Forgot your password?
typodupeerror

Comment: Re:Wrong paradigm here (Score 1) 186

by PetiePooo (#46671873) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

Ok, seems like you're trying to do things the windows way, i.e. blocking outbound connections based which application is running. Things are not done that way on Linux. Outbound connections are open and most of us are fine with it.

The Window Firewall, the original BlackIce for Windows, and AVG as well, I believe, all fall in the category of Application Firewalls, as they base their actions with knowledge of the application holding the IP connection endpoint. IPtables is a Stateful Firewall, so named because it relies solely on the connection's state, without regard to the application at the sending or receiving end of the connection.

The Application Firewall link above actually does have some suggestions about how such things can be handled on Linux using utilities others have described. Mandatory Access Control tools such as SELinux and grsecurity can allow or deny access to resources (such as the network interface) to applications, but I don't believe they have fine-grained controls for conditional access based on IPs or ports.

None of these are as easy to use as AVG for Windows is.. (This could be the new definition of "understatement!") In fact, I would like to think I know Linux quite well, have used it as a desktop and server platform for years, have written patches for kernel modules, and can configure a solid IPtables firewall ruleset from scratch, but AppArmor and SELinux still scare me...

There's a link here describing how to mark packets based on an application's uid (user). This might be a basis for controlling permissions per app, but you're talking about a very complex IPtables ruleset. Definitely not for someone only two days into their Linux journey.

Comment: Re:congrats guys and gals (Score 1) 293

Now contrast this statement from the recent "STFU" response to AT&T's shareholders. And the complete silence from Verizon, whose name was on the first round of the salvo.

At least these eight are making noise, rather than just hoping the issue fades from the public's consciousness. Here's wishing there was a telecom provider that wasn't so obviously in bed with the spooks...

Comment: Re:I don't suppose... (Score 1) 622

So are you saying that if the files had been encrypted, they wouldn't have been confiscated, all of this would not have happened?

What else precautions one should make not to become the victim of one's own government? Is leaving home allowed? Is there a list of approved websites to visit?

You are making the case that the government is a bullying criminal. And while you can and perhaps should avoid getting the attention of a hooligan/bully/criminal, the government is at least in principle there for you. And in my mind this makes the situation completely different. One shouldn't bow to bullies, but having a bullying government is worse.

And yes, of course the files should have been encrypted. I wonder if they would have detained her in that case.

If the files had been encrypted (after transcription, if needed), then this would be a case about overreaching warrants and illegal government actions, not a case about overreaching warrants, illegal government actions, and wrongful terminations, as that last item will undoubtedly be the end result of the intelligence DHS has collected on the whistle-blowers.

You are right in that she shouldn't have to protect herself and her informants from the government, but such is the imperfect world we find ourselves in while we try to dig our way out of it. She failed her informants. She should have known better than to depend on legal principle to protect her informants from the current administration.

Comment: Re:About Jeff (Score 1) 114

by PetiePooo (#44825863) Attached to: The Windows Flaw That Cracks Amazon Web Services
I did say his research skills could use some polish. And I figure one more developer that is at least semi-aware of security is a good thing. Many don't even consider the security implications of what they write.

Yes, I did enjoy it. So you didn't. To each his own.

p.s. Vitriol is no way to go through life, son.

Comment: About Jeff (Score 2) 114

by PetiePooo (#44821665) Attached to: The Windows Flaw That Cracks Amazon Web Services

Jeff Cogswell is the author of several tech books including “C++ All-In-One Desk Reference For Dummies,” “C++ Cookbook,” and “Designing Highly Useable Software.” A software engineer for over 20 years, Jeff has written extensively on many different development topics. An expert in C++ and JavaScript, he has experience starting from low-level C development on Linux, up through modern Web development in JavaScript and jQuery, PHP, and ASP.NET MVC.

Good job, Jeff! Welcome to the exciting world of security research!

I applaud you for (re)discovering these techniques on your own. Your out-of-box thinking and problem solving are to be commended, but your research skills could use some polish. Please don't let the negative comments above discourage you from exploring this rewarding field of knowledge, however I would recommend you run your findings by some existing security folks before announcing your next big discovery, lest you find you're just rehashing something else that has long been known.

Seriously; good job! I enjoyed reading how you worked your way up to your conclusions, even though I knew from the start how it would end...

Comment: Re:Linus, you are a bully (Score 1) 566

by PetiePooo (#44808121) Attached to: Linus Responds To RdRand Petition With Scorn
I should add that your sentiment of "we know better than you so you should trust us" is exactly what the government is spewing, and you see how well that's working.

While the kernel source is the epitome of transparency, and the NSA is the exact opposite, there will always be people who cannot or will not read the source. That does not mean they don't want to know some of the details so they can make informed decisions. That curiosity should be welcomed, not derided.

Comment: Linus, you are a bully (Score 1) 566

by PetiePooo (#44807915) Attached to: Linus Responds To RdRand Petition With Scorn
While I respect your technical prowess and make great use of your work, every time you go off like this, you move a little further down the "crackpot" scale. You know, the one anchored firmly by RMS...

Instead of blowing a gasket, why not nicely suggest that a read of the source code will show that rdrand is just one of the entropy sources used, and it is used in such a way that it cannot compromise the end result. Vitriol is no way to go through life, son.

"Regardless of the legal speed limit, your Buick must be operated at speeds faster than 85 MPH (140kph)." -- 1987 Buick Grand National owners manual.

Working...