On 6/26/20 4:36 PM, Jack wrote:
On 2020.06.26 16:03, james wrote:
On 6/26/20 12:38 PM, Daniel Frey wrote:
On 6/20/20 7:04 PM, William Kenworthy wrote:
Thanks for filing the bug.
Gah! I forgot about this!
I filed a bug now, I hope I made it clear enough. Others can pipe in
there with comments if they like.
I did indicate the two potential proposals to correct the issue in
the bug itself.
https://bugs.gentoo.org/729752
Dan
BEFORE I contribute to this bug, I'm posting here to see if others are
or have interest, in my thoughts on this issue and my related needs
for extreme security, via Gentoo. Below is far from complete, but it
only provides a very snippets of my (secure) pathway forward with Gentoo.
Interesting thread, thanks to all contributors. I'd like to add 'my
selfish' interest, as they also be espoused by other, more focused,
gentoo users.
INTRO:
I rarely build gentoo systems, for many reasons, that are not pretty
singularly focused. It drastically reduces security, performance and
upgrade issues. For me, the days of a any system, having groups or
users, are in the history books of very bad ideas. uP are so cheap and
less than $100, gets you a very 'bad ass' computer (Rasp. Pi 4+) 16 G
map-able ram. Furthermore, SOON, usb_4 devices are going to obsolete
the entire concept of a 'hard drive'; hence the death (my prediction)
of groups and users on multi-USER systems, albeit slowly.
Multi-function, Multi-tasking, and light weight, focused transient
clusters are the future. YMMV.
So solving a problem, that was real and big, decades ago, fails to
look at the future. For me, Gentoo is future proof. I suggest a well
documented pathway forward; totally without the concept of groups and
users, on a typical, highly secure system. Which is now the baseline
for real systems, particularly with a ipv4 or ipv6 static ip, that
provide focused and highly restricted functionalities. CA servers are
going private, as the public and root CA servers, are suspect, at
best, as to being pristinely secure. Yes boys and girls most
Certificate Authorities are HACK! Even the main root CAs.
The F. Feds are the original culprits, but now it is a feeding frenzy.
The planet is now hacked, and groups and users concepts are the past.
imho! Danger Will Robinson Danger!
So can some of the smarter (gentoo) folks illuminate how to totally
avoid groups and users, except for the minimum required, application
specific? For example like serial line tools, or outline a set of
tweaks/setting to avoid these altogether?
I build embedded G. systems. I build single purpose G systems. I build
security G. systems (often with the ethernet, in only listen mode. I
build G. Firewalls.
I build G. highly restricted/filtered servers. NONE of those need
users or groups. And if they do, I can obfuscate codes to provide that
need, to where filters and focused software gets what it needs to
provide functions.
Yep, I'm moving to a total 'State_Machine_design' for critical
services. Strip out every thing else.....
Am I alone, or have/are others contemplating such high secure
pathways? I'd be fantastic to find a kernel hacker that is on the
pathway of extreme minimization too; private email is fine; if that is
in your wheel_house.
curiously alone?,
James
While you may not be alone, I do believe you're in a rather small
group.? There are probably more who are interested in watching it
progress than who can actually participate and contribute.? And while
what you propose may well be part of the future, and it may even be a
large part of it, it won't be so anywhere near soon enough to avoid the
need to continue to improve current systems, even if the improvements
are only usability related, and not directly related to security.
Yep, Yep Yep.
Um, now covid hit. We've been promised much more from the next 'virus'.
Massive security problems, for all OSes, dispersed computational issues
and such. So, a vision (dream?) of total self sufficiency, with packets
of really secure content traversing the fibers of the world, and a few
smart, empower techies running a given hub, sure we can solve the
security issues. However, the big webs are mere wide spots on the
highway and should readily be "dynamically" replaceable; never
critically necessary for any astute user.
And the F. Feds and their overseas counterpart?
Are left behind in the dust, for good. I think you'll see a US
presidential candidate, whom constitutionally, recognzes the US citizens
have a fundamental (God given?) right to superior security, as long as
they have a very clean legal record. Boy that's a twist: well behave
citizens get superior security righs to F. Feds? Boy, that's going to be
a popular idea, methinks. Actually, there are many Christian lawyers,
who know of ancient documents and USA historical documents and letters
that expound on those documents, where this is well established. NO
questions atm. Let folks do their own research.
We'll get there sooner than you expect...... Bank on it!
WE have to, otherwise the US banking system is DOA.
This
current issue is nothing more than an annoyance, but it's a major
annoyance for many Gentoo users, possibly more-so for the more casual
users.? (Is "casual Gentoo user" an oxymoron?)? As the bug proposes,
there are ways of solving it without decreasing security.
Jack
Jack, Jack, Jack.
VIVA LA REVELUTION!
and you started it all?
The USA is currently the longest standing government. The stench of what
"our" legal system has become, well it's insufferable even by many of
the brilliant legal minds whom have pretty much had enough of the big
corporations running destructively, over what rights the founders of
this great nation intended.
Lawyers, above the law? That needs to be fixed, yesterday. WE, the folks
in good standing, have rights that supersede the legal morass of what
the judiciary and executive branch have done by giving our rights away
to the Corporations.
Be long, Be strong, but most importantly, Be for the benefit of equality
of all. Rights to privacy are fundamental rights and I'd remind everyone
that many have died for OUR RIGHTS.
hth,
James
