Re: OSS-IL Coverage on Captain Internet

[Karasik, Vitaly]

Kudos to Dan again!

http://www.linuxworld.com/story/44466.htm


Rgds,
Vitaly
***
Information contained in this email message is intended only for use of the individual 
or entity named above. If the reader of this message is not the intended recipient, or 
the employee or agent responsible to deliver it to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this communication 
is strictly prohibited. If you have received this communication in error, please 
immediately notify the [EMAIL PROTECTED] and destroy the original message.
***

To unsubscribe, send 
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Oded Arbel]

On Monday 12 April 2004 02:04, Diego Iastrubni wrote:
> Oded, debian is the only distro which you can trust with packages. It comes
> with a price: hard install + no gui.

I'm really sick with all the Debian bias on this list. there are other distros 
out there, some are very good and some are better then Debian - at least for 
some purposes. 

I sure can trust Mandrake, SuSE and other distros with pacakges - and they 
**have** easy graphical installers. 

I've used Debian in the past, and I'd probably use it again in the future, but 
my take on it is that unless you are a linux freak with at least 2 years hard 
linux admin under your belt, and assuming the box you install isn't for 
playing around with Linux installation and administration problems, then 
Debian isn't for you.

-- 
Oded
::..
Access denied -- nah nah na nah nah!

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Oded Arbel]

On Monday 12 April 2004 00:43, Baruch Even wrote:
> * Diego Iastrubni <[EMAIL PROTECTED]> [040412 00:34]:
> > On Sunday 11 April 2004 22:48, Oded Arbel wrote:
> > > Hi List.
> > >
> > > - upgradable. something with a history of frequent updates - emphasis
> > > on "history" and "frequent".
> >
> > can you  spell "debain"?

On Monday 12 April 2004 00:28, Dan Fruehauf wrote:
> About admining the box - i dont believe in webmin and other GUI based tools.
> I believe the box should be configured manually using the command line (but 
> that's me).

Yes, that's just you. Debian is not a contender. its hard to install for 
newbies, and its hard to administer and it does not have any kind of web 
based or even graphical/curses integrated administration console. one of the 
points of setting up this thing (which I forgot to mention) is getting a 
linux newbie to see how its done and let her play with it a little. I'm not 
in the habit of hitting her over the head with solid objects.

> It's not 2.6 based, unless he replaces the kernel and then he must
> provide updated 2.6 kernels whenever there is a security hole in the
> kernel.

> I'd still suggest Debian but dropping the 2.6 requirement, 2.4.latest
> isn't good enough?

I want to have the 2.6 available incase I want to use some of its features. I 
don't see much point in instaling a 2.4 distro as a rule of thumb as the 2.6 
kernel is stable and viable solution and offers some important featuers over 
the 2.4 series.

-- 
Oded
::..
Finagle's Law only fails when you try to demonstrate it.

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Leonid Podolny]

Oded Arbel wrote:
On Monday 12 April 2004 02:04, Diego Iastrubni wrote:

Oded, debian is the only distro which you can trust with packages. It comes
with a price: hard install + no gui.


I'm really sick with all the Debian bias on this list. there are other distros 
out there, some are very good and some are better then Debian - at least for 
some purposes. 

I sure can trust Mandrake, SuSE and other distros with pacakges - and they 
**have** easy graphical installers. 

I've used Debian in the past, and I'd probably use it again in the future, but 
my take on it is that unless you are a linux freak with at least 2 years hard 
linux admin under your belt, and assuming the box you install isn't for 
playing around with Linux installation and administration problems, then 
Debian isn't for you.

I haven't heard such a thing on this list for a long time. For some 
reason, people fail to understand that the goal defines the means of 
achieving it, not vice versa. If one of the basic requirements is "easy 
installation (next,next,next)" and "web-based configuration", then how 
come that people advise him not to "be lazy" and install all the hard 
way. When a linux guru installs a router on his home network, he should 
use debian or gentoo, so that he will get all updates in time and be 
able to do the advanced stuff he wants, that goal-oriented distros, like 
those mentioned earlier, usually do not provide (static routes, VPN, etc).
Now to the subject. I'm going to sound the extremely heretical idea. Not 
everyone needs a Linux router for that. What I'd do in such situation is 
get them a dedicated router specially designed for that matter. I don't 
mean the PC with Linux installed, but a little box the size of the adsl 
modem, which all it is able to do is to be an adsl (or cable) router. 
It's very cheap (~300 NIS) and usually has Linux somewhere deep inside 
-- it's not that its manufacturers want to implement everything from the 
beginning. You configure the computers to use DHCP, plug them in, plug 
the modem -- it works. It surely meets all the basic requirements you've 
specified at the original mail. The only one of your requirements that 
it doesn't meet is being able  to show her how Linux is installed. 
Install it on that p133 box you wanted to use and you're done
Cheers, L.

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Omer Zak]

On Tue, 13 Apr 2004, Leonid Podolny wrote:

> Now to the subject. I'm going to sound the extremely heretical idea. Not
> everyone needs a Linux router for that. What I'd do in such situation is
> get them a dedicated router specially designed for that matter. I don't
> mean the PC with Linux installed, but a little box the size of the adsl
> modem, which all it is able to do is to be an adsl (or cable) router.
> It's very cheap (~300 NIS) and usually has Linux somewhere deep inside
> -- it's not that its manufacturers want to implement everything from the
> beginning. You configure the computers to use DHCP, plug them in, plug
> the modem -- it works. It surely meets all the basic requirements you've
> specified at the original mail. The only one of your requirements that
> it doesn't meet is being ableto show her how Linux is installed.
> Install it on that p133 box you wanted to use and you're done

While the user is naive, the installer (his sysadmin) is not.
The suggestion to use a dedicated router eliminates two important
advantages of DIY (Do It Yourself) Linux installation:
1. Access to security updates under your control and at your pace.
2. Ability (in principle) to audit the router's software to ensure that
   there are no hidden backdoors.

By the way, how come that no Debian installer had itch, which can be
scratched by an user-friendly GUI installer?

Such a GUI should start by defining defaults for Aunt Tilly, and provide
levels of detail for advanced users.  It should also provide a space for
building command lines (which correspond to selecte options in the GUI),
editing them and executing them - for those advanced users, who understand
the subject but can use help refreshing their memories.

 --- Omer
My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Aaron]

Hi,

I have tried unsuccessfully to install debian a number of times.
I keep coming back to rh based distros, but I must admit that debian
boxes I have worked on run faster and are more stable.

I beta tested Xandros and I have no idea how good it would be for a
black-box but easy to install it is, stable it is, but it isn't free.

I would guess there are distros out there that will do just what is
needed.

Aaron
On Tue, 2004-04-13 at 15:02, Omer Zak wrote:
> On Tue, 13 Apr 2004, Leonid Podolny wrote:
> 
> > Now to the subject. I'm going to sound the extremely heretical idea. Not
> > everyone needs a Linux router for that. What I'd do in such situation is
> > get them a dedicated router specially designed for that matter. I don't
> > mean the PC with Linux installed, but a little box the size of the adsl
> > modem, which all it is able to do is to be an adsl (or cable) router.
> > It's very cheap (~300 NIS) and usually has Linux somewhere deep inside
> > -- it's not that its manufacturers want to implement everything from the
> > beginning. You configure the computers to use DHCP, plug them in, plug
> > the modem -- it works. It surely meets all the basic requirements you've
> > specified at the original mail. The only one of your requirements that
> > it doesn't meet is being ableto show her how Linux is installed.
> > Install it on that p133 box you wanted to use and you're done
> 
> While the user is naive, the installer (his sysadmin) is not.
> The suggestion to use a dedicated router eliminates two important
> advantages of DIY (Do It Yourself) Linux installation:
> 1. Access to security updates under your control and at your pace.
> 2. Ability (in principle) to audit the router's software to ensure that
>there are no hidden backdoors.
> 
> By the way, how come that no Debian installer had itch, which can be
> scratched by an user-friendly GUI installer?
> 
> Such a GUI should start by defining defaults for Aunt Tilly, and provide
> levels of detail for advanced users.  It should also provide a space for
> building command lines (which correspond to selecte options in the GUI),
> editing them and executing them - for those advanced users, who understand
> the subject but can use help refreshing their memories.
> 
>  --- Omer
> My opinions, as expressed in this E-mail message, are mine alone.
> They do not represent the official policy of any organization with which
> I may be affiliated in any way.
> WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
> 
> 
> =
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
> 

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Maxim Kovgan]

On Tue, 13 Apr 2004, Aaron wrote:

> Hi,
>
> I have tried unsuccessfully to install debian a number of times.
> I keep coming back to rh based distros, but I must admit that debian
> boxes I have worked on run faster and are more stable.
this is strange, since ... the advantage of Debian comes best in updates
and the convenience of the usage/administration.

if you feel really significant difference in performance - this means
you do something wrong ... IMHO.

i do like Debian, i prefer installing Debian Server much more than RPM
based one, but i am not a fanatic.
performance is usually the matter of
fine tuning and not
installing and running redundant stuff, thus freeing resources to work.
>
> I beta tested Xandros and I have no idea how good it would be for a
> black-box but easy to install it is, stable it is, but it isn't free.
>
> I would guess there are distros out there that will do just what is
> needed.
>
> Aaron
> On Tue, 2004-04-13 at 15:02, Omer Zak wrote:
> > On Tue, 13 Apr 2004, Leonid Podolny wrote:
> >
> > > Now to the subject. I'm going to sound the extremely heretical idea. Not
> > > everyone needs a Linux router for that. What I'd do in such situation is
> > > get them a dedicated router specially designed for that matter. I don't
> > > mean the PC with Linux installed, but a little box the size of the adsl
> > > modem, which all it is able to do is to be an adsl (or cable) router.
> > > It's very cheap (~300 NIS) and usually has Linux somewhere deep inside
> > > -- it's not that its manufacturers want to implement everything from the
> > > beginning. You configure the computers to use DHCP, plug them in, plug
> > > the modem -- it works. It surely meets all the basic requirements you've
> > > specified at the original mail. The only one of your requirements that
> > > it doesn't meet is being ableto show her how Linux is installed.
> > > Install it on that p133 box you wanted to use and you're done
> >
> > While the user is naive, the installer (his sysadmin) is not.
> > The suggestion to use a dedicated router eliminates two important
> > advantages of DIY (Do It Yourself) Linux installation:
> > 1. Access to security updates under your control and at your pace.
> > 2. Ability (in principle) to audit the router's software to ensure that
> >  there are no hidden backdoors.
> >
> > By the way, how come that no Debian installer had itch, which can be
> > scratched by an user-friendly GUI installer?
> >
> > Such a GUI should start by defining defaults for Aunt Tilly, and provide
> > levels of detail for advanced users.It should also provide a space for
> > building command lines (which correspond to selecte options in the GUI),
> > editing them and executing them - for those advanced users, who understand
> > the subject but can use help refreshing their memories.
> >
> >--- Omer
> > My opinions, as expressed in this E-mail message, are mine alone.
> > They do not represent the official policy of any organization with which
> > I may be affiliated in any way.
> > WARNING TO SPAMMERS:at http://www.zak.co.il/spamwarning.html
> >
> >
> > =
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
>
> =
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>



-
 there's always a place for improvement.
-


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Linux distribution for black-box type firewall/router

[Weinstein, Alon]

> By the way, how come that no Debian installer had itch, which 
> can be scratched by an user-friendly GUI installer?
> 

Perhaps Anaconda for Debian will do the trick. 


http://platform.progeny.com/anaconda/



=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Leonid Podolny]

Omer Zak wrote:


While the user is naive, the installer (his sysadmin) is not.
As far as I understand, the reason why Oded started this thread was to 
be the installer, not the sysadmin.

The suggestion to use a dedicated router eliminates two important
advantages of DIY (Do It Yourself) Linux installation:
1. Access to security updates under your control and at your pace.
Exactly what I am talking about. He doesn't need security updates. 
(Before you punch me at the face, keep in mind, that I'm not talking 
about linux geeks like us, but about average home user).
The average home user has one major security concern: he doesn't want to 
be attacked by all those Windows worms out there. Having NAT, it's not a 
concern. He needs to explicitly open the RPC (SMB, uPNP, etc, etc) port 
on the router in order to have his PC infected. 99% of home users will 
never do it. Those who will -- smart enough to be responsible for their 
actions.
All the linux security updates are also irrelevant here. It's not that 
the attacker will obtain shell on the router and then attack the home 
network or "execute arbitrary code" via remote vulnerablity. I doubt 
that these routers even allow remote access. Why would they?
If you can scan vast ip ranges and find thousands of windows machines 
yelling "hack me!", the potential cracker won't bother looking for a 
specific openssl vulnerability in specific firmware version of a 
specific model of some taiwan company.

> 2. Ability (in principle) to audit the router's software to ensure
> that there are no hidden backdoors.
Backdoors by whom? The manufacturer wouldn't intentionally leave 
backdoors -- he cares too much about its reputation. It must be 
relatively easy to check what is in there. And if such a thing comes 
out, he will instantly be out of business. And all to be able to steal a 
precious mp3s collection from poor home user.

Forgot to state something important in my original mail. The dedicated 
router is much more reliable and practical. PCs tend to have hardware 
failures, consume much power, take space, make a lot of noise, 
accumulate dust etc.

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Oded Arbel]

×Tuesday 13 April 2004 12:32,  ×× ××× Leonid Podolny:
> I haven't heard such a thing on this list for a long time. For some
> reason, people fail to understand that the goal defines the means of
> achieving it, not vice versa. If one of the basic requirements is "easy
> installation (next,next,next)" and "web-based configuration", then how
> come that people advise him not to "be lazy" and install all the hard
> way. 

Thanks

> What I'd do in such situation is
> get them a dedicated router specially designed for that matter. I don't
> mean the PC with Linux installed, but a little box the size of the adsl
> modem, which all it is able to do is to be an adsl (or cable) router.
> It's very cheap (~300 NIS) and usually has Linux somewhere deep inside
> -- it's not that its manufacturers want to implement everything from the
> beginning.

A. thats 300 NIS more then they'd need to spend using the original idea 
(hardware just lying around, software is free) and that's important since 
they don't currently have a home network and setting it up will require some 
funds.
B. I lose all the firewalling and proxying abilities that I can get with 
Linux, and that's currently the main reason for the evenrt. otherwise I'd 
tell them to just plug the main computer (LoseXP) directly to the network and 
"network share".
C. Most of these things, especially the cheap ones will only fit one job - 
either ADSL or Cable and won't be easily setup (or at all) if they change to 
another provider or another technology which might come along.

-- 
Oded

::..
I have the simplest tastes.  I am always satisfied with the best.
-- Oscar Wilde

To unsubscribe, send 
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Omer Zak]

On Tue, 13 Apr 2004, Leonid Podolny wrote:

> > The suggestion to use a dedicated router eliminates two important
> > advantages of DIY (Do It Yourself) Linux installation:
> > 1. Access to security updates under your control and at your pace.
>
> Exactly what I am talking about. He doesn't need security updates.
> (Before you punch me at the face, keep in mind, that I'm not talking
> about linux geeks like us, but about average home user).
> The average home user has one major security concern: he doesn't want to
> be attacked by all those Windows worms out there. Having NAT, it's not a
> concern. Heneeds to explicitly open the RPC (SMB, uPNP, etc, etc) port
> on the router in order to have his PC infected. 99% of home users will
> never do it. Those who will -- smart enough to be responsible for their
> actions.

While it is true that home users won't expose vulnerabilities which are
relevant to most of the security updates (bind, SMB, bind, uPNP, bind,
etc.), he must be able (with help from his sysadmin) to install security
updates to the firewall itself, should it ever be found to have a
vulnerability, unlikely this may be.

> All the linux security updates are also irrelevant here. It's not that
> the attacker will obtain shell on the router and then attack the home
> network or "execute arbitrary code" via remote vulnerablity. I doubt
> that these routers even allow remote access. Why would they?

Recently it was advertised that some models of Cisco routers have backdoor
with default passwords.  I don't have the reference on hand.

> If you can scan vast ip ranges and find thousands of windows machines
> yelling "hack me!", the potential cracker won't bother looking for a
> specific openssl vulnerability in specific firmware version of a
> specific model of some taiwan company.

One day, crackers will start looking with disdain on Windows-crackers, and
admire as True Men those who crack Linux machines and idolize crackers of
OpenBSD machines.  On that day, what you said will not be true anymore.

> Backdoors by whom? The manufacturer wouldn't intentionally leave
> backdoors -- he cares too much about its reputation. It must be
> relatively easy to checkwhat is in there.

In a Linux PC it is easy to check.  In a close router box, it is difficult
to check what is inside.  And did I mention Cisco above?

 --- Omer
My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Shachar Shemesh]

Omer Zak wrote:

By the way, how come that no Debian installer had itch, which can be
scratched by an user-friendly GUI installer?
 

Says who?

At this stage the installer is focusing on the "user-friendly" part, 
rather than the "GUI" part. Once the former is achieved, the later will 
also be done, at least on the common platforms.

Just grab the ISO from 
http://mirror.hamakor.org.il/pub/mirrors/debian/dists/sarge/main/installer-i386/current/images/netboot/, 
and you will be in for a suprise. Gone is the cryptic list of kernel 
modules, dozens of obscure questions, and the rest of the plagues of the 
traditional Debian installer. Hardware is, for the most part, 
autodetected, sensible defaults are used for file systems and 
partioning, etc. You will need to know what a partition is, but that's 
about as taxing a computer guru you need to be.

Not perfect, nor 100% complete (X is not yet configured through it), but 
defenitely a huge step forward.

Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting
http://www.lingnu.com/
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Aaron]

What killed me was intalling X...

aaron
> Not perfect, nor 100% complete (X is not yet configured through it), but 
> defenitely a huge step forward.
> 
>  Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Yedidyah Bar-David]

On Tue, Apr 13, 2004 at 05:18:32PM +0300, Shachar Shemesh wrote:
> Omer Zak wrote:
> 
> >By the way, how come that no Debian installer had itch, which can be
> >scratched by an user-friendly GUI installer?
> > 
> >
> Says who?
> 
> At this stage the installer is focusing on the "user-friendly" part, 
> rather than the "GUI" part. Once the former is achieved, the later will 
> also be done, at least on the common platforms.

Debian isn't about installing. It's about using. While it does have an
official installer, which is famous for being bad, and which is rewritten
and becoming better as Shachar said, there are many many other ways to
install Debian. You might want to look at this for some of them:

-- 
Didi


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Oded Arbel]

×Tuesday 13 April 2004 16:36,  ×× ××× Leonid Podolny:
>  > 2. Ability (in principle) to audit the router's software to ensure
>  > that there are no hidden backdoors.
>
> Backdoors by whom? The manufacturer wouldn't intentionally leave
> backdoors -- he cares too much about its reputation. It must be
> relatively easy to check what is in there. And if such a thing comes
> out, he will instantly be out of business.

IIRC Alactel had a very serious backdoor in their [EMAIL PROTECTED] DSL modems 
up until a year ago. I don't see them out of buisness quite yet.

> And all to be able to steal a 
> precious mp3s collection from poor home user.

Or use his broadband for DDoS attack or jump point against a goverment 
installation or other high security target. either way I wouldn't want to be 
the one to open the door to policemen with a search and sieze warrant (or 
w/o, you can't really tell these days)

-- 
Oded

::..
According to Jon Bentley and Bjarne Stroustrup, rewriting malloc/free is one 
of the most rewarding forms of entertainment for SW people. 
-- Henry Baker, (Re: allocator and GC locality (was Re: cost of malloc)), 
He did add a smiley to that comment 

To unsubscribe, send 
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Anaconda for Debian (Was: Linux for black-box router)

[Oded Arbel]

×Tuesday 13 April 2004 16:22,  ×× ××× Weinstein, Alon:
> > By the way, how come that no Debian installer had itch, which
> > can be scratched by an user-friendly GUI installer?
>
> Perhaps Anaconda for Debian will do the trick.
>
>
> http://platform.progeny.com/anaconda/

Loved the preface:
Red Hat's Anaconda is the standard installer among Linux distributions. Our 
port of Anaconda to Debian brings the familiar installation experience of 
Anaconda to the rest of the Linux world.

Seems to either imply that Anaconda is the installer for all linux distros 
aside from Debian or that there are only two types of distros - Debian and 
RedHat (based).

Thing is - how do I hack into a Debian ISO ? I don't see much point in 
installing Debian and then installing Anaconda on it.

-- 
Oded

::..
If you do not think about the future, you cannot have one.
-- John Galsworthy

To unsubscribe, send 
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Anaconda for Debian (Was: Linux for black-box router)

[Uri Sharf]

Not sure what you mean by: 

> Thing is - how do I hack into a Debian ISO ? I don't see much point in
> installing Debian and then installing Anaconda on it.

In any case I don't recommend using Progeny's, since it seems very unstable.  
It tends to crash during install if you select anything other than the 
defaults and I did go through rough times getting debian to work properly 
afterwords.

BTW I really like Xandros as an Installer for Debian, and I don't mind paying 
for it. Plus, you get a CXOffice pre-configured (if you need it) and a sane  
configuration w/o any conflicts when upgrading from sid later on. Very 
different experience compared with Lindows - as a very bad example or even 
Knoppix I think. 

Also, the officiail Debian Installer seems to be much better now, can't 
complain. 

linuxmafia is indeed a great source for ideas.

Uri

On 13/04/04 18:13, Oded Arbel wrote:
> ×Tuesday 13 April 2004 16:22,  ×× ××× Weinstein, Alon:
> > > By the way, how come that no Debian installer had itch, which
> > > can be scratched by an user-friendly GUI installer?
> >
> > Perhaps Anaconda for Debian will do the trick.
> >
> >
> > http://platform.progeny.com/anaconda/
>
> Loved the preface:
> Red Hat's Anaconda is the standard installer among Linux distributions.
> Our port of Anaconda to Debian brings the familiar installation experience
> of Anaconda to the rest of the Linux world.
>
> Seems to either imply that Anaconda is the installer for all linux distros
> aside from Debian or that there are only two types of distros - Debian and
> RedHat (based).
>
> Thing is - how do I hack into a Debian ISO ? I don't see much point in
> installing Debian and then installing Anaconda on it.

-- 

Uri Sharf, Linmagazine
http://linmagazine.co.il

To unsubscribe, send 
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Guy Teverovsky]

On Tue, 2004-04-13 at 17:02, Omer Zak wrote:

[snip]
> 
> Recently it was advertised that some models of Cisco routers have backdoor
> with default passwords.  I don't have the reference on hand.

http://www.cisco.com/en/US/products/products_security_advisory09186a00802119c8.shtml

Guy
-- 
Smith & Wesson - the original point and click interface


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Aaron]

Well, my main beef is Fedora Core 1. When I run apt-get or Yum my system
crawls to a stop.

At first I was told it was my video drivers but I install the nvidia
drivers without a hitch.

Aaron
On Tue, 2004-04-13 at 16:18, Maxim Kovgan wrote:
> On Tue, 13 Apr 2004, Aaron wrote:
> 
> > Hi,
> >
> > I have tried unsuccessfully to install debian a number of times.
> > I keep coming back to rh based distros, but I must admit that debian
> > boxes I have worked on run faster and are more stable.
> this is strange, since ... the advantage of Debian comes best in updates
> and the convenience of the usage/administration.
> 
> if you feel really significant difference in performance - this means
> you do something wrong ... IMHO.
> 
> i do like Debian, i prefer installing Debian Server much more than RPM
> based one, but i am not a fanatic.
> performance is usually the matter of
> fine tuning and not
> installing and running redundant stuff, thus freeing resources to work.
> >
> > I beta tested Xandros and I have no idea how good it would be for a
> > black-box but easy to install it is, stable it is, but it isn't free.
> >
> > I would guess there are distros out there that will do just what is
> > needed.
> >
> > Aaron
> > On Tue, 2004-04-13 at 15:02, Omer Zak wrote:
> > > On Tue, 13 Apr 2004, Leonid Podolny wrote:
> > >
> > > > Now to the subject. I'm going to sound the extremely heretical idea. Not
> > > > everyone needs a Linux router for that. What I'd do in such situation is
> > > > get them a dedicated router specially designed for that matter. I don't
> > > > mean the PC with Linux installed, but a little box the size of the adsl
> > > > modem, which all it is able to do is to be an adsl (or cable) router.
> > > > It's very cheap (~300 NIS) and usually has Linux somewhere deep inside
> > > > -- it's not that its manufacturers want to implement everything from the
> > > > beginning. You configure the computers to use DHCP, plug them in, plug
> > > > the modem -- it works. It surely meets all the basic requirements you've
> > > > specified at the original mail. The only one of your requirements that
> > > > it doesn't meet is being ableto show her how Linux is installed.
> > > > Install it on that p133 box you wanted to use and you're done
> > >
> > > While the user is naive, the installer (his sysadmin) is not.
> > > The suggestion to use a dedicated router eliminates two important
> > > advantages of DIY (Do It Yourself) Linux installation:
> > > 1. Access to security updates under your control and at your pace.
> > > 2. Ability (in principle) to audit the router's software to ensure that
> > >  there are no hidden backdoors.
> > >
> > > By the way, how come that no Debian installer had itch, which can be
> > > scratched by an user-friendly GUI installer?
> > >
> > > Such a GUI should start by defining defaults for Aunt Tilly, and provide
> > > levels of detail for advanced users.It should also provide a space for
> > > building command lines (which correspond to selecte options in the GUI),
> > > editing them and executing them - for those advanced users, who understand
> > > the subject but can use help refreshing their memories.
> > >
> > >--- Omer
> > > My opinions, as expressed in this E-mail message, are mine alone.
> > > They do not represent the official policy of any organization with which
> > > I may be affiliated in any way.
> > > WARNING TO SPAMMERS:at http://www.zak.co.il/spamwarning.html
> > >
> > >
> > > =
> > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail [EMAIL PROTECTED]
> > >
> >
> > =
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
> >
> 
> 
> 
> -
>  there's always a place for improvement.
> -
> 

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux distribution for black-box type firewall/router

[Micha Feigin]

On Tue, Apr 13, 2004 at 10:55:30AM +0300, Oded Arbel wrote:
> On Monday 12 April 2004 00:43, Baruch Even wrote:
> > * Diego Iastrubni <[EMAIL PROTECTED]> [040412 00:34]:
> > > On Sunday 11 April 2004 22:48, Oded Arbel wrote:
> > > > Hi List.
> > > >
> > > > - upgradable. something with a history of frequent updates - emphasis
> > > > on "history" and "frequent".
> > >
> > > can you  spell "debain"?
> 
> On Monday 12 April 2004 00:28, Dan Fruehauf wrote:
> > About admining the box - i dont believe in webmin and other GUI based tools.
> > I believe the box should be configured manually using the command line (but 
> > that's me).
> 
> Yes, that's just you. Debian is not a contender. its hard to install
> for 

It has a new installer that is quite easy and the old one isn't that
hard wither but may be a bit too much for newbies (mainly due to
lacking hardware probing) but for most uses pressing next works.

> newbies, and its hard to administer and it does not have any kind of
> web 

Its actually one of the easiest distros to administer.

> based or even graphical/curses integrated administration console. one
> of the 

Webmin works great (web based), there are all sorts of administration
consoles for both gnome and kde.

> points of setting up this thing (which I forgot to mention) is getting a 
> linux newbie to see how its done and let her play with it a little. I'm not 
> in the habit of hitting her over the head with solid objects.
> 

You could also always use knoppix which can install to the hard disk and
is much easier to set up (not for a firewall use though).
>From what you are saying, it doesn't sound like you are trying to build
a hardware firewall. Building a blackbox firewall and installing a
system for a newbie to play with are completely different things. Doing
the first for a newbie can be a very difficult task even using a
dedicated firewall distro, unless its a disk one.

> > It's not 2.6 based, unless he replaces the kernel and then he must
> > provide updated 2.6 kernels whenever there is a security hole in the
> > kernel.
> 
> > I'd still suggest Debian but dropping the 2.6 requirement, 2.4.latest
> > isn't good enough?
> 
> I want to have the 2.6 available incase I want to use some of its features. I 
> don't see much point in instaling a 2.4 distro as a rule of thumb as the 2.6 
> kernel is stable and viable solution and offers some important featuers over 
> the 2.4 series.
> 

Debian has 2.6 support, and I won't recommend 2.6 for newbies, still
some missing features and its still too much a moving target. Its still
only for people who can handle a testing kernel (despite it being called
stable). For newbies, production servers and firewall servers I would
stick with 2.4 at the moment.

> -- 
> Oded
> ::..
> Finagle's Law only fails when you try to demonstrate it.
> 
> =
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
> 
>  
>  +++
>  This Mail Was Scanned By Mail-seCure System
>  at the Tel-Aviv University CC.
> 

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Ken Thompson's UNIX backdoor

[linux-il]

http://www.computerworld.com.au/index.php?id=1224882570&eid=-219:

In a speech intended to serve us a wake-up call to anyone relying on the 
"many eyes" that look at the Linux source code to quickly find any 
subversions, the CEO of Green Hills Software Inc. last week reminded his 
audience how Unix's creator Ken Thompson installed a back door in the 
binary code of Unix that automatically added his user name and password 
to every Unix system - a secret he revealed only 14 years later.

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Ken Thompson's UNIX backdoor

[Yedidyah Bar-David]

On Wed, Apr 14, 2004 at 08:18:24AM +0300, [EMAIL PROTECTED] wrote:
> http://www.computerworld.com.au/index.php?id=1224882570&eid=-219:
> 
> In a speech intended to serve us a wake-up call to anyone relying on the 
> "many eyes" that look at the Linux source code to quickly find any 
> subversions, the CEO of Green Hills Software Inc. last week reminded his 
> audience how Unix's creator Ken Thompson installed a back door in the 
> binary code of Unix that automatically added his user name and password 
> to every Unix system - a secret he revealed only 14 years later.

I hope anyone really into security understands this is nothing but FUD.
There is no inherent difference between open and closed source for the
determined cracker - machine language is readable too, given enough time
and will. The only way to have a really secure system is to make it *all*
by yourself - the CPU, the rest of the hardware, the assembler, compiler,
and the rest of the software. You can't rely on anything - you can't
cross-compile etc. Is this the way to go? I am not sure. In every project
there is a tradeoff between several things, some of which are how much
security you need, how much you are willing to trust anyone else (this
includes both the merry gang of linux kernel hackers and the respected
employies of Microsoft), and how much you can invest in it. For a 100
billion dollars, doing everything by yourself is possible, but how many
projects are worth it? And even then you probably need too many
developers, so you can't trust them all completely.
Not that I undermine Thompson's point - it's a well-written article that
I recommend to anyone. But this has nothing to do with FOSS or not FOSS.
-- 
Didi


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]