I've heard over and over and over that X isn't secure...at all over public networks. A friend of mine has been going on about SSH redirects lately and I am wondering if it is possible to have secure X exported displays. any thoughts?
I'm glad you asked as I have wondered myself how to best secure my box. As someone who has to get work in the winTel world my skills are mainly NT oriented. Despite that I am not naive to think that my gateway (athlon 600 with 2 3c905B's) should be anything other than a linux-based OS. The problem I've been having is finding good documentation about locking the box down. Currently I run only SSH and turn on services here and there (FTP's when I'm away from home) but turn them off again when I'm done. This solution is sloppy I know, but so far the books I've read (O'Reilly
Practical Unix and Internet Security, and
Building Internet Firewalls book) don't give much in practical advice as overall theory and design. I almost feel that my box is *more* vulnerable now as I would be able to secure an NT box fairly tight (aside from the obvious problem that it's MS to begin with) and defend it. With linux I don't know as much and am sure that I've commited many common mistakes. So am I better off with a more securable (could be a word) OS that I'm not as skill in or a less securable OS that I do have skills in?
Okay at first I was really excited that someone is *finally* doing something about the inflated prices of CD's, after thinking about it though it's still a bad deal. Granted we all know that they [the record industry] is shafting consumers and will continue to do so, but this multistate lawsuit isn't helping *me* any. Unless the state is going back and research just how many CD's I've purchased since I've been able to purchase them, and return $x for each CD, who cares. (and to be honest, if they have that data that extensive on my purchases we have some serious privacy issues to work out:) One might say that this legal action would prevent them from inflating their prices in the future but this will happen (imho) without the help of the US govt. People are already furious now that they know about the actions of the record industry. Petitions are being signed and boycotts are being organized. The communication power of the internet has allowed the idea that the record industry is a group of greedy bastards (an idea that i happen to agree with) to spread across the country at viral speeds.
I have to admit that over the last few years I have heard about technologies that have retarded (read slow) migration from their home countries because of policies. The DAT was prevented from making an earlier debut in America because of the recording industries fear of pirating... hrmm... they seems to prevent a lot of audio innovation, but I digress. Wireless technology is insanely more advanced in Europe because of their standard for GSM. Toyko is entirely wired with ISDN and they have really nice gadgets for ISDN but they don't have nearly as much territory to cover as the US and EU. I think Japans size makes it much easier for the entire nation to adopt a new technological standard than anywhere else. They also have a much deeper facination with tech toys than the US.
What I find interesting is that as users (the neoluddites) become increasingly more technical (oh look at me, i can install winamp) they are going to want this type of technology more and more. Sooner or later people will become fed up with the traditional businiess model of the music industry. Eventually the companies will either die off from lack of income (which will be blamed entirely on the digitization of music) or they will just deal with it and find ways to make money using the technology. So in my head this is how I'd love to see it play out: 1) the music industry wins the legal battles ::let's be honest, they have way more money and they are motivated... they will win:: 2) music sales drop significantly because of lack of awareness from new bands ::again honesty, when users download all these new bands they've never heard of for free they are gaining incredible exposure. Admittedly I've downloaded some.. ahem.. non copyrighted works, and bought the CD's later because I chose too:: 3) suddenly the RIAA is lobbying against restrictive digital laws that forbid the transferrence of media.. they complain bitterly about the stranglehold that the govt. has on them. 4) the judges, already wary of the RIAA, decide to overturn their decisions and free media on the net. No one owns it, on one controls it. ne0
I see your point, and raise you another one. They could pass laws and even block traffic to sealand, but who says I couldn't redirect my packets there through an anonymizer. No matter what laws are passed, motivated technologists will find a way to do what they want.
I've read a lot of opinions that DeCSS doesn't actually enable piracy because piracy is possible without having to decrypt. The theory goes that a bit by bit copy of an encrypted dvd would be read by players just fine. Is this true in your opinion? If so I think the DVD CCA wouldn't have a leg to stand on seeing as the DMCA (Digital Millenium Copyright Act) only guards protection schemes on copyrighted works, not the hardware used to play those copyrighted works. And it would lead credence to the concept of fair use (under interoperability exception) for those of us who want to play DVD's on our linux boxes! In any case, thank you for doing what you did and not faltering in the face of adversity!
Slashdot Mirror
I've heard over and over and over that X isn't secure .. .at all over public networks. A friend of mine has been going on about SSH redirects lately and I am wondering if it is possible to have secure X exported displays. any thoughts?
I'm glad you asked as I have wondered myself how to best secure my box. As someone who has to get work in the winTel world my skills are mainly NT oriented. Despite that I am not naive to think that my gateway (athlon 600 with 2 3c905B's) should be anything other than a linux-based OS. The problem I've been having is finding good documentation about locking the box down. Currently I run only SSH and turn on services here and there (FTP's when I'm away from home) but turn them off again when I'm done. This solution is sloppy I know, but so far the books I've read (O'Reilly Practical Unix and Internet Security, and Building Internet Firewalls book) don't give much in practical advice as overall theory and design. I almost feel that my box is *more* vulnerable now as I would be able to secure an NT box fairly tight (aside from the obvious problem that it's MS to begin with) and defend it. With linux I don't know as much and am sure that I've commited many common mistakes. So am I better off with a more securable (could be a word) OS that I'm not as skill in or a less securable OS that I do have skills in?
Okay at first I was really excited that someone is *finally* doing something about the inflated prices of CD's, after thinking about it though it's still a bad deal. Granted we all know that they [the record industry] is shafting consumers and will continue to do so, but this multistate lawsuit isn't helping *me* any. Unless the state is going back and research just how many CD's I've purchased since I've been able to purchase them, and return $x for each CD, who cares. (and to be honest, if they have that data that extensive on my purchases we have some serious privacy issues to work out :) One might say that this legal action would prevent them from inflating their prices in the future but this will happen (imho) without the help of the US govt. People are already furious now that they know about the actions of the record industry. Petitions are being signed and boycotts are being organized. The communication power of the internet has allowed the idea that the record industry is a group of greedy bastards (an idea that i happen to agree with) to spread across the country at viral speeds.
I have to admit that over the last few years I have heard about technologies that have retarded (read slow) migration from their home countries because of policies. The DAT was prevented from making an earlier debut in America because of the recording industries fear of pirating... hrmm... they seems to prevent a lot of audio innovation, but I digress. Wireless technology is insanely more advanced in Europe because of their standard for GSM. Toyko is entirely wired with ISDN and they have really nice gadgets for ISDN but they don't have nearly as much territory to cover as the US and EU. I think Japans size makes it much easier for the entire nation to adopt a new technological standard than anywhere else. They also have a much deeper facination with tech toys than the US.
What I find interesting is that as users (the neoluddites) become increasingly more technical (oh look at me, i can install winamp) they are going to want this type of technology more and more. Sooner or later people will become fed up with the traditional businiess model of the music industry. Eventually the companies will either die off from lack of income (which will be blamed entirely on the digitization of music) or they will just deal with it and find ways to make money using the technology. So in my head this is how I'd love to see it play out:
::let's be honest, they have way more money and they are motivated... they will win::
::again honesty, when users download all these new bands they've never heard of for free they are gaining incredible exposure. Admittedly I've downloaded some .. ahem.. non copyrighted works, and bought the CD's later because I chose too::
1) the music industry wins the legal battles
2) music sales drop significantly because of lack of awareness from new bands
3) suddenly the RIAA is lobbying against restrictive digital laws that forbid the transferrence of media.. they complain bitterly about the stranglehold that the govt. has on them.
4) the judges, already wary of the RIAA, decide to overturn their decisions and free media on the net. No one owns it, on one controls it.
ne0
I see your point, and raise you another one. They could pass laws and even block traffic to sealand, but who says I couldn't redirect my packets there through an anonymizer. No matter what laws are passed, motivated technologists will find a way to do what they want.
I've read a lot of opinions that DeCSS doesn't actually enable piracy because piracy is possible without having to decrypt. The theory goes that a bit by bit copy of an encrypted dvd would be read by players just fine.
Is this true in your opinion?
If so I think the DVD CCA wouldn't have a leg to stand on seeing as the DMCA (Digital Millenium Copyright Act) only guards protection schemes on copyrighted works, not the hardware used to play those copyrighted works.
And it would lead credence to the concept of fair use (under interoperability exception) for those of us who want to play DVD's on our linux boxes! In any case, thank you for doing what you did and not faltering in the face of adversity!
neoThoth