| 1 |
On 6/26/20 4:36 PM, Jack wrote: |
| 2 |
> On 2020.06.26 16:03, james wrote: |
| 3 |
>> On 6/26/20 12:38 PM, Daniel Frey wrote: |
| 4 |
>>> On 6/20/20 7:04 PM, William Kenworthy wrote: |
| 5 |
>>>> Thanks for filing the bug. |
| 6 |
>>> |
| 7 |
>>> Gah! I forgot about this! |
| 8 |
>>> |
| 9 |
>>> I filed a bug now, I hope I made it clear enough. Others can pipe in |
| 10 |
>>> there with comments if they like. |
| 11 |
>>> |
| 12 |
>>> I did indicate the two potential proposals to correct the issue in |
| 13 |
>>> the bug itself. |
| 14 |
>>> |
| 15 |
>>> https://bugs.gentoo.org/729752 |
| 16 |
>>> |
| 17 |
>>> Dan |
| 18 |
>> |
| 19 |
>> BEFORE I contribute to this bug, I'm posting here to see if others are |
| 20 |
>> or have interest, in my thoughts on this issue and my related needs |
| 21 |
>> for extreme security, via Gentoo. Below is far from complete, but it |
| 22 |
>> only provides a very snippets of my (secure) pathway forward with Gentoo. |
| 23 |
>> |
| 24 |
>> Interesting thread, thanks to all contributors. I'd like to add 'my |
| 25 |
>> selfish' interest, as they also be espoused by other, more focused, |
| 26 |
>> gentoo users. |
| 27 |
>> |
| 28 |
>> INTRO: |
| 29 |
>> |
| 30 |
>> I rarely build gentoo systems, for many reasons, that are not pretty |
| 31 |
>> singularly focused. It drastically reduces security, performance and |
| 32 |
>> upgrade issues. For me, the days of a any system, having groups or |
| 33 |
>> users, are in the history books of very bad ideas. uP are so cheap and |
| 34 |
>> less than $100, gets you a very 'bad ass' computer (Rasp. Pi 4+) 16 G |
| 35 |
>> map-able ram. Furthermore, SOON, usb_4 devices are going to obsolete |
| 36 |
>> the entire concept of a 'hard drive'; hence the death (my prediction) |
| 37 |
>> of groups and users on multi-USER systems, albeit slowly. |
| 38 |
>> |
| 39 |
>> Multi-function, Multi-tasking, and light weight, focused transient |
| 40 |
>> clusters are the future. YMMV. |
| 41 |
>> |
| 42 |
>> |
| 43 |
>> So solving a problem, that was real and big, decades ago, fails to |
| 44 |
>> look at the future. For me, Gentoo is future proof. I suggest a well |
| 45 |
>> documented pathway forward; totally without the concept of groups and |
| 46 |
>> users, on a typical, highly secure system. Which is now the baseline |
| 47 |
>> for real systems, particularly with a ipv4 or ipv6 static ip, that |
| 48 |
>> provide focused and highly restricted functionalities. CA servers are |
| 49 |
>> going private, as the public and root CA servers, are suspect, at |
| 50 |
>> best, as to being pristinely secure. Yes boys and girls most |
| 51 |
>> Certificate Authorities are HACK! Even the main root CAs. |
| 52 |
>> |
| 53 |
>> The F. Feds are the original culprits, but now it is a feeding frenzy. |
| 54 |
>> The planet is now hacked, and groups and users concepts are the past. |
| 55 |
>> imho! Danger Will Robinson Danger! |
| 56 |
>> |
| 57 |
>> So can some of the smarter (gentoo) folks illuminate how to totally |
| 58 |
>> avoid groups and users, except for the minimum required, application |
| 59 |
>> specific? For example like serial line tools, or outline a set of |
| 60 |
>> tweaks/setting to avoid these altogether? |
| 61 |
>> |
| 62 |
>> I build embedded G. systems. I build single purpose G systems. I build |
| 63 |
>> security G. systems (often with the ethernet, in only listen mode. I |
| 64 |
>> build G. Firewalls. |
| 65 |
>> I build G. highly restricted/filtered servers. NONE of those need |
| 66 |
>> users or groups. And if they do, I can obfuscate codes to provide that |
| 67 |
>> need, to where filters and focused software gets what it needs to |
| 68 |
>> provide functions. |
| 69 |
>> |
| 70 |
>> Yep, I'm moving to a total 'State_Machine_design' for critical |
| 71 |
>> services. Strip out every thing else..... |
| 72 |
>> |
| 73 |
>> Am I alone, or have/are others contemplating such high secure |
| 74 |
>> pathways? I'd be fantastic to find a kernel hacker that is on the |
| 75 |
>> pathway of extreme minimization too; private email is fine; if that is |
| 76 |
>> in your wheel_house. |
| 77 |
>> |
| 78 |
>> |
| 79 |
>> curiously alone?, |
| 80 |
>> James |
| 81 |
> While you may not be alone, I do believe you're in a rather small |
| 82 |
> group.? There are probably more who are interested in watching it |
| 83 |
> progress than who can actually participate and contribute.? And while |
| 84 |
> what you propose may well be part of the future, and it may even be a |
| 85 |
> large part of it, it won't be so anywhere near soon enough to avoid the |
| 86 |
> need to continue to improve current systems, even if the improvements |
| 87 |
> are only usability related, and not directly related to security. |
| 88 |
|
| 89 |
Yep, Yep Yep. |
| 90 |
|
| 91 |
Um, now covid hit. We've been promised much more from the next 'virus'. |
| 92 |
Massive security problems, for all OSes, dispersed computational issues |
| 93 |
and such. So, a vision (dream?) of total self sufficiency, with packets |
| 94 |
of really secure content traversing the fibers of the world, and a few |
| 95 |
smart, empower techies running a given hub, sure we can solve the |
| 96 |
security issues. However, the big webs are mere wide spots on the |
| 97 |
highway and should readily be "dynamically" replaceable; never |
| 98 |
critically necessary for any astute user. |
| 99 |
|
| 100 |
And the F. Feds and their overseas counterpart? |
| 101 |
Are left behind in the dust, for good. I think you'll see a US |
| 102 |
presidential candidate, whom constitutionally, recognzes the US citizens |
| 103 |
have a fundamental (God given?) right to superior security, as long as |
| 104 |
they have a very clean legal record. Boy that's a twist: well behave |
| 105 |
citizens get superior security righs to F. Feds? Boy, that's going to be |
| 106 |
a popular idea, methinks. Actually, there are many Christian lawyers, |
| 107 |
who know of ancient documents and USA historical documents and letters |
| 108 |
that expound on those documents, where this is well established. NO |
| 109 |
questions atm. Let folks do their own research. |
| 110 |
|
| 111 |
We'll get there sooner than you expect...... Bank on it! |
| 112 |
WE have to, otherwise the US banking system is DOA. |
| 113 |
|
| 114 |
> This |
| 115 |
> current issue is nothing more than an annoyance, but it's a major |
| 116 |
> annoyance for many Gentoo users, possibly more-so for the more casual |
| 117 |
> users.? (Is "casual Gentoo user" an oxymoron?)? As the bug proposes, |
| 118 |
> there are ways of solving it without decreasing security. |
| 119 |
> Jack |
| 120 |
|
| 121 |
|
| 122 |
Jack, Jack, Jack. |
| 123 |
|
| 124 |
VIVA LA REVELUTION! |
| 125 |
and you started it all? |
| 126 |
|
| 127 |
|
| 128 |
The USA is currently the longest standing government. The stench of what |
| 129 |
"our" legal system has become, well it's insufferable even by many of |
| 130 |
the brilliant legal minds whom have pretty much had enough of the big |
| 131 |
corporations running destructively, over what rights the founders of |
| 132 |
this great nation intended. |
| 133 |
|
| 134 |
Lawyers, above the law? That needs to be fixed, yesterday. WE, the folks |
| 135 |
in good standing, have rights that supersede the legal morass of what |
| 136 |
the judiciary and executive branch have done by giving our rights away |
| 137 |
to the Corporations. |
| 138 |
|
| 139 |
Be long, Be strong, but most importantly, Be for the benefit of equality |
| 140 |
of all. Rights to privacy are fundamental rights and I'd remind everyone |
| 141 |
that many have died for OUR RIGHTS. |
| 142 |
|
| 143 |
|
| 144 |
hth, |
| 145 |
James |
Archives