n whether the 'hit' was malicious or not. They could merely have _asked_,
instead of starting out with a court order.
I echo Mike - *sigh*
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o
gt; except that their enthusiasm for wiring the country for Internet
> connections has so far severely outstripped their ability to manage
> what they've built.
Clue will eventually trickle there as well.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Syst
ittle active help from a governmental
body couldn't make it much worse than it already is.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum op
story, when a URL would have done nicely?
At least make a pretense of keeping the S/N ratio up.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum op
his is not to say that if, as Eliot posits, the next Big Thing on the market
requires public IPs that your customer base won't all jump ship. That's a
risk that providers will have to weigh against the benefits of NAT.
> Eliot
--
Scott Francis darkuncle@ [home:] d a
the best course of action necessarily; I was trying to
make the "best tool for the job" argument. There are cases where NAT is a
definite advantage, or where having a public IP offers no clear benefits, if
not any obvious risks. Until the model changes drastically, I just don'
(Stating the obvious again, I know, but it helps me think. :) )
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me a
On Thu, May 02, 2002 at 01:32:16AM -0700, [EMAIL PROTECTED] said:
>
> ### On Thu, 2 May 2002 01:20:40 -0700, Scott Francis
> ### <[EMAIL PROTECTED]> casually decided to expound upon Peter Bierman
> ### <[EMAIL PROTECTED]> the following thoughts about "Re: Large IS
ar a convincing argument for why _right now_, NAT
is not, at the least, a workable solution to this issue. It can surely hold
us for a year or three until IPv6 has become the standard. (that timeframe
may be a bit optimistic ...) Given current devices and technology, why is NAT
not a temporary solution
something else. I think merely
reclaiming some of the legacy A blocks assigned years ago that are being used
sparsely, if at all, would eliminate any lingering doubts about space, at
least for the time being. The chances of companies giving up their unused
blocks, or trading for smaller ones, is prob
On Thu, May 02, 2002 at 04:44:28PM -0700, [EMAIL PROTECTED] said:
> At 01:20 AM 5/2/2002 -0700, Scott Francis wrote:
>
> >The average customer buying a "web-enabled" phone doesn't need a
> >publicly-routeable IP. I challenge anybody to demonstrate why a cell p
ge customer doesn't even know what telnet is, let alone ssh.
> All they care about is browsing pr0n.
Your phone can surf porn? Maybe the technology revolution has finally arrived
after all ...
> -Dan
> --
> [-] Omae no subete no kichi wa ore no mono da. [-]
--
Scott Francis
On Fri, May 03, 2002 at 08:29:32AM -0400, [EMAIL PROTECTED] said:
> On Fri, 03 May 2002 00:12:34 PDT, Scott Francis said:
>
> > Your phone can surf porn? Maybe the technology revolution has finally arriv=
> > ed
> > after all ...
>
> No, it's still in the
t generally you find that you'd rather
have kept the problem than taken the solution.
Naturally, the technical solution will only work if everybody supports it.
Whether or not _that_ will ever happen is another kettle of fish entirely.
--
Scott Francis darkuncle@ [home:] d a r k u
other parts of the world, etc.
etc.), but I think focusing on removing the motivation for the spam would be
easier than trying to stop spam directly.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s
ns, etc.
So because we can't implement a perfect solution, let's do nothing at all
about the problem?
> PJ
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB3
al contact for the netblock in question
after a certain threshold has been crossed, and then a blackhole after the next
threshold is crossed (assuming no response from the contact attempt).
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfr
only
> going where you want them to go are not yet upon us.
Agreed (I doubt that day will ever come).
> http://online.securityfocus.com/news/126
There is a difference between what's legally acceptable and what's ethical or
even prudent.
> PJ
--
Scott Francis darkuncle@ [home:]
ing funny packets?
Exactly. If you want to send funny packets, send them to your OWN network, or
get a job as a security consultant and do this kind of thing for money. Don't
try to rationalize illegal behaviour by shifting blame to somebody else.
(Note: again, not saying portscanning is
be job hunting. Otherwise, if it's not your network, you really
don't have much of a say about how it's run, do you?
(If it were otherwise, large sections of APNIC would have been cleaned up
long ago by those on the receiving end of portscans and spam.)
--
Scott Francis
are federal interest sites...
Neither are network operators whose networks are constantly under attack.
This kind of thing loses its novelty the first time one of your machines is
rooted and has to be wiped and rebuilt.
Whether or not it's amusing to you is immaterial. If the person being
s if you are under attack, filter and protect yourself.
>
> However a "portscan" is not an attack.
Precursor to an attack, certainly. As you mentioned earlier, forewarned is
forearmed. If I find myself being scanned, as a responsible network operator
I will contact the operator o
On Sat, May 18, 2002 at 05:25:27PM -0400, [EMAIL PROTECTED] said:
> [ On Saturday, May 18, 2002 at 13:48:27 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > > However a "portscan" is no
here. A simple telnet to port 80 will
do the job.
>
> And why, pray tell, would some stranger be carrying a concealed gun if
> they were not planning on shooting someone?
>
Show me how to defend myself from attack by portscanning the networks of
random strangers, and I will concede
om strangers unaffiliated with your network will almost never have a
valid & benign reason for portscanning you.
> I'm not sure if I would have been impressed or annoyed if they had
> stopped accepting packets from my machine during the scan. :-)
Loss of a customer, probably. :)
On Sat, May 18, 2002 at 11:05:34PM -0400, [EMAIL PROTECTED] said:
> [ On Saturday, May 18, 2002 at 16:03:11 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > And why, pray tell, would some unknown and
On Sat, May 18, 2002 at 11:46:21PM -0400, [EMAIL PROTECTED] said:
> [ On Saturday, May 18, 2002 at 20:15:10 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > Apologies; my finger was a bit too quick o
rdly an excuse to not do it. IMO the positives outweigh the
> negatives by far.
This is what I have been (unsuccessfully) attempting to state. I apparently
need more practice in being coherent. :)
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Ma
as they see fit? Who then makes the rules?
> What is it that turns a technocracy into idolaters?
What is it that turns the decision of an individual network operator into a
rant about political ideology?
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Networ
n they came for me,
> and by that time there was no one
> left to speak up for me.
>
> (Rev. Martin Niemoller, 1945)
>
> --Mitch
> NetSide
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:]
for someone given only an IP address?
You know the contact information for the block that the scan originated from.
From there, it's detective work (if the admin of the block in question
cooperates, hopefully not too much).
--
Scott Francis darkuncle@ [home:] d a r k u n c
pts to be
interdisciplinary, but I suspect it will take some time before it becomes
known and trusted. http://www.sagecert.org
Of course, if you're not really a systems administrator, it may not apply to
you ...
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n
tuation you put them in, whether they have certifications, degrees or even
prior experience, or not.
> my 2 cents,
>
> --Ariel
My $0.005 (not qualified to give a full $0.02 yet).
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager
On Wed, May 22, 2002 at 03:16:14PM -0700, [EMAIL PROTECTED] said:
[snip]
Nice list. Can we sort by helpful/clueful/relevant postings, and ask the
top 10 to post more frequently? :)
(OTOH, suspect I would quickly drop down out of the top 100 ... =\ )
--
Scott Francis darkuncle
the
archives, and maybe look at picobsd.org (among others) for more ideas in this
vein.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum
28-May-2002 23:38:30 EDT.
----
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
msg02309/pgp0.pgp
De
on't come after you and beat you senseless. (awaiting stories to the
contrary now ...)
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum opo
obably.
> 2) That all NANOG subscribers read list E-mail on machines that have
> procmail on them ?
So because it is not applicable in all situations, it's not worth mentioning?
Procmail works for a good share of those reading this list, I'd wager.
--
Scott Francis
or the (twice-) wasted bandwidth; I have no other way
to contact the person in question.
Yes, I realize this just generated another auto-reply. *sigh*
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s .
that are forced
> (by corporate policy) to read Email on MS OutLook from an Exchange server :-(
The MUA someone may have to use has nothing to do with whether or not that
person possesses experience with UNIX and standard UNIX utilities.
--
Scott Francis darkuncle@ [home:]
lso critical. If the phone network is down too, a cell phone
may also be important.
There's no substitute for an actual face-to-face conversation, either.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:]
flatly denying use of these common tools
to be worth the ill will garnered. Just my opinion, of course.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg03060/pgp0.pgp
Description: PGP signature
ist.)
> Jabber can do SSL for IM, and there is an irc-like encrypted chat called
> silc.
You may also want to examine one of the several IRC hacks that incorporate
SSL. The one I occasionally visit is suidnet <http://www.suidnet.org>.
--
-= Scott Francis || darkuncle (at) darkuncle (d
ed. :)
s/3.3/3.4/ also apache and the resolver bug. That last may be bsd only, but
the first two ... ugh. I haven't done this much patching in a week in memory.
Beats the alternative, I suppose.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revo
he new one appears to be
compliant to the current MIME standards.
I'm willing to accept a bit of annoyance in order to promote standards
compliance. If only Microsoft was thus motivated.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am
279529
(and was it _really_ necessary to post a hex dump of the entire thing? The
actual source is available linked from the BUGTRAQ post above ...)
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me
AGE-
* ^-BEGIN PGP SIGNATURE-
* ^-END PGP SIGNATURE-
| /usr/local/bin/formail \
-i "Content-Type: application/pgp; format=text; x-action=sign"
}
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7
to find
it de jure or de facto outlawed. The legal history of crypto in the United
States, if nowhere else, should provide incentive in this area.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg03578/pgp0.pgp
Description: PGP signature
ail clients not support that, many mail
> clients can't even display the signed text inline! Surely a compromise is
> needed for now.
As the mutt homepage says: All mail clients suck. This one sucks less.
If we want things to Not Suck, the only way it's going to happen is if
www.test2.com
>
> ...and so on and so forth?
Only for SSL vhosts. Otherwise, there are no problems (well, very few anyway)
that I am aware of in using a single IP to host as many vhosts as physical
resources will allow.
I'm quite certain somebody will correct me if I've missed s
s/vhosts/name-based.html (thanks
Gerald), name-based hosting cannot be used with SSL due to the nature of the
SSL protocol.
> - Tim
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
http://www.usatoday.com/money/columns/maney.htm
An interesting history, especially for those of us (like myself) that didn't
experience it first-hand. I've often wondered what would happen if MSFT
gained control (in name or in fact) of any significant piece of the backbone
...
--
gn your mail, or at least stop protesting about those that make the
effort to do so. There are a great many good reasons to do so, and no good
reasons not to. Broken software and laziness don't count.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been re
On Mon, Jul 15, 2002 at 03:43:12PM -0400, [EMAIL PROTECTED] said:
>
> Scott Francis wrote:
> > There are a great many good reasons to do so, and no good
> > reasons not to. Broken software and laziness don't count.
>
> Sure there are. Non-repudiation is not always a
lied. And it's .net, not .com" ever again.
http://www.flex.com/
Unfortunately, it looks like they took down the hate mail page, which was
hysterical. *sigh* They target clueful users only, and seem to be getting by
just fine. http://www.flex.com/adsl/ has a bit more of the "intelligent users
on
On 8/3/05, Robert E. Seastrom <[EMAIL PROTECTED]> wrote:
>
>
> [EMAIL PROTECTED] writes:
>
> > We should all be looking to the security auditing work done by
> > the OpenBSD team for an example of how systems can be
> > cleaned up, fixed, and locked down if there is a will to do so.
>
> Beer,
On 9/2/05, Stephen J. Wilcox <[EMAIL PROTECTED]> wrote:
[snip]
> packet inspection will just evolve, thats the nature of this problem.. there
> are
> things you can find out from encrypted flows - what the endpoints and ports
> are,
> who the CA is. then you can look at the characteristics of th
[0]
and SBE Inc.[1] both sell these (*BSD/Linux compatibility was a big selling
point for me). You can even get a Soekris box with one of the Sangoma T1
cards pre-installed for you.
[0] http://www.sangoma.com/
[1] http://www.sbei.com/
--
Scott Francis | darkuncle(at)darkuncle(dot)net | 0x55
; get some work done, and frequently have a bunch of previously prepared
> files to send. I may not be a typical user...
Me neither. :) Hopefully this discussion is proving useful to the OP.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg05423/pgp0.pgp
Description: PGP signature
anti-spam system has to make, the better it will work. If it
only has to decide whether or not a specific IP/port combination has exceeded
a certain threshold, it will run much more smoothly than if it's examining
the contents of each packet.
> However, I also like the idea of doing a ban
tion of spam traffic that runs over HTTP
rather than SMTP is, I suspect, rather small.
If anybody has numbers on this, I'd be interested in hearing them one way or
the other.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
20 rule, etc. Personally, I'd be happy
for 80% of the operators out there to implement the easiest 80% of things
required to stop spam. If people would just take even the most basic of steps
required to block spam, the picture would improve drastically for all of us.
--
-= Scott Francis || d
ing is important.
Even were it not, I'd still urge you - please do not consider this a valid
option.
> john brown
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg05570/pgp0.pgp
Description: PGP signature
fied frequently, sysadmins change responsibilities, emergencies
> happen; and you can very easily get to a point where it is hard to know
> just who currently has the password to the username "root" account.
> (Fundamentally, all the arguments agains normal users sharing passwords
> apply with even more force to passwords for privileged accounts.)
>
> Kent
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg05725/pgp0.pgp
Description: PGP signature
ving a single password for the user with id 0,
> and having multiple passwords for that same account. This is an abysmally bad
> idea, and shame on anybody encouraging it. See
(mail client sent message while I was editing it; full reply on its way.)
--
-= Scott Francis || darkuncle (at) darku
On Tue, Oct 01, 2002 at 02:43:41PM -0700, [EMAIL PROTECTED] said:
[snip]
> On Mon, Sep 23, 2002 at 02:44:34PM -0700, Scott Francis wrote:
> > On Sun, Sep 22, 2002 at 03:22:11PM -0700, [EMAIL PROTECTED] said:
> > >
> > > I have question for the security community on
On Wed, Oct 02, 2002 at 04:06:00PM -0400, [EMAIL PROTECTED] said:
> [ On Wednesday, October 2, 2002 at 11:47:12 (-0700), Scott Francis wrote: ]
> > Subject: Re: Security Practices question
> >
> > Absolutely so - which is why no account should have multiple equally valid
&g
On Wed, Oct 02, 2002 at 05:08:05PM -0400, [EMAIL PROTECTED] said:
> [ On Wednesday, October 2, 2002 at 13:26:15 (-0700), Scott Francis wrote: ]
> > Subject: Re: Security Practices question
> >
> > grr. Please read Barb's post about exactly why multiple aliases for the
On Wed, Oct 02, 2002 at 05:48:16PM -0700, [EMAIL PROTECTED] said:
> On Wed, 2 Oct 2002, Scott Francis wrote:
>
> Can you back up that statement in /any/ way? What exactly are your reasons
> why sudo is a worse solution (or even a bad idea)?
>
> In an environment where
On Thu, Oct 03, 2002 at 09:57:10AM -0700, [EMAIL PROTECTED] said:
> On Thu, 3 Oct 2002, Scott Francis wrote:
>
> On Wed, Oct 02, 2002 at 05:48:16PM -0700, [EMAIL PROTECTED] said:
> > In an environment where every sysadmin is interchangable, and any one
> > of them can
w.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg05780/pgp0.pgp
Description: PGP signature
On Mon, Oct 07, 2002 at 09:49:28AM +0200, [EMAIL PROTECTED] said:
> On Thursday 3 October 2002, at 12 h 23,
> Scott Francis <[EMAIL PROTECTED]> wrote:
>
> > Not sure how applicable it may be, but the OpenBSD FAQ has referenced (since
> > at least 2.7) a paper called &
Heads up. Surprisingly, no mention so far at the usual suspects[1].
http://www.isc.org/products/BIND/bind-security.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
[1] BUGTRAQ, VulnWatch ... I saw it on [EMAIL PROTECTED] myself ...
--
-= Scott Francis || darkuncle (at
in the past 24 hours, and still coming. Rather annoying.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg06800/pgp0.pgp
Description: PGP signature
On Mon, Dec 09, 2002 at 05:53:28PM -, [EMAIL PROTECTED] said:
>
>
> --On 09 December 2002 08:39 -0800 Scott Francis <[EMAIL PROTECTED]>
> wrote:
>
> >*cough*OpenBSD*cough*
>
> I've had lots of people off-list me to say how wonderfully secure X Y or Z
le for me to attempt to protect a
> network of my size.
When the traffic/attacks pass a certain point, my personal feeling is that
it's time to distribute the load, rather than look for a more expensive
single point of failure. Of course, this is not currently backed up by much
personal o
in sequential order, from first to last. The last matching
rule decides what action is taken.
Does this not constitute rule-based filtering? Or am I misunderstanding you?
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
nor am I a fortune teller. I also admit to far less operational
experience than most of the folks on this list. This is what I see coming. I
suppose time will tell whether I'm a crackpot or a visionary. :)
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7
er and client-side) leading the way in
vulnerabilities, patches and exploits is not due entirely to market share.
Redmond has a history of releasing crap code, with security consistently
taking a backseat to featuritis and time-to-market.
This is straying off-topic, and I tend to rant on this issue,
or some folks, maybe less so for others. I know
I've been guilty of not following my own advice in this area before, but that
doesn't make it any less pertinent.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg08631/pgp0.pgp
Description: PGP signature
ct bugs in their
software year after year after year.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg08638/pgp0.pgp
Description: PGP signature
a priority, I can't see anybody else in the commercial software biz
taking it seriously.
The problem was not this particular software flaw. The problem here is the
track record, and the attitude, of MANY large software vendors with regards
to security. It just doesn't matter to them, a
27;m sure they'll move to a newer version when
somebody on the team gets a chance to give it a thorough code audit, and run
it through sufficient testing prior to release.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
ning who you can trust, and to what degree, and how/why,
and knowing when to revoke that trust, is a problem that has been stumping
folks for quite a while now. I certainly don't claim to have an answer to
that question. :)
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg08646/pgp0.pgp
Description: PGP signature
On Tue, Jan 28, 2003 at 09:00:48PM -0500, [EMAIL PROTECTED] said:
> In message <[EMAIL PROTECTED]>, Scott Francis writes:
>
> >There's a difference between having the occasional bug in one's software
> >(Apache, OpenSSH) and having a track record of remotely
On Wed, Jan 29, 2003 at 10:47:30AM -0800, [EMAIL PROTECTED] said:
> On Tue, 28 Jan 2003, Scott Francis wrote:
>
> He argued instead that OSes should be redesigned to implement the
> principle of least privilege from the ground up, down to the
> architect
coming from it.
You did indeed put words into my mouth - you wrote:
Do you even read what you write? How does a host with root access to
an entire set of hosts exemplify the least privilege principle?
when I had NOT drawn any correlation, AT ALL, between the ssh key admin model
and the pri
this observation
has been made many times already ...
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg08729/pgp0.pgp
Description: PGP signature
opportunity for
bureaucratic bungling ...)
> Koji
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
msg08756/pgp0.pgp
Description: PGP signature
On Mon, Feb 03, 2003 at 11:27:46AM +0100, [EMAIL PROTECTED] said:
>
>
>
> --On Tuesday, January 28, 2003 18:06:47 -0800 Scott Francis
> <[EMAIL PROTECTED]> wrote:
>
> > I'm sure
> > they'll move to a newer version when somebody on the team gets
ovel use of english :)
One typically finds little else in marketing. :)
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
pgp0.pgp
Description: PGP signature
> Altho sometime I have to wonder especially with some of the recent posts.
> Perhaps clueful folk should sneak off and form nanog-clueful mailing list ;)
Please don't; there are many of us lurking who are learning a great deal from
listening in on the conversations of the clueful.
all it comes to. See what Schneier had to say in the most
recent crypto-gram regarding this hole.
<http://www.counterpane.com/crypto-gram-0303.html>
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
pgp0.pgp
Description: PGP signature
On Mon, Mar 17, 2003 at 12:55:24PM -0500, [EMAIL PROTECTED] said:
> In message <[EMAIL PROTECTED]>, Scott Francis writes:
> >
>
> >
> >Fun is about all it comes to. See what Schneier had to say in the most
> >recent crypto-gram regarding this hole.
> >&l
Comments?
(Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
pgp0.pgp
Description: PGP signature
for asking...
they don't need more surveillance capabilities as much as they need to better
utilize what they've already got. More laws aren't the answer to lack of
success enforcing what's already on the books.
--
Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527
The ultimate result of shielding men from the effects of folly is to fill
the world with fools. -- Herbert Spencer
pgpZmINqGkGnz.pgp
Description: PGP signature
tate a police state." -- Bruce Schneier
Amen on both counts; couldn't agree with either quote more.
--
Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527
The ultimate result of shielding men from the effects of folly is to fill
the world with fools. -- Herbert Spencer
pgpCclvhcpFDk.pgp
Description: PGP signature
progress isn't entirely a zero-sum game - work on temporary
measures like SPF does not necessarily preclude work on permanent solutions,
does it?
At any rate, this discussion is probably better taken up elsewhere (and I'm
sure the points on both sides have already been b
ted with digitalfountain in any way other than being a
customer and sharing an office with a beta tester. :))
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
pgp0.pgp
Description: PGP signature
of the archives.
...
(well, I was going to, and saw that it was 557 lines, so I'll just post an
url: http://www.darkuncle.net/aggis )
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
pgp0.pgp
Description: PGP signature
1 - 100 of 138 matches
Mail list logo
