1 |
On 6/26/20 4:36 PM, Jack wrote: |
2 |
> On 2020.06.26 16:03, james wrote: |
3 |
>> On 6/26/20 12:38 PM, Daniel Frey wrote: |
4 |
>>> On 6/20/20 7:04 PM, William Kenworthy wrote: |
5 |
>>>> Thanks for filing the bug. |
6 |
>>> |
7 |
>>> Gah! I forgot about this! |
8 |
>>> |
9 |
>>> I filed a bug now, I hope I made it clear enough. Others can pipe in |
10 |
>>> there with comments if they like. |
11 |
>>> |
12 |
>>> I did indicate the two potential proposals to correct the issue in |
13 |
>>> the bug itself. |
14 |
>>> |
15 |
>>> https://bugs.gentoo.org/729752 |
16 |
>>> |
17 |
>>> Dan |
18 |
>> |
19 |
>> BEFORE I contribute to this bug, I'm posting here to see if others are |
20 |
>> or have interest, in my thoughts on this issue and my related needs |
21 |
>> for extreme security, via Gentoo. Below is far from complete, but it |
22 |
>> only provides a very snippets of my (secure) pathway forward with Gentoo. |
23 |
>> |
24 |
>> Interesting thread, thanks to all contributors. I'd like to add 'my |
25 |
>> selfish' interest, as they also be espoused by other, more focused, |
26 |
>> gentoo users. |
27 |
>> |
28 |
>> INTRO: |
29 |
>> |
30 |
>> I rarely build gentoo systems, for many reasons, that are not pretty |
31 |
>> singularly focused. It drastically reduces security, performance and |
32 |
>> upgrade issues. For me, the days of a any system, having groups or |
33 |
>> users, are in the history books of very bad ideas. uP are so cheap and |
34 |
>> less than $100, gets you a very 'bad ass' computer (Rasp. Pi 4+) 16 G |
35 |
>> map-able ram. Furthermore, SOON, usb_4 devices are going to obsolete |
36 |
>> the entire concept of a 'hard drive'; hence the death (my prediction) |
37 |
>> of groups and users on multi-USER systems, albeit slowly. |
38 |
>> |
39 |
>> Multi-function, Multi-tasking, and light weight, focused transient |
40 |
>> clusters are the future. YMMV. |
41 |
>> |
42 |
>> |
43 |
>> So solving a problem, that was real and big, decades ago, fails to |
44 |
>> look at the future. For me, Gentoo is future proof. I suggest a well |
45 |
>> documented pathway forward; totally without the concept of groups and |
46 |
>> users, on a typical, highly secure system. Which is now the baseline |
47 |
>> for real systems, particularly with a ipv4 or ipv6 static ip, that |
48 |
>> provide focused and highly restricted functionalities. CA servers are |
49 |
>> going private, as the public and root CA servers, are suspect, at |
50 |
>> best, as to being pristinely secure. Yes boys and girls most |
51 |
>> Certificate Authorities are HACK! Even the main root CAs. |
52 |
>> |
53 |
>> The F. Feds are the original culprits, but now it is a feeding frenzy. |
54 |
>> The planet is now hacked, and groups and users concepts are the past. |
55 |
>> imho! Danger Will Robinson Danger! |
56 |
>> |
57 |
>> So can some of the smarter (gentoo) folks illuminate how to totally |
58 |
>> avoid groups and users, except for the minimum required, application |
59 |
>> specific? For example like serial line tools, or outline a set of |
60 |
>> tweaks/setting to avoid these altogether? |
61 |
>> |
62 |
>> I build embedded G. systems. I build single purpose G systems. I build |
63 |
>> security G. systems (often with the ethernet, in only listen mode. I |
64 |
>> build G. Firewalls. |
65 |
>> I build G. highly restricted/filtered servers. NONE of those need |
66 |
>> users or groups. And if they do, I can obfuscate codes to provide that |
67 |
>> need, to where filters and focused software gets what it needs to |
68 |
>> provide functions. |
69 |
>> |
70 |
>> Yep, I'm moving to a total 'State_Machine_design' for critical |
71 |
>> services. Strip out every thing else..... |
72 |
>> |
73 |
>> Am I alone, or have/are others contemplating such high secure |
74 |
>> pathways? I'd be fantastic to find a kernel hacker that is on the |
75 |
>> pathway of extreme minimization too; private email is fine; if that is |
76 |
>> in your wheel_house. |
77 |
>> |
78 |
>> |
79 |
>> curiously alone?, |
80 |
>> James |
81 |
> While you may not be alone, I do believe you're in a rather small |
82 |
> group.? There are probably more who are interested in watching it |
83 |
> progress than who can actually participate and contribute.? And while |
84 |
> what you propose may well be part of the future, and it may even be a |
85 |
> large part of it, it won't be so anywhere near soon enough to avoid the |
86 |
> need to continue to improve current systems, even if the improvements |
87 |
> are only usability related, and not directly related to security. |
88 |
|
89 |
Yep, Yep Yep. |
90 |
|
91 |
Um, now covid hit. We've been promised much more from the next 'virus'. |
92 |
Massive security problems, for all OSes, dispersed computational issues |
93 |
and such. So, a vision (dream?) of total self sufficiency, with packets |
94 |
of really secure content traversing the fibers of the world, and a few |
95 |
smart, empower techies running a given hub, sure we can solve the |
96 |
security issues. However, the big webs are mere wide spots on the |
97 |
highway and should readily be "dynamically" replaceable; never |
98 |
critically necessary for any astute user. |
99 |
|
100 |
And the F. Feds and their overseas counterpart? |
101 |
Are left behind in the dust, for good. I think you'll see a US |
102 |
presidential candidate, whom constitutionally, recognzes the US citizens |
103 |
have a fundamental (God given?) right to superior security, as long as |
104 |
they have a very clean legal record. Boy that's a twist: well behave |
105 |
citizens get superior security righs to F. Feds? Boy, that's going to be |
106 |
a popular idea, methinks. Actually, there are many Christian lawyers, |
107 |
who know of ancient documents and USA historical documents and letters |
108 |
that expound on those documents, where this is well established. NO |
109 |
questions atm. Let folks do their own research. |
110 |
|
111 |
We'll get there sooner than you expect...... Bank on it! |
112 |
WE have to, otherwise the US banking system is DOA. |
113 |
|
114 |
> This |
115 |
> current issue is nothing more than an annoyance, but it's a major |
116 |
> annoyance for many Gentoo users, possibly more-so for the more casual |
117 |
> users.? (Is "casual Gentoo user" an oxymoron?)? As the bug proposes, |
118 |
> there are ways of solving it without decreasing security. |
119 |
> Jack |
120 |
|
121 |
|
122 |
Jack, Jack, Jack. |
123 |
|
124 |
VIVA LA REVELUTION! |
125 |
and you started it all? |
126 |
|
127 |
|
128 |
The USA is currently the longest standing government. The stench of what |
129 |
"our" legal system has become, well it's insufferable even by many of |
130 |
the brilliant legal minds whom have pretty much had enough of the big |
131 |
corporations running destructively, over what rights the founders of |
132 |
this great nation intended. |
133 |
|
134 |
Lawyers, above the law? That needs to be fixed, yesterday. WE, the folks |
135 |
in good standing, have rights that supersede the legal morass of what |
136 |
the judiciary and executive branch have done by giving our rights away |
137 |
to the Corporations. |
138 |
|
139 |
Be long, Be strong, but most importantly, Be for the benefit of equality |
140 |
of all. Rights to privacy are fundamental rights and I'd remind everyone |
141 |
that many have died for OUR RIGHTS. |
142 |
|
143 |
|
144 |
hth, |
145 |
James |