allowed on windows. Or someone on windows creates a file with a unicode 
8211, the emphasized hyphen character, which is not allowed on linux.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Matt Shields [mailto:m...@mattshields.org]
> 
> So far have not had a single issue. 

I repeat the question: What happens if you interrupt the client or network in 
the middle of a file transfer? What happens if you create a file with a 
disallowed character in its name?

Be sure to md5sum or something, before and after transfer, to ensure you'll 
notice if anything unexpected occurs.

Be sure to look at the filesystem of the platforms where the disallowed 
character is disallowed. To see what appears there, if anything.


> My main reason for not using something like Synctuary, Dropbox, etc is
> this: https://www.conceptblossom.com/pricing  I would rather write a
> custom rsync (or something else for Win) script to automatically sync my
> personal files rather than pay for something.

Synctuary is free for up to 3 users. Although the OP specifically asked about 
linux, and I admit the linux Synctuary client isn't as good as it should be. 
Ubuntu only, and sometimes crashes.

But never causes data loss, which is more than I can say for the competition.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

Also, Synctuary and ownCloud are more for sync/sharing/replication. Not really 
a backup product. To the OP, I would suggest rsnapshot or rsync for his 
purposes, not so much Synctuary or ownCloud.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Rich Braun
> 
> Here's why I ask: For a few years I've been using CrashPlan as my primary
> backup, and rsnapshot as a secondary.

What's wrong with rsnapshot?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Reusing Passwords on Different Sites Should be OK

[Edward Ned Harvey (blu)]

> From: Bill Ricker [mailto:bill.n1...@gmail.com]
> Sent: Thursday, September 17, 2015 10:11 PM
> 
> Reusing passwords requires the users to know that the encryption is of a
> safe variety.  Most users are not qualified to tell good crypto from bad
> crypto.  Heck, most programmers can't be qualified to use good cypto
> correctly.
> Password Encryption done client-side must be handled very carefully to
> avoid replay attacks yet still actually validate something.  Sounds like a 
> half-
> hearted attempt at Challenge-response.
> tl;dr No.

Everybody knows they shouldn't login to anything over http://
We've all been trained to use https:// and ensure we have green checkmark 
security shields or whatever.
Because thousands of random unknown employees maintaining the routers on the 
Internet could access the http traffic.

When you login via HTTPS, to google, facebook, twitter, and thousands of other 
sites, there are still thousands of unknown employees maintaining the load 
balancers and web servers at the other end, who could access the traffic.

It is a no-brainer. You should not send your password or encryption keys, even 
over https. You need to prove you know your secret without exposing it.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Reusing Passwords on Different Sites Should be OK

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Matthew Gillen
> 
> just because a malicious employee could run
> wireshark on the production boxes doesn't make me forfeit my expectation
> of privacy.

We all know that we shouldn't login to things over http:// and we've all been 
trained to use https:// every time. Because random employees of the ISP and 
other networks could use wireshark, we know we have no reasonable expectation 
of privacy over http://

The world needs to know, the same problem is still true over https, but instead 
of thousands of employees operating the routers of the internet, it's thousands 
of employees operating the load balancers and web servers at google, twitter, 
facebook, akamai, etc.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Reusing Passwords on Different Sites Should be OK

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Chris Markiewicz
> 
> This is such a bizarre interpretation of "Third-party". A password
> should be considered a secret between two parties: client and server.
> But again, conceded that this is a problem.

I get what you're saying - You're not saying that I'm trying to twist third 
party doctrine into something it's not. You're saying third party doctrine is 
itself a bizarre interpretation, that contradicts what a rational person would 
expect to be held private.

And you're right. The case example to demonstrate this is lavabit. He created 
that whole business for the explicit purpose of providing privacy and security. 
That's the premise on which he gained all his users, and yet, when the feds 
came after him, they told him his users had no reasonable expectation of 
privacy.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Reusing Passwords on Different Sites Should be OK

[Edward Ned Harvey (blu)]

The present standard practice is for clients/users to establish an HTTPS 
connection and then send username and password over the wire, where the server 
will encrypt it using a rate-limiting function such as pbkdf2, bcrypt, or 
scrypt, to protect it against hackers or bad employees who have access to the 
password file or database or whatever. But wait! We should assume, that hackers 
and bad employees who can access the password file can also access the 
encryption programs (drupal, wordpress, apache, etc that run bcrypt etc) and 
have access to the password in-memory before it's encrypted.

Worse yet, even if the server is never breached and the employees are always 
perfect, users sacrifice their legal right to privacy by merely making it 
possible for the employees to see it. 
https://en.wikipedia.org/wiki/Third-party_doctrine This is like a person 
writing their password on a postcard and assuming the mail carriers will never 
bother to look at it. Why do we make a distinction between the employees 
operating the routers on the internet, and the employees operating the web 
servers at google and facebook and everywhere else? We know we should never 
login to an http:// site because the random unknown employees who operate 
internet routers could see the credentials in-flight. We've all been trained to 
only login on valid https:// sites, even though potentially thousands of random 
unknown employees might be at work on the other end, able to see the 
credentials in-flight.

tl;dr
There is no good reason to do the encryption on the server. It should be ok to 
reuse passwords on different sites, as long as the passwords are never exposed 
to the servers.

I work at Concept Blossom, and we're promoting awareness about this issue. We 
produce https://cbcrypt.org MIT open-source crypto library to address this 
issue. We're resource constrained on development, so development is taking 
place, but slower than we wish. Please spread the word and raise awareness as 
you wish. Even if some other implementation eventually becomes dominant instead 
of CBCrypt, this is a big important issue that I don't want affecting my 
daughter when she grows up.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Reusing Passwords on Different Sites Should be OK

[Edward Ned Harvey (blu)]

If you agree with me, you could up-vote this issue on slashdot. (Click the [+] 
button)
http://slashdot.org/submission/4951477/reusing-passwords-on-different-sites-should-be-ok
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Reusing Passwords on Different Sites Should be OK

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Matthew Gillen
> 
> > https://en.wikipedia.org/wiki/Third-party_doctrine This is like a
> > person writing their password on a postcard and assuming the mail
> > carriers will never bother to look at it.
> 
> I don't think that is actually sound legal reasoning.  Has that
> interpretation come out of a court?

http://lavabit.com/


> Just because a malicious FedEx
> employee could open your package doesn't mean you forfeit your right to
> privacy.  

No, no - This is actually a court case, referenced by the above wikipedia 
article. The case example is a postcard versus a letter in an envelope. Even 
though the envelope is a trivial security measure, it means the sender had a 
"reasonable expectation of privacy," and therefore has not forfeited the right 
to privacy. But the postcard could be seen by the mail carriers, and therefore 
has no reasonable expectation of privacy, and therefore no right to privacy.

In the case of lavabit, even though their service explicitly was marketed for 
the purpose of privacy, the mere fact that their employees *could* access user 
information meant that legally they were required to. Which violated Ladar's 
principles, so he shutdown the business instead of betraying his customers' 
trust.


> Likewise, just because a malicious employee could run
> wireshark on the production boxes doesn't make me forfeit my expectation
> of privacy.

That's exactly what it means - as long as you with your wireshark are *able* to 
access some information, because it's not encrypted and the user hasn't gone to 
any effort to conceal it (another one of the measurements described in the 
aforementioned court case) that means it's like a postcard and not like a 
sealed envelope.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Edward Ned Harvey (blu)
> 
> Yes, I am
> definitely afraid of the backlash for being an activist and trying to fix big
> problems. 

This is painfully relevant:

They want to target (for killing) bloggers and journalists that they don't 
like. This is the USA.
https://twitter.com/Conceptblossom/status/641624941201334272
https://twitter.com/trevortimm/status/641443270686605313
http://abcnews.go.com/International/annoying-deadly-debate-killing-isiss-twitter-tough-guys/story?id=33603248

Commenting on the strategy of targeting propagandists and "Twitter tough-guys," 
someone referred to as "Senior counter-terrorism official" says:

"We are the angel of death. This war is a propaganda war too. Why only limit it 
to military leaders? Should we be ignoring the propagandists that speak English 
and are tech savvy who know how to reach westerners?" a senior 
counter-terrorism official knowledgeable about the counter-ISIS strategy told 
ABC News. "I don't see why you would want to curtail either targeting strategy. 
This is also a war of ideas."

Personally I'm going to comment, that "war of ideas" is dangerously similar to 
"war of ideals" or "religious war." It's not targeting individuals who engage 
in military communications - it's targeting people whose ideas disagree with 
your own.

This is how they justify it:

"While the White House declined to comment for this report on the targeting of 
propagandists in general, a senior administration official defended the 
targeting of Hussain specifically.

'We've been clear that Junaid Hussain was more than a mere propagandist. He was 
a key recruiter of Westerners and sought to direct attacks in the United 
States, specifically targeting U.S. military personnel and other government 
officials,' the official said."

Somehow there's a disconnect between the White House spokesperson talking about 
the individual who coordinated targeted attacks using Twitter as a 
communication medium, and the officials who go with "We are the angel of death" 
and "war of ideas."
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Eric Chadbourne
> 
> I stopped reading your post right there.  I am not willful, sheepish, or 
> blind.

That's the definition of willful ignorance.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Dan Ritter [mailto:d...@randomstring.org]
> 
> For most people in most places,  blindly clicking "yup" on the
> terms of service is exactly what they should do.
> 
> 99% will not get into legal trouble.

Oh, try this on for size:

Spotify, music streaming, essentially internet radio: requires access to 
contacts, photos, files, location, microphone. And probably some other stuff. A 
lot of people find that excessively creepy, and question if any of it is 
necessary to provide the service they want. Some of it might actually be 
useful, such as microphone to do voice commands, and location services to 
determine if you're in the middle of running and therefore in the mood for 
running music.

My personal favorite: The "flashlight" search on android.

At minimum, a flashlight app needs access to "Camera."

But among the most popular apps, >10 million downloads, requires Location, 
Photos/Media/Files, Wi-Fi connection information, Device ID & Call History.

That is not a situation where blindly clicking "yup" is what people should do. 
It's not about the user getting into legal trouble, it's about granting the 
service provider or the app manufacturer way crazy too much access into your 
life.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Eric Chadbourne
> 
> > There was nothing insulting in any of what I said
> 
> Really?
> 
> "...It's nothing more than willful, sheepish ignorance, akin to blindly 
> accepting
> all the Terms of Service on every app..."
> 
> That was your response right at the top.  Look at the facts, read the email,
> see who started.  It was clearly you.

Seems pointless to respond any further, but yeah. If you say that criminals and 
the CIA don't use coercive rubber hose tactics against people saying and doing 
things they don't like, yes that's willful ignorance. No it's not an insult for 
me to say so. "Willful ignorance" is simply a term that means you choose to 
ignore something you don't like. Sheepish means you're going along with the 
crowd. The same thought pattern that leads people to blindly accepting Terms of 
Service.

No, those are not insults. If there's anything interesting to talk about 
further, let's do that.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Dan Ritter [mailto:d...@randomstring.org]
> 
> Uh, no, you just changed from "accepting ToS blindly" to
> "granting permissions blindly".

What's your point? Yes, the permission grants are baked into the ToS and/or 
privacy policy.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Eric Chadbourne
> 
> Are you 13?  Stop being an insulting bore.

Heheheh, ok fine. I'll also re-send on-list.  ;-)

There was nothing insulting in any of what I said, and there wasn't any 
disagreement between us about anything - So when you got offended and shut down 
because I said you're being willfully ignorant, you shouldn't have been 
offended, and you shouldn't have used that as a reason to disengage 
conversation. (But you're certainly entitled if that's what you want). And when 
you said "Neither is anyone who disagrees with you," you're imagining some sort 
of conflicting position between you and me, that actually doesn't exist.

You don't have to read what I write, and you certainly don't have to like it, 
but you're the one saying insulting things to me, not the other way around.

FWIW, I'm not insulted, despite your attempts to be insulting. I am feeling 
decidedly "meh" about the whole exchange.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Dan Ritter [mailto:d...@randomstring.org]
> 
> For most people in most places,  blindly clicking "yup" on the
> terms of service is exactly what they should do.
> 
> 99% will not get into legal trouble.

Actually, that's not the point - By accepting the ToS and granting permission 
for their employees to access whatever, you both open the door for their bad 
employees to illegally use your stuff, and you waive your legal right to 
privacy so it becomes legal for the NSA to indiscriminately harvest it all 
without any warrant or probable cause.

And that includes your password. No right to privacy on your password because 
you voluntarily used it to login to their service, which means you sent it to 
them.

All of the above is solved, if passwords and encryption keys are never exposed. 
Unfortunately, for example, the Dropbox terms of service 
https://www.dropbox.com/terms says you grant them access to your stuff because 
it "enables us to offer the Services." The reality is, they don't need access 
to your stuff in order to do file sync.

I certainly know Synctuary does file sync without any access to the files, 
passwords, or encryption keys.

Third Party Doctrine: This is what sank Lavabit.
People who voluntarily give information to third parties have "no reasonable 
expectation of privacy."
https://en.wikipedia.org/wiki/Third-party_doctrine

AT employees stole and sold customers' private information
http://arstechnica.com/tech-policy/2015/04/att-fined-25-million-after-call-center-employees-stole-customers-data/

Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1
http://motherboard.vice.com/read/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mr Robot

[Edward Ned Harvey (blu)]

> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Eric Chadbourne
> 
> I don't think either of us are going to
> be beaten by the CIA tomorrow.
> 
> Criminal gangs with rubber hoses probably
> aren't going come hunting for you if you try to write or implement good
> crypto on your backup project.

That's what everyone says. It's nothing more than willful, sheepish ignorance, 
akin to blindly accepting all the Terms of Service on every app. 

Do you follow any of the news or politics in this country? We have politicians 
voting - unanimously - to show they believe climate change is a hoax, risking 
the future of the world in order to support the fossil energy lobby, despite 
overwhelming consensus of the actual scientists who study it. We have 
politicians, and even the director of the FBI, and prime minister of the UK, 
pushing for encryption backdoors and saying "don't make us force you into it" 
despite overwhelming consensus of the security experts saying that it can never 
work and would be harmful and destructive to try. Meanwhile, everything is 
getting backdoors anyway. Ask Ladar Levison what would have happened to him if 
he had stayed in business and refused to provide the backdoor. They might not 
have used the rubber hose on him, but indefinite detention would certainly be 
on the menu.

Look up Frank Olson. There's also an incredibly well done special covering his 
case, by Dr. G's America's Most Shocking Cases (which is actually just an 
excellent series - I'm bummed that it only ran for one season). Every 
government around the world has procedures to make assassinations look like 
accidents. We've seen cases of radioactive material dropped onto a Japan 
politician's rooftop by miniature drone, and drive-by parabolic radiation 
emitters, used to "accidentally" kill people via cancer or radiation poisoning 
a few months later. Recently, China tries to silence Miss World Canada's human 
rights advocacy by threatening her father. http://bit.ly/1Vikv6B 

Every blogger, journalist, and activist receives death threats. It comes with 
the job. We've had at least 3 bloggers killed this week. And Al-Jazeera 
journalists imprisoned in Egypt. As evidence against them, prosecutors played 
footage of a trotting horse, and the music video for "Somebody That I Used To 
Know" by Gotye. It sounds so insane you don't want to believe it, you think "Am 
I reading The Onion?" but then every news source reports the same thing, for 
over a year. Now the guys are in prison, trying to work with The Committee to 
Protect Journalists, and lawyers and activists abroad, trying to get deported 
from Egypt. We like to sit in our protective bubbles, thinking "That's just 
oppressive foreign regimes," which makes you think, "That must be exactly how 
people abroad view us and 'indefinite detention without sufficient evidence for 
a trial' and 'enhanced interrogation' at Gitmo." So at some point, you have to 
give up denial and accept that it's reality. Not only is i
 t reality, but it happens in this country too, and it happens against our own 
citizens such as Ladar and Frank.

The goal we're pushing for in https://cbcrypt.org is a universal standard login 
protocol that allows logins and encryption to happen without ever exposing 
passwords or encryption keys. We're working on a video that explains it, but 
that video is to be released about a week or two from now. Follow 
@Conceptblossom or like Concept Blossom on facebook, or just email me off-list 
if you want to be alerted when that video is available. Yes, I am definitely 
afraid of the backlash for being an activist and trying to fix big problems. At 
stake are billions of dollars in criminal organizations - billions of dollars 
in legitimate companies such as Dropbox and Google and Microsoft that legally 
use and share their users' data - political leanings of many governments around 
the world - and many lives of many people.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Replacing AD with Samba4

[Edward Ned Harvey (blu)]

 From: Rich Braun [mailto:ri...@pioneer.ci.net]
 
 I guess I didn't make it clear: this is my home LAN. My domain controllers
 exist solely to support a couple of Windows instances that run software that
 has yet to become available on Linux, and/or devices that want to
 communicate
 with SMB network shares.

Oh - Uh - That makes a lot of sense now. ;-)

The part that's still missing is: Why run a domain at all? Why not just let the 
couple of windows boxen run standalone, and use basic authentication to the SMB 
share?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Replacing AD with Samba4

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Rich Braun
  
 Any suggestions?  Is this known to work?  Maybe I should just keep my
 Windows
 servers?  But they're 6+ years old and probably fraught with security holes.

I know it's not what you want to hear, but I'm sure Microsoft doesn't test 
their desktop OSes against Samba AD servers, so even if it works now, I 
wouldn't count on it for a production work environment. It will cost like 
$300/yr for windows server, which is nothing to a business. (That's if you pay 
$600 every other year for Server Standard, which permits you to run on two 
separate VM's simultaneously.)

I just don't see anything to gain by trying to deviate from windows server. 
Unless you want to support a non-windows organization.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Tom Metro
 
  You seem to think there's an obstacle which isn't really real -
  Encryption is very cheap computationally, so cheap indeed it can be
  done by the disks themselves.
 
 Yes, disk that have hardware acceleration for that purpose.

Yes, aka self encrypting drives. Which are very common and readily available.

If you don't have a self-encrypting drive, then obviously the encryption must 
be done on your CPU.

Some appliances have support for self-encrypting drives. The appliance only 
needs to store the encryption key somehow (exercise left to reader) and in 
BIOS, tell the drives to encrypt themselves.

I know how Microsoft securely stores the encryption keys in TPM - I can't speak 
to any other OSes or appliances that use the TPM or other techniques.


 While we are certainly heading in the direction where the CPU overhead
 for encryption can be ignored, even in low-end embedded devices, we are
 not there yet.

We are certainly there, *except* in situations with puny cpu's and no hardware 
acceleration.

On a CPU that has AES-NI (the AES New Instruction set, which was new around 6-7 
years ago), you can max out your SATA bus and it will utilize around 3-4% CPU 
time of a single core. This compares to around 30-40% if you don't have AES-NI. 
But admittedly - this is an x86 laptop processor, which is going to be much 
more powerful than a little ARM or similar.

So even if you lack the hardware acceleration, you don't get CPU performance 
limited; you just burn some unnecessary CPU power.

 Doing AES-256 CBC 1024, the Pi is about 10x slower than an i5 per the

Agreed. It is not going to work well, to run encryption on an ARM processor 
without AES hardware acceleration.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: lots of bays vs. lots of boxes

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Rich Braun
 
 As drive capacities increased, transfer speed also did. (You have updated
 your motherboards to 6G SATA, right?)

Nope. Well - Drives increased speed up to around 1Gbit/sec around 10 years ago, 
and there they stayed, and there they still are. They're limited by the 
frequency response of the heads.

It took a surprisingly long time for SSD's to get faster than sustainable 
1Gbit/sec, but they've accomplished it now. Nowadays, I expect a typical SSD to 
actually be limited by the 6Gbit bus.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] VPS suggestions

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Eric Chadbourne
 
 Any VPS suggestions?  For the last year I’ve been using Digital Ocean.  The
 price is right and the servers are fast.  Unfortunately it appears apt-get 
 can’t
 update the kernel.  You have to use their web based gui.  This isn’t
 acceptable to me.

I use DO. Haven't had that problem... The only thing I've experienced that's 
even remotely similar was when the ubuntu 12.04 hardware enablement stack 
changed (by ubuntu) I had to do some extra steps to upgrade to the new HWE. But 
it wasn't too bad, and it was all on the ssh terminal...

Have you contacted their support? Maybe there's some setting you could change? 
I wonder what exactly you're experiencing, and I wonder why you're experiencing 
it but I'm not.

I have various flavors of ubuntu server, all 12.04 and 14.04.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[Edward Ned Harvey (blu)]

Yay, I started a flame war.  :-D
(Sorry).

Anyway, if anybody cares, I'm not a cryptographer but I am a pro crypto 
developer. The difference is you're a mathematician who understands how to 
design a good s-box, versus you're a software developer who understands the 
correct usage of all the crypto components. I'm the latter.

If somebody wants my opinion on something, please call my attention to it - I 
didn't see anything I wanted to respond to, but maybe it was just buried in the 
noise.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Derek Martin
 
 The difference is, the software most of us rely on is open source, and
 is known to have been inspected by some very smart 3rd parties who

Au contraire. How did I know this was going to turn into an open source is 
more secure myth? It's a myth.

First of all, no matter what you do, you're putting blind trust into *some* 
third party.

When you download binaries of an open source project, compiled by themselves, 
you're blindly trusting that they didn't backdoor it when they built it.

Sure you could download and build yourself - but then you're placing blind 
trust in *yourself*. Did you really truly read all the code and understand it 
all? Of course not.

When you get open source code from Red Hat and Debian, you're just shifting 
your blind trust to a different group of people - who also patch the code with 
their own patches - which you equally did not read.

When Red Hat and Debian download source code from all the 3rd parties, do you 
really think they read it, much less understand it? They don't do that any more 
than *you* would, if you were the person downloading and building those 
packages from source. So you shouldn't place blind trust in them any more than 
you would in yourself. As evidenced by Shellshock.

Second of all, as evidenced by the whole linux kernel RDRAND fiasco 2-3 years 
ago, even when people *do* read the open source code, flaws get maliciously 
introduced anyway. And the community can even notice, and get up in arms and 
throw public temper tantrums and get media involvement - and sometimes the open 
source software producer will *still* cram the backdoor down your throats. And 
Red Hat and Debian and everybody else will swallow it and redistribute it.

The characteristics that determines whether or not accidental or intentional 
sabotage is introduced - are the skill and character of the people submitting 
code.

There is no characteristic of open source vs closed source code that 
fundamentally attract or repel people of good skill or character. Open source 
and Closed source code have an *equal* proportion of people with good or bad 
skill and character.

But most of all, evidenced by Heartbleed, POODLEv1, POODLEv2, and ShellShock - 
Nobody's reading the open source code.

Since I became a crypto developer a few years ago, I spend my time now reading 
open source stuff, and observing the behavior of closed source stuff. It is my 
opinion that both are about equal in terms of crypto correctness. And it is my 
opinion that both are about equally responsive to submissions, when I report 
security flaws to them - Both open source and closed source, *sometimes* act on 
reported flaws, and sometimes don't.

But the primitives - block ciphers, hashing functions - are all solid. The 
weaknesses get introduced in how they're linked together, how they're used, and 
how the keys are generated and stored/communicated.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[Edward Ned Harvey (blu)]

 From: John Abreau [mailto:abre...@gmail.com]
 
 Edward Ned Harvey (blu) b...@nedharvey.com writes:
 
  You seem to think there's an obstacle which isn't really real -
  Encryption is very cheap computationally, so cheap indeed it can be
  done by the disks themselves.
 
 
  On Tue, Jul 7, 2015 at 1:14 PM, Derek Atkins warl...@mit.edu wrote:
 I don't trust my disks to do the encryption, mostly because there's
 really no way to verify that it's doing it correctly, and the key
 management gets a lot harder.
 
 The way I read it, the message wasn't that you should trust the disk to do the
 encryption; it's that encryption has very low overhead today, and the
 reference to disk-based encryption was merely to illustrate that point.

It seems silly not to trust the disk to do encryption, when you'd trust some 
software that you equally haven't decompiled and inspected.

I am saying both: Encryption has very low overhead today, and yes it's ok to do 
it in the disk hardware. Nowadays, you can download a dozen different AES 
libraries in any language - including javascript. Not that javascript is 
relevant in context, just to point out, AES is SOO ubiquitous that it's 
literally everywhere and in everything. The idea that the disk is going to have 
a broken implementation of AES is beyond far-fetched, into unbelievable land. 
And like I said - it isn't any less likely to be the case in the overriding 
software. Which I guarantee also has a working implementation of AES.

The only thing you need to *actually* be concerned about is where do the keys 
come from, how do they get managed, and do they cause inconvenience. And I 
guess it wouldn't hurt to actually plug one of the disks into another system 
and confirm that encryption is *turned on*. But as long as it's turned on, and 
the keys are good and managed, yes I trust disk hardware to do the encryption 
just as much as I trust the application software.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: ZFS vs. BtrFS

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Tom Metro
 
 (Is there any other solution outside of a NetApp file
 or BtrFS compare in this area? Maybe with vast quantities of cheap
 storage, the space inefficiency of snapshots is less of a concern.)

Yeah, lots. MS uses volume shadow services. And all the big guys (isilon etc) 
have some solution in this area. I hear a small number of people using lvm 
snapshots and AFS.

But I don't really understand your comment about space inefficiency of 
snapshots - in my mind, nothing could be more efficient, except to not have 
snapshots (allow data deletion).


  ...ZFS on linux. Apparently ZFS on linux has been working well now,
  for at least a couple of years.
 
 We keep hearing rumors of that, but anyone actually using it?

I haven't personally used it, but I've heard it enough times that I've decided 
I'm going to do it next time I need something like this. Literally the only 
reason I use openindiana is to get a ZFS box, and I'd definitely prefer ubuntu 
or centos.


 How about BtrFS now? I thought I saw some distributions switching to it
 as a primary FS.

It's probably ready. Around 3-ish years ago was the last time I tried it, and 
it was *almost* ready then. Meaning, I built a server, and tested the 
ever-loving hell out of it, and it passed all my tests. But then I put it into 
production and we would occasionally see weird behaviors, and after a very time 
consuming waste of effort spread over a few months, it was finally tracked down 
to btrfs. So on that server we scrapped btrfs (and solved the problem), but it 
was long enough ago that I wouldn't discourage trying again.


 I would *only* consider software RAID. So when I say RAID that's what I
 mean. I lump ZFS's RAID-Z with other software RAID, and don't consider
 it JBOD, as it is not using 100% of the storage for data.

Umm... I have a feeling you already know this, but the way you've phrased above 
seems like maybe not? You definitely shouldn't lump zfs and btrfs in with 
other software raid, because the huge, major reason to use zfs/btrfs software 
raid instead of hardware raid (besides system compatibility - ability to move 
disks from one system to another) is the ability to detect  correct data 
errors.

When the hardware presents only a single device to the OS, if a data error 
occurs, then the OS has no way to tell the hardware try reading the other 
copy, to see if it's good. This means hardware JBOD and software raid are 
necessary for the OS to do error correction. But many software raids (lvm, for 
example) don't do checksumming and error correction.


 Now whether the overhead of RAID-Z is low enough that it makes more
 sense to use that over Ext4 on JBOD for a low-reliability backup pool is
 another matter.

This comment doesn't make any sense to me.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: lots of bays vs. lots of boxes

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Tom Metro
  
 I'm more interested in clever ways of using multiple, cheap, commodity
 NAS boxes, Google-style. For example, for the same cost as that $600+
 (diskless) DIY NAS I linked to, I can get 4 of the QNAP 2-bay boxes and
 maybe combine them with something like MooseFS. You get redundancy
 where
 some number of the boxes can go down, and it still keeps working, and
 you can expand capacity by adding more boxes (if drive density increases
 don't keep pace).

I think the leaders in this space are glusterfs, and ceph. But I'm sure each 
one has their own individual strengths and weaknesses. Among them is 
compatibility - I don't think you're going to get anything like this to work 
with windows or mac clients, or have an android or ios app.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Tom Metro
 
 I imagine it would be challenging to pull off encryption well with
 appliance hardware. The first problem is getting the software to do it.
 (Plus all the automation you've previously discussed to set up the keys
 on boot.) The second challenge is having the horsepower to perform the
 encryption. Not impossible if they chose their embedded CPU well, but
 unlikely to be optimized for that.

You seem to think there's an obstacle which isn't really real - Encryption is 
very cheap computationally, so cheap indeed it can be done by the disks 
themselves. Yes, it's absolutely possible for appliances to utilize disk 
encryption, either by using its own CPU, or by offloading to the disks. I 
cannot speak to the specifics of any particular appliance actually doing it 
though, as I don't use any of them.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Anybody else seeing this? (Amazon AWS problem)

[Edward Ned Harvey (blu)]

About an hour ago, our alert systems started spamming us. It seems like a 
problem with Amazon AWS, US East. I'm able to access at least two of the 
systems in US East via https - but one of them is not responding to ssh - So I 
figured I would reboot it via AWS control panel -

And when I login to the AWS control panel, it says we have no instances and no 
storage. Which is a panic and crap your pants situation.

I'm obviously in progress contacting Amazon support, but I'm wondering if 
anyone else is seeing anything.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Anybody else seeing this? (Amazon AWS problem)

[Edward Ned Harvey (blu)]

Yup, something weird on their firewalls. Right now, I have two machines in our 
colo, with different externally facing IP's that are both in the same network 
segment, both continuously pinging a machine in Amazon. As I sit here, 
intermittently for no apparent reason, the amazon machine stops replying to one 
of them for a while, and then starts replying again, etc.

I've reported it to them. Awaiting response.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Anybody else seeing this? (Amazon AWS problem)

[Edward Ned Harvey (blu)]

 From: greg.rundl...@gmail.com [mailto:greg.rundl...@gmail.com] On Behalf
 Of Greg Rundlett (freephile)
 
 As for the crap your pants moment when nothing is right in your control
 panel, I've noticed that if you have more than one AWS login, that it can be
 difficult to login to the right account.  I've been duped before by logging in
 and seeing the wrong AWS console.  You've no doubt checked your account,
 but it's worth mentioning.

In fact, you were right. I did figure out, that I was logged into control panel 
with the wrong credentials, so that explained the missing servers  storage. (I 
had already double-checked that before posting here, but I found the error on 
triple check. So it's no longer a crap my pants scenario.)

But there's still something really weird happening with the firewall. We're 
still being flooded by alerts, and when I ping or ssh to the amazon machines, 
I'm seeing ...

Here's a really weird one ...

We have a couple of LAN's, whose external IP's are in the range a.b.c.d/e
The amazon firewall is configured to permit (usually) echo request and ssh from 
a.b.c.d./e
So ... machine foo on LAN1 is failing to ping or ssh machine banana and 
machine orange in the amazon network. But when I VPN into LAN1, I'm able to 
ping and ssh to banana and orange just fine.
Machine bar on LAN1 is failing to ping or ssh machine banana, but 
successfully pinging and ssh'ing to orange.

I login to AWS, and change the firewall to permit banana echo request and ssh 
from 0.0.0.0/0, and suddenly both foo and bar work fine. Makes no sense.

Then, while I'm in the middle of something else and not changing firewall rules 
in amazon, suddenly the pings from bar to orange start failing. Again, makes no 
sense.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Juniper VPN's

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Matt Shields
 
 All the download links I've found are behind Juniper's locked down
 download site.

If they're paying you, or anyone else doing work over that thing, they should 
pay Juniper for a support contract.

Even if there weren't incompatibility problems (as there obviously are) there 
continue to be security flaws that require patching. But I assume you've 
already told them that, and you must be volunteering your time?  ;-)
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] PC Build

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Greg Rundlett (freephile)
 
 I hardly know anything about hardware and mostly buy from newegg or
 tigerdirect.  It's been years since I built my first linux box from
 scratch.  Any comments, advice from regular or recent builders?

I have had a *lot* of experience building systems from scratch. Something I was 
formerly surprised by is the lack of standard compatibility - Which doesn't 
surprise me anymore. 

Even when you buy all the right parts, conforming to the right standards, 
apparently those things are not well defined or not consistently implemented or 
not compatibility tested. Most of the time (I'd say about 75%) you end up with 
a pretty good cheap system that simply works fine. About 20% of the time you 
end up with something that has some weird compatibility quirk - like some 
particular brand of memory doesn't like some particular motherboard chipset, 
although they're supposed to work, and everything seems to work after you build 
it but you spend months diagnosing some weird behavior only to determine the 
root cause is hardware, or something like that. And 5% of the time, it is 
horribly broken, you wouldn't be tricked into using it, you have to change some 
parts in order to make it usable.

I definitely advise getting something of a kit where the distributor 
recommends this combination of CPU, motherboard, etc. They either have tested 
it, or they sell a lot of that combo and get very few complaints about it. 
Newegg sells such kits; I've had good luck with them before. You can absolutely 
look at the details of the kit, and then buy those components individually; 
usually for about the same price.

Of course you're going to customize a little bit - you want the Acme Super 
Graphics Card, while by default the retailer would sell the system with some 
other graphics card - Don't be scared to mix  match a few parts as you wish. 
But starting with the kit and then customizing a little will help you avoid 
common pitfalls of selecting all your parts from scratch.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] My HP Pavilion's HD bit the dust and it is 13 years old, so instead of replacing the disk again, I would like a new laptop. But I would like to pay $300. I do not expect the best or the

[Edward Ned Harvey (blu)]

hehehehe, wanna try that again with the message in the message body instead of 
the subject? 

Subject truncated.



 -Original Message-
 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of John J. Herda
 Sent: Tuesday, May 26, 2015 2:58 PM
 To: BLU Discussion List; Jerry Feldman
 Subject: [Discuss] My HP Pavilion's HD bit the dust and it is 13 years old, so
 instead of replacing the disk again, I would like a new laptop. But I would 
 like
 to pay $300. I do not expect the best or the biggest. I have been told that
 some computers do not li...
 
  John J. Herda
 10 Tinkham Avenue
 Burlington, MA 01803-1538
 
 john_j_he...@yahoo.com
 cell: 781-249-2396
 home: 781-273-0269
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] About to rip out systemd and start over

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Rich Braun
 
 For the umpteenth time, this morning found myself at the console of a dead
 Linux box, unable to bring the system up because of unreconciled or circular
 or otherwise out-of-sequence dependencies in systemd.

Are you manually creating and editing services or something? I've literally 
never once run into any problem like this, on any system in my entire history. 
I don't want to say you're doing something wrong, but that *is* the first 
suspicion that comes up.

Maybe instead of making a generalization about systemd, you could describe what 
you've changed, and why you did, and what you're trying to accomplish, and 
maybe somebody will offer some insight on managing the systemd configuration 
that helps you avoid falling into those pitfalls in the future?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Secure Email

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Greg Rundlett (freephile)
 
 I like their No Bullshit
 stance https://kolabnow.com/feature/sustainable

Oh, um - I just read that. The No Bullshit policy is a nice catch phrase, but 
...  My commentary below:


 In times of insecurity, snake oil merchants travel the intertubes. Whether 
 they
 promise end to end encryption 

Agreed, 100%.


 (but control the software that controls your
 key), 

Hold on there. Cuz that's what we do, I know something about it. Yeah, I write 
software that controls your key, but so what? It's open source, it's peer 
reviewed, and it's solid. THAT is not a flaw. Even for the closed source code, 
and binaries that we distribute, the government cannot compel us to write 
malicious or backdoored binaries. Nor would they need to - 

If you want to know the REAL security flaw, it's the binary distribution 
channels. For example, you build some software, you digitally sign it, you 
stick it on your website or something. Then when users download it, they have a 
secure https connection, and digitally signed software ... But wait! Did anyone 
scrutinize the phrase secure https connection? Because the reality is, WE ALL 
KNOW, there are hundreds of certificate authorities out there, with at least 
hundreds of individual humans scattered about the world who have access to the 
root CA private keys. And every government has control of at least one of them. 
So the base assumption needs to be, a government agency could establish a MITM 
attack to substitute malicious binaries, while maintaining solid green 
checkmarks and passing all the x509 validity checks. The device they tried to 
make Ladar install at lavabit was exactly this - a MITM device that could MITM 
encrypt/decrypt all the SMTP/TLS traffic.

For a company that's supposed to be all about security, I'd like to see kolab 
acting a little more knowledgeable, relying less on marketing fluff and FUD.


 claim to be NSA proof (but accept US venture capital) or make other
 outlandish promises: If something sounds too good to be true, it most likely 
 is.

*sigh*  Speaking of snakeoil. This is coming from the company that just says 
Hey, We're Swiss. That means we're secure. How about putting some technical 
details where your loud mouth is? Stop waving flashy objects in front of users' 
eyes, as if there's anything about US venture capital that prevents you from 
building good cryptographic principles into your product.

I know we have taken US investment capital, and I certainly know I don't have 
anyone telling me how to design our product.

I call Bullshit on the No Bullshit policy.


 Kolab Now has built up the entire chain, from choosing a Swiss data centre
 without foreign capital, ensuring physical control of the hardware, which it
 owns, to building up a software stack without proprietary components. Using
 advanced network defence techniques in combination with Kolab Enterprise, a
 solution that we have developed ourselves, Kolab Now provides the best 
 security
 possible with feature rich collaboration on any platform. And we're working 
 hard
 to increase what is possible both in terms of security and features.

Marketing buzzwords and fluff.  I call Bullshit on the No Bullshit policy.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] interesting discussion on silverlight

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Edward Ned Harvey (blu)
 
 Believe it if you want to.

I'm only saying, the truth may be exactly as described, but it's hearsay from a 
stranger on the internet - not exactly a reliable source - it may NOT be 
exactly as described.

If the truth is exactly as described, it's contrary to the MS recent years 
trend of opening source and playing nice cross-platform, but that wouldn't be 
surprising either.

Take it as a maybe. And keep an open mind.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS Folder Encryption

[Edward Ned Harvey (blu)]

I'm a little confused by your email - 

Your NAS device, do you have it in your home? So it's physically secure, inside 
a locked building with locked doors and physical keys?

Do you plan to use it remotely - like when you're away from home?

Do you plan to synchronize files to your laptop also, or *only* make the files 
accessible via network?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Stack Script (shell script) to build Ubuntu LAMP + on Linode

[Edward Ned Harvey (blu)]

 From: John Abreau [mailto:abre...@gmail.com]
 Sent: Friday, April 17, 2015 9:09 PM
 
 Perhaps slightly off-topic, but I like to use /srv instead of /var for my
 websites. I create a directory /srv/www, give it a very small lvm volume, then
 create a separate lvm volume for each website under /srv/www.
 
 That way, If one of the websites goes nuts and tries to fill up the disk, it 
 won't
 stomp on the other websites or the rest of the server.
 There's already more than enough stuff under /var competing for space.

Of course you could do the same thing, where /var/www/www.foobar.com is itself 
a mountpoint. But by using a nonstandard location such as /srv, you're breaking 
the default selinux and apparmor rules - so you'll have to manually configure 
those rules - 

PS. Never expose a web server to the internet without selinux and/or apparmor. 
And various other security measures.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] OSX Mavericks root exploit, and Safari

[Edward Ned Harvey (blu)]

I'd like to alert people that OSX Mavericks has a root exploit that will not be 
fixed. All Mac users must immediately update to Yosemite in order to maintain 
any semblance of security.

http://arstechnica.com/security/2015/04/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root/

Also, having recently done this upgrade myself, I was almost immediately 
annoyed that Apple is trying to cram Safari down your throat - If you haven't 
launched Safari, they pop up a notification where your only choices are Try 
Now and Later which will repeat a few days later.

Also, if you use some other browser such as Chrome or Firefox, OSX will harass 
you to use Safari when you close it.  The You should switch to Safari instead 
of Chrome harassment will repeat once every few days upon closing the 
non-Safari browser.

Safari is terrible in terms of security. Nobody should use it.

To disable these annoyances, you can use this script I wrote. I recommend you 
don't trust me - I'm a stranger on the internet - You should first just run the 
curl command to see what the script does, and then repeat the curl command 
piped into bash to actually execute it. Just paste this onto a Terminal prompt:

curl -s https://clevertrove.com/safariAnnoyance.sh | bash

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Stack Script (shell script) to build Ubuntu LAMP + on Linode

[Edward Ned Harvey (blu)]

 From: greg.rundl...@gmail.com [mailto:greg.rundl...@gmail.com] On Behalf
 Of Greg Rundlett (freephile)
 
 So, now that I'm looking at Vagrant, Juju [1], Ansible [2], Puppet [3] and
 others as well as revisiting the general virtualization landscape (e.g. LXC,
 Docker, CoreOS).
 
 Does anyone have their favorite deployment tips, playbooks or stories to
 share?

One of my coworkers is absolutely in love with vagrant, but I don't like it 
because it only plays easily nice with a local virtualbox.  For him, he's doing 
experimental or development drupal work, that works great.  For me, I'm 
operating infrastructure to support people, I need to interact with a much 
broader set of vmware, aws, digital ocean - which vagrant technically *can* do, 
but the added complexity negates the benefit.  It's just a wrapper around 
ansible/whatever anyway.  So I just use ansible and forget vagrant.

The thing I like about ansible, besides the obvious - Ok, here's the obvious - 
In the past, machines were sometimes not well documented, and even if they were 
well documented, following the documentation was manual and error prone (hence 
you writing your script).  By writing executable documentation, you get 
repeatability and it becomes trivial to spin up a development machine that 
exactly clones the production system, then make a change on development and 
test, and apply the change to production.

Ok, so besides the obvious, I like the fact that I don't need a dedicated 
control machine.  I can do stuff locally on my mac, which ssh's out to the 
target machines to do my work for me.  I find, however, that if you have any 
windows administrators on your team, it becomes worthwhile to build a dedicated 
control machine - some linux box that everyone ssh's into in order to run 
ansible commands.  Because even with cygwin, there is no ansible on windows.  
(Last I knew, as far as I know.)

All that script stuff you wrote is how I used to do things.  The language in 
ansible makes a lot of that stuff trivial.  For example, how do you script Go 
into the my.conf file, find the [FooBar] section, and if the 'whizbang' feature 
is in there, edit it to 5, otherwise create a line 'whizbang=5' ...  Yes it 
can be done, but it's a pain.  But this type of configuration setting is just a 
line in ansible.  Because that's what it's designed for.  And what if 
assumptions were made in your script that are no longer correct when you run 
the script?  The shell script is likely to fail horribly doing terrible things. 
 Ansible will just report the error on the specific machine, and stop running 
on that machine.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] OT: Do CS grads need calculus?

[Edward Ned Harvey (blu)]

John says I have to say that I have never in a successful 40-year programming 
career ever needed to know calculus.

To which I respond:  I have never, in my career, needed my degree.  But I'm 
glad to have it.

And do CS grads need Acting I, or Music Theory I?  Those were the free 
electives that I chose.  Why not abolish free electives if we are only 
concerned about what's strictly directly applicable to a career?  I am 
personally in favor of all these classes - and I've got to say - to my 
surprise, Acting I was the most rewarding class I ever took, contributing more 
than any other to my personal success and wellbeing.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Stack Script (shell script) to build Ubuntu LAMP + on Linode

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Greg Rundlett (freephile)
 
 Having just decided that I'm moving my operations to Linode, I'm building
 out a script to install a base Ubuntu 14.04 system on Linode.
 
 The system should have LAMP, plus nginx, firewall, mail (postfix),
 monitoring (monit), reporting (munin),
 
 Any comments, or forks welcome.
 
 https://gist.github.com/freephile/2d73f0f6cacc3d31d2f0

My comments are:  This would have been a lot faster/easier/more 
reliable/scalable/better if done on ansible.  (Or any of its competitors, but 
I'm personally using ansible).
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mythbuntu on VMWare slow

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of aldo albanese
 
 Hi,Not a linux guru like all of you, trying to learn it.  I installed 
 mythubuntu on
 VMWare 5.  I noticed that the app is very slow to respond, I have it set to 4
 processors and lot of memory, it should go faster.  Not issues running
 Windows machines. I have installed the guest, there is any tuning that I may
 need to do to make it faster.
 Thanks for the help.

When you say vmware 5, I guess you mean ESXi 5, on a dedicated server, 
bare-metal installation, right?  Or some other solution?

Did you go into BIOS and enable the virtualization tech, such as vt-x, and 
vt-d?  What kind of hardware is it, did you check for firmware updates and such?

After installing the guest, did you install vmware tools (or openvmtools?)
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mythbuntu on VMWare slow

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of aldo albanese
 
 I have it set to 4
 processors and lot of memory, it should go faster.

Oh - It is ok to overprovision processors, because the system will gracefully 
scale back client performance.  For example if you have a system with 8 cores, 
and you have 3 guests that each have 4 cores, that's ok.  Or even 3 guests that 
each have 7 cores.

It is not ok to overprovision memory.  Always leave at least a G or 2G 
available for the host OS (or more, depending on your guests configuration).  
The host OS will cache and buffer stuff, so the bigger your guests are, the 
bigger your host OS should be.  I think a reasonable balance is something like 
... Guests memory consumption should not exceed approx 75%-80% of the total 
memory in the system, and at least 1G available to the host.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Daniel Hagerty
 
 What you are looking for is ATA TRIM support. 

ATA TRIM,
or
SCSI UNMAP
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[Edward Ned Harvey (blu)]

 From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com]
 
 nothing I have written about ZFS is fundamentally incorrect
 at this point in time

You've written like 12 pages of text in the last 2 days, which will require 20 
pages and a week of reference finding, in order to respond to all the things 
you said wrong about zfs.  There's simply no way I have time for that.

You said zfs blah blah is stupid.
You said zfs blah blah incorrect.  Bogus, nightmare, not desirable, 
etc...

It doesn't take Martin Luther King Jr. to recognize prejudice.

I respect the passion that you have for this - and I respect your expertise on 
lvm, and I agree 100% with the *core* of what you're saying, that for specific 
applications such as databases which perform their own data integrity and so 
forth, greater performance and better thin provisioning support can be achieved 
using a lighter weight file system / storage system specifically designed for 
those purposes.  But overshadowing a lot of that core message are incorrect 
generalizations and statements about zfs.  How to optimize it, and how it 
behaves.

I'm cherry picking 2 points to respond to, because I don't want to waste any 
more time of my life on this:

 says give ZFS whole disks, which is stupid

I happen to be an expert on this subject - and it's the exact opposite of 
stupid.  Disks have the ability to do volatile write-back caching, which is 
disabled by default, but greatly improves random write performance if it's 
enabled.  The thing is - if you give zfs the whole disk, then zfs knows no 
other filesystem exists on any other partition of the disk, so zfs will enable 
the disk write-back cache.  This is safe for zfs, but would not be safe for a 
bunch of other filesystems, of particular importance ufs.  I don't know if it 
would be safe for the various linux filesystems - but the point is - anything 
*other* than the whole disk, zfs cannot assume anything about the other systems 
using the disk and therefore will not enable the write-back.  So yes, it is 
smart to give zfs the whole disk.

 ZFS pool growing out of control on a sparse presented to it from a SAN

I haven't used it, but I hear that unmap is supported on illumos and 
closed-source solaris 11.  Without a research deep-dive, I have every reason to 
expect it works.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[Edward Ned Harvey (blu)]

 From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com]
 
  From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
  Behalf Of ma...@mohawksoft.com
 
  says give ZFS whole disks, which is stupid.
 
  Mark, clearly you know nothing about ZFS.
 
 Think what you wish. Maybe I'm not explaining the problem

You're explaining your thoughts well - it's just that you're saying a lot of 
things that demonstrate lack of understanding of ZFS.  Normally I like to react 
to those kind of things in a helpful manner, but for 1, you're certainly 
writing the stuff much faster than I have time to react to, and for 2, based on 
a zillion similar things you've written here before, I believe you have some 
kind of personal bias that I don't understand, some kind of personal resentment 
for zfs.  I don't think anything I can say is going to change your mind about 
anything, so it would also be a waste of time for me to react to your zfs 
comments for your sake.  I personally believe each tool is a tool, and has 
characteristics different from each other, and based on those characteristic 
differences, each tool is better for certain situations.  But as I mentioned, 
there's *almost* no situation I can think of where I would choose lvm over zfs. 
 

I only want to tell people don't listen to what this guy says about zfs. If 
you want to know, start a different conversation about it.  But if you want to 
know how to make lvm do something - ask Mark.  He loves it, and uses it more 
extensively than anyone I know.  Just don't listen to his comparisons of lvm 
and zfs, because they are largely inaccurate and unfairly biased.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of ma...@mohawksoft.com
 
 says give ZFS whole disks, which is stupid.

Mark, clearly you know nothing about ZFS.

Also, it's clear you have an axe to grind, which makes anything you say about 
it take it with a grain of salt.

I've personally used a lot of zfs, and a lot of lvm, and there is barely any 
situation that I would ever consider using lvm ever again.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Securing a VMware ESXi server at a colo site?

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of John Abreau
 
 I'm considering using the free edition of VMware ESXi 5.5 at a co-location
 site. If I understand correctly, the free edition doesn't include the
 management console application, so I would have to manage it via a web
 browser.
 
 How do I set it up so I can manage it remotely in a secure manner?
 
 My initial thoughts are to close every port on the host server except ssh,
 and lock down ssh in the usual manner: disable protocol 1, disable password

Nope, nope, nope, nope.

First of all, ESXi is not to be managed via ssh.  Although you can enable ssh, 
and lots of useful things can be done that way, it's the most difficult way to 
do anything, it's unsupported, and lots of unexpected gotchas will certainly 
getchya.  The right thing to do is to install vSphere Client on a windows 
machine, and use it to remote admin the server.  The *only* thing you should do 
outside of vSphere Client, is to boot from the install disk, enter IP address, 
and root password during bare metal installation.  Also configure your RAID 
card in BIOS.

That being said - you absolutely, definitely, should not open vSphere traffic 
over the internet.  You'll need a VPN, connected to the primary network 
interface of the ESXi host, which you'll use for management.  Let all the VM's 
use a different ethernet jack, so the VM traffic is isolated from the 
management traffic.  The only way to get to the management interface is via 
your VPN.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Securing a VMware ESXi server at a colo site?

[Edward Ned Harvey (blu)]

 From: John Abreau [mailto:abre...@gmail.com]
 
 Is the vSphere Client part of the free edition of ESXi? I thought I had read
 somewhere that it was only for the commercial edition of ESXi, and that you
 had to manage the free edition through a web interface.

They're always changing stuff, but I currently use ESXi 5.1, and vSphere Client 
5.1.

The client username/password dialog says In vSphere 5.5, all new vSphere 
features are available only through vSphere Web Client. The traditional vSphere 
Client will continue to operate, supporting the same feature set as vSphere 
5.0, but not exposing any of the new features in vSphere 5.5.

I've never used the web client yet - I seem to recall that all the new 
features were for-cost premium features, and I seem to remember getting 
roadblocked with the web client when I tried it once - and I basically 
concluded that the new way of doing things was the non-free way.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Securing a VMware ESXi server at a colo site?

[Edward Ned Harvey (blu)]

 From: John Abreau [mailto:abre...@gmail.com]
 
 I did a bit of googling to see how to setup a vpn server on the ESXi host, 
 and it
 seems that's not possible. And managing the host through a vpn running on a
 guest VM sounds unreliable; if you need to use the management console to
 fix a problem that affects the vpn server guest, you have no access to the
 management console until the problem is fixed.
 So it seems I'll still need a separate physical server to provide the vpn.

Correct(ish).

You should not imagine ESXi as being a normal linux - although it runs a 
linux kernel, it has little to no semblance to any normal linux distribution 
that you're used to.  It is intended to be a bare metal black box, and it's 
generally best to let it be that way.  As I said before, there is some useful 
stuff you can do via ssh, but good reasons to avoid it.

Presumably you have some other backup solution available, right?  Don't expect 
the host OS to do anything useful in terms of software raid or backups, or even 
hardware raid management.  HW raid management is a whole separate subject - 
Some things you can do, others you can't.  

The *best* solution is to have the ESXi host running VM's, which are network 
shared via iscsi from a storage server, which is *designed* to do storage and 
iscsi well (such as a ZFS server).  I like to run ESXi diskless, because they 
do crap for disk management.

You *can* install a VPN server in a VM running on the ESXi host - and I have 
before - and it works fine - as long as nothing goes wrong with that guest VM.  
Some time ago, I had to put in extra effort to make pfSense work in a VM, but I 
think the recent versions actually support it, or something - you can check 
with pfSense if you want.

Of course, if anything goes wrong with your ESXi host, you'll be glad to have a 
separate hardware vpn, and remote access to the iLom or whatever.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Startup?

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Tom Metro
 
 I've been involved with or on the distant periphery of the startup
 community for several decades, and one of the fastest ways of spotting a
 novice is the degree to which they are protective of their idea. Some
 people even expect VCs to sign an NDA.

Agreed.  But that's why I said be careful what you expose.  Because your exit 
strategy, if you want to gain Angel or VC investment, will be acquisition.  And 
in order to get acquired, it's very likely you'll need your inventions 
patented.  And you'll be unable to patent what you publicly disclosed.  So pay 
attention to what was written and what was said, and under what protection it 
would fall.

I've heard from dozens of people, that VC's and Angels don't do NDA's.  I have 
found this to be incorrect - I simply ask them, and about 80% of the time, they 
agreed to do it.  It depends on context - No you probably won't get them doing 
NDA's with you as a stranger, but warmer introductions stand a good chance.  It 
comes down to them protecting themselves - If they meet and discuss innovative 
ideas with dozens of entrepreneurs per week, they see so many new ideas, they 
can't afford the risk of being under agreement with any of them, who might be 
in conflict with others.

You can easily enough prepare material to present, which will communicate your 
core idea, without causing a patent problem or other conflict.


 Get over the idea that people are out to steal it. The hard part is
 *not* the idea. It's executing the task of bringing it to market. Being
 willing to invest years of your time; being able to convince multiple
 investors and initial hires that it is worth pursing. Almost no one you
 will encounter can be bothered to do that.
 
 The danger is not that someone will steal it. The vastly more likely
 scenario is that you won't find anyone who believes enough in its
 validity to put money onto it.

Agreed that rarely is someone out to steal your idea, and agreed that the hard 
part is successfully delivering to market.  Disagreed that noone is interested 
in your original idea.


  The biggest surprise that hit me out of *everything* was the patent
  process.  At some point, you're going to need to patent stuff...
 
 In my opinion a waste of time. Patents work out well for small startups
 about as well as people winning the lottery. Sure there are success
 stories, but for every one there are thousands (or hundreds of
 thousands) or organizations that invest the time and legal fees in
 patent filings that either end up being for products that fail, have no
 licensing market, or never benefit from the legal protection.

The legal protection is probably not the reason you patented something.  The 
legal protection is probably necessary in order to get acquired.  Any 
competitor or potential acquirer is going to look at your product, barriers to 
entry, cost to recreate, and all of that is going to be a factor in how much 
they are willing to pay for an acquisition.  So actually the legal protection 
*is* the reason you patented something - when those guys evaluate your 
business, they'll know if your patent is valuable or not.

It's not that you want to use your patents for suing anyone.  It's that the 
patents add value to the business.


 softer target than a VC. And now we have incubator and crowdfunding as
 ways to get seed cash and gain visibility to 2nd round investors.

No crowdfunding, unless you're talking about something like kickstarter or 
indiegogo, where you sell some kind of swag or early release versions of the 
product.  The point is - No securities via crowdfunding.  I think this is 
described on the SEC page that I linked to before - in 2012 there were some new 
provisions created for crowdfunding selling securities, but I have talked to 
the lawyer, and it's effectively useless.  Maybe someday, but not now.  Ask the 
lawyer if you care.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Startup?

[Edward Ned Harvey (blu)]

 From: John Hall [mailto:johnhall...@gmail.com]
 
 What about all the expenses for
 administration and legal services ? Isn't this part of why you'd seek an 
 angel
 investor?

You'd *better* be able to swing that much yourself.  A few grand of expense 
here or there, and a year of working without pay...  Or enough taken via 
friends  family to be able to swing it.

No - your angel or VC investment (or ycombinator/masschallenge/etc) is at 
*minimum* $50k-$200k, but more typically $500k to $3MM.  These funds are mainly 
dedicated to hiring developers, licensing tools, marketing people and marketing 
expenses, manufacturing if applicable.  Things that are much larger than an 
individual would be able to take on themselves.

They're generally expecting you have some way of dealing with legal and 
administrative costs, sometimes even patenting, out of pocket yourself, and 
depending on a lot of stuff, might expect you to already have a working product 
and paying customers before taking on the investment.

I have been *extremely* pleased to see how much mileage we got out of asking 
people simply, Would you be willing to work on credit - we'll pay you later if 
we can - or work for some vague promise of options - I promise a non-specific 
number of shares and a non-specific percentage of the company, when and if we 
create an option pool later?  When people trust you to be honest, and they 
acknowledge the risk of the business potentially failing, and they understand 
they *might* get nothing, or *might* be able to get something much bigger than 
their normal hourly rate if the business is successful, and they're just simply 
helping somebody that they like, or contributing to a cause they want to 
support - A lot of people are willing to contribute this way.

The small investors - $50k to $200k are generally more inclined to take on 
early stage seed investments, where you might not have all that much developed 
yet, you at least have proof of concept but need more development and patent 
work done etc.  You better be prepared to work unpaid, and *really* stretch 
those dollars, to deliver a lot of bang for buck.  And then go for something 
larger, when you've got something successful and outward facing, with a proven 
business model and just need to expand development and marketing and sales.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Startup?

[Edward Ned Harvey (blu)]

 From: Edward Ned Harvey (blu)
  
 Oh.  Definitely read this.  It helps a *lot* to understand how you should be
 incorporating and who/how to invest.
 http://www.sec.gov/info/smallbus/qasbsec.htm

Oh yeah.  This too:
http://fundersandfounders.com/how-funding-works-splitting-equity/ 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Startup?

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Steven Santos
 
 Have any of you ever pitched a big idea to an angle investor?
 
 Any advice for pitching such a big idea?
 
 Where do you find an angel investor for such a thing?

This is something I now have a lot of experience with.  My advice would be 
first of all, be careful what you say to anybody - The biggest surprise that 
hit me out of *everything* was the patent process.  At some point, you're going 
to need to patent stuff, and anything you disclosed prior to filing for the 
patent, is potentially at risk.  The US has just about the most lenient laws, 
where you're able to patent something up to 1 year after public disclosure, but 
generally speaking worldwide that is not recognized, and not a valid practice.  
Generally anything you disclosed prior to patenting becomes unpatentable.  
You're going to need legal counsel for incorporation - I have two good 
references I'm happy to pass along off-list - both are likely receptive to 
working on credit - allowing your bills to pile up until such time as you're 
funded and able to pay them, because they know the fastest way to destroy your 
startup is to demand you pay their bills straight away.

Reach out to all your friends and contacts, get all their advice.  Become 
comfortable with having everyone sign NDA's so you're not publicly disclosing 
anything.  Get your form NDA from your legal counsel - because if you download 
from the internet, there are lots of different ones that are valid and invalid 
in different regions.  

Understand that all your friends  contacts are going to give you conflicting 
advice.  That's not the point.  The point is, when you pitch to investors, 
*they* are also going to give you conflicting advice.  Every one of them tell 
me what investors are looking for and none of them say the same thing.  By 
talking everything over with all your friends  contacts, you're going to build 
up buzz, and they're going to surprise you with the contacts they can introduce 
you to.  By getting more exposure to them all, you'll be more prepared for each 
one.

Carefully manage your exposure to investors.  They are thick with each other, 
and nobody wants to feel like they're getting seconds on a deal that they've 
already heard about through some colleague in a different group.  Ultimately, 
you'll *need* one or more of them to personally advocate you within the group.  
Your chances are *much* better if you can get personal introductions rather 
than cold approaching them.  All different people are going to give you 
different advice about how to find and approach potential investors - Attend 
groups like Venture Cafe, and Ycombinator, and MassChallenge, Boston New 
Tech...  And a bunch of others...  Go attend those groups before you're ready, 
just so you can see what other people say and see what they present, and see 
what peoples' reactions are to them.  You'll be improving your own personal 
skills just by interacting with the community.

Be prepared to share some stake in the company to whoever advocates you.  It is 
very common practice.  Talk to your lawyer about what's legal and what's not; 
there is a fine line.  You need to be careful what you say and how you say it - 
especially in email.

Do everything you can to generate buzz.  Present at meetups and conventions, 
etc when you're ready.

Try to find some mentors who have been through this sort of stuff before.  One 
of the best things I did was to do an initial Friends  Family round of 
investment, in which, a handful of people I knew invested - and surprised me 
with the amount of knowledge they're able to contribute.  I send out regular 
status updates and solicit their input, and anytime I have to make tough 
decisions, I call them up and discuss.  Not only do they have valuable 
contributions to make - they have a stake.  You'll often hear the phrase 
Friends, Family, and Fools, because naturally a lot of people doing this will 
not be very well qualified.  But if you do it right and get some knowledgeable 
people on board, it can be valuable.

Oh.  Definitely read this.  It helps a *lot* to understand how you should be 
incorporating and who/how to invest.
http://www.sec.gov/info/smallbus/qasbsec.htm 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] perl/Tk

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of dan moylan
 
 trying to install perl/Tk

Eee...   Gross.


 the cpan installation went on for quite a while, but at the

If there was ever an argument for why perl sucks, besides the language itself 
being crap, it's cpan, which sucks bigtime, for exactly the reason you're 
observing.  Developers develop on some system, they test on their own systems, 
and it is *frequent* that something in cpan fails to build where you're trying 
to use it, and there is no way to specify an old version that was known to work 
on your system.


 any suggestions as to where i go from here?

Despite me hammering on it, you're probably not going to abandon perl.  Which 
you should do.  In the past whenever I needed to make something work anyway, 
here's my advice - 

First of all, see if you can abandon cpan, and use packages that are built in 
to your yum repository.  Much more reliable (and faster.)  If that doesn't 
work, you can try building those modules by hand - I've had about 50% success 
in hand-building modules bypassing cpan.  Really the best thing you could have 
done was to download  cache the packages, and document the build process so 
you could repeat it in the future if you need to.  But it's *such* a hassle.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Steve Gibson's SQRL

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Tom Metro
 
 SQRL

Every authentication system, no matter what, is based on a combination of 
something you know, or something you have.  Nothing against SQRL, but SQRL is 
something you have - it's yet another key manager - so it comes down to a 
choice of which characteristics and usability you like.  The only thing you 
always have is your biometrics - but you don't always have your biometrics 
device (fingerprint/handprint/retina scanner etc)

When passwords are chosen poorly, they offer little or no technical protection 
- but surprisingly, even if your password is password or 123456 it provides 
quite a lot of legal protection.  The case study in 3rd party exposure is a 
postcard going through the mail vs a sealed envelope.  You have no reasonable 
expectation of privacy for the postcard, because all the mail handlers could 
have seen the message plainly.  The sealed envelope - while trivial to open and 
even stealthily re-seal - provides a reasonable expectation of privacy and 
therefore protected by 4th amendment.

I am in favor of 2-factor authentication, involving something you know, *and* 
something you have.  Because something you have can often be stolen or copied.  
But I am strongly opposed to *exposing* something you know to the server.

This is what we created https://cbcrypt.org for.  It takes hostid, username, 
and password, and converts them into an asymmetric keypair.  Only the public 
key gets exposed to the server, so the server is able to confirm that *you* 
know your secret, without the server actually knowing your secret.

Also, if you carefully select a long complex password, it's absolutely possible 
(though unusual) to memorize something complex enough to be used as an 
encryption key, strong enough to *actually* keep out the most sophisticated 
brute force attacks.  Although it's rather unusual you need to select a 
password *that* strong.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] os x = poop?

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Eric Chadbourne
 
 The GitHub for OS X app is probably the
 most user friendly way to use git I’ve seen yet. 

The problem with the github app is the fact that it only works for github.  I 
would recommend SourceTree instead - it's free, and excellent, and you won't 
have to learn a new GUI when you do something that's not on github.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Most common (or Most important) privacy leaks

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Jerry Feldman
 
  Yes, I'm logging in, but I'm being coerced -- but don't let on that
  you know, because I'm in danger if this doesn't appear to work.

 I agree with this. This should also be employed in home security systems
 also.

Of course there's an easy countermeasure to that too - 

The guy with the gun says Ok, login.  And if you fail to put the moneyz into 
my hand, blam.  Anybody in the hot seat would be stupid to *use* the Yes I'm 
logging in but I'm being coerced password, unless there was more at stake than 
just their own life.  Useful for national security situations - not useful for 
protecting your bank account.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Does anyone here know someone who's been victimized?

[Edward Ned Harvey (blu)]

I have spoken with two IT people, whose servers had been compromised and used 
to deliver some sort of illegal content, presumably sold from malicious person 
1 to malicious person 2 on the black market (silk road or whatever).

Of course it's also possible to have things like a hacked dropbox or google 
account or whatever - used by bad people - where the legitimate user is 
essentially victimized, or possibly even framed for having some sort of illegal 
materials.

I'm looking for reports or stories of that nature - Do any of you know anyone 
whose servers, or accounts, have been victimized and basically the cops or the 
FBI come knocking on your door because somebody without your knowledge stuck 
some illicit stuff in your account, or used your server to do bad stuff on the 
net?
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Most common (or Most important) privacy leaks

[Edward Ned Harvey (blu)]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of Rich Braun
 
 Please, flippant answers like that aren't helpful.

No, Rich.  Gordon is right.  Your argument was thug gets bank statement, holds 
gun to head, and you want plausible deniability, which you lost at thug gets 
bank statement.

The tiny grain of truth in your argument was that by forcing you to log into 
*any* password manager, they've gained access to *all* your stuff.  Which is an 
argument against using any password manager, or anything other than memorizing 
different passwords for every site you ever use.  So your argument was pretty 
much bunk and the grain of truth is completely impossible to ever satisfy ... 
except as Gordon said ... basically don't own anything.

Plausible deniability is important in some cases.  Not compatible with a 
password manager.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss