On Mon, 17 Oct 2016 14:38:00 +0300
Gregory Edigarov wrote:
> On 14.10.16 22:48, Raul Miller wrote:
> > On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com
> > wrote:
> >> " The only truly secure system is one that is powered off, cast in
> >> a
On 14.10.16 22:48, Raul Miller wrote:
On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com
wrote:
" The only truly secure system is one that is powered off, cast in a block of
concrete and sealed in a lead-lined room with armed guards - and even then I have my
doubts."
On Sun, Oct 16, 2016 at 08:37:54PM +0200, Peter Janos wrote:
> use S for extras security at the expense of performance. Use other options
> only if you know what you are doing and have specific needs.
> BTW, ssh and sshd enable S by themselves.
>
> -Otto
Some background on the current state of
On Sun, Oct 16, 2016 at 07:10:54PM -0500, Patrick Dohman wrote:
>
> > nonsense. daily security is mailed *if it is non-empty*. Same goes for
> > weekly and mothly.
> >
> > -Otto
>
> i guess that’s explains why the output of who was omitted from the insecurity
> out
either be specific,
There needs to be a new law like Godwin's Law that states that any
technical discussion will eventually and inevitably lead to
Hitchhiker's Guide references.
But to follow on from what Raul said, it may be impossible to make
your system 100% secure without violating part 15 of the FCC rules,
> nonsense. daily security is mailed *if it is non-empty*. Same goes for
> weekly and mothly.
>
> -Otto
i guess that’s explains why the output of who was omitted from the
insecurity out
use S for extras security at the expense of performance. Use other options
only if you know what you are doing and have specific needs.
BTW, ssh and sshd enable S by themselves.
-Otto
-> so "S" is the best way, Thanks! :)
Sent: Friday, October 14, 2016 at 12:20 PM
From: "Otto Moerbeek"
...
Still nothing about NSA or other conspiracies in security field?
On Sat, Oct 15, 2016 at 03:57:57PM -0500, Patrick Dohman wrote:
> The daily security out being emailed is also default disabled ;)
>
> The monthly & weekly outs never seem to work either.
nonsense. daily security is mailed *if it is non-empty*. Same goes for
weekly and mothly.
-Otto
On Fri, 14 Oct 2016 20:50:20 +0200
"thrph.i...@gmail.com" wrote:
> or this kind...
>
> " The only truly secure system is one that is powered off, cast in a
> block of concrete and sealed in a lead-lined room with armed guards -
> and even then I have my doubts. "
>
It
The daily security out being emailed is also default disabled ;)
The monthly & weekly outs never seem to work either.
Regards
Patrick
> On Oct 15, 2016, at 11:20 AM, Peter Janos wrote:
>
> remote supervisor/console solutions are still turned on while the server
> is
If that is a real issue for you, you should be building your own
hardware and monitoring the electromagnetic spectrum.
--
Raul
On Sat, Oct 15, 2016 at 12:20 PM, Peter Janos wrote:
> remote supervisor/console solutions are still turned on while the server is
> off, so
remote supervisor/console solutions are still turned on while the server
is off, so simply powering off the OS isn't enough.there were/will be
many bugs for these remote console solutions too Sent: Friday, October
14, 2016 at 9:48 PM
From: "Raul Miller"
To:
On 2016-10-15 02:03:54, Joel Sing wrote:
>
> The number of rounds specified for bcrypt_pbdkf(3) is linear, not logarithmic
> (unlike bcrypt(3)). That said, the processing required for each round is
> significantly higher than that of pkcs5_pbkdf2(3) (using `bioctl -r auto
On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com
wrote:
> " The only truly secure system is one that is powered off, cast in a block of
> concrete and sealed in a lead-lined room with armed guards - and even then I
> have my doubts. "
Powered off works surprisingly
On Fri, 14 Oct 2016 21:20:23 +0300
Mihai Popescu wrote:
> > ...
>
> Prepare now for posts on this thread showing that if he/she runs a
> proper OS, everybody can be a security expert.
>
> Have fun!
>
or this kind...
" The only truly secure system is one that is powered
> ...
Prepare now for posts on this thread showing that if he/she runs a
proper OS, everybody can be a security expert.
Have fun!
On Friday 14 October 2016 18:19:21 Bryan Linton wrote:
> On 2016-10-14 09:21:24, Peter Janos wrote:
> > Hello,
> >
> > [snip]
> >
> > ps.: it would be nice to have a feature in the default installer to
> > install
> > with full disc encryption :) we still have to escape to
On Fri, Oct 14, 2016 at 09:21:24AM +0200, Peter Janos wrote:
> Hello,
>
> I know some features that can give additional security isn't turned on due to
> because of the bad quality of the code in ports and some also decreases
> performance (or disables a feature, ex.: screenlock doesn't work if
On 2016-10-14, Peter Janos wrote:
> Make as many files immutable with "chflags schg filenamehere" as you can.
This could be seen as an *in*security feature because now it's an utter
pain to update software that has bugs.
On 2016-10-14 09:21:24, Peter Janos wrote:
> Hello,
>
> [snip]
>
> ps.: it would be nice to have a feature in the default installer to install
> with full disc encryption :) we still have to escape to shell during install
> and ex.:
>
> install60.iso
> (S)hell
> dmesg |
Hi,
i just want to say that those security messures you describe here don't
improve the security for every user or use case. Everybody should know exactly
what he is doing bevore enabling or changing them. I think if you use such
security messures you better should be able to help yourself if you
You forgot one item:
Don't file bug reports to the project, because your system is too far
away from what the developers use & maintain; and we cannot diagnose
the failure conditions you have inadvertently created.
So, if you are willing to accept that limitation -- knock yourself
out. Change
Hello,
I know some features that can give additional security isn't turned on due to
because of the bad quality of the code in ports and some also decreases
performance (or disables a feature, ex.: screenlock doesn't work if nosuid
set, but if feature not used, nousid can be used).
I only know
24 matches
Mail list logo