On Wed, Oct 17, 2012, at 15:24, Mr Dash Four wrote: > This is news to me! When is Fedora planning to do that - is it with > F18?
I don't remember. It's called "Microsoft Trusted Boot System" or some malarky. It's intended to prevent boot virus', but could have the effect of rendering open-source systems unbootable on newer hardware with this. No more Grub for Fed. Radically open-source for me, thanks. > No system is ever 100% secure, no matter what you do. That is why you > need proper monitoring tools and have as much control of what is going > on as possible. You need proper eyes and ears. I need a good IDS, but have proven myself not smart enough to make Prelude work. > The reason being is that I absolutely can't stand gnome 3 > and all that crap it comes out with - whoever bright spark invented > that monstrosity should be shot on site! Gnome has always been too limited for me. KDE was based on the old 'object-oriented' model, in the mold of Taligent, which is now only -20- years ahead of our time, along with object-oriented databases. > I have been planning to move to the newest Fedora and XFCE, but it is a > massive undertaking and I need to dedicate at least a month to do it - > something I can't afford at present. Me too. I have to make an actual living, and these are my personal machines. But I've converted my two easiest machines to XFCE now, the backups server and HTPC. Took a weekend to read all the XFCE docs, and there's less there than meets the eye. Once you read the docs you find there's basically no wonderful features hidden, but you can more easily bend it to your will. Only problem is I have not been able to make it save sessions on one of my machines, and why is a mystery to all on the forums and IRC. XFCE is certainly simpler than K. > That was about 2 years ago - Tor now is very fast and comparable to a > normal connections, but mileage do vary. I may try Tor again. > You can set up the proxies via a separate file or a url - this is how > I've done it. I also use proxy authentication so that not everyone is > allowed to access it. The proxy authentication is with client > certificates as well (no user IDs/password input is allowed), so there > is usually no input on the client side at all - it is all > pre-configured. I tried a system setup so apt and MythTV channel updates would use Squid, but too many things broke. I have to move on to the next crisis. Manual works. Now here's a question: I have a server dedicated entirely to backing up the other machines (and the security cameras). When it's time to do a backup it uses its SSH ecdsa certificate to reach out to the target machine and log in as root to do the rsync backup. Well it's a bad idea to not put a password on a cert, so I have to really protect the backups server because it has easy root access to all the other machines. But don't I, have to do it this way so backups are automated? Any idea how else it could it get root access to the other machines without manual intervention? -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
