I figured a lot of critical systems are missing root password, including Linux, AIX, HP/UX and SCO Unixware.
You:
How to maintain security on a network without root passwords ?
Your rhetorical question is really not that obvious to others. Do you imply there should be root passwords? Or administrator accounts with sudo? Default setups take both approaches and it is not very probable all previous admins did chnage that to some standard way of working... What about routers and other network gear? What about a password to at least one sudoers account in order to manage accounts?
Just to show there is some debate: Sudo vs Root, although I prefer the sudo approach.
I'm sorry, this must be a misunderstanding. I derived the sexual connotation from the word "fan" and its diminutive "fanny".
For Universal Continuous Knowledge Inducing Nipping of Guiness: cheers...
I will say that self documenting words (just like self documenting code) require a minimum intelligence level.
And perspective, context. "Search that man" means something different when uttered by a customs official, somebody playing hide and seek or a police officer.
My hard-learned experience is that in natural language we need a reasonable amount of redundant information in order to capture the intended meaning.
I'm wondering what percentile of the US population you represented to get the "fan fucking" + "elastic" conclusion.
I'm sorry, I live completely outside that IQ-Gauss curve - hint: non-US
Excel is involved. All the advantages of a pointy-clickety interface that goes to sleep when the user is inactive. My guess is that Excel implements some non-OS sleep functionality similar to their non-OS multiple document window.
Anybody 'smart' enough to use Excel for data input/migration/transformation should be kept occupied by wriggling their mouse in the interest of their employer.
Unfortunately, many sites require you to set up a secret question for password recovery. Disabling that facility is actually desirable if you want to enjoy the strength of password security.
It is what Bruce Schneier described he does in the article behind the last link.
Tackle the biggest issues first, the smaller issues become the biggest.
For my personal context that means: car (100), heating (73), electricity (26), exotic food imports (3)...
My next car will have about 25% more fuel efficiency, and if I drive 20% less distance I will bring the weighted score for my car to 60. Or a 20% improvement of my energy consumption (40/(100+73+26))
Now, what would be the effect if I was planning on how to buy more environmental friendly toiletpaper? 0.001 points (haven't got any actual data to back that up), but worse, I would be side tracked and not tackle things that have a big impact.
The primary difference between a cult and a religion is that in a religion, all of the information about it is openly and freely exchanged to the maximum extent that anyone who believes in the religion is capable. A cult, however, keeps some aspects of their beliefs and practices to themselves, revealing certain details only to trusted associates that are also within the cult.
Religion: "The truth I believe in - involving some deity."
Cult: "The misguided beliefs of others - involving some deity."
I was too eager to explain, without actually answering, sorry.
soon as one client is somehow compromised you would have root access to every server
If one client is compromised, only that client is compromised. As long as the administrators [Mine] is not compromised.
Most ssh guides that talk about keyfiles actually suggest to protect them with a password
That is a local issue on [Mine]: have a password for your keystore to access your private key. In the scenario where you manage the multiple clients or servers from a single box, [Mine], interactively, you would be prompted for a password to your keystore ONCE.
If you want to do that via a cron job or something, use a dedicated user account on [Mine] and don't have a password on that users keystore...
I use one box [Mine] to administrate [a lot off] other boxes.
Those other boxes have an account xxx to administer them, and during setup install sshd and allow for passwordless login, generate the necessary ssh PKI keys (ssh-keygen) and publish the public key to my [Mine] (ssh-copy-id).
Now I can log in to [a lot off] boxes from [Mine] with xxx without a password for xxx@somebox
Slashdot Mirror
Ok,then I agree: without knowing the passwords, you're locked out and can't administrate.
No. Probably completely deserved his pay.
I only wish the chief technician told me where my predecessor had hidden the note with the passwords.
Then ask the cleaning lady. Duh!
I figured a lot of critical systems are missing root password, including Linux, AIX, HP/UX and SCO Unixware.
You:
How to maintain security on a network without root passwords ?
Your rhetorical question is really not that obvious to others. Do you imply there should be root passwords? Or administrator accounts with sudo? Default setups take both approaches and it is not very probable all previous admins did chnage that to some standard way of working... What about routers and other network gear? What about a password to at least one sudoers account in order to manage accounts?
Just to show there is some debate: Sudo vs Root, although I prefer the sudo approach.
I'd buy you a beer, you sensitive American, but that ocean is an inconvenience...
I'm sorry, this must be a misunderstanding. I derived the sexual connotation from the word "fan" and its diminutive "fanny". For Universal Continuous Knowledge Inducing Nipping of Guiness: cheers...
"2. The should perform root cause analysis to determine the underlying problem and remove it permanently."
You have a very strange idea of the concept of a service desk. Please tell me more about your utopian company.
It's something they teach in ITIL. Some companies have way too much money and resources to survive^H^H^H^H^H^H^H spend on these things.
I will say that self documenting words (just like self documenting code) require a minimum intelligence level.
And perspective, context. "Search that man" means something different when uttered by a customs official, somebody playing hide and seek or a police officer.
My hard-learned experience is that in natural language we need a reasonable amount of redundant information in order to capture the intended meaning.
I'm wondering what percentile of the US population you represented to get the "fan fucking" + "elastic" conclusion.
I'm sorry, I live completely outside that IQ-Gauss curve - hint: non-US
Excel is involved. All the advantages of a pointy-clickety interface that goes to sleep when the user is inactive. My guess is that Excel implements some non-OS sleep functionality similar to their non-OS multiple document window.
Anybody 'smart' enough to use Excel for data input/migration/transformation should be kept occupied by wriggling their mouse in the interest of their employer.
[...] self documenting and shouldn't have a definition [...] fan-fucking-tastic for example.
I understand what 'fan-fucking' means and 'tastic' is probably related to 'elastic' in some way, but the sexual perversities they invent these days...
Why should it give you nightmares? Do you really want politicians to sit there and debate about everything and not actually get anything done?
Your reasoning is an example of a 'false dilemma'. Lawmakers and members of the executive branch should debate everything AND get things done.
'Getting things done' without the possibility of debate is dictatorship.
Unfortunately, many sites require you to set up a secret question for password recovery. Disabling that facility is actually desirable if you want to enjoy the strength of password security.
It is what Bruce Schneier described he does in the article behind the last link.
If I had to guess I would say the future involves more of a fusion of console and PC rather than a back and forth.
But will it run Linux?
inflammable in French means flammable (or inflammable) in English. Maybe some linguistic contamination? Ininflammable means non-flammable.
Eye two thing dose spelt checkers r a mazing.
brothke, I'm watching you, you're out off line! -- B. Brother
TFA also has a blurb about "sustainable" bricks... made out of cow dung.
That's just bullshit
If my tax dollars pay for it, it's public. [...] The gov't can't boot out citizens.
Let's all go protest in the Oval Office or the Pentagon then... Somehow I suspect it wouldn't work out exactly as you expect.
Yeah, but nobody likes old porn
Soy ink? Why the hell not?
Tackle the biggest issues first, the smaller issues become the biggest.
For my personal context that means: car (100), heating (73), electricity (26), exotic food imports (3)...
My next car will have about 25% more fuel efficiency, and if I drive 20% less distance I will bring the weighted score for my car to 60. Or a 20% improvement of my energy consumption (40/(100+73+26))
Now, what would be the effect if I was planning on how to buy more environmental friendly toiletpaper? 0.001 points (haven't got any actual data to back that up), but worse, I would be side tracked and not tackle things that have a big impact.
It's because story links to the second page
Yours, Captain Obvious
So you're the one that actually RTFA?
The primary difference between a cult and a religion is that in a religion, all of the information about it is openly and freely exchanged to the maximum extent that anyone who believes in the religion is capable. A cult, however, keeps some aspects of their beliefs and practices to themselves, revealing certain details only to trusted associates that are also within the cult.
after #3. MyDoom, there's no jump, no next page, just the copy right notice, am i missing something?
On #2 there is a virus so secretive, that any mention of it's name deletes the entire paragraph on any webpage.
On #1 thWHERE paragraphId=254369;
I was too eager to explain, without actually answering, sorry.
soon as one client is somehow compromised you would have root access to every server
If one client is compromised, only that client is compromised. As long as the administrators [Mine] is not compromised.
Most ssh guides that talk about keyfiles actually suggest to protect them with a password
That is a local issue on [Mine]: have a password for your keystore to access your private key. In the scenario where you manage the multiple clients or servers from a single box, [Mine], interactively, you would be prompted for a password to your keystore ONCE.
If you want to do that via a cron job or something, use a dedicated user account on [Mine] and don't have a password on that users keystore...
I use one box [Mine] to administrate [a lot off] other boxes.
Those other boxes have an account xxx to administer them, and during setup install sshd and allow for passwordless login, generate the necessary ssh PKI keys (ssh-keygen) and publish the public key to my [Mine] (ssh-copy-id).
Now I can log in to [a lot off] boxes from [Mine] with xxx without a password for xxx@somebox
There is a very decent article for Ubuntu: AutomatedNodeDeployment#SSH