Re: [Discuss] rms
On 9/20/2019 1:51 PM, Bill Cattey wrote: > Shirley's Story provokes me to tell, my "It's all my fault," story. > > At one time, my friends Jonathan Solomon (whom many of you know as > jsol -- of Telecom Digest fame), and Rich Braun shared an apartment in > Central Square with RMS. lu.org/mailman/listinfo/discuss Since I'm the current Moderator of The Telecom Digest, I'd really appreciate more info about those who came before me. I took over from Pat Townson, but I have no information on those who came before him. Thanks to everyone for taking time to read this: all info gratefully received. Bill Horne -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] RMS in the news
On 9/19/2019 9:55 PM, Bill Horne wrote: > On 9/19/2019 5:03 PM, Jerry Feldman wrote: >> I was an emacs guy. Learned vi in about 1980, but when I worked for cadmus >> I learned gosling emacs. Used it for all my development until I switched >> to atom > No less an authority than Neal Stephenson wrote "I use emacs, which > might be thought of as a thermonuclear word processor."^1 > > Bill > > 1. https://www.emacswiki.org/emacs/NealStephenson I have just been told that Neal Stephenson switched from emacs to a different word processor, and then to writing with a fountain pen. Since I find fountain pens very hard to use, does anyone know which software Mr. Stephenson used in between emacs and his pen? TIA. Bill -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] RMS in the news
On 9/19/2019 5:03 PM, Jerry Feldman wrote: > I was an emacs guy. Learned vi in about 1980, but when I worked for cadmus > I learned gosling emacs. Used it for all my development until I switched > to atom No less an authority than Neal Stephenson wrote "I use emacs, which might be thought of as a thermonuclear /word processor/."^1 Bill 1. https://www.emacswiki.org/emacs/NealStephenson ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] RMS in the news
On 9/18/2019 7:10 PM, John Abreau wrote: I first heard of RMS at the Boston Computer Society in 1985. I first met RMS in a room adjoining the workstations aisles in the AI lab at M.I.T. I was a High-school student who liked computers, and I had the good fortune to know another Amateur Radio operator who worked there. RMS was sitting at a small table with a terminal on it, dictating code into a tape recorder. The only other item in the room was a cot at the other end, and when we shook hands, he said "Happy hacking!" My friend later told me that RMS lived there, but I didn't quite believe it until years later, when I learned that RMS' apartment had been burned out and that he hadn't known about it for about a week. The next time I saw him, RMS was standing in the center strip of Memorial drive, holding a sign that read "Software should be free." I stopped and asked him why, but I didn't understand his explanation. The last time we met, I was swiping groceries at a supermarket in Cambridge. RMS came by and told me that I shouldn't use the self-service section, because I was putting people out of work. RMS has left us the FSF, the GNU organization, and Emacs (which I use every day): we owe him a lot, both as a society and as a group, and I hope we can keep in mind the immense weight of his achievements on the balance of his life. The problem with genius, it has been said, is that there's no way to go but down. Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Please help with a BASH puzzle
David,
Thank you for your suggestion, but they are not only number, but alpha
values too.
Sorry, though: I chose poor examples. The file can contain any digit
0-9, and any alpha A-Z. There are no punctuation marks and no white space.
Sorted values range from to .
HTH.
Bill
On 8/23/2019 6:51 PM, David Kramer wrote:
Are these hex numbers? bc can convert hex to decimal and do hex
math. The hard part is calculating the next value, and here's an
example of doing that.
nextValue=`echo "obase=16; ibase=16; ${lastValue} + 1" | bc`
Then all you need to do is compare whether the next line you read is
equal to nextValue.
On 8/23/19 6:32 PM, Bill Horne wrote:
Thanks for reading this: I appreciate your time.
I'm trying to do something that should be very easy to do, and yet I
can't remember how to do it, and I'm asking for help.
I have an alpha-numeric, sorted file, that looks like this:
01AA
01AB
01AC
01AE
01AF
.. etc.
I'm trying to remember what BASH utility, script, or command would
flag the missing value (in this case, "01AD"). There are, of course,
any number of ways to program a solution, but I can't remember which
of the BASH utilities will do it. All suggestion welcome, and thanks
in advance.
Bill Horne
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Please help with a BASH puzzle
Thanks for reading this: I appreciate your time. I'm trying to do something that should be very easy to do, and yet I can't remember how to do it, and I'm asking for help. I have an alpha-numeric, sorted file, that looks like this: 01AA 01AB 01AC 01AE 01AF .. etc. I'm trying to remember what BASH utility, script, or command would flag the missing value (in this case, "01AD"). There are, of course, any number of ways to program a solution, but I can't remember which of the BASH utilities will do it. All suggestion welcome, and thanks in advance. Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Ubuntu Install Question
On 3/9/2019 4:47 PM, Rich Pieri wrote: On Sat, 9 Mar 2019 16:28:02 -0500 Bill Horne wrote: I have a Windows 7 PC, and I'd like to know the best way to run Linux on it without dual-booting. Upgrade to Windows 10, enable WSL, and install your preferred distributions? This machine is too old for W10, and I hate the GUI anyway. I'm going to overwrite the HD and use only Linux when W7 dies. Is a trial version of VMWare still available? I used to run Windows XP and Linux under it, but that was a while back. VMware Player is free to use with some restrictions. There hasn't been a free/trial version of VMware Workstation in some time. That's nice to know: I'll check out the player. Thanks! Bill -- Bill Horne 828-678-1548 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Ubuntu Install Question
On 3/8/2019 10:42 PM, Rich Pieri wrote: On Fri, 8 Mar 2019 20:55:49 -0500 Shirley Márquez Dúlcey wrote: [snp] To run Windows under a hypervisor (either under another OS or under Windows itself) you either need a Windows Enterprise license (only sold to volume buyers) or a full retail copy of Windows. (The only You do not need either of these editions. Windows 10 Pro and Education enable Hyper-V which turns what was the bare metal OS in a virtual machine which functions kind of like Zen's dom0. Windows 10 Home does not have Hyper-V. You could run both Windows 10 and Ubuntu in VMs under Hyper-V side by side. I do this at work. It's rather nicer than VMware Workstation and VirtualBox. And in fact you don't actually need a paid Windows 10 license to run Windows 10. You can download Windows 10 from Microsoft, tell it you don't have a product key, and you can install Windows 10 Pro or Home. It won't be activated so there are some cosmetic indicators like the desktop watermarks but it's otherwise fully functional. Unlike previous versions. I have a Windows 7 PC, and I'd like to know the best way to run Linux on it without dual-booting. Is a trial version of VMWare still available? I used to run Windows XP and Linux under it, but that was a while back. -- Bill Horne 828-678-1548 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [BLU/Officers] update instructions for key signing
Bill, I've got a question about GPG, or actually about PKI in general. Since my browser now flags non-https sites as "Unsecure," I'd like to know how to generate a key to put in my Apache setup which will swing the padlocks shut. I know that it won't be "valid" unless I import the key into my browser, but that's a one-time effort and will stop the "unsecure" messages when I ask people to visit my websites. Also, if possible, I'd like to be able to pass out keys for users to use in lieu of passwords to access secured areas. Please tell me how to go about that, and thanks in advance. Bill On 9/16/2018 11:41 PM, Bill Ricker wrote: * We will NO LONGER sign RSA or DSA 1024b keys (or shorter). Obsolete. * We will NOT sign RSA 2048b keys without expiration dates orwith expiration dates beyond 2020. * Use RSA 4096 or ed25519 for gpg2 --gen-key Notes * If concerned about well-capitalized massive factoring dictionaries, subtract a small multiple of 8 bits to get a size that is not standard and thus won't be dictionaried. * Alas the one trustworthy ECC curve, ed25519, is supported only in GPG 2.1.7+ (gpg2), but if you have recent Ubuntu you you can use it now. See https://nickhu.co.uk/posts/2016-09-03-curvy-gpg/ for instructions GPG2 gives a warning that it's not yet standardized so i'm considering it still somewhat expriemental ... i'm going to try a 10y expiring on this ___ Announce mailing list annou...@blu.org <mailto:annou...@blu.org> http://lists.blu.org/mailman/listinfo/announce -- Bill Ricker bill.n1...@gmail.com <mailto:bill.n1...@gmail.com> https://www.linkedin.com/in/n1vux ___ Officers mailing list offic...@blu.org http://lists.blu.org/mailman/listinfo/officers -- Bill Horne 828-678-1548 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Unusual error message after tar ops
Thanks for reading this. I'm transitioning from one Ubuntu system to a new clone. Today, I used tar to move all my existing files from the "old" machine to the "new" one. Initial checks of the new machine showed the recent files that I moved, so I though it went well. However, when I tried to log into the new machine again after an hour or two, I'm getting an unusual error message. I'm able to log in using ssh with key-based authentication, but then I'm receiving a "password:" prompt. I enter what should be the password for the new machine, but then I get this message: Password: newgrp: failed to crypt password with previous salt: Invalid argument Connection to (New machine name) closed. All suggestion welcome, and thanks in advance. Bill -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Running a mail server, or not
On 6/23/2018 11:35 PM, Derek Martin wrote: On Wed, Jun 20, 2018 at 04:26:14AM -0400, David Kramer wrote: My main motivations for running my own mail server is that I rely heavily on procmail rules to deliver mail to the right folders, and I am also not crazy about third parties scanning and storing all my mail, though that's negotiable. I'm in pretty much this situation, but I've kind of given up on the idea that no one should be able to read my e-mail. The fact is your e-mail is already being consumed by the great government surveillance machine regardless, since both incoming and outgoing mail has to traverse multiple ISP backbones (excepting perhaps the case where all your recipients are on your own server), and only crazy people like me were ever willing to put up with the hastle of encrypting all their mail, so... it's a total loss, pretty much. No matter how effective the NSA and the deep state and the man behind the curtain and J. Edgar's ghosts have been at weakening encryption algorithms, it's still a good idea to use end-to-end encryption on any emails that you want to keep private. In the first place, most of the people you want to prevent reading you emails don't have access to any decryption capability, and in the second, even law-enforcement agencies will be forced to get a a warrant (admittedly an easy task) or poison any evidence they gather. Even if you assume that the AES standard has custom-made holes in it for the use of government(s), the "equities" issue is as good a defense as any lawyer: if Uncle Sam introduces decrypted messages as evidence in a trial, then it has ipso facto admitted that it _can_ decrypt them, and thus will have compromised an invaluable source of information and offended some campaign contributors who would like that not to be true. No matter what, end-to-end encryption buys you time: you can't prevent the powers-that-be from obtaining envelope data, but there are ways around that problem, too. Bill -- Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Post issue with bootable linux
Jerry, Open the box and remove the BIOS battery for a couple of minutes, and then replace it. If the behavior continues, you have a proprietary BIOS that I can't help with. If it comes back to "new computer" defaults, the problem is fixed: the machine had a CMOS-infector virus. HTH. Bill On 5/1/2018 11:53 AM, Jerry Feldman wrote: I have a guy with an older system Core2 duo CPU 4GB ddr2 scramble Dell motherboard The problem is when I boot with a known good bootable Linux usb Ubuntu, Fedora the system fails to post. 1. Dell logo comes up 2. Press F12 (boot) or F2 (setup) the light flashes on the usb and the system is otherwise frozen. 3. Neither the setup nor boot menu come up However, when I use a bootable gparted USB it comes up fine. When I go to the boot menu and select the usb, it boots. Sent from Galaxy S8 Android Jerry Feldman <gaf.li...@gmail.com> Boston Linux and Unix http://www.blu.org PGP key id: 6F6BB6E7 PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1 3050 5715 B88D 6F6B B6E7 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Phone maker settles charges it let partner collect customers' text messages
To the powers-that-be: We must take action! The "BLU" trademark has been sullied! Who's in charge of sending the DMCA notice? Bill "Wait, my meds just kicked in" Horne - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Phone maker settles charges it let partner collect customers' text messages BLU phones sent a massive amount of data to firmware and data-mining provider. https://arstechnica.com/tech-policy/2018/04/phone-maker-settles-charges-it-let-partner-collect-customers-text-messages/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] LibreOffice and .docx files
On 12/12/2017 4:43 AM, Dale R. Worley wrote: Bill Horne I'm looking for a job! All leads appreciated! It always helps to specify what sort of job you're looking for or what your special skills are. (And you never know who might see one of your e-mails.) I want to either be the towel boy in a bordello, or to work for a member of the U.S. Congress. If I can't get one of those jobs, I'd like to find something involving telecommunications. I specialize in SOHO instruction, setups and repairs. Bill -- Bill Horne I'm looking for a job! All leads appreciated! ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] perl is dead
On 10/11/2017 1:27 PM, Jerry Feldman wrote: I used to believe that EMACS was God's own editor. Jerry, it's just a dream. You're OK. You're among friends. Just click you heels together three times and say Extend. Meta. Alt. Control. Spacebar! Entend ... -- Bill Horne I'm looking for a job! All leads appreciated! ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Secure Wireless Router for Non-Profit
On 9/15/2017 9:31 AM, Will Rico wrote: I'm helping a non-profit which has a justifiably higher than typical fear of security threats. They need a new wifi router, and I wonder what the BLU community might recommend? The office is pretty small (2 rooms, maybe 5 connected computers at peak, usually fewer). They need a WiFi device which can tolerate frequent password changes, and a strictly-enforced policy of changing the password at appropriate intervals. More importantly, they need a segmented LAN, proxy server, and token-access controller to prevent employees or volunteers from adding devices or users that aren't appropriate for their network. HTH. Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Future-proofing a house for networking -- what to run?
For future demands, I recommend a Siamese multi-mode fiber to each drop, run to a central patching station. Choose the most common connectors, but be sure all your "edge" devices are fiber capable and are designed both for multi-mode fiber (not single-mode) and the connectors you choose. For existing devices, you can buy 75-ohm coaxial cables combined in a common jacket with Cat 5 wire pairs, and that's my recommendation for "legacy" technology. *Warning:* If you buy "Non-plenum" cable, you cannot run it in your attic or in any other void that also serves to return air to the air conditioning or heating system. Non-plenum rated cable must be enclosed in conduit if it is in the plenum. See this Wikipedia article <https://en.wikipedia.org/wiki/Plenum_cable> for details. There is often a (tempting) compromise available: if your house is already wired for "CATV", then the RG-59 or RG-6 coaxial cables can be used for Ethernet by installing specialized converters, or by buying/renting multiple "cable modems" for each room, to use the coaxial cable as-is. However, If the walls really are open, /now is the time to prepare for the future/, so while leveraging existing CATV coax can be tempting and cost less, it's a "work around" intended mostly for rental properties or commercial settings where access or work interruption is a factor. Remember that the most expensive item is the labor required to run the wires/fiber, so if you do everything at once, then you can relax knowing that the fiber will "future proof" your house while the coax and Cat 5 do the job for a few years. BTW, most "fiber" technologies being touted right now are actually "fiber to the curb" or "fiber to the vault" arrangements, where coaxial cable is used for the "drop" connection to and inside your home, so having coax run to your wire closet will save you the aggravation of watching a cable tv or telco droid run coax on the outside of your home. FWIW. YMMV. Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] AT eliminating copper phone lines
As the Moderator of comp.dcom.telecom and The Telecom Digest, I suggest you post there as well! Please send your question to telecomdigestsubmissions.at.telecom-digest.org. HTH. Bill Horne On 3/29/2017 3:58 PM, Chuck Anderson wrote: I also recommend porting to Callcentric. On Wed, Mar 29, 2017 at 08:05:18AM -0700, Rich Braun wrote: +1 to trying a port to Google Voice. I subscribed to it a couple months before my move to San Francisco, just so I could get a 415 phone number to give out to friends before the move. (Wound up keeping my 617 mobile number ever since, weird... but yeah I understand the advantages of keeping the same number for a couple decades, which is why I keep it.) I've been using an Obitalk VOIP gateway and the free Google Voice service as my primary landline for almost 6 years now. I too have long been hard-of-hearing, and it's truly annoying how the mobile-phone companies persist in over-compressing voice calls at a time of plenty in back-end network bandwidth. Get an Obi200 VOIP unit ($47.46 on Amazon), sign up for Google Voice (still free) on a random phone number and try it out with your current Internet service and current telephone handset. I think you'll be amazed at how much better than a cell phone it is. If you like it, then you can port your long-time number to Google Voice (probably). -rich ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] AT eliminating copper phone lines
On 3/28/2017 3:34 PM, Daniel Barrett wrote: On March 28, 2017, Dan Ritter wrote: 1, 2 and 3 are all variations on 4 [eliminating the landline] Oh god. Does this mean that fiber optic lines, when they replace copper lines in the home, reduce the voice quality to that of a cell phone? (If so, I'm screwed for life. I cannot make out 50% of cell phone conversations, even with hearing aids.) No, they don't degrade it to the quality of a cellular call, but they don't improve it nearly as much as they could, either. If you've ever had the pleasure of using ISDN telephone service, you'd be astonished at how far back in last last century "POTS" voice quality really is, and VZ is probably afraid that having ISDN quality on their FiOS offerings might cut into cellular sales, which are the most profitable part of the parent company's earnings. I'm checking on Vonage. (But Vonage has other difficulties, like the fact that the phone lines are in the basement and the FIOS router is on the third floor, so I'd have to hire an electrician to run cables to the Vonage box, and then bring in the alarm company to hook up their stuff.) Well, you didn't hear this from me, but if the wire in the cellar was cut, you could simply run a telephone extension cord from the Vonage box to one of the jacks in your apartment and it would "backfeed" the other jacks. If the alarm company uses the phone line to signal an alarm, then the alarm would work too. Mum's the word. ;-) Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] emoji in my url
On 3/23/2017 10:08 AM, Eric Chadbourne wrote: I just noticed that you can have an emoji URL. I'm I just old or is this moronic? The url bar should contain plain text and obscure nothing, else how do you know where you are? Wow, that's neat. Can I register "TheDonaldSays[middle-finger-upraised].com"? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Torrent of new spam
On 2/14/2017 4:04 PM, Rich Braun wrote: Suddenly, this morning my primary email address apparently found its way onto that [spam] list. ... Apparently this new spammer has figured out a way to get past the RBLs and SpamAssassin filters that I've had a lot of success with in the past. Is this a sudden new/widespread problem, or did I just get unlucky with the combination of my email addresses and the (now fairly old) spam-control software I've been using? We're all finding out just how tough it is to overcome the "Defender's Dilemma": when protecting a castle or a home or an inbox, there are always weaknesses we can't afford to cover. The spammers have now put sucker-bait ads on Craigslist and other "free" venues, advertising sought-after goods for low prices, and then they harvest the addresses of anyone who responds. There are also frequent leaks from commercial companies that sell their old customer lists, and "affiliated" marketing done by well-known web site owners. As the spam industry gains experience, money, and programming expertise, we can expect less and less help from "one size fits all" applications or services. I've stopped using my "primary" email address anywhere I don't have to^1 . I forward everything through my own server, and if any one address picks up spam, I just delete it. Having the server helps in other ways, too: I can send inquiries to ads on Craigslist without worrying about where the return address will be copied to, and it's trivial to block any IP address that's outside the range of countries I usually correspond with. Of course, that's a bit much for anyone still working full-time, but it's a viable solution for me. Until there's a FUSSP, we'll have to keep patching newly found back-doors that bypass the moats around our various castles. Bill Horne 1. bill at horne etc is OK here on discuss because the Mailman server auto-obfuscates addresses in the archives. So far, it's an effective measure, but of course I'll have to abandon the address if it gets on too many spam lists. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] deadmanish login?
On 2/10/2017 10:44 PM, John Byrnes wrote: Hi Bill, On Sat, Feb 04, 2017 at 09:31:59AM -0500, Bill Horne wrote: Thread hijack, sorry. Readers please state your preferences for Keepass, Password Safe, or other programs/methods for storing passwords. I keep my gpg encrypted passwords in a passwordstore [1] git repository. It's available on Linux and Android. I keep my GPG keys on a Yubikey Neo with NFC. This allows usage on NFC enabled Android phones. Synchronization is easy with git. [1] http://passwordstore.org/ Thank you, John: that looks very interesting, especially since it offers Chrome and Firefox plugins, which I assume work on windoze machines although I haven't read the whole doc file yet. Frankly, I think that having an unencrypted list of passwords in a .txt file would be better than using the same password on multiple sites, so any program that allows me to have well-protected password storage would be worth the work of synchronizing the files across platforms when a password changes, but I'm wondering what you all think about the algorithms currently being used to encrypt retained passwords in those browsers, and if pass is harder to crack/easier to use/more wholesome/less filling. Thanks in advance! Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] MIT usernames (was Re: KVM, virt-manager, and CentOS7)
Sent from my iPad > On Feb 9, 2017, at 2:07 PM, Rich Braun <ri...@pioneer.ci.net> wrote: > > Do you have a favorite email address, past or present? Yes: bho...@lynx.dac.neu.edu. I used it for about 15 years after I graduated, until Northeastern retired the Lynx system. Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssh keys question
On 6/17/2016 7:31 PM, Kent Borg wrote: On 06/17/2016 02:20 PM, Rich Braun wrote: You should also encrypt your private key with a passphrase, using 'ssh-keygen -p'. The ssh-agent allows you to use it repeatedly for the duration of a session without having to retype the password multiple times. If you think anyone motivated might ever get a hold of your encrypted file, use a *really* good passphrase. Something in excess of 100-bits of entropy in it. Out of curiosity, please tell me how entropy is measured, and how many bits of entropy are in the string "ysywlmtihtg". TIA. Bill Horne -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Encrypt Everything? Good Luck With That
On 3/29/2016 1:48 AM, Bill Ricker wrote: (And this wasn't even the SBS's operational phone, it was his work phone, so it's still just posturing. They'll be back when they have something else they think public opinion might back them on.) The FBI's choice of case and approach have caused my incipient paranoia to start blooming, and I'm wondering when someone is going to say "Ignore that man behind the curtain". I supposed alleged terrorists aren't likely to draw much public sympathy, but the FBI has always been the most savvy of the federal agencies when it comes to self-promotion, and picking a fight with Apple just doesn't seem like good PR to me. It might be that someone at the NSA has a score to settle at the Hoover building, and the FBI heard deafening silence when they asked the Puzzle Palace to take a look in the iPhone they seized, but to go against Apple - in an election year, no less - strikes me as currying the wrong sort of favor. I suppose there's a wheel within this wheel: perhaps someone with a finger in the FBI's budget pie wanted to strong-arm a hefty campaign contribution from Apple. It's also possible that Apple's execs wanted some free ink and to boost the iPhone's reputation for security, and that everyone inside the beltway knew how this would play out months ago. Still, it's too easy to assume a hidden puppeteer when trying to explain confusing events, so I'm trying to find some logical reason for the imbroglio that doesn't require underhanded back-room deals. However, the contradictions pile up faster than the logical conclusions: 1. If the FBI were trying to slide a software version of the Clipper chip through the back door (pun intended), then they'd have to be aware that Apple could just code around it with the next point release of IOS. 2. If the Hooverites thought they could establish a legal precedent which would obligate any firm to provide free software design, testing, coding, and support at their whim, then their bureaucratic compass needs to be realigned: it's pointing in a direction that Americans no longer want to go, and which not even right wing conservatives want them to choose. 3. If the San Bernardino shootings have become a way to test the political winds, that means this trial balloon is made of lead: nobody I can think of wants the FBI to have access to their secrets. The fact that Hoover routinely blackmailed members of Congress to build the foundation which his marble edifice rests on has got to weighing heavily in any decision - again, in an election year - that lawmakers would make. 4. I suppose the FBI might be currying favor with TheDonald, and hoping that whomever gets elected would remember them as being tough on terror. Still, I get the feeling that we're all being sent to find a broomstick. Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] What was once old is new again...
On 2/18/2016 12:19 PM, Joe Polcari wrote: And I¹ve done that as a ham radio op in the 70s Uh-oh: another ham! I'll have to watch out - I was going to tell the story about how I learned to send BAUDOT from a straight key. ;-) Bill, W4EWH ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] What was once old is new again...
On 2/18/2016 12:05 PM, Drew Van Zandt wrote: On Thu, Feb 18, 2016 at 12:27 AM, Bill Horne <b...@horne.net <mailto:b...@horne.net>> wrote: loading FOCAL from paper tape Whatever happened to toggling in boot/diagnostic code on the front panel? Kids these days... Sheesh, anyone can do THAT. You haven't lived until you've had to take the cover off a 33 ASR and clean the reader contacts before it will make it all the way through the tape! Ultimate triva: what is the key combination used to punch "blank" leader in eight-level tape? Bill "I've got a million of 'em" Horne -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] What was once old is new again...
On 2/18/2016 11:03 AM, Bill Ricker wrote: On Thu, Feb 18, 2016 at 12:27 AM, Bill Horne <b...@horne.net <mailto:b...@horne.net>> wrote: Bill, who thinks that loading FOCAL from paper tape is the true test of computer wizardry! I guess i was pampered, the EDUSYS on which i ran FOCAL had a tiny boot drive (and DECtape). It also had FORTRAN II, the one with the ternary-branch IF. (Rumor was this higher-end EDUSYS was actually a PDP-11 under the hood, unlike the lower end EDUSYS educational-discount PDP-8's. One had 3 ASR-33 s attached, and the 32k memorey was in two banks, so it was assigned 6k ROM, 10K tty0, 8K+8K tty1+2; except the day i got in first and booted it so TTY0 got all the high bank 16k and the other tty's got 5k each. The T.A. was bemused and noted which projects had so few comments they still fit in 5k.) I did my first Assembler course on a PDP-8 Edusystem at UMass-Boston in 1977. Those were the days! I was offered a job on the west coast, and I gave away my 8" floppy to a friend. Wish I'd kept it. Come to think of it, I have a case of 5.25" floppies somewhere - amazing what you find when you're moving. Anyone interested? Bill, who had to shovel snow last month. -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] What was once old is new again...
On 2/17/2016 9:13 AM, Kurt L Keville wrote: Well, maybe twice... I give you the [PiDP-8] ... http://obsolescence.wix.com/obsolescence#!pidp-8/cbie Where's the model 33 ASR? It's not a true "PDP-8" if there's no Model 33! Bill, who thinks that loading FOCAL from paper tape is the true test of computer wizardry! -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] cheap realiable web hosting service
On 1/21/2016 3:47 PM, Bouman MC wrote: I need a reliable and cheap web hosting service I recommend prgmr.com. <https://prgmr.com/xen/> Their motto is "We don't assume you are stupid". I've always found that to be true. Bill -- Bill Horne 828-678-1548 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Notice about a new vulnerability
This is from a tweet I got from Dan Goodin, in which he asks Anyone know if any upstream stable Linux kernels have patched CVE-2015-3290 yet? It looks serious. Dan sent a URL, to an Openwall list. Anyone%20know%20if%20any%20upstream%20stable%20Linux%20kernels%20have%20patched%20CVE-2015-3290%20yet?%20It%20looks%20serious. Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Error appearing on webpages
Thanks for reading this. I subscribe to a ham-radio forum called amfone (http://www.amfone.net), and they had a major crash a few days back. Every since, they've been getting errors on the top of every page, but they've been able to cut them down to one: *Warning*: Creating default object from empty value in*/homepages/11/d132647312/htdocs/Amfone/mkportal/include/SMF/smf_out.php*on line*47* Please tell me whatever you can about this error and way to prevent it, and I'll pass along your advice or put you in touch with the admin. Thank you. Bill Horne -- E. William Horne 617-803-0992 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Seeking help on Portal package
One of the administrators of a forum I use has asked for help to find a better Portal package than the one they're using now. The forum ( http://www.amfone.net/ ) is used by Ham Radio operators, but they're having some unexpected debug text show up at the top of each web page after recovering from a major meltdown, and can use some assistance. Here's a snippet from the email the admin sent to me: We're looking for someone who is an SMF (Simple Machines Forum) expert and has some experience with web portals. Once we get rid of these errors (I have a line on that), we'll want to get rid of MKPortal (our current portal system). It is old and has not been upgraded since 2006! Then we'll want to upgrade the forum to SMF 2.x. That's my thinking anyway. I'm open to expert opinion, since I'm not one! If you know of a solution to the current issue, or can suggest a better Portal package, please email me and I'll pass along his email address. Thank you. Bill Horne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Multiple submissions of resume by recruiters and hired.com
On 6/5/2015 7:03 AM, Mike Small wrote: Thanks everyone for answering my question. The whole job searching process is a puzzle to me, in a kind of Alice in Wonderland sort of way, so every bit of information helps. The job searching process is harder than any job you'll ever hold. It's filled with every imaginable impediment to success: self-doubt, uncertainty, hidden agendas, Tombstone help-wanted ads, and buzzword baby competitors whom think nothing of lying about credentials, certifications, and accomplishments - when you are being honest. We've all heard the trite Little train that could aphorisms ... It's not what you know, it's who you know. Rolodex, Rolodex, Rolodex If you believe you're an expert, then you _are_ an expert. ... but they all ring hollow when the bills are due and the twenty-somethings at the front desks look at you like you just crawled out of a grave. I say Keep at it, but you've already heard that. I'll just mention the things which have worked for me: 1. Job search groups. They help a lot. 2. Be wiling to relocate if the money's too good to pass up. 3. Keep yourself current, and keep your name in the public eye. I hope you have good luck, and if you know of someone who wants their telephones fixed, please keep me in mind. Oh, and if you ever see that hookah-smoking caterpillar tell it that my head is already nourished, thankyouverymuch. ;-) Bill -- E. William Horne 617-803-0992 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Multiple submissions of resume by recruiters and hired.com
On 6/5/2015 9:26 AM, Seth Gordon wrote: I think one reason is that if you spend a number of years at one job, your experience may qualify you for a more challenging or higher-ranking position, but just because you are able to fill that role doesn’t mean your current employer will have that role for you to fill. At that point, it’s logical for you to look for a more appropriate position somewhere else. There's a darker side to that issue: technical professionals such as we tend to undervalue our worth to the organizations we're in, and we're often unaware of the backroom politics and deal-making which we're not privy to. I had two occasions, when working for Verizon, where I found that the higher-ups in the organization had forbidden other managers from offering me jobs I had applied for, or had blocked the move outright when the department that wanted me wasn't willing to back off. It's always wise to keep looking for other jobs, even when you're content with the one you have: knowing that you can say Goodbye goes a long way toward keeping the everyday office politics and other trivia in perspective. Bill -- E. William Horne William Warren Consulting 617-803-0992 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Android Wallet Security Update
I got this from another source: Android Wallet Security Update: http://blog.blockchain.com/2015/05/28/android-wallet-security-update/ Bill Horne -- E. William Horne 617-803-0992 (Cell) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Rekonq doesn't trust my Certificate Authority
I've come across an odd problem with Rekonq, and I'm looking for help. I have a real SSL certificate for my website, billhorne.com. It shows, as is expected, a padlock icon when I go to https://billhorne.com/ . Except when I use Rekonq, and then the KDE browser gives me an untrusted error, saying that the root CA certificate is not trusted for this use. Google searches show that it's a known problem, but the only pages I found were of suggestions that there was a MITM attack in progress or warning against using a self-signed cert. I took a screen shot of the deails page: it's at https://billhorne.com/snapshot1.png . All suggestions are welcome, and thank you in advance. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Verizon Landline Strikes Again
On 2/26/2015 4:14 PM, Bouman MC wrote: Fact1: I choose dial up landline service as a brass tacks answer to hacking: Hacking can't happen, unless someone climbs a pole. Sorry, that's not correct. Once you connect to the Internet, you're just like every other Verizon user, no matter which physical layer you use to get online. Fact 2: Verizon has disconnected dial up landline without admitting it to anyone. But they are still billing. Do you mean that Verizon no longer offers a dial-up, modem-based access, or that they have disconnected your phone line? Result: As I write, landline dial up to all search engines (but not other web sites) has been blocked to my internet connection. I can send but not receive mail. Well, then, you have /some/ connectivity. That tends to obviate problems in the physical layer, so please tell us more about the problem. This is an outrage. The customer service in India can't speak our language and verizon pretends that they're gonna fix it, except that they can't and just transfer you to someone else. By the way, I don't need a technican, cust support and any other clown at the end of an 800 line. And Verizon doesn't need any complaints from customers, so they hire firms 7,605 miles away to give the impression that they care about you. As others have suggested, you must bypass them. Yes, I have wireless (which is how you got this message) but that's not the point. Do you mean that you have email access via a cellular phone, or that you're using a WiFi hotspot? It's important. When are We, the People going to stand up for our rights in this country and start running it again, instead of letting the oligarchy that is draining our taxes and right of access run over us with a tank? Remember the Iron Curtain? Remember Radio Free Europe? What's the difference between then and now? We have cable TV. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] os x = poop?
On 2/23/2015 6:58 AM, Edward Ned Harvey (blu) wrote: From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne The GitHub for OS X app is probably the most user friendly way to use git I’ve seen yet. The problem with the github app is the fact that it only works for github. I would recommend SourceTree instead - it's free, and excellent, and you won't have to learn a new GUI when you do something that's not on github. I suggest we have a speaker at an upcoming meeting to cover the various source control methods. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] transmitting legal documents
On 2/22/2015 8:55 PM, Richard Pieri wrote: On 2/22/2015 8:13 PM, Bill Horne wrote: all, been using computerized medical records for over a decade. I suspect that it's a way to cut costs by requiring customers to deliver documents by hand, since few patients have fax machines at home, and It's because meeting HIPAA requirements with electronic mail is a pain. Please tell us what the HIPAA requirements are: for example, does email need to be encrypted? TIA. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Raspberry PI 2
On 2/22/2015 12:11 PM, ma...@mohawksoft.com wrote: Maybe I'm old, but this much computing capability the size of a pack of playing cards for $35 in quantities of one, seems like a HUGE enabling technology for a new boom in hardware products. You're right - you ARE old! ;-) The hardware and software curves crossed about ten years ago, so it's logical that the hardware devices would get smaller and more specialized. The only thing I'm afraid of is that they're headed toward appliance status, where each strawberry Pi, Pecan Pi, etc. is limited to a single burned-in capability that can never be changed. Bill, who is contemplating Caesar's bust on the shelf and wondering how many will get the reference. -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Most common (or Most important) privacy leaks
On Friday, February 20, 2015 06:54:37 AM Jerry Feldman wrote: On 02/19/2015 11:07 AM, Gordon Marx wrote: On Thu, Feb 19, 2015 at 10:52 AM, Doug sweet...@alum.mit.edu wrote: 2. I would like to hear more about tools for plausible-deniability of the existence of secondary access codes. I don't quite know what that means. I think the idea is to give the ability to communicate to the system Yes, I'm logging in, but I'm being coerced -- but don't let on that you know, because I'm in danger if this doesn't appear to work. I agree with this. This should also be employed in home security systems also. The problem with coercion codes is that they are only a delaying tactic, and tend to lead to hostage-taking. No matter how prompt the response, the best result which might be attained is that the criminals will abandon their attack when they find out help is on the way. That leaves a property-owner in a worse situation than before: he still has the asset, to be sure, but he's also still vulnerable, and the attackers now know that he was able to trick them, which is not a good place to put a Sociopath. As a rhetorical discussion, coercion codes seem like great James Bond stuff. However, in practice, they are both dangerous and unreliable - could /you/ enter one without giving any clue? - and, truth be told, they require a degree of dedication and bravery few can measure up to. For those entrusted with other people's money or secrets, the game is over before it starts. It's not their property, no skin off their ears, and the worst penalty for cooperation is a few boring hours with police investigators and a need to find another job. Someone protecting his own fortune will almost always have other safeguards in place, from the mundane use of a secondary account which doesn't have electronic access, to the need for a business partner or other trusted third party to supply part of an access code, or even kidnap and ransom insurance that will cover the loss. Those whom lay hands on people are penalized *much* more harshly than those who commit crimes against property, and criminals know that. For the same reason that a burglar might decide to go unarmed, a cyber-attacker is likely to know a lot about my habits and routine *before* the attack, since the real wet work puts him over the line into *armed* robbery, and a minimum of six or seven more years on his sentence. Forget anything you saw in movies: nobody moves millions of dollars around, or even tens of thousands, without safeguards that obviate the need for courage-under-fire. Corporate secrets are never entrusted to a single individual, X never marks the spot, and no matter how valuable the software, design, or manufacturing technique may be, it's *always* cheaper to go around it or figure a different method, instead of entertaining thoughts of being under the thumb of thugs who will be back for more, again and again. Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Most common (or Most important) privacy leaks
On 2/19/2015 7:07 AM, Edward Ned Harvey (blu) wrote: From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of Rich Braun Please, flippant answers like that aren't helpful. No, Rich. Gordon is right. Your argument was thug gets bank statement, holds gun to head, and you want plausible deniability, which you lost at thug gets bank statement. The tiny grain of truth in your argument was that by forcing you to log into *any* password manager, they've gained access to *all* your stuff. Which is an argument against using any password manager, or anything other than memorizing different passwords for every site you ever use. So your argument was pretty much bunk and the grain of truth is completely impossible to ever satisfy ... except as Gordon said ... basically don't own anything. Plausible deniability is important in some cases. Not compatible with a password manager. Nobody likes having to deal with thugs; it's a tragedy of the modern age. I sympathize with those whom have had to bear that weight. This is the awkward place that Alice and Bob arrive at whenever we have to talk about security: cryptography-by-force is a recognized threat and must be considered. That is why bank safes have time locks, why safety-deposit boxes need two keys to open them, and why any effective computer security system must assume that any single individual can be compromised. As far as the difference between password-locker programs and having individual passwords in my head, I don't see the point of eschewing the password-locker: I'm going to give a thug anything (s)he wants when my life is threatened. FWIW. YMMV. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Most common (or Most important) privacy leaks
On 2/17/2015 8:42 AM, Edward Ned Harvey (blu) wrote: I see a lot of people and businesses out there, that just don't care about their own privacy. They email passwords to each other, W2's with salary and social security information, photocopies of drivers' licenses and passports to be used by HR to complete I-9 forms... As an IT person advising a business to be more responsible, what areas do you advocate securing most urgently? IT admin credentials? HR records? Financial records? Other stuff? Simply everything, bar none? Email is obviously a huge area of insecure information sharing. Do you also see a lot of people storing information that should be secured in other non-private services like Dropbox, Google Drive, Box, etc? People care a lot about their own privacy. The problem is that, by and large, it's /only/ their own privacy that they care about. Those on this list whom have done penetration testing will back me up on this: you can touch any corporate asset on an employee's desk, but if you touch a purse or a cellphone, they get very interested, very quickly. Purses and cellphones contain information that they feel /is/ private, and therefore they take care to protect it. I'll leave aside the fact that most of what's in a purse or cellphone is already available in databases at the various big-data vendors. What counts is that employees /think/ it's private, and so they act diligently to protect and conceal it. Their employer's privacy is another matter. We could debate passwords vs. tokens vs. biometrics vs. secret handshakes, and never come close to solving the security issue, which is, bluntly put, that most workers don't feel any connection to the corporate goal of 'security'. Very few desk jockeys have any skin in the security game, and even those who could lose their pension if a major breach occurred have a hard time connecting that Maybe, possibly, the odd are ... kind of abstract risk with their day-to-day responsibilities. Low-level employees, even though they are the ones with the most access to the most sensitive personnaly-associated information, such as SSN's or bank account numbers (remember the void check you sent in to start direct deposit?), are not concerned with abstract corporate goals. They know they'll never sit in the corner office, and they know that they'll never drive the Porsche that the executive owns, and they know that they would have to have been a lot more daring and a lot more aggressive and a whole lot more disciplined, for years, if they had ever wanted to be higher up in the corporation. They do what they have to, not what's right in the eyes of we technical weenies who mouth buzzwords and speak in gibberish while shaming them about security. Shakespeare put it best - The fault, dear Brutus, is not in our starts, but in ourselves, that we are underlings. There are, of course, exceptions: those on this list have, I'd bet, mostly come to terms with our station in life as modern-day horse-whisperers who tend to complicated and failure-prone machines and/or software instead of to leading people. In any case, the odds are that we're all well above average in IQ, in income, and in the ever-so-elusive perception of ourselves and our place in the world. The essence of the problem isn't technical; it's human. In military settings, soldiers who don't change their password on time (or whose passwords fail a complexity test) are assigned to low-status jobs, to remind them of their training. In corporate settings, it's impractical to demand that someone who has a password written on the bottom of a keyboard take a day to clean the bathroom or wash the windows, so there's no obvious way to coerce secure behavior, short of willingness to fire those employees who violate password or other security measures. So long as security must be implemented with the cooperation of men and women who resent their station in life and their poor prospects for the future, it will be a serious problem. As Bruce Schneier so aptly pointed out (when critiquing the TSA's policy of confiscating bottles of liquid) - There's no penalty for failure. In other words, so long as the consequences of lackadaisical behavior are borne by anonymous stockholders instead of the perpetrators, we lose. Bill Mister Subtlety Horne William Warren Consulting Copyright (C) 2015, E.W. Horne. All Rights Reserved. -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Are there any no-cost vm's still out there?
On 2/12/2015 1:40 PM, Edward Ned Harvey (blu) wrote: From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne How do you like vmware? I’ve been using virtualbox for years but I heard recently there’s only one dev really maintaining it. Too big a project for that. I wonder if it will be discontinued soon? Virtualbox is really good for a free product. But if you use it all day every day, as a professional, then there's no question about it, vmware fusion and parallels are better. More features, better reliability, better performance. Fusion and Parallels are each better in their own ways - ultimately it's a wash between the two. They're both fine. Being a techy person, I prefer the vmware style over the parallels style. I'm curious: please give your reasons for and against each vendor, and tell us what your experience was installing and debugging each. TIA. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] os x = poop?
On 2/12/2015 1:40 PM, Edward Ned Harvey (blu) wrote: I can bitch and gripe all I want about Apple's policies and how their products are designed to benefit *them* with consumer lock-in, etc etc blah blah. Nobody's listening. Don't be so hard on yourself: there are people listening, but those whom are not probably already realized that Apple is in the business of selling more Apple products, not making the FOSS movement stronger. It's obvious to anyone who sees Apple's hardware that the company wants to prevent any cut-rate competitors' from undercutting their prices: proprietary connectors everywhere you look, even if the protocols are as common as SCSI (Thunderbolt) or VGA, and ever-more imaginative ways to put components inside boxes with new shapes that nobody else can produce. I once won $10 by proving to my coworker that an Apple computer had an IDE drive in it; and I made the bet because I knew that not even Apple could afford to pass up the benefits of commodity disk drives, no matter how much effort their designers put into hiding the drive in a special bracket secured with Torx screws to frighten the average user. They make money at it, and so they're not likely to change, which is a shame, because they're going to get stuck in the what next part of the curve. Having invented so many new ways of doing things, Apple will become the victim of its success: there are only so many ways to re-imagine the music industry or computers in general, and Jobs isn't around to pull more rabbits out of his hat. FWIW. Bill P.S. I'll move my reply to your VM advice into the VM thread. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] os x = poop?
On 2/11/2015 10:18 PM, Eric Chadbourne wrote: Can’t imagine using this OS as a server. Where’s RMS? Help, back me bro! Eric, We may be able to save you. S-L-O-W-L-Y reach in your pocket, grab your nail clippers, and cut the white cord that is tied around your wrist. There may be places where it has started to grow dendrites into you nerves. You'll just have to endure the pain! ... Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Are there any no-cost vm's still out there?
I'm starting a new thread instead of hijacking the os x = poop thread. Eric Chadbourne wrote: Hi Ed, How do you like vmware? I’ve been using virtualbox for years but I heard recently there’s only one dev really maintaining it. Too big a project for that. I wonder if it will be discontinued soon? My question: does VMWare or Virtualbox still offer no-cost software for home/personal use? I'd like to run both Linux and Windows 7 (for all the usual reasons), but I don't know if I can do it without paying for a VM. TIA. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Change Management / Server Room auditor/logger recommendations?
IIRC, RT has a web interface. Bill On 2/8/2015 8:23 AM, Scott Ehrlich wrote: I am looking for recommendations for a free, easy-to-use [web-based] tool that will permit people who log into it the ability to enter the details of the machine or network switch touched and what was done. Once entered, the entry cannot be changed, but notes can be added. In-house coding skills are very limited for this request. Maybe bugzilla could be an option? I've build and used it before... Thanks. Scott ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Hoping BLU will help me
Mr. Howe, Please tell us what disaster your computer suffered. We don't need to know what kind of informaiton is inside it, but we do need to know what happened to it. If you need to share information in private, please provide me with your phone number. Bill Horne On 2/7/2015 11:21 AM, cmh...@patriot.net wrote: BLU list, I'm a first-time poster. I live in the NOVALUG area, but, so far, they haven't been able to get close to my problem, I should say that I am not a programmer. I am a user. I am trying to get something done that I regard as being of immense importance. If you want to hear about it contact me off-list. I want for my system to be back to what it was when disaster hit on 24 Jan 2014, Ubuntu 12-04 LTS. I am an od guy, bday April 27, 1926. I am a long retired theoretical physicist. Not a good one, but it enables me to realize what can be done, what can't be done and, all too frequently, to realize that someone is on the wrong track. I live, with my wife, in an assisted living facility, Emeritus Manassas, zip code 20109. Can I expect any comments, thoughts, etc, when I get back from Lunch. First contact by email first. I am very much mobility-impaired. Fwiw, I have ties in the Boston area. My brother about twenty months older than me, died several years ago. Two nephews also live there. one, Peter Howe, does a broadcast ever weekday night on the NEBN. I never wanted to live there. Too cold. My full name is Charles M Howe. Call me Charlie ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Tonight - BLU Desktop GNU/Linux SIG Meeting - CryptoParty - Weds, Feb 4, 2015
Will, Given the widespread failures on the T and the massive gridlock which tied up roads for hours last night, I'd like to know if there's any chance to reschedule the meeting. Bill Horne On 2/4/2015 10:42 AM, Will Rico wrote: *Sorry for the last minute notice. Some extenuating family (health) issues have slowed me down as of late. If you plan to attend tonight, please email me at willr...@gmail.com so I can give a proper headcount to Akamai and they can order enough food. When: Wednesday, February 4, 6:30 - 8:30PM Location: Akamai, 8 Cambridge Center, Cambridge, MA Directions http://www.akamai.com/html/about/driving_directions.html Also easily accessibly by T. Cost: Free Notes 1) Please note the location is different from BLU's standard MIT meeting location. 2) Akamai has generously agreed to provide space and 'free as in food' for this meeting. Thank you to our sponsor! http://www.akamai.com/ Summary Albert Willis along with Steve Revilak, Quartermaster for the Massachusetts Pirate Partyhttps://masspirates.org, will show us how to protect ourselves online. Topics will include: * How Packet Sniffing Works and Why You're Vunerable * Securing Email (PGP) * Securing Web Browsing * Q A for other topics of interest (e.g. chat, VOIP, etc.) Plus, Jérémie Astori will present cryptic https://github.com/astorije/cryptic [github.com], a script to very easily split root and home partitions when installing Ubuntu on a fully encrypted disk. More events and announcements: Natick FOSS Thurs, Feb 5 at Natick Community-Senior Center at 117 East Central Street http://natickfoss.org/ Mesh Nets with William Fleurant Weds, Mar 4 at Akamai http://meetu.ps/2G5Rkm Linux Soup 15 with Christoph Doerbeck Weds, Mar 18 at MIT http://blu.org/cgi-bin/calendar/2015-mar LibrePlanet 2015 Sat Sun, Mar 21 - 22 at MIT https://libreplanet.org/2015/ ___ Announce mailing list annou...@blu.org http://lists.blu.org/mailman/listinfo/announce ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] OS X server question
On 2/1/2015 3:12 PM, Eric Chadbourne wrote: Hi All, I was thinking about installing the server app on my desktop just to see how Apple does such things. Has anybody installed this on their Mac? Does it screw up the desktop at all? Eric, Run! Run!!! Now, while you still have your sanity and your self-esteem! OS X Server is the work of the devil. It is Apples attempt to pretend that it is not running away from the server market faster than a Yuppie fleeing commitment! The GUI will take your soul and sell it to Satan for a glimpse of a world where GUI's do what the manual says they will! The Mac-in-tushies will tell you the great Ghost of Jobs will solve all problems with the new, improved Thunderbird I/O bus!! Please. I'm begging you. Run while you still can. OS X Server will suck your brain dry and leave only dust. Bill E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account - [SOLVED]
On 12/28/2014 8:58 PM, Bill Horne wrote: I'm setting up an LDAP-based server, which will be used for file transfers among other things. I'd like to allow LDAP users to access the machine via sftp, but I can't figure out how to do that without giving each user a local shell account, and I'm looking for advice. The LDAP users can access ftp without trouble, but not sftp. It's a Mac Mini, running OS X Yosemite, with Server v4.1. Keywords: Solved Answered Fixed Resolved Here's the procedure to allow Open Directory users to have SFTP access without Shell Access on an OS X Yosemite Server. This was done on OS X 10.10.1, with server version 4, which is the latest release as of December 2014. If this breaks your machine, you get to keep all the pieces and chalk it up to experience and I'm not to blame. You've been warned. The plan: A. Some users will be placed in an sftp-only group. B. The sftp-only members will be able to use sftp to access their home directories, and to create subdirectories, but they won't be able to write anything outside their home directory, and they will only have read access within a chroot jail that we will create for them. C. Members of the sftp-only group will receive an error message if they try to use ssh (Secure Shell) to log in to the server. D. The ftp server will be turned off, so that only sftp may be used to transfer files. All users will have sftp access, but users whom are NOT in the sftp-only group will also be able to use a secure shell. Step-by-step procedure: you must have root privileges to create this new environment. That means your ID must be in the /etc/sudoers file: if you use the sudo command and get an error saying that your ID is not in the sudoers file, logout and login again with a different ID that has sudo privileges. 1. Decide on where you will put the new root directory that your SFTP users will use. I recommend that you create a new directory just under the root. N.B. ALL the directories that are above your users' new root MUST be owned by the root user and writable ONLY by root! The administrator account will NOT work: you must sudo to create this new directory. I chose to use ftp as the directory name. sudo mkdir -p /ftp/Users (The above creates a new ftp directory under the root, and a Users directory under /ftp, if you don't already have one. This will be a chroot jail which will be the only part of the machine which sftp-only users will have access to. 2. Test to make sure the new directory is read only for all except root. myserver:~ myusername$ ls -ld /ftp drwxr-xr-x 4 root wheel 136 Jan 11 00:08 /ftp ... and it looks good. If your listing shows write permissions for group or anyone, chmod the directory to 755: skip this step if the ls output shows it's not needed. sudo chmod 755 /ftp# sets /ftp so that only root has write permission. If the listing does not show root as the directory owner, then use chmod: if the ls shows root already owns the directory, skip this step. sudo chmod root /ftp 3. Copy the existing user's files into the new chroot jail directory: this assumes that your users have their home directories in /Users. The -a option will preserve the existing ownership and attributes: since the users will be switched to the home directory which is shown in their Open Directory profile, it's much easier to simply copy the whole /Users directory so that we don't have to change the OD entries. In other words, once the sftp daemon accepts a user's credentials, that user's home will be set to whatever is shown in OD, UNDER THE CHRROT ROOT (in this case, /ftp), sudo cp -a /Users /ftp/Users 4. Decide if you want to remove the sftp-only users' old home directories. I recommend that you leave them as is until the users have confirmed that they sill have all their files. 5. You MIGHT need to have a /dev/ file under /ftp for syslogd to get logging info. In my machine, there was no /dev/log, but there was a /dev/klog device, so I copied that to /ftp. I'm not sure if it's needed, but it doesn't hurt. If we were allowing shell access to users in the jail, we'd need to provide a shell and assorted other files, but the internal-sftp option doesn't require it. sudo cp -a /dev/klog /ftp 6. Edit the /etc/sshd_config file by adding the following lines: Subsystem sftpinternal-sftp Match Group sftp-only X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /ftp N.B.: there is no end-of-match keyword. Be sure you leave whitespace at the beginning of each line that is part of the match. Stop. Take a breath. Have a BOYC. Now, the gotcha: the sshd_config file is sensitive to CR/LF entries! If you are reading this on a Windoze machine and copying lines into OS X from there, it's a good idea to delete all the line-ends and separate the lines by hand while using a command-line type of editor under OS X. 7. Make a list
Re: [Discuss] Using sftp without a shell account
On 12/30/2014 11:46 AM, Daniel Hagerty wrote: Bill Horneb...@horne.net writes: I don't see an nsswitch.conf file on the machine. os-x isn't nss based. Apple does their own thing here, and it's been different from release to release. See if dscl is still there; it is/was the direct introspection tool for all things going through their nss-alike. Dscl is present, but I followed your next suggestion first ... Also, double check that the unix basics really do what you expect with: perl -MData::Dumper -e 'print Dumper([getpwnam(billhorne)])' for both local and ldap sourced users. You should get something that looks like the fields of a V7 passwd file. Here's the printout: perl -MData::Dumper -e 'print Dumper([getpwnam(billhorne)])' $VAR1 = [ 'billhorne', '', 1025, 20, 0, '', 'William Horne', '/dev/null', '/usr/bin/false', 0 ]; and the billhorne ID does NOT have access to sftp or ssh at this point. Here's the result after I entered a test user, by hand, using the Server program. I created the ID, and manual gave it (the user id) ftp and file transfer privileges. perl -MData::Dumper -e 'print Dumper([getpwnam(williamwarren)])' $VAR1 = []; noaasrs2:~ administrator$ perl -MData::Dumper -e 'print Dumper([getpwnam(adamant)])' $VAR1 = [ 'adamant', '', 1030, 20, 0, '', 'Adam Ant', '/Users/adamant', '/bin/bash', 0 ]; ... and the adamant ID *IS* able to access sftp, ssh, and ftp. So, I modified the billhorne id, by changing the Home folder from None - Services Only to Local only, and also be deleting all the groups it was a member of, and authorizing the id for File Sharing, SSH, and FTP as a single user. $VAR1 = [ 'billhorne', '', 1025, 20, 0, '', 'William Horne', '/Users/billhorne', '/bin/bash', 0 ]; And, now billhorne can use ssh and sftp. Which brings up a lot of questions, which I'd appreciate your help answering: 1. Does every Open Directory user have to have a home directory on the master server /Users branch, or can it be placed elsewhere or left on the user's workstation? 2. How would you chroot network users with local home directories so that they're blocked from using them, and limited to the same branch as ftp users? 3. I know that I'm not supposed to be able to change the passwords of imported users, but I seem to be unable to change the password of *ANY* user! I cntl-click on the uid, but I never get anything except the choices to modify the user or change what services it has access to (and an option to change mail, but this isn't a mail server). What the procedure to change the password of each type of network user? Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account
On 1/2/2015 3:20 PM, Derek Martin wrote: On Fri, Jan 02, 2015 at 03:12:37PM -0500, Richard Pieri wrote: 2. How would you chroot network users with local home directories so that they're blocked from using them, and limited to the same branch as ftp users? I'd use rssh (OpenSSH restricted shell) and follow rssh's recommended practices. You're welcome. =8^) Thank you. ;-) I'll check out the software. BTW, does anyone have a URL for the Yosemite version of Apple's advanced system administration docs? Does anyone know why the rsync that's in Yosemite by default is several versions downlevel? Does Open DIrectory have any denied permission(s) that might be causing users whom are assigned to a certain group to lose ssh or sftp privileges? Has anyone used the Fink package manager? Opinions? Gotchas? More questions to follow ... and all suggestions are welcome! :-) Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] os x postresql startup question
On 1/2/2015 4:34 PM, Edward Ned Harvey (blu) wrote: From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne I just got a new mac mini for the holidays. I’ve been living on gnu/linux for the last decade and it’s kind of fun to play in another OS. Learning lots of new stuff. BTW, if you're used to linux and new to osx, here are a couple of useful tips: Oh please please please tell me more. I need more! ;-) OSX uses a case insensitive filesystem. Don't expect anything different and don't try to change it. You'll shoot yourself trying. Mixed emotions: I was surprised to find that Yosemite has an option to create case sensitive file systems. I used it, more to feel at home than anything else. Absolutely embrace timemachine. It sets the gold standard that everyone else should strive to. That's nice to know: my servers are going to be moving lots of data around, but I have to be able to prioritize things on-the-fly. Can Timemachine be used in that environment? Anytime you hear somebody say It's just BSD shun them and call out their ignorance. Nobody says that who knows jack about macs. To say that OSX is BSD is just as smart and useful as saying Windows is VMS. There's a kernel of truth (see what I did there?) that has no application in the real world. They are 100% different OSes with no similarities. Truer words were never spoken! You are learning about launchd. Keep it up. Don't mess with it too much - generally speaking the out-of-the-box configuration is right, and you'll cause problems for yourself by disabling stuff. But for academic and/or troubleshooting purposes, valuable knowledge. I'm going to be fine-tuning permissions for various services, so I'd appreciate pointers to updated info on how it's used in Yosemite. Forget about macports and fink - Install homebrew. You'll notice occasionally, some tool is missing, which you would like to install via yum or apt, but of course, there is no package manager in OSX. The first one you'll probably notice is wget. In 2 seconds, you can install homebrew, and then brew install wget. My employer has used fink in the past, but I'm agnostic since I've no experience with it. What are the pluses and minuses of fink or macports vs. homebrew? Before you go crazy installing stuff with homebrew, install XCode and the XCode command line utilities. This will get most of the stuff you are missing - build tools, which I think include make but not automake, or something like that. But at least it includes stuff like svn and git and gcc and most of what you care about. In my world, I install XCode and XCode command line tools, homebrew, and brew install wget. And generally speaking, that's the end of the story. Rarely ever need to install any command-line utilities beyond that. I'm not likely to be doing any custom apps on my machines, but I'm very interested in ways to increase I/O throughput. Most of the programming is in scripts, moving large files, and I'm looking for ways to improve performance. For example, OSX 10.10 allows me to mount Thunderbolt interfaces which can be used for machine-to-machine transfers. Is there any reason not to? Newbies do a lot of browsing the Applications folder, and linking a zillion things to their dock. That's good while you're a newbie, learning what's available. Before too long, you just hit Command-Space and type the name of what you want into spotlight. Can I set up my own keyboard codes /and/ have them follow me between machines? Under system preferences, go to your mouse and trackpad. Actually watch their tutorials. Extremely useful to learn the gestures, so you know about launchpad and mission control and multiple desktops. Literally in the hundreds of users that I've supported using macs - as soon as somebody got used to the trackpad, they never go back. It's universal that all users prefer the mac trackpad over a mouse or any alternative that's available in windows or other platforms. It actually becomes the #1 repeat mac-buying factor in peoples' choices for a new system in later years. Please point me to any tutorials you recommend: I'm constantly changing between a touchpad and a mouse (docked) environment, so I am very interested in ways to make my interface more efficient. Personal preference: Launch Finder. Change to View As List. Click on View / Show Path Bar Thanks for your help! Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account
On 12/29/2014 3:16 PM, Derek Martin wrote: On Sun, Dec 28, 2014 at 08:58:13PM -0500, Bill Horne wrote: I'm setting up an LDAP-based server, which will be used for file transfers among other things. I'd like to allow LDAP users to access the machine via sftp, but I can't figure out how to do that without giving each user a local shell account, and I'm looking for advice. The long and short of it is you need to make sure that OpenSSH is using PAM, and that your PAM configuration is correct for doing LDAP lookups for account info and such. You also need to modify /etc/nsswitch.conf. I don't see an nsswitch.conf file on the machine. This page may or may not be useful: https://wiki.debian.org/LDAP/NSS I'll check it out, thanks. The LDAP users can access ftp without trouble, but not sftp. That is potentially interesting, but there are a wide variety of ftp servers, and configuring authentication for them varies as well. Without more details about how your system is configured, I expect it will be difficult to provide additional useful advice. It's a Mac Mini, with a generic OS X Yosemite installation, and OS X Server 4.1 installed. There are a couple of local users, which are just administrative accounts. Everyone else is a network user, entered in Open DIrectory but not in the local machine. I'm hoping that Open Directory is close enough to OpenLDAP that I can transfer knowledge. Thanks for your help! Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Do you have experience with Drobo Raid boxes?
On 12/29/2014 10:21 AM, Dan Ritter wrote: On Sun, Dec 28, 2014 at 09:08:33PM -0500, Bill Horne wrote: Thanks for reading this. I'm setting up a file server, and it's attached to a couple of Drobo Raid boxes (http://www.drobo.com/), type TD, which have about 18TB of storage each. They are connected via Thunderbolt 2 cables, and according to a couple of disk-speed measuring apps, they're sending and receiving in excess of 180 MB/s. Actual transfer speeds from a fiber-channel controller, however, as measured by rsync transfers of large files, are only ~2 MB/s. All suggestions welcome. It's a Mac Mini, running OS X Yosemite, with Server v4.1. Drobo uses ZFS. Please tell me more: the Drobo Dashboard software offered the option to format them with HFS+, and since it's attached to Mac Mini, I clicked OK. I don't think any of them have FiberChannel interfaces. They come with Thunderbolt, gig-e, and USB-3, depending. You are, of course, correct: I was referring to the /source/ of the files I was copying /onto/ the Drobo, which is a Nexsan SAN with a fiber-channel connection. It's a Promise controller that has both Thunderbolt and Fiber connectors. Also, I don't think any of them are called TD. Do you mean 5D? Indeed I do, and thanks for pointing that out. Are the drives re-silvering? Not AFAICT. Do you get better results with a straight copy of a file than an rsync? No, but I may have found the problem: the Thunderbolt cables were looped through the Promise Fiber-channel controller, and then through two Drobos. We have tdmi - VGA converters on the ends of the chain, to drive the KVM video switch in our lab, and when I unplugged the VGA converters, speeds increased dramatically. I'm running a large copy now to confirm the results. THANK YOU for your help! Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Using sftp without a shell account
Thanks for reading this. I'm setting up an LDAP-based server, which will be used for file transfers among other things. I'd like to allow LDAP users to access the machine via sftp, but I can't figure out how to do that without giving each user a local shell account, and I'm looking for advice. The LDAP users can access ftp without trouble, but not sftp. It's a Mac Mini, running OS X Yosemite, with Server v4.1. TIA. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Do you have experience with Drobo Raid boxes?
Thanks for reading this. I'm setting up a file server, and it's attached to a couple of Drobo Raid boxes (http://www.drobo.com/), type TD, which have about 18TB of storage each. They are connected via Thunderbolt 2 cables, and according to a couple of disk-speed measuring apps, they're sending and receiving in excess of 180 MB/s. Actual transfer speeds from a fiber-channel controller, however, as measured by rsync transfers of large files, are only ~2 MB/s. All suggestions welcome. It's a Mac Mini, running OS X Yosemite, with Server v4.1. TIA. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account
On 12/28/2014 9:05 PM, Edward Ned Harvey (blu) wrote: From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Bill Horne I'm setting up an LDAP-based server, which will be used for file transfers among other things. I'd like to allow LDAP users to access the machine via sftp, but I can't figure out how to do that without giving each user a local shell account, and I'm looking for advice. The LDAP users can access ftp without trouble, but not sftp. It's a Mac Mini, running OS X Yosemite, with Server v4.1. There are lots of things written about sftp without shell. I presume you've googled it already... Yes, and without success. There's lots of info on how to do sftp without a shell, but WITH a user who has a shell ACCOUNT. I want to allow users from LDAP, i.e., users whom are only in LDAP, not the local machine's passwd file. Currently, LDAP users can use the ftp daemon (and read/write files), but not sftp. So what's going wrong in your case? Here's the (redacted) session printout from a login attempt: the only thing I could find about Roaming not allowed was a mention of some experimental option Apple never released, so I don't know if that's a real problem or not. OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to billhorne.invalid.net [10.117.250.109] port 22. debug1: Connection established. debug1: identity file /Users/billhorne/.ssh/id_rsa type -1 debug1: identity file /Users/billhorne/.ssh/id_rsa-cert type -1 debug1: identity file /Users/billhorne/.ssh/id_dsa type -1 debug1: identity file /Users/billhorne/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2 debug1: match: OpenSSH_6.2 pat OpenSSH* debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host billhorne.invalid.net from file /Users/billhorne/.ssh/known_hosts debug3: load_hostkeys: found key type RSA in file /Users/billhorne/.ssh/known_hosts:7 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa,ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael
Re: [Discuss] Who sells the least expensive SSL certs right now?
On 12/18/2014 6:40 PM, John Abreau wrote: On Thu, Dec 18, 2014 at 2:17 PM, Bill Horne b...@horne.net mailto:b...@horne.net wrote: In theory, we could put our root certificate in everyone's browser, but that's so much effort that it's not practical. That's what I did when I worked at Zuken. Part of my job was building laptops for everyone, on a 3-year refresh cycle, and as part of my standard build I installed my self-generated CA certificate into Firefox and Internet Explorer when I built each new laptop. I also added a page to the TWiki knowledge base explaining how to install the certificate so end-users could do it themselves if they chose. That's awesome! How about doing a meeting on the subject of self-signed certs and the pluses/minuses of using them? ISTM that the CA's have made the certificate-generation process nearly impossible to use, by adding extensions after extension to the certificates so that end-users can't even create a root certificate anymore. Let's have a presentation on how you did it! Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Who sells the least expensive SSL certs right now?
On 12/18/2014 2:12 PM, Richard Pieri wrote: On 12/17/2014 11:01 PM, Bill Horne wrote: I've been taked with obtaining some SSL certs for use on two Mac Minis running OS X Yosemite. Nothing fancy: I'm looking for the lowest cost available. Self-signed? Doesn't get any lower cost, in terms of dollars up front, than that. namecheap is a reseller for Comodo, GeoTrust and Thawte. They're probably your best option for deeply discounted but still pay-for certs tied to big CAs. We have self-signed certs in place now, but they're only usable for testing: the browser vendors have made it so hard to accept them that we gave up trying to teach people how. In theory, we could put our root certificate in everyone's browser, but that's so much effort that it's not practical. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Who sells the least expensive SSL certs right now?
I've been taked with obtaining some SSL certs for use on two Mac Minis running OS X Yosemite. Nothing fancy: I'm looking for the lowest cost available. All suggestions welcome. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Please point me to the thread about open-source software project management tools
On 12/14/2014 2:19 AM, Bill Bogstad wrote: On Sun, Dec 14, 2014 at 4:34 AM, Bill Horneb...@horne.net wrote: We had a discussion on the list about open-source software project management tools, but now I can't find it in the archives for some reason. Please provide a pointer to the archive thread if you remember where it is, and TIA. Searching my personal BLU archive, the newest thing that I find is from Dec. 2008. No idea if this is what you are remembering. Here is a link to the public archive: http://lists.blu.org/pipermail/discuss/2008-December/031563.html Good Luck, Bill Bogstad Bill, Thank you, that was very helpful. I had thought we had a thread about it this year, but I guess not. To be sure I'm covering all the bases, I'll ask for more input. Here's a summary of what i need: 1. Handles a small software project with three or four participants and a few info-providers to be listed in dependencies. 2. GANTT or other charting capability. Any common method will do fine, but feel free to recommend your favorite. 3. Reporting capability, but nothing fancy. 4. Must be no-cost. I can't spend any money. 5. If it's web-based, it has to run on a Mac Mini running OS X Yosemite and Apache. 5. Short, shallow learning curve. Here are some links I found to various online reports, and I solicit comments from the members about the products mentioned. Top 10 Open Source Web-Based Project Management Software http://www.cyberciti.biz/tips/open-source-project-management-software.html Comparison of project management software http://en.wikipedia.org/wiki/Comparison_of_project_management_software The Top 6 Free and Open Source Project Management Software for Your Small Business http://blog.capterra.com/free-open-source-project-management-software/ Thanks in advance. Bill Horne -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Asterisk specialist sought
A friend and former employer asked me to pass along his need for an Asterisk specialist: I'm doing other things at the moment, but if you are an experienced Asterisk man, please email him directly. His name is Jack Boyle, and the address is jackb atsign cleverminds net Bill Horne -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Asterisk specialist sought
On 12/13/2014 6:30 PM, Bill Horne wrote: A friend and former employer asked me to pass along his need for an Asterisk specialist: I'm doing other things at the moment, but if you are an experienced Asterisk man, please email him directly. His name is Jack Boyle, and the address is jackb atsign cleverminds net Bill Horne I've just received an email from another BLU member, pointing out that my wording may be offensive to some. My apologies. No offense intended: it literally didn't occur to me that the tradition use of the male pronoun might be taken as offensive. I assure the readers that I don't care which bathroom they use: I care if they know Asterisk and can help my friend. Bill Horne -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Please point me to the thread about open-source software project management tools
We had a discussion on the list about open-source software project management tools, but now I can't find it in the archives for some reason. Please provide a pointer to the archive thread if you remember where it is, and TIA. Also, feel free to comment on your favorite open-source software project management tool if you want. I need something relatively simple, for a small project, and some charting capability would be nice. All ideas welcome. Bill Horne -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] free SSL certs from the EFF
On 12/5/2014 10:59 AM, Richard Pieri wrote: On 12/4/2014 11:42 PM, John Abreau wrote: On the other hand, if you accept the bad guy's poisoned DNS data: Long story short: Joe is screwed either way. Or I am depending on who takes the fall. If someone is reprimanded or fired or even killed because a security system is working as designed? That's a terrible system. No offense, but Joe might not have a choice: the hotel wants him to click on a user agreement, and so the box they've bought will intercept every DNS call and redirect it to their consent page before allowing Joe to connect to the net. I can't say if that's going to happen at Starbucks or [whereever], but it might. I don't know if that agreement gives the hotel/mega-corp permission to monitor emails as well as collect the click list, but MITM attacks require Joe to agree to accept an invalid certificate at some point, and it's possible to disable his ability to do so. End-to-end email encryption would prevent any monitoring of the email, and a corporate VPN would obviate the problem altogether. Some companies avoid the issue altogether by entering fixed IP addresses in VPN scripts - the only matching key is/should be at the VPN box/server, so there's no loss of flexibility, and IP addresses are cheap enough if the company wants to provide a backup. In any case, Joe's logs will verify that he made the attempt. Of course, theory and practice often differ in security, and we've all met mister JustDoItOrYou'reFired who likes to tell us to break the rules, but that isn't a technical problem. A well designed security suite will give Joe the option of sending his reports by encrypting them first with a few key clicks. FWIW. YMMV. Bill Horne -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] free SSL certs from the EFF
On 12/7/2014 2:57 PM, Richard Pieri wrote: A few days ago Ed posited that we'll get there someday. Truth is, we've been there for some time. With DNSCurve and DNSCrypt we have exactly the kinds of encrypted DNS service that he called for. Why haven't they been widely adopted? I figure it's a Paul Vixie, yes! DJB, no! issue. More likely, an Oh my aching back! The IT crew wants more money again! issue. :-( In the past, I've worked with and suffered under some managers whose view of security was that it didn't matter as long as _/they/_ couldn't be blamed for a failure. I'm sorry to say that they were usually correct. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Debian officially forked over systemd
On 11/30/2014 11:31 AM, Rich Braun wrote: Really? The best brightest Linux minds in the world split over this issue? In my capacity as Telecom Digest Moderator, I asked Ian Murdock to comment on the fork. His reply was succinct: Regrettable. Storm in a teacup in the grander scheme of things. -ian Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Debian officially forked over systemd
On 11/29/2014 12:13 PM, Richard Pieri wrote: https://devuan.org/ Devuan will derive its own installer and package repositories from Debian, modifying them where necessary, with the first goal of removing systemd, still inheriting the Debian development workflow while continuing it on a different path: free from bloat as a minimalist base distro should be. Our objective for the spring of 2015 is that users will be able to switch from Debian 7 to Devuan 1 smoothly, as if they would dist-upgrade to Jessie, and start using our package repositories. Someone, please give me a one-sentence answer I can recite to any suit who asks me what the difference is. I can't use words like systemd: their eyes will glaze over. TIA. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Debian officially forked over systemd
On 11/29/2014 1:27 PM, Betsy Schwartz wrote: The suit explanation has to focus on business impact, not technical details. use phrases like: risk of disruption proven compatibility increased stability total uptime maintenance cost (or their inverses) Betsy, Thanks, that's a good point. Of course, I could try to explain the reason OS's get forked, but anything I say to suits has to be an elevator speech that takes no more than 30 seconds. Bill -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Debian officially forked over systemd
On 11/29/2014 12:49 PM, Shirley Márquez Dúlcey wrote: I don't think that what you ask for is possible. The systemd debate is outside the realm of anything a suit is likely to understand, even if you use an entire page. That's the problem: I can't try to explain why I might recommend one variant of Debian, namely Ubuntu, without considering the Devuan fork. Bill P.S. Have Debra or Ian Murdock voiced their views? I know they're not leading Debian now, but their opinions would carry weight. -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Server/laptop full-disk encryption
On 10/1/2014 9:32 AM, Edward Ned Harvey (blu) wrote: From: Bill Bogstad [mailto:bogs...@pobox.com] It seems like whenever people start talking about computer security, there is a tendency to shoot for the maximum theoretically possible. We don't do that when it comes to our cars or homes, but it does with computers. Computers comprise one class of devices which need security based on the worst possible outcome of theft or misappropriation; like nuclear weapons and barrels of hazardous waste, it is what *MIGHT* happen that counts. By themselves, such things are wicked reminders of the age we live in, but otherwise unremarkable: when taken out of responsible hands, they become more important than their components. The maximum theoretical threat is also the maximum practical one for such things: a computer user who is concerned that his emails to his mother might become public knowledge will choose a more robust security model than someone who is trying to protect the cheat codes for Doom. [snip] However, the place where I disagree with Truecrypt is here: When I deploy bitlocker, I am not deploying a system intended to thwart the NSA. I am deploying a system intended to thwart laptop thieves from retrieving the company financial data, credit card database, product design files, etc. which are valuable on the black market. I have actually worked at a chip company before, where we discovered our own product was pirated and sold on the black market. One of our sales reps went to a meeting in Taiwan, and in that meeting they asked us, Why should we buy your product when we could get the same thing from these other guys? And they proceeded to show us our own slides with some other company's logo on them. To protect against this type of attack, no we do not need 256 bit, or even 128 bit. To protect against this type of attack, the mere existence of a password prompt is probably sufficient - even if your password is baby but probably not if your password is password. To protect against *WHICH* kind of attack? Any company with proprietary data to protect *MUST* deal with the Defender's Dilemma and prepare for all realistic attacks, and any soldier will tell you that it does no good to put razor wire and mines around 99% of the perimeter if you don't have trustworthy and well-monitored employees walking in through the gate. Sad to say, the odds are that those slides leaked out through human hands, not mechanical failures. It's nice to eliminate the hassle of entering two passwords every time. I'm strongly in favor of using the TPM for everyday security, even if the NSA might have backdoored them all. You want something to thwart the NSA? You need plausible deniability. No amount of denial will be plausible when an employee gets a subpoena from the FISA court: they will deliver corporate secrets to the NSA with gift wrapping and a bow. Corporate stakeholders might want to be able to deny something in court, but very few threats come with legal memorandums attached, and it doesn't matter if a denial is plausible when $5 wrenches are in evidence: the wrenches will be used, for the same reason that Orwell shot the elephant: the decision to use them was made when someone picked them up and brought them. Technical professionals such as we tend to think in terms of technical threats and technical solutions to them. Security professionals tend to the think in terms of which attack vector has the best chance of success, but they must be willing to think of *ALL* possible attacks, not just those which have been tried in the past. It does no good to prohibit buses from running under the Pentagon, when a fully armed, loaded, and deliverable field-coverage weapon can be had for the price of an airline ticket and a free trip to heaven. It does no good to protect the data in a laptop if it is also available to a junior clerk whose rent is past-due. FWIW. YMMV. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Back to the OP: Re: Server/laptop full-disk encryption
On 10/1/2014 12:06 PM, Rich Braun wrote: Discussion on this topic has veered from the technical -- what's the state of open-source or low-cost key-server and encryption software today -- to the tactical: why bother? As it must at some point: even if I were an FAA-certifiend Airframe and Powerplant mechanic who could tell you everything there is to know about the Continental engine in a Cessna 152, I would be unwise to buy one for personal use if I had a wife and two kids to take on vacation. However much I might admire the Continental engine or the high-wing design, I'd be unwise to ignore the fact that a Cessna 152 has only two seats. I'll address the why-bother: I live in the heart of the tech capital of the world, San Francisco. The city is seeing a surge in property crimes, and a crook not only grabbed a laptop right out of the bedroom but if he'd chosen to do so, could have gotten one or more of the servers which contain a lifetime of private data. The use-case is pretty trivial to describe: if a server is lost to a future theft, I'd lose sleep over the what-if scenarios of crooks who have enough savvy to fence stolen hard-drives to organized extortion rings or others who are able to exploit stolen data. Well, a lifetime of private data is worth backing up, but whether you need to protect it from disclosure is a different matter. Unless the data contains images of you in SCA garb with a hock of mutton in your hand, and you are an elected official who is publicly associated with a vegetarian lifestyle, there's little need to worry about it: most private data is either innocuous, or not traceable back to it's owner by any practical means. And, in most cases, the best practice is to safeguard only images which identify the owner by sight, and then only if that sight would turn the stomachs of all but the most sophisticated of collectors. Even there, the best defense is often a Publish and be damned! attitude: after all, it /IS/ the twenty-first century. Absent clear evidence of illegal activity, private data is almost always as exciting as a DOS script, and less memorable than President Clinton's question about what the definition of is is. This is, jokes aside, an important distinction: national security screenings always start with the admonishment that all the government cares about is what it *DOESN'T* know, and blunt promises that an individual's private life will remain private so long as it can't be used to coerce him/her to behave in unacceptable ways. That's a far-fetched scenario, perhaps, in a far-flung suburb of Boston but I'm not crazy to defend against it here in SF. It's not crazy to defend against it anywhere: I used to live on Stanyan Street next to Kezar Stadium, so I'm familiar with the area. I now live in a far-flung suburb of Boston, it's true, but there are risks to consider, and precautions necessary, in far-flung suburbs as well as in cities. I will repeat the acceptance-criteria that I raised in my OP: (a) the keys are convenient, readily accessible at every reboot (b) the keys can't readily fall into the wrong hands Fingerprint scanner. (c) infrequently-accessed filesystems aren't accessible except when needed (d) generated keys and pass-phrases have sufficient entropy (e) the keys and pass-phrases can survive *me* (e.g. by somehow keeping an up-to-date version in a bank safe-deposit box in case I get hit by the proverbial bus) Those are features of every well-designed secure data management system, but I'm not familiar with the open-source offerings. My model for this is the commercial key-storage systems (and/or HSMs) sold by companies like SafeNet and Vormetric. Running through the installation procedure for Debian/Ubuntu would, of course, encrypt the root filesystems but that's not my question: I know /how/ to run cryptsetup on filesystems of my existing already-installed servers. But I want to address the issues above which aren't addressed by merely typing a pass-phrase into an installation script, hoping for the best, and avoiding getting hit by a bus or forgetting the pass-phrase (which by the way I do all the time: I am forever hitting the forgot-password links at the myriad websites which require PW auth). I use Password Safe, and therefore need only to remember one passphrase for every website I use. It's on Sourceforge, but I digress. Security is really much harder than you think. My employer pays huge bucks for me to think about this on the job, and I can't help but to think about it for my personal data as well. I agree that /some/ parts of security are harder than others: the hardest part of all being the decision about /what/ to secure. Your employer has a different threat universe to consider than you do as a private citizen. Once you decide what needs to be kept secret, and from whom, then you can address the mechanics. HTH. Bill -- E. William Horne William Warren Consulting
Re: [Discuss] Server/laptop full-disk encryption
On 9/30/2014 9:38 AM, Edward Ned Harvey (blu) wrote: In linux, I'm not aware of any product that does whole disk encryption without needing a power-on password. In windows, Bitlocker uses the TPM to ensure the OS gets booted untampered, and then your user logon password and OS security are used to prevent unauthorized access. This is truly great to protect against thugs and laptop thieves. No offense, but why would it/ how could it? A laptop thief isn't likely to be looking for /your/ info, just an appliance to sell. Thugs, OTOH, will be able to apply rubber-hose cryptography if it's /your/ data they want, and either way having an encrypted hard disk doesn't seem like a deterrent. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home security automation
On Monday, September 22, 2014 10:07:51 AM you wrote: On September 22, 2014, Bill Horne wrote: 2. Every home monitoring system that's sold to civilians can be disabled in seconds with a pair of wire cutters. Anyone who has spent time in prison knows this trick: even amateurs will take the phone off the hook and dial a nonsensical number, to disable old-school burglar alarms which are tied to the phone line. These days, home monitoring companies offer cellular-based backup systems that kick in if the phone line is busy or disabled. As long as the thief doesn't wrap your house in aluminum foil -- Dan Barrett dbarr...@blazemonger.com Sorry, that's not a secure practice: http://en.wikipedia.org/wiki/Mobile_phone_jammer ... and I mentioned WiMax and Satellite Internet only because it's a lot harder to interfere with them than to jam a cellphone. Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home security automation
On Monday, September 22, 2014 10:41:57 AM you wrote: On September 22, 2014, Gordon Marx wrote: Shit, some of the messages on this thread make me think that some folks already have their house pre-wrapped [in foil]. The thief wouldn't need to do anything. One can only hope that the thief is thoughtless and steals the foil first. -- Dan Barrett dbarr...@blazemonger.com Dan, Have you checked the price of tin foil lately? I'm wearing last week's hat! Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home security automation
On 9/21/2014 5:31 PM, Matt Shields wrote: On Sat, Sep 20, 2014 at 10:21 AM, Richard Pieri richard.pi...@gmail.com wrote: On 9/19/2014 4:37 PM, Matt Shields wrote: I'd rather not go with a provider based system (like Comcast, ADT, Vivint, etc) since I want to control everything and not have to rely on a company for service or pay a monthly fee. [...] Any suggestions? Pay a professional to help you plan the system, install and configure it correctly. It'll be worth it in the long run. Part of wanting to do it myself is because I would learn about all the different components and be able to troubleshoot and fix them if necessary. I think what Rich recommends is good advice: a professional will be able to tell you, gently, that most thefts are done by people you know, and that most of your planning will be concerned with ways to prevent that. Here are a few items to consider: */Theft prevention:/* 1. It's important to understand that most snatch and grab thefts can't be prevented. Police response times allow junkies to force entry, heist your TV and iPad and iPhone, and get out of reach before the police arrive. That's what insurance is for. 2. Every home monitoring system that's sold to civilians can be disabled in seconds with a pair of wire cutters. Anyone who has spent time in prison knows this trick: even amateurs will take the phone off the hook and dial a nonsensical number, to disable old-school burglar alarms which are tied to the phone line. Banks, gun shops, and other target risks all have radio backup systems which are secured behind effective barriers. So, if you are trying to protect high-value items, think of WiMax or Satellite Internet service as a minimum first step. 3. If you have jewelry, antiques, firearms, or other high-value items, you'll probably need a safe, depending on the value of the item(s) you're protecting, and applicable laws. Your insurance carrier will insist on it if you ask them to cover high-value items, and on having a notification procedure when the jewels (or whatever) are being taken off-premise. The safe will have to be appropriately rated (that's why the testing company is called the _/Underwriters/_/' //Laboratory/) and professionally installed so that it can't be dragged away and cut open later. 4. You will need to set up security zones. You can't put a Maginot line around your home, because experienced thieves will be gaining entry when they visit family members, or come to a Tupperware party, etc. You're going to need Private areas where casual visitors are never allowed, and (more importantly) the willingness to erect barriers to exclude them. 5. Alarms and safes and security zones are all about buying time. Safes, for example, are rated by how long they can withstand various kinds of attacks, and a properly designed and installed system will delay attackers until help can get there. 6. You and your family members might be asked to attend security-awareness and self-defense training. Safes are only as good as your willingness to resist when a street stomper points a gun at you, and God knows that there's no shortage of guns or street stompers to hold them. */Remote Management: /* 1. /99% /of environmental control can be done with programmable thermostats. 2. The other 1% is handled by giving your neighbor a house key and your cell number. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Sunday, September 14, 2014 10:53:22 PM Steven Santos wrote: If your corp network uses addresses in the 192.168.0.0 range, how about using an address in the 10.0.0.0 range? Most small routers limit users to the 192.168.x.x ranges. Even if a router allowed use of the 172.16~ or 10~ spaces on it's LAN ports, there's no guarantee that a corporate renumbering wouldn't strand the router anyway. I'd say it's unlikely, but every time I do, there's a little voice in my head whispering Famous Last Words ... . Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Sunday, September 14, 2014 10:57:19 PM Derek Martin wrote: On Wed, Sep 10, 2014 at 04:04:12PM -0400, Stephen Adler wrote: I'm setting up a small network at work behind my own firewall. Typically I would use a 192.168.1.0/24 network but I'm afraid the IT people at work have used that for something in my work LAN environment. NEVER DO THIS. Um, yeah, well, ah, I, um, guess I, ah, agree, sort of ... But ... There are exceptions to every rule, and when the 3rd-line manager of the company I'm working at tells me (always at 4:59 PM on Friday, of course) that his son's Boy Scout troop will be visiting on Saturday and that he'd like them to be able to use their BlackAndPad dumb phones while they're inside the firewall, I am disposed to remember the golden rule and to do what it takes to make his wish come true. If the regular IT staff (who have, of course, left for the day) has set up a DMZ to accord visitors Internet access, then the process is simple. If not, well, I just try to remember who's name is on the door. FWIW. Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Monday, September 15, 2014 09:28:30 AM Jerry Feldman wrote: I am with Derek in this case, but remember that 192.168.n.n, 10.n.n.n and 172.16 - 172.31 are non-routable meaning that your router SHOULD never expose these addresses beyond the subnet. So, in the case where you have to set something up at the last minute, the 192.168 addresses are not going to conflict. I would also make sure that the wifi is set up with a pass code so that people outside the group can't use it although in this case the risk is minimal. especially if you disconnect the router after the boy scout meeting. Although the Internet won't relay detached network addresses, that's not necessarily the case inside a corporate network. Moreover, the average corporate network is awash in accidental routers, including portable cellular terminals, laptops with network sharing enabled, and the ubiquitous consumer grade routers that are /always/ going to be plugged in at any company picnic or other event when IT isn't involved in advance. I agree that passwords are an important security feature, but I've never seen them enabled on any router set up by the well-meaning civilians at company events. They aren't thinking about security; they concentrating on not burning the hot dogs. We could each write a book about the ways that self install technologies affect computer network security. It's just not something that anyone in a position of authority will ever read. FWIW. Bill -- Bill Horne William Warren Consulting 339-364-8487___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jerry Feldman wrote:
The reason I suggested password is that it just restricts the ad hoc
user from using the network. This is a short-term requirement for the
OP. And, assuming the WAN port of the router is plugged into the
corporate network. This way the nonroutable addresses will not be
exposed. However, I have seen (and done) routers connected to corporate
networks as switches with the wifi turned on.
In any case, agreeing with Derek that what the OP is doing is not a good
thing, but in this specific case, you are not going to expose those
addresses to the corporate network, but you are allowing them onto the
corporate network rather than an isolated guest network, which is a bad
thing. While the non-routable addresses are not exposed, anyone on that
subnet can go through the firewall. They can get at the company intranet
as well as the Internet.
I'm not writing clearly, for which I apologize. The point I'm trying
to make is that users will *DEMAND* connectivity whenever *they* feel
they need it. It is not productive to say Call IT, or The rulebook
says ..., because users are unable to gauge security risks, unwilling to
admit that their actions may have negative consequences, and
unforgiving when told No.
I've been there. We've *all* been there. In a nutshell, the problem is
that evolution has not prepared human beings to appreciate long-term
costs in the face of short-term pleasure - that's why cigarettes are
still sold - and too many managers feel that technically adept
subordinates are talking gobbledygook just to feel important and that
the solution to every IT problem is to threaten to kick us in the butt
in order to make the magic bits flow.
At the heart of most security concerns is the simple truth that those
in charge often choose not to concern themselves with maybe warnings
about potential risks in the face of I want ... demands from
{anyone but us}. I feel this is a shortcoming of American management
in general, and I have never discovered a polite or effective way to
say You're being foolish - please don't do that.
FWIW.
Bill
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJUF0HLAAoJEB+Bm2pt7eU7EtsP/1+6KxdZN+TQIqHMN0zj6Qbx
0mbxwKE3/h1XLPIHWpbaHSpglhA9m8pz2LasshyjwQR+Mp/p/RHWtWi7Tgz+vSOk
jp3h6NHGYvNsQr6HU4Rp7Qyv1CvEwXuNp/omgAOjrHC/NoHS7HWUfotG2vOIrmKK
K0lequU2MOUMYaZ6CEReAmQ865++1jFypyMZPEjmdYkiIzVYPeyVXuNyr3Ws7xa1
zv9heQ06XXX5ZF8ZGexVFWpnOGknp7XdVTiwoKo1ypz2zULGshb1eej7e2lNMXcI
OH/kQ2CJPOCkKUR8nPjxoKyOZinuvTLKqQdrD62qjMCc3k8Zt+AeHKqRY+Ihk7Kv
th0fV5WDqxFm2P58CtKty5GFKemVdtLSHD2vcG2ZDrn/hMckFUVLspK94ieS9VW5
XmQdsQsPWKkD875la8nJzRDu0skSS9LPFx+wXoLrxsz5HMm76BtEjTwdwQdnFnyt
AWp6cGcI+Bj4AgJKjU5ajc2FGKpBKIC7L0tniCkVerE0IpzyUSx3fQsaAux6Cw0M
Ju+eRPpflgqx7b1lCIorxm9pMDQzvrfP8wbK6bSSz7hDV1Q7A9LIpDau51MglICM
IFTr87R435cd0bvjCEEQSwkILST/wRYRwxunFkJXcqfr64Dhwdzjrres81lLD5Dj
FyGxri2N8+FpL+2HgVgg
=Phhz
-END PGP SIGNATURE-
--
Bill Horne
William Warren Consulting
339-364-8487
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On 9/10/2014 4:04 PM, Stephen Adler wrote: Guys, I'm setting up a small network at work behind my own firewall. Typically I would use a 192.168.1.0/24 network but I'm afraid the IT people at work have used that for something in my work LAN environment. Is there a way of probing the work LAN network to ensure that what ever IP address I select for my network doesn't get tangled up with one on the corporate LAN? Or is it best to just choose one and hope for the best? Steve, If by Firewall you mean Network Address Translation-enabled wired-only router, then it's a non issue. You plug the WAN port into your corporate network and set it for DHCP (or whatever fixed address your IT guys assigned to the port). The router will translate whatever detached IP range you choose, e.g., 192.168.255.0/24, and you'll be in business. If you're router is /also/ a WiFi hotspot, then you'll be OK so long as your IT guys don't come with pitchforks: hotspots automagically associate with end-user devices, and the addresses won't be in conflict with each other unless you choose the same SSID that your company uses (actually, not even then, but I won't quibble). However, as others have pointed out, it's best to involve your company IT staff, so that they can assign a valid IP which is isolated from any internal networks that those using your router should not see. Bill Horne -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] What key lengths are currently adequate?
OK, I'm not looking for entropy anymore. I just found an old key. It doesn't expire until 2017, so I don't think I have to generate a new one. Here's another question, though: what key lengths are considered adequate these days? This key is 4096 bits, which I'm confident is long enough for now, but I'm curious what the minimum recommended key length is these days. Bill -- Bill Horne William Warren Consulting 339-364-8487___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] How do I add entropy?
... other than by asking a question that some will think should be researched on-line? ;-) With the key signing coming up, I set out to generate a brand new, 4096-bit RSA key. However, GPG says I need more entropy, and suggests I do other things on the system to get it. Google wasn't helpful: I don't know if the solutions proposed (copy /dev/random to /dev/null, for example) will remove more entropy than they add. So, my questions: 1. What can I do to help it along, without degrading the quality or quantity of randomness my machine has on file right now? 2. Does doing other things on the system contribute to the entropy pool? In other words, does Linux acquire randomness by monitoring the time between keystrokes or mouse movements or similar normal events? In other words, how does Linux gather entropy for the use of applications such as GPG? Thanks for your help. Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] How do I add entropy?
On 9/6/2014 4:17 PM, Bill Ricker wrote: On Sat, Sep 6, 2014 at 4:00 PM, Bill Horneb...@horne.net wrote: 2. Does doing other things on the system contribute to the entropy pool? In other words, does Linux acquire randomness by monitoring the time between keystrokes or mouse movements or similar normal events? Yes. Noise-bits from timing of Mouse, keyboard, and disk access are likely all to be harvested. Thanks, that's nice to know. Is there any way to speed the process? Short of putting up an antenna and counting bits of static, how can I accumulate random bits more quickly that by typing or moving the mouse? Long story short, must I tough it out and copy War and Peace by hand in order to get enough entropy for a new key? TIA. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Mailcheck not showing new mail
On 8/9/2014 11:06 PM, Tom Metro wrote: Bill Horne wrote: I'm calling mailcheck -cs from my login script... I presume this mailcheck: http://manpages.ubuntu.com/manpages/precise/man1/mailcheck.1.html (There seem to be several tools with that name.) That's the one. ...but it is reporting No new mail when it shouldn't be. You have new mail in /var/mail/moder8 moder8@telecom:~$ mailcheck -cs No new mail. My .mailcheckrc file has my home mailbox listed. The first message, presumably produced by 'mail', is reported on your spool file, not Maildirs in your home directory. You say .mailcheckrc specifies your home mailbox. What exactly do you mean by that? To match 'mail' I'd expect it to be: /var/mail/$(USER) It's /var/mail/moder8, which is the actual name, but it's in there. ... oops, wait: I just noticed that the file name is .mailcheckr. Home Simpson mode=on D-Oh! (Slaps head) /simpson Hey, just a sec: The result of running mailcheck -cs without a local .mailcheckrc is no new mail. when there is mail in the mailbox, and no output when the mailbox is empty. It *is* paying attention to the mail spool, albeit not in the way I want. What's up with that? Also check to see if /etc/mailcheckrc exists and see what it points to. (If it does not already, it should probably contain a path, as I show above, that matches the convention of where inboxes are stored on your system.) Another puzzle: on Ubuntu 14.04 LTS, it's all commented out. There is an entry that looks like #/var/spool/mail/$(USER) ( /var/spool/mail is a link to ../mail) ... but nothing actually enabled, for that or other options. (brief pause while Bill corrects short circuit in operator) Now, with a properly named .mailcheckrc file, it seems to do what it should. My question remains, though, why it would be able to tell the difference between a spool file with anything in it, or nothing in it, but not signal if the file has new mail? Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Mailcheck not showing new mail
Bill Horne wrote:
The result of running mailcheck -cs without a local .mailcheckrc is
no new mail. when there is mail in the mailbox, and no output when the
mailbox is empty. It *is* paying attention to the mail spool, albeit not
in the way I want. What's up with that?
...why it would be able to tell the difference between a spool file
with anything in it, or nothing in it, but not signal if the file
has new mail?
With Maildir detecting new mail is simply a matter of looking for the
presence of files in a 'new' subdirectory. If I recall, with mbox
files the file has to be parsed and the headers of each message
examined. There needs to be coordination between how the MUA marks
messages as read and the mail checking tool. Maybe there is a
disagreement between mailcheck and your MUA.
The documentation on mailcheck seems sparse. It doesn't even state
what the default behavior is if there are no config files. To
understand what it is doing would require using strace and/or
examining the source.
(I'd try running strace -o/tmp/mailcheck ... then grep
/tmp/mailcheck for /var to see what spool files it is accessing. If
you spot an open() syscall, it'll return a file descriptor, and then
you can look for subsequent syscalls (like read() and stat()) on that
descriptor to see what it is doing with the file.)
Here's the output file after I renamed .mailcheckrc: /etc/mailcheckrc has only
comments.
execve(/usr/bin/mailcheck, [mailcheck], [/* 21 vars */]) = 0
brk(0) = 0x82c000
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f4dca743000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=24081, ...}) = 0
mmap(NULL, 24081, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4dca73d000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/x86_64-linux-gnu/libc.so.6, O_RDONLY|O_CLOEXEC) = 3
read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\320\37\2\0\0\0\0\0...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1845024, ...}) = 0
mmap(NULL, 3953344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f4dca15d000
mprotect(0x7f4dca319000, 2093056, PROT_NONE) = 0
mmap(0x7f4dca518000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bb000) = 0x7f4dca518000
mmap(0x7f4dca51e000, 17088, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4dca51e000
close(3)= 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f4dca73c000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f4dca73a000
arch_prctl(ARCH_SET_FS, 0x7f4dca73a740) = 0
mprotect(0x7f4dca518000, 16384, PROT_READ) = 0
mprotect(0x7f4dca745000, 4096, PROT_READ) = 0
munmap(0x7f4dca73d000, 24081) = 0
brk(0) = 0x82c000
brk(0x84d000) = 0x84d000
open(/home/moder8/.mailcheckrc, O_RDONLY) = -1 ENOENT (No such file or
directory)
open(/etc/mailcheckrc, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1446, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f4dca742000
read(3, # mailcheckrc\tDefault configurat..., 4096) = 1446
read(3, , 4096) = 0
close(3)= 0
munmap(0x7f4dca742000, 4096)= 0
exit_group(0) = ?
+++ exited with 0 +++
... and here's the output file after .mailcheckrc was restored:
execve(/usr/bin/mailcheck, [mailcheck], [/* 21 vars */]) = 0
brk(0) = 0x1643000
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f19bdc0
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=24081, ...}) = 0
mmap(NULL, 24081, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f19bdbfa000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/x86_64-linux-gnu/libc.so.6, O_RDONLY|O_CLOEXEC) = 3
read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\320\37\2\0\0\0\0\0...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1845024, ...}) = 0
mmap(NULL, 3953344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f19bd61a000
mprotect(0x7f19bd7d6000, 2093056, PROT_NONE) = 0
mmap(0x7f19bd9d5000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bb000) = 0x7f19bd9d5000
mmap(0x7f19bd9db000, 17088, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0
[Discuss] Mailcheck not showing new mail
I'm calling mailcheck -cs from my login script, but it is reporting No new mail when it shouldn't be. My .mailcheckrc file has my home mailbox listed. Here's an example: it's what I saw moments ago when I logged on to my Ubuntu 14.04 LTS server, and called mailcheck manually. You have new mail in /var/mail/moder8 moder8@telecom:~$ mailcheck -cs No new mail. moder8@telecom:~$ As alwasys, all suggestions welcome. TIA. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Verizon blacklisted me
On 8/6/2014 4:31 PM, Don Levey wrote: Changing your IP address wouldn't make that difference unless the Verizon smtp server was using one of those blacklists for *outgoing* mail. Off the top of my head that seems like it might not be a good choice, and wouldn't think that is the main culprit. I wouldn't dismiss the possibility out-of-hand: Verizontal's silos have incredibly thick walls, and they are connected only at the top. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Seeking information on binaries called entities and fixup
On 8/2/2014 1:42 AM, Tom Metro wrote: Quoting your original message: ...I'm seeking information about a binary named entities, and one named fixup. I've found them in a script that processes emails into html pages for publications, but the script's author isn't available, and neither is working. I gather the script is custom and not from some project? My guess would be that these tools were borrowed from some other project. Probably a mail archiving tool. Some more searching might turn up their origin. I didn't see any mention of the name anywhere in this context. What's the big picture that you are trying to accomplish with the script? Presenting the Telecom Digest on a web site? Maybe an off-the-shelf mail archiving tool is a better way to go? (Like MHonArc.) AFAICT, it's intended to replace HTML reserved characters with HTML entities. Less-than becomes lt;, etc. What language is the script written in? 'fixup' remains a mystery, but you probably know enough about 'entities' to replace it with some in-line code. Greg gave you a PHP example. It could be done as a one-liner in Perl, with the assistance of a module. I don't know what language it was written in. I accepted help from a volunteer who installed several scripts, and this binary was in one of them. I'll try the PHP that Greg suggested, and rebuild the process. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Mutt showing Mailbox is read-only. error
I use mutt for email at the Telecom Digest, and our 'new' machine has developed an annoying habit: when I open my default mailbox, and try to delete an email, I get the error Mailbox is read-only.* *I tried using mutt_dotlock, but it worked only once, and now I'm getting the error no matter what I try. All suggestions welcome. Bill * * -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Mutt showing Mailbox is read-only. error
On 8/2/2014 11:31 AM, Richard Pieri wrote:
On 8/2/2014 11:09 AM, Bill Horne wrote:
habit: when I open my default mailbox, and try to delete an email, I get
the error
Mailbox is read-only.*
This is probably the ownership and permissions on the spool directory
(/var/mail). The ownership should be root:mail. Permissions at a minimum
should be 2775 (u+rwx,g+rwxs,o+rx).
Once these are set you should check the ownerships and permissions of
the spool files. Ownership should be ${USER}:mail and permissions should
be 660 (u+rw,g+rw,o-a).
I made the changes, and added the postfix user to the mail group. It
works OK now.
THANK YOU for your help!
Bill
P.S. Is there a list of Standard permissions for a new Ubuntu 14.04
LTS install?
--
E. William Horne
William Warren Consulting
339-364-8487
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Seeking information on binaries called entities and fixup
On Fri, 1 Aug 2014 01:16:33 -0400 Greg Rundlett (freephile) g...@freephile.com wrote: As Tom suggested, what do you get with strings entities and file entitites This is the output of the stringscommand on the old machine moder8@old-massis:~/rsi$ strings /home/moder8/bin/entities I125 /lib/ld-linux.so.2 __gmon_start__ libc.so.6 _IO_stdin_used exit putchar stdin fgets stdout fputs strncasecmp fwrite __libc_start_main GLIBC_2.0 PTRh [^_] @(#) $Id: entities.c,v 1.4 2011/12/19 12:40:17 moder8 Exp $ nbsp; iexcl; cent; pount; curren; yen; brvbar; sect; uml; copy; ordf; laquo; not; shy; reg; macr; deg; plusmn; sup2; sup3; acute; micro; para; middot; cedil; sup1; ordm; raqu; frac14; frac12; frac34; iquest; Agrave; Aacute; Acirc; Atilde; Auml; Aring; AElig; Ccedil; Egrave; Eacute; Ecirc; Euml; Igrave; Iacute; Icirc; Iuml; ETH; Ntilde; Ograve; Oacute; Ocirc; Otilde; Ouml; times; Oslash; Ugrave; Uacute; Ucirc; Uuml; Yacute; THORN; szlig; agrave; aacute; acirc; atilde; auml; aring; aelig; ccedil; egrave; eacute; ecirc; euml; igrave; iacute; icrc; iuml; eth; ntilde; ograve; oacute; ocirc; otilde; ouml; divide; oslash; ugrave; uacute; ucirc; uuml; yacute; thorn; yuml; html quot; #39; lt; gt; amp; moder8@old-massis:~/rsi$ Now, the output of the files command on the old machine /home/moder8/bin/entities: ELF 32-bit LSB executable, Intel 80386,\ version 1 (SYSV), dynamically linked (uses shared libs),\ for GNU/Linux 2.6.8, not stripped Now, the output of the strings commond on the new machine /lib/ld-linux.so.2 __gmon_start__ libc.so.6 _IO_stdin_used exit putchar stdin fgets stdout fputs strncasecmp fwrite __libc_start_main GLIBC_2.0 PTRh [^_] @(#) $Id: entities.c,v 1.4 2011/12/19 12:40:17 moder8 Exp $ nbsp; iexcl; cent; pount; curren; yen; brvbar; sect; uml; copy; ordf; laquo; not; shy; reg; macr; deg; plusmn; sup2; sup3; acute; micro; para; middot; cedil; sup1; ordm; raqu; frac14; frac12; frac34; iquest; Agrave; Aacute; Acirc; Atilde; Auml; Aring; AElig; Ccedil; Egrave; Eacute; Ecirc; Euml; Igrave; Iacute; Icirc; Iuml; ETH; Ntilde; Ograve; Oacute; Ocirc; Otilde; Ouml; times; Oslash; Ugrave; Uacute; Ucirc; Uuml; Yacute; THORN; szlig; agrave; aacute; acirc; atilde; auml; aring; aelig; ccedil; egrave; eacute; ecirc; euml; igrave; iacute; icrc; iuml; eth; ntilde; ograve; oacute; ocirc; otilde; ouml; divide; oslash; ugrave; uacute; ucirc; uuml; yacute; thorn; yuml; html quot; #39; lt; gt; amp; And, last, the output of the file command on the new machine: /home/moder8/bin/entities: ELF 32-bit LSB executable, Intel 80386,\ version 1 (SYSV), dynamically linked (uses shared libs),\ for GNU/Linux 2.6.8, not stripped - - - - - - - HTH. Thanks for your time! Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Seeking information on binaries called entities and fixup
On Fri, 1 Aug 2014 01:16:33 -0400 Greg Rundlett (freephile) g...@freephile.com wrote: As Tom suggested, what do you get with strings entities and file entitites This is the output of the stringscommand on the old machine moder8@old-massis:~/rsi$ strings /home/moder8/bin/entities I125 /lib/ld-linux.so.2 __gmon_start__ libc.so.6 _IO_stdin_used exit putchar stdin fgets stdout fputs strncasecmp fwrite __libc_start_main GLIBC_2.0 PTRh [^_] @(#) $Id: entities.c,v 1.4 2011/12/19 12:40:17 moder8 Exp $ nbsp; iexcl; cent; pount; curren; yen; brvbar; sect; uml; copy; ordf; laquo; not; shy; reg; macr; deg; plusmn; sup2; sup3; acute; micro; para; middot; cedil; sup1; ordm; raqu; frac14; frac12; frac34; iquest; Agrave; Aacute; Acirc; Atilde; Auml; Aring; AElig; Ccedil; Egrave; Eacute; Ecirc; Euml; Igrave; Iacute; Icirc; Iuml; ETH; Ntilde; Ograve; Oacute; Ocirc; Otilde; Ouml; times; Oslash; Ugrave; Uacute; Ucirc; Uuml; Yacute; THORN; szlig; agrave; aacute; acirc; atilde; auml; aring; aelig; ccedil; egrave; eacute; ecirc; euml; igrave; iacute; icrc; iuml; eth; ntilde; ograve; oacute; ocirc; otilde; ouml; divide; oslash; ugrave; uacute; ucirc; uuml; yacute; thorn; yuml; html quot; #39; lt; gt; amp; moder8@old-massis:~/rsi$ Now, the output of the files command on the old machine /home/moder8/bin/entities: ELF 32-bit LSB executable, Intel 80386,\ version 1 (SYSV), dynamically linked (uses shared libs),\ for GNU/Linux 2.6.8, not stripped Now, the output of the strings commond on the new machine /lib/ld-linux.so.2 __gmon_start__ libc.so.6 _IO_stdin_used exit putchar stdin fgets stdout fputs strncasecmp fwrite __libc_start_main GLIBC_2.0 PTRh [^_] @(#) $Id: entities.c,v 1.4 2011/12/19 12:40:17 moder8 Exp $ nbsp; iexcl; cent; pount; curren; yen; brvbar; sect; uml; copy; ordf; laquo; not; shy; reg; macr; deg; plusmn; sup2; sup3; acute; micro; para; middot; cedil; sup1; ordm; raqu; frac14; frac12; frac34; iquest; Agrave; Aacute; Acirc; Atilde; Auml; Aring; AElig; Ccedil; Egrave; Eacute; Ecirc; Euml; Igrave; Iacute; Icirc; Iuml; ETH; Ntilde; Ograve; Oacute; Ocirc; Otilde; Ouml; times; Oslash; Ugrave; Uacute; Ucirc; Uuml; Yacute; THORN; szlig; agrave; aacute; acirc; atilde; auml; aring; aelig; ccedil; egrave; eacute; ecirc; euml; igrave; iacute; icrc; iuml; eth; ntilde; ograve; oacute; ocirc; otilde; ouml; divide; oslash; ugrave; uacute; ucirc; uuml; yacute; thorn; yuml; html quot; #39; lt; gt; amp; And, last, the output of the file command on the new machine: /home/moder8/bin/entities: ELF 32-bit LSB executable, Intel 80386,\ version 1 (SYSV), dynamically linked (uses shared libs),\ for GNU/Linux 2.6.8, not stripped - - - - - - - HTH. Thanks for your time! Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] wiki suggestion?
On 7/31/2014 10:50 PM, John Abreau wrote: Wikipedia is based on mediawiki, which I haven't used myself, but I understand it's generally a good choice. Mediawiki is a good choice for open-content, publicly accessible wikis, provided you have enough data to justify the overhead. Keep in mind that Mediawiki is the engine of Wikipedia, as John mentioned: it's built to handle large amounts of data and large numbers of users. Also, it cannot be made to delivery content to a restricted audience: the documentation specifically warns against trying to do that, even though plugins are available which claim to make it possible. FWIW. Bill -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Seeking information on binaries called entities and fixup
On 7/29/2014 6:06 PM, Tom Metro wrote:
Bill Horne wrote:
moder8@telecom:~/bin$ ls -lh /home/moder8/bin/entities
-rwxrwxr-x 1 moder8 telecom 8.8K Jan 27 2012 /home/moder8/bin/entities
moder8@telecom:~$ strace /home/moder8/bin/entities
/var/www/html/archives/back.issues/recent.single.issues/I125
execve(/home/moder8/bin/entities, [/home/moder8/bin/entities,
/var/www/html/archives/back.issu...], [/* 21 vars */]) = -1 ENOENT (No such file or directory)
write(2, strace: exec: No such file or di..., 40strace: exec: No such file or
directory
) = 40
Have you examined /home/moder8/bin/entities with 'file', strings, and less?
I would guess that it is a shell script with a missing interpreter, but
the error message is not right for that.
Actually, that might be it:
% touch foo
% chmod u+x foo
% echo #\!/bin/bogus foo
fringe:/tmp% strace ./foo
execve(./foo, [./foo], [/* 54 vars */]) = -1 ENOENT (No such file or
directory)
[...]
write(3, strace: exec: No such file or di..., 40strace: exec: No such
file or directory
) = 40
It's a misleading error message. The No such file is not referring to
./foo, but to the specified interpreter, /bin/bogus, but because the
bang-path magic is embedded in execve(), and it only returns an error
code (it doesn't generate the error message to STDERR), you're left with
a generic error and no object being identified.
I assume the above was on the new server. What happens when you strace
it on the old server?
-Tom
Tom,
I ran the entities binary on the old machine, and I've pasted the
output here: I125 is a standard MBOX-format email file, with a single
issue of The Telecom Digest in it. It works as expected.
moder8@old-massis:/tmp$ strace -o/tmp/strace_out2.txt
/home/moder8/bin/entities I125
execve(/home/moder8/bin/entities, [/home/moder8/bin/entities], [/*
20 vars */]) = 0
brk(0) = 0x8749000
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77df000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=23117, ...}) = 0
mmap2(NULL, 23117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d9000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)
open(/lib/i686/cmov/libc.so.6, O_RDONLY) = 3
read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0n\1\0004\0\0\0...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1327556, ...}) = 0
mmap2(NULL, 1337704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7692000
mprotect(0xb77d2000, 4096, PROT_NONE) = 0
mmap2(0xb77d3000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x140) = 0xb77d3000
mmap2(0xb77d6000, 10600, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb77d6000
close(3)= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7691000
set_thread_area({entry_number:-1 - 6, base_addr:0xb76916c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb77d3000, 8192, PROT_READ) = 0
mprotect(0xb77fd000, 4096, PROT_READ) = 0
munmap(0xb77d9000, 23117) = 0
fstat64(0, {st_mode=S_IFREG|0666, st_size=3174, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77de000
read(0, From telecom-owner+DV033N00125=b..., 4096) = 3174
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77dd000
write(1, From telecom-owner+DV033N00125=b..., 108) = 108
write(1, Return-path: lt;telecom-owner+D..., 99) = 99
write(1, Envelope-to: backups-digest@tele..., 46) = 46
write(1, Delivery-date: Sun, 27 Jul 2014 ..., 47) = 47
write(1, Received: from listmail.iecc.com..., 50) = 50
write(1, \tby telecom.xen.prgmr.com with e..., 49) = 49
write(1, \t(envelope-from lt;telecom-owne..., 103) = 103
write(1, \tid 1XBIko-XY-Dp\n, 21) = 21
write(1, \tfor backups-digest@telecomdiges..., 71) = 71
write(1, Received: (qmail 62112 invoked b..., 72) = 72
write(1, DKIM-Signature: v=1; a=rsa-sha25..., 599) = 599
write(1, Content-Type: text/plain\n, 25) = 25
write(1, Content-Disposition: inline\n, 28) = 28
write(1, Content-Transfer-Encoding: 8bit\n, 32) = 32
write(1, MIME-Version: 1.0\n, 18) = 18
write(1, X-Mailer: MIME-tools 5.505 (Enti..., 42) = 42
write(1, Subject: The Telecom Digest (1 m..., 41) = 41
write(1, From: telecom-owner@telecom-dige..., 39) = 39
write(1, To: tele...@telecom-digest.org\n, 31) = 31
write(1, Date: Sun, 27 Jul 2014 03:20:03 ..., 38) = 38
write(1, Reply-To: telecomdigestsubmissio..., 54) = 54
write(1, List-Help: lt;mailto:telecom-re;..., 94) = 94
write(1, Instructions)\n, 15)= 15
Re: [Discuss] Seeking information on binaries called entities and fixup
On 7/28/2014 5:33 PM, Tom Metro wrote: Bill Horne wrote: No, they work on the old server, but fail on the new. I assume it's a permissions issue, but I can't figure out what might cause it. % strace entities Tom, Thanks for the suggestion. Here's a log snippet that may make this issue more clear: moder8@telecom:~/bin$ ls -lh /home/moder8/bin/entities -rwxrwxr-x 1 moder8 telecom 8.8K Jan 27 2012 /home/moder8/bin/entities moder8@telecom:~/bin$ ls -lh /var/www/html/archives/back.issues/recent.single.issues/I125 -rw-rw-r-- 1 root root 3.1K Jul 28 11:12 /var/www/html/archives/back.issues/recent.single.issues/I125 moder8@telecom:~/bin$ strace ./entities /var/www/html/archives/back.issues/recent.single.issues/I125 execve(./entities, [./entities, /var/www/html/archives/back.issu...], [/* 22 vars */]) = -1 ENOENT (No such file or directory) write(2, strace: exec: No such file or di..., 40strace: exec: No such file or directory ) = 40 exit_group(1) = ? +++ exited with 1 +++ moder8@telecom:~/bin$ As you can see, the file entities shows up in an ls listing, but not when I try to run it by itself or with strace. Thanks for your help! -- E. William Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
