Where I ork ($WEUSEDTOBUILDMAINFRAMES), we had two largish federal
contracts run out of the building my cube is in. This year both of
those contracts have moved on to greener pastures, so those of us
sysadmins left here[0] have been moving on to other work.
Now, one would expect that with a much-reduced workload, just as much
project management running around, and fewer sysadmins, that
processes might be retooled for higher efficiency and more reliable
delivery. Well, actually, one wouldn't, because we all know better,
and in fact the main project I'm currently assigned to has no plan at
all.
No, really. What they laughingly called a build spec was "insert Red
Hat Enterprise Linux DVD, and install OS on the system"[1]. Security
planning was still a to-do. Well, they got *exactly* what they asked
for (a bog-standard RHEL 5 install with minimal hardening) and now
they're upset about it because the security standards (that didn't
exist at install time) aren't being met. And the minimal hardening
that was done post-install has caused them grief because as near as I
can tell, their Oracle DBAs are 100% Grade-A clueless morons[2].
It's actually far worse than it sounds there; seemingly not a day goes
by that I don't get a phone call about this or that component of the
app stack that needs to be ripped apart and redone, or something "needs"
rebooting for a reason that makes no sense whatsoever, or something
similarly distant from anything approaching reasonable.
Ah well, I finally took the VMware VCP exam and passed it, so hopefully
better things are coming my way[3]. -- Joe
[0] Most of the admins have left to follow one contract or the other to
the new contractors. Being the least senior admin involved in both,
this has yet to be an option for me.
[1] I'm not kidding.
[2] What is it about Oracle? Every project I've worked on that had
expensive Oracle DBAs, those same DBAs knew incredibly little about
things like "why allowing remote root login is the *wrong* thing".
[3] Yes, I know better.
> "Why do you have sudo on your workstation?" (not heard that one yet)
I use GangsterHat, and infest one of their help fora. I'm constantly
amused by the number of people there using that distro at home, with no
other user who insist on using that for admin. IMAO, if that's the way
they want to do things, they should just use African and be done with it.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
It's a funny world out there, and the only things that come in
absolute black and white are squad cars.
> On Sat, 02 Jan 2010 22:59:03 +0000, Satya wrote:
>
>> "Why do you have sudo on your workstation?" (not heard that one yet)
>
> I use GangsterHat, and infest one of their help fora. I'm constantly
> amused by the number of people there using that distro at home, with no
> other user who insist on using that for admin. IMAO, if that's the way
> they want to do things, they should just use African and be done with it.
I am really quite puzzled as to why you find it amusing that people
would decide to use a non-privileged account most of the time and use
sudo for those occasional times they truly require privileged access,
since that sounds like perfectly reasonable practice to me. Or why you
think Hohagh does any better at that. I can't imagine that you're
thinking that those people should just use root all the time. But maybe
I've been a sysadmin and a UNIX weenie for too long. Actually, long
enough that my habit is to use su instead of sudo mainly because su has
always been there while sudo is a bit of a latecomer and often not part
of the initial installation.
--
Steve VanDevender "I ride the big iron" http://hexadecimal.uoregon.edu/
ste...@hexadecimal.uoregon.edu PGP keyprint 4AD7AF61F0B9DE87 522902969C0A7EE8
Little things break, circuitry burns / Time flies while my little world turns
Every day comes, every day goes / 100 years and nobody shows -- Happy Rhodes
>> I use GangsterHat, and infest one of their help fora.
> *BLAM*
Arguably, after a preposition the ablative might have been used.
But for English usage, in my opinion the accusative is just fine.
Perhaps better.
Tebrgwrf,
Maarten Wiltink
> I can't imagine that you're
> thinking that those people should just use root all the time.
Absolutely not! To me, sudo is a tool used to allow people who don't
have the root password *limited* access to root. If it's your box and
you set it up, you know the root password, or should and there's no need
for sudo IMAO.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
When all you have is a stick, every problem looks like a kneecap.
http://www.lasfs.info http://www.zeff.us
> Absolutely not! To me, sudo is a tool used to allow people who don't have
> the root password *limited* access to root. If it's your box and you set
> it up, you know the root password, or should and there's no need for sudo
> IMAO.
I tend to have a bet each way. sudo is nice because that extra bit of
typing at the start is a reminder that you're about to do something that
could have consequences. If I'm going to be doing a fair bit of admin work
I'll use su (often as sudo su to save me retyping a password, because I'm
lazy).
sudo is not just limited to Hohagh for admin stuff. If you're playing with
kitty cats it's rather useful as well.
--
Dave Hughes - da...@hired-goons.net
"Soon we will be able to harness the rotational energy from Orwell's
grave to solve all world energy problems" - GigsVT
AIUI, the main benefit to using sudo instead of having a shell-enabled
root account is that it makes it harder to gain root access via an
exploit. There is no root password to know and no root shell to obtain,
but the concept of UID 0 still exists.
I have however run across software (which may or may not have been from a
company now owned by $WEMAKEYELLOWSOFTWARE) which would not work with sudo
because it depended on invoking `su -` and using the root password itself.
I did make it work with sudo eventually anyway (UI left as an exercise for
the reader). -- Joe
> AIUI, the main benefit to using sudo instead of having a shell-enabled
> root account is that it makes it harder to gain root access via an
> exploit. There is no root password to know and no root shell to obtain,
> but the concept of UID 0 still exists.
Vs lbh unir fhqb(NYY) naq pna gryarg/ffu va, gurer'f abguvat gb fgbc lbh
sebz hfvat fhqb fh. I do hope that's not UI for anybody who belongs here.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
I'd interpreted that as 'why are you being an unauditable security
risk by allowing yourself to do things as root on your workstation
without getting a change request form filled by the IT department',
and everyone else seems to have read it as 'what's wrong with su'.
I've had a job with the former protocol and now have a 'the NFS server
is here; the LDAP server is here; here's your new workstation, please
put an OS on it' one. I think it makes me more productive, and when
developing commercial software for Linux it's quite useful to have
four distributions across the six programmers; if it breaks on any of
them we notice at once, and if it works on all four it's probably not
going to fail too badly on other ones.
Tom
Abg vs ebbg qbrfa'g unir na vagrenpgvir furyy frg. Which I thought was
the default for Hohagh but in looking at my own system, I'm not so sure.
Maybe time to fire up a VM and test.
I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
as is the default on RatCorpse, the security benefits of administering via
sudo are minimal at best. -- Joe
> I'd interpreted that as 'why are you being an unauditable security risk
> by allowing yourself to do things as root on your workstation without
> getting a change request form filled by the IT department', and everyone
> else seems to have read it as 'what's wrong with su'.
And I'm thinking in terms of, "It's your home box; nobody uses it except
you. Why bother with sudo if you've got su?"
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
"If you haven't seen it, it's new to you."
It's better than the opposite extreme, which is to use root as a user account.
I think that the Hohagh (or Znp BF K) use of sudo is pretty good practice
for lusers. It gets them being root for a minimal amount of time, which is a
habit which otherwise seems hard to instil even with a heavy-weight cluebat.
And, sudo works just as well in RH as in Hohagh.
And I never use sudo to reboot, poweroff or invocations of init. It's
bad enough when I restart the wrong service because of being rather
too careless with history expansion.
--
TimC
You're trying to trick me into being intelligent. It won't work.
-- David P. Murphy in ASR
Consistency with what you do at work - if you're using sudo all the
time at work, it requires less thinking to just keep using it at home.
Ultimately, though, who cares? Really, I just don't understand why
this is such a hot issue ...
>AIUI, the main benefit to using sudo instead of having a shell-enabled
>root account is that it makes it harder to gain root access via an
>exploit. There is no root password to know and no root shell to obtain,
>but the concept of UID 0 still exists.
Of course, there's no particular reason why it would be any more
difficult for an exploit to get a root shell whether or not it has a
password or a shell in /etc/passwd, whereas having sudo (and using the
user's normal login password) gives an attacker with a sniffed (or
social-engineered) password access to everything the user can do.
At work, the root accounts allow logins, but we don't tell the lusers
the root password (I hope that would be obvious). We generally use
ksu for administration and sudo for the users (who we allow to get a
shell, so we're completely vulnerable to the password-sniffing attack
too). I don't know what the root password on the workstations is.
(There's also an ssh key that has root access to everything, which is
not normally used, and which I also don't have.)
At home, I also use ksu for admin, but I [UI deleted] so that only I
can log in, and only with Kerberos or public-key. (I would do without
the public-key stuff were there not far too many ssh clients I find
myself needing to use that can't (reliably) use Kerberos.) Same for
my server (although it has an ELOM so it's possible to log in as root
on the console).
-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wol...@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993
Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
even get it into their heads that "fhqb fh" would be a useful thing to
type. If you actually mean "fhqb fu", just fscking type that! (And
if you set up fhqb to allow "fh" and not "fu", you're an idiot.)
-GAWollman
[1] And I've seen it done before my own eyes.
> Joe Zeff <the.guy.with....@lasfs.info> wrote:
>> sebz hfvat fhqb fh.
>
> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
> even get it into their heads that "fhqb fh" would be a useful thing to
> type. If you actually mean "fhqb fu", just fscking type that!
For us perverts with our mariachi-enabled shells, there's a better way
to do that, without even typing any more characters.
--
(let ((C call-with-current-continuation)) (apply (lambda (x y) (x y)) (map
((lambda (r) ((C C) (lambda (s) (r (lambda l (apply (s s) l)))))) (lambda
(f) (lambda (l) (if (null? l) C (lambda (k) (display (car l)) ((f (cdr l))
(C k))))))) '((#\J #\d #\D #\v #\s) (#\e #\space #\a #\i #\newline)))))
fhqb fu and [fhqb] fh are not equivalent.
If you know root's password you might as well fh, but somebody given
root access only through fhqb might well fhqb fh (or fhqb fh -). -- Joe
>Absolutely not! To me, sudo is a tool used to allow people who don't
>have the root password *limited* access to root. If it's your box and
>you set it up, you know the root password, or should and there's no need
>for sudo IMAO.
Google for "belt and suspenders". Just because I know the root password
doesn't mean that I want to log on to root for routine work. And, no, I
don't want to use su in order to issue a single command; there's less
chance of error with sudo. If this is UI, Bog help you.
ISAGN: a version of sudo that requires a physical security key in addition
to or in place of the root password.
--
Shmuel (Seymour J.) Metz <http://patriot.net/~shmuel> ISO position
Reply to domain Patriot dot net user shmuel+bspfh to contact me.
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
Concur.
--
"And now the traveler's weather report from Luna: Dayside will be
hot, dry, and clear. Nightside will be cold, dry and clear.
Please dress accordingly."
-- Danny Sichel, in rasfw
J'accuse, but then I find that the former tends to wear me down
and could blow me away. But only at first remove.
- Brian
Awesome?
Awful?
Abysmal?
Authoritative?
Ancient?
Arbitrary?
&c.
EXPN por favor!?
- Brian
Why yes, that's true. It means that all you have to do is intercept
(or guess) the password of any of a number of logins, instead of the
single one that everyone knows must be protected the most.
Meh. AFAIAC, sudo was invented to enable low-life student tape hangers
to be able to run nightly dumps using 'tar' because 'dump' hadn't been
invented yet and making the raw disk device readable by the 'dump'
role user didn't work with tar.*
But if I *have* to give the researcher access, he gets sudo.
- Brian
* Don't confuse me with facts; that's my story and I'm sticking with it!
sudo -s
arrgh.
- Brian
>>>> I use GangsterHat, and infest one of their help fora.
>>> *BLAM*
>>
>> Arguably, after a preposition the ablative might have been used.
>> But for English usage, in my opinion the accusative is just fine.
>> Perhaps better.
>
> Concur.
That's just almost Latin for 'me too.'
Tebrgwrf,
Maarten Wiltink
In what way, precisely? (Well, beyond the obvious observation that if
root's shell is of the brain-damaged variety rather than The Shell
That God Intended, the latter command gets you the brain-damaged one
by default (unless, of course, you specify something different on the
command line).
-GAWollman
The logging is nice. For those "Now what the hell did I do last time?"
moments...
--
72. If all the heroes are standing together around a strange device and
begin to taunt me, I will pull out a conventional weapon instead of
using my unstoppable superweapon on them.
--Peter Anspach's list of things to do as an Evil Overlord
Oh, good! Editor wars aren't enough; now Garrett wants to start the
first shell war of 2010.
So tell us, Garret: which shell is TSTGI?
--
Einstein argued that there must be simplified explanations of nature, because
God is not capricious or arbitrary. No such faith comforts the software
engineer.
- Fred Brooks, Jr.
I am intentionally not saying. You should fill in the semantic frame
with whatever shell you consider to be Right And Proper.
> mikea <mi...@mikea.ath.cx> wrote:
>> Oh, good! Editor wars aren't enough; now Garrett wants to start the
>> first shell war of 2010.
>>
>> So tell us, Garret: which shell is TSTGI?
>
> I am intentionally not saying. You should fill in the semantic frame
> with whatever shell you consider to be Right And Proper.
So what you're saying is that root's shell should be Emacs?
Arrogant (i.e. the converse of IMHO)
-Greg
--
::::::::::::::: Greg Andrews :::::: ge...@panix.com :::::::::::::::
Just machines to make big decisions. Programmed by fellows with
compassion and vision. We'll be clean when their work is done.
We'll be eternally free, yes, and eternally young. -- D.Fagen "IGY"
What does the H stand for in IMHO?
What is the Monk-appropriate opposite of that word?
Richard
"Horrible", obviously.
--
73. I will not agree to let the heroes go free if they win a rigged
contest, even though my advisors assure me it is impossible for
them to win.
> On Mon, 04 Jan 2010 22:14:00 GMT, Richard Bos wrote:
>> Brian Kantor <br...@ucsd.edu> wrote:
>>
>>> Joe Zeff <the.guy.with....@lasfs.info> wrote:
>>> > ... IMAO.
>>>
>>> Awesome?
>>> Awful?
>>> Abysmal?
>>> Authoritative?
>>> Ancient?
>>> Arbitrary?
>>> &c.
>>>
>>> EXPN por favor!?
>>
>> What does the H stand for in IMHO?
>>
>> What is the Monk-appropriate opposite of that word?
>
> "Horrible", obviously.
Hideous.
Hoary.
Haggard.
--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | School of Engineering | IT Support
the program I just wrote 1) compiled the first time without any errors
and 2) worked like it was supposed to I don't know whether to be proud
or scared to death -- bash.org/?17271
> But if I *have* to give the researcher access, he gets sudo.
> - Brian
IMAO, that's what sudo is for, especially if you limit him to the
commands you think he needs.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
I've taken a vow of poverty To annoy me send money.
> And, no, I
> don't want to use su in order to issue a single command;
Man su will tell you a way around that. I'd be more specific if I didn't
suspect that it's UI for you.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
I mostly just wanted something to grouch about, as it had been
too good a day.
> Garrett Wollman <wol...@bimajority.org> wrote in <hhtffv$19km$1...@grapevine.csail.mit.edu>:
>> The Shell That God Intended
> So tell us, Garret: which shell is TSTGI?
Thou art God. All who grok system administration are God.
--
Steve VanDevender "I ride the big iron" http://hexadecimal.uoregon.edu/
ste...@hexadecimal.uoregon.edu PGP keyprint 4AD7AF61F0B9DE87 522902969C0A7EE8
Little things break, circuitry burns / Time flies while my little world turns
Every day comes, every day goes / 100 years and nobody shows -- Happy Rhodes
But first you have to find out the name of one of those logins. Also,
unless the admin has done something really daft, you have to chance upon
one of the accounts with sudo permission -- *any* user login won't do.
Of course you can always [UI elided], but there are (or were -- I
imagine things must have improved recently, neh?) things that will break
if there isn't an account called 'root' with UID 0. -- Joe
On at least some systems, you will note that certain environment variables
will be set differently. -- Joe
"God, root, what is difference?"
--
Physics graduate: "I wonder why that works."
Engineering graduate: "I wonder how that works."
Accounting graduate: "I wonder how much it cost to make that work."
English graduate: "Do you want fries with that?" -- Deforest
> On Mon, 04 Jan 2010 17:17:44 +0000, Brian Kantor wrote:
>
>> But if I *have* to give the researcher access, he gets sudo.
>> - Brian
>
> IMAO, that's what sudo is for, especially if you limit him to the
> commands you think he needs.
Do not forget also what happens when an admin leaves...
--
Le travail n'est pas une bonne chose. Si �a l'�tait,
les riches l'auraient accapar�
All versions of sudo arguably have this, in a certain vacuous sense.
(N.B. your second-last word above.)
Linux weenies, and equivalent people in other spheres, show off by explaining
how the thing they just discovered last week separates the geniuses (e.g.
them) from the morons (e.g. everyone else).
The Adventure Shell!
http://groups.google.com/group/comp.unix.questions/msg/b8839022c9537124?output=gplain
A conversation in The Other Place once spawned this speculative vision
of the NetHack Shell:
peter writes:
> stevev wrote:
> > What do you have to do to ascend in Unix?
> cd ..
$ cd ..
$ pwd
/
$ cd ..
Beware, there will be no return! Still chdir? [yn] (n) y
Do you want your processes identified? [ynq] (n)
Do you want to see your file attributes? [ynq] (n)
Do you want to see your stderr output? [ynq] (n)
Goodbye peter the Rogue...
You escaped from the filesystem with 35284 blocks and 285 files
after 28.32 cpu-seconds.
You were uid 103, gid 103 when you escaped.
You did not make the top 100 list.
> Linux weenies, and equivalent people in other spheres, show off by
> explaining how the thing they just discovered last week separates the
> geniuses (e.g. them) from the morons (e.g. everyone else).
I knew that...
--
Dave Hughes - da...@hired-goons.net
... it is important to realize that any lock can be picked with a big
enough hammer." -- Sun System & Network Admin manual
>> Linux weenies, and equivalent people in other spheres, show off by
>> explaining how the thing they just discovered last week separates
>> the geniuses (e.g. them) from the morons (e.g. everyone else).
>
> I knew that...
...Even last week. Really!
It's not about the thing, it's about the discovering. Incidentally,
the ability to discover things makes you brilliant, not a genius.
Geniuses produce the things other people discover, and they do it
without howtos.
Tebrgwrf,
Maarten Wiltink
I just try very hard not to have moments like that.
--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------
*snicker*
> So tell us, Garret: which shell is TSTGI?
BASH, but that's only because I'm used to it - I'm not religious about it.
"You are in a maze of twisty little symlinks, all different."
What, total chaos?
Eek, if I did it like at work I'd be root for *everything*.
I like sudo becuase it allows me to be both lazier and more secure (ok,
arguable in theory) then su.
I try too. It doesn't always work how I intend it to.
--
This was, apparently, beyond her ken. So far beyond her ken that she
was well into barbie territory.
-- J. D. Baldwin
> On 6/01/2010 6:08 AM, Erwan David wrote:
>>
>> Do not forget also what happens when an admin leaves...
>
> What, total chaos?
I was thinking of an almighty piss up myself. Hmm. Actually, total chaos
tends to describe that as well.
J
>
> "God, root, what is difference?"
To which the standard reply is
"God is FAR more forgiving."
J
> On 6/01/2010 1:12 PM, Alan J Rosenthal wrote:
> > mikea<mi...@mikea.ath.cx> writes:
> >> So tell us, Garret: which shell is TSTGI?
> >
> > The Adventure Shell!
> > http://groups.google.com/group/comp.unix.questions/msg/b8839022c9537124?output=gplain
>
> "You are in a maze of twisty little symlinks, all different."
s/symlinks/distros/.
Richard
>All versions of sudo arguably have this, in a certain vacuous sense.
>(N.B. your second-last word above.)
If I use the -u option, it requires that user's password in place of the
root password; it still does not require a physical security key.
FWIW, I only use sudo to issue commands for root; never to issue commands
from root. My reasons would almost certainly be UI.
--
Shmuel (Seymour J.) Metz <http://patriot.net/~shmuel> ISO position
Reply to domain Patriot dot net user shmuel+bspfh to contact me.
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
>Man su will tell you a way around that. I'd be more specific if I didn't
> suspect that it's UI for you.
The prohibition against UI is a little ambiguous, but my reading is that
if it's UI for anybody in the froup then you shouldn't post it. I've been
told offline that it's legitimate to ask a question about software that I
use only at home, but since others might use the same software at work,
I'd be leary even then.
Niklas
--
New, from IKEA: DARCKENSE, the chair. Available in white only.
All-natural materials!
The owl and the pussycat went to sea
in a beautiful pea-green boat.
They took some honey, and plenty of money
wrapped up in a five pound note. Which was
worthless even before they sank while crossing
the channel.
with apologies to all owners of runcible spoons
- Brian
Accepted. But is there any use for a runcible spoon [2] beyond
eating grapefruit? [1] (Maybe for a melon, but if you need anything
beyond a plain old spoon (POS?) I submit that it's not ripe
enough)
[2] The issue recently took a liking to grapefruit while we were
visiting family over the holidays. Of course this led to
discussion of the two obvious word-related matters, viz.,
the definition of "runcible spoon" and the etymology of
"grapefruit"[3].
[3] "But grapes are sweet!" Clearly I have neglected part of
their viticultural education.
[1] Note: Not GrapeFruit.
--
G. Paul Ziemba
FreeBSD unix:
11:06AM up 23 days, 12:47, 18 users, load averages: 0.15, 0.19, 0.43
>Accepted. But is there any use for a runcible spoon [2] beyond
>eating grapefruit? [1]
Alton Brown describes the grapefruit spoon as a "multitasker" but I
can't remember what he used it for. (Certainly not eating
grapefruit!) Maybe it was seeding a squash?
-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wol...@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993
> In <4b42a4de$0$6401$ec3e...@unlimited.usenetmonster.com>, on 01/05/2010
> at 02:33 AM, Joe Zeff <the.guy.with....@lasfs.info> said:
>
>>Man su will tell you a way around that. I'd be more specific if I
>>didn't
>> suspect that it's UI for you.
>
> The prohibition against UI is a little ambiguous, but my reading is that
> if it's UI for anybody in the froup then you shouldn't post it. I've
> been told offline that it's legitimate to ask a question about software
> that I use only at home, but since others might use the same software at
> work, I'd be leary even then.
Having been unwillingly recovered for several years, I use Yvahk only at
home. Even so, I'd never ask here for help with it simply because
whatever I asked about *would* be UI for somebody else. Note that the
comment you're replying to is an excellent example of exactly that.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
Sometimes when you fill a vacuum it still sucks.
> [2] The issue recently took a liking to grapefruit while we were
> visiting family over the holidays. Of course this led to
> discussion of the two obvious word-related matters, viz.,
> the definition of "runcible spoon" and the etymology of
> "grapefruit"[3].
Be sure to teach the name of the fruit in French, also.
--
Paul the Legacy Server
Full Recovery reached May 30, 2008
"People can be educated beyond their intelligence"
-- Marilyn vos Savant
I wanted to go beyond that for some job(-1) cow-orkers:
1) Insert needle for blood draw.
2) Await toxicology results.
3) Maybe if you used more than just two fingers...
Richard
--
To reply via email, make sure you don't enter the whirlpool on river left.
My mailbox. My property. My personal space. My rules. Deal with it.
http://www.river.com/users/share/cluetrain/
>Is that an oblique way of saying you'd be on drugs?
I am, but AFAIK Prof. O'L didn't use Warfarin.
>Accepted. But is there any use for a runcible spoon [2] beyond eating
>grapefruit?
I don't know about the spoon[1], but RUNCIBLE was a programming language.
[1] Although the manual did quote the verse.
>Note that the comment you're replying to is an excellent example of
>exactly that.
Is that an oblique way of saying that I provided UI? It seemed basic
enough that any ready here should already have known about it.
>>Note that the comment you're replying to is an excellent example of
>>exactly that.
>
>Is that an oblique way of saying that I provided UI? It seemed basic
>enough that any ready here should already have known about it.
I don't think man counts as arcana, certainly.
Guy
--
http://www.chapmancentral.co.uk/
The usenet price promise: all opinions offered in newsgroups are guaranteed
to be worth the price paid.
s/l d/l gratuitously d/
> In <4b44e9f5$0$4957$ec3e...@unlimited.usenetmonster.com>, on 01/06/2010
> at 07:52 PM, Joe Zeff <the.guy.with....@lasfs.info> said:
>
>>Note that the comment you're replying to is an excellent example of
>>exactly that.
>
> Is that an oblique way of saying that I provided UI? It seemed basic
> enough that any ready here should already have known about it.
No. It's an explanation of why I answered the way I did.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
Where there's a flamethrower, there's a way.
[
>>Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> writes:
>>>ISAGN: a version of sudo that requires a physical security key in addition
>>>to or in place of the root password.
]
>at 02:06 AM, fl...@dgp.toronto.edu (Alan J Rosenthal) said:
>
>>All versions of sudo arguably have this, in a certain vacuous sense.
>>(N.B. your second-last word above.)
>
>If I use the -u option, it requires that user's password in place of the
>root password; it still does not require a physical security key.
My point was that sudo does not require the root password, it requires the
user's personal password which is also their Facebook password which they once
typed into http://www.facebook.com.no-need-to-read-further.badguy.com.
But I now see what you might have meant by "in place of the root password" in
a way I didn't see upon my previous reading of your previous article.
Of course, the following sort of program suffices to require a physical
security key:
#include <stdio.h>
int main()
{
printf("Insert physical security key and press return: ");
(void)getchar();
return(0);
}
It just doesn't enforce the requirement very well.
I recommend that sudo be enhanced to require a physical security key in
this sense.
On a similar note, since the xmas day terrorist went to the W.C. at about
10:45 to arrange his explosives, I think that all airplane flights should
prohibit passenger use of the W.C. from 10:40 to 10:50 AM each day.
Oh wait, they're already doing something which is basically that.
> On a similar note, since the xmas day terrorist went to the W.C. at
> about 10:45 to arrange his explosives, I think that all airplane flights
> should prohibit passenger use of the W.C. from 10:40 to 10:50 AM each
> day.
If you're referring to the ID10T I think you are, Roberta Pournelle has
christened him the Johnson Bomber.
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
*Disclaimer: following the above advice constitutes
your consent to be classified under the clinical
definition of moron.
> On Thu, 07 Jan 2010 01:14:43 +0000, Alan J Rosenthal wrote:
>
>> On a similar note, since the xmas day terrorist went to the W.C. at
>> about 10:45 to arrange his explosives, I think that all airplane
>> flights should prohibit passenger use of the W.C. from 10:40 to 10:50
>> AM each day.
>
> If you're referring to the ID10T I think you are, Roberta Pournelle has
> christened him the Johnson Bomber.
My nipples^Wpants are exploding with delight^Whatred for the infidel!
--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | School of Engineering | IT Support
You know, I don't think you can call it a "friendly rivalry" after you've
killed your opponent's parents. -- bash.org/?42958
Or that he likes young women with an IQ smaller than his shoe size
(.eu) or room temperature (.us).
OG.
So far[0], it's worked well for me.
[0] /me touches wood.
--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------
No, it isn't. And ROT13 is no excuse.
> but my reading is that
> if it's UI for anybody in the froup then you shouldn't post it. I've been
> told offline that it's legitimate to ask a question about software that I
> use only at home, but since others might use the same software at work,
> I'd be leary even then.
And rightly so.
I actually met the guy some years ago. Either he was somewhat senile, or
he'd done too many drugs.
"Annoying"?
Honest, Heretical, Hierarchical, Horizontal[0], Horological, Hateful,
Horrible.
[0] ie; drunk.
I'm somewhat surprised he hasn't also copied the pancreatic cancer from Bill
Hicks.
>I don't think man counts as arcana, certainly.
I use info. Is a well documented option on a well known command UI?
>My point was that sudo does not require the root password, it requires
>the user's personal password
Well, I'd like a version of sudo that requires a physical security key in
addition to or in place of the user's password.
>But I now see what you might have meant by "in place of the root
>password" in a way I didn't see upon my previous reading of your
>previous article.
But what's really relevant is "a physical security key".
>Of course, the following sort of program suffices to require a physical
>security key:
Perhaps to a politician. For a programmer, require means more then simply
saying that it's required.
>No, it isn't.
"Useful (to our job) information is forbidden" doesn't make it clear
whether that includes the totally trivial.
>And ROT13 is no excuse.
Il va sans dire; the FAQ explicitly states "It doesn't matter if you
ROT-13 it,".
*twitch*
I just *love* man pages that tell me they're a stub and I should consult the
info page. Especially when the "info page" is actually just the *same* man
page telling me to consult the info page, displayed in an awful pager.
It's almost as user friendly as man pages telling me they're a stub and I
should consult such-and-such a website, which does of course no longer
exist.
I really should take some piano lessons so I can get a higher-status job in
a brothel.
> In <2010Jan6.2...@jarvis.cs.toronto.edu>, on 01/07/2010 at
> 01:14 AM, fl...@dgp.toronto.edu (Alan J Rosenthal) said:
>
>>My point was that sudo does not require the root password, it requires
>>the user's personal password
>
> Well, I'd like a version of sudo that requires a physical security key
> in addition to or in place of the user's password.
Great! Where do you want to plug it in? Local laptop? It'll be more on
SSH than sudo, then. KVM? physical hardware? That'll require OS support,
but it's doable. I'd hate to have to drive in to bounce a stuck process,
but if you're volunteering for pager duty...
--
Because of the diverse conditions of humans, it happens that some acts
are virtuous to some people, as appropriate and suitable to them, while
the same acts are immoral for others, as inappropriate to them.
-- Saint Thomas Aquinas
On 2010-01-07, Peter Corlett <ab...@mooli.org.uk> wrote:
>
> I just *love* man pages that tell me they're a stub and I should consult the
> info page. Especially when the "info page" is actually just the *same* man
> page telling me to consult the info page, displayed in an awful pager.
That annoys me, but every time I encounter it, I think back to $ORK[-1]
and think "hey, at least man is installed on this box"
A critical box, running an unfamiliar flavour of unix, in single user
mode[1], with no man pages installed and no useful means of acquiring them.
In a machine room with no internet access for my laptop, Lots and lots
of walking up and down the corridor to fetch man pages off the internet
with the aim of confirming that the command line switches I'm used to
do what I'm expecting and haven't been re-assigned to something more
destructive.
> It's almost as user friendly as man pages telling me they're a stub and I
> should consult such-and-such a website, which does of course no longer
> exist.
At least <UI> usually has those cached.
> I really should take some piano lessons so I can get a higher-status job in
> a brothel.
Surely we don't need piano lessons to get a higher-status job in a brothel.
-Paul
[0] Lets try again with a chicken shall we. Not having a good day today.
I've had elderly parents slipping over and breaking limbs, a marvellously
intertwined combination of major routing changes with unexpected side
effects, external companies who can't keep their web servers together long
enough to process our customers payments, usual UK "we've had snow,
all transport is fucked" meaning that all of the above is being orchestrated
from home, where the cat is being *super* needy.
I've bloody run out of tea as well.
[1] I have at least managed to forget what the actual problem with it
was, but it took a lot of liquid refreshment to achieve that.
--
http://paulseward.com
I suggest the installation of Prof Guillotin's marvelous invention
and the key being the user's head.
- Brian
> [1] I have at least managed to forget what the actual problem with it
> was, but it took a lot of liquid refreshment to achieve that.
I take it, then, that the liquid refreshed everything except your memory?
--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
If it ain't broke, it ain't Micro$oft!
> On Thu, 07 Jan 2010 17:10:21 +0000, LP wrote:
>
>> [1] I have at least managed to forget what the actual problem with it
>> was, but it took a lot of liquid refreshment to achieve that.
>
> I take it, then, that the liquid refreshed everything except your memory?
From what I have seen, refreshing beverages are consumed to refresh the
spirit and perhaps the body, but rarely to refresh memory.
--
Steve VanDevender "I ride the big iron" http://hexadecimal.uoregon.edu/
ste...@hexadecimal.uoregon.edu PGP keyprint 4AD7AF61F0B9DE87 522902969C0A7EE8
"bash awk grep perl sed df du, du-du du-du,
vi troff su fsck rm * halt LART LART LART!" -- the Swedish BOFH
Shirley, on Systems Where Equipped, there already exists something
that you could Plug an additional Module into that would do such a
thing.
Also Shirley, given that a computer company in California has
Smart-card enabled logins, such Modules already, in fact, Exist.
Getting that to work on space-alien-described UNIX is left as an
exercise for the insane.
--
"If you only do anything once, it's always your personal best."
-- Rick Mercer
Ah, there you go. Sudo is a much more flexible tool than that, of
course, in that it doesn't have to be limited and of course it doesn't
have to be "to root".
Aside from other stuff, sudo's way of running a command is much nicer
than su's.
Other stuff can include things like, root doesn't have a password.
FruitCo boxes use this approach.
--
As for the completion stuff, well, I'd be very surprised if you couldn't
get zsh to do whatever you want, including calling up and hiring a
mariachi band to sing the names of the possible completions....
-- Shalon Wood
> On 7/01/2010 3:41 AM, Niklas Karlsson wrote:
>> On 2010-01-06, Shmuel Metz<spam...@library.lspace.org.invalid> wrote:
>>>
>>> The prohibition against UI is a little ambiguous, but my reading is
>>> that if it's UI for anybody in the froup then you shouldn't post it.
>>> I've been told offline that it's legitimate to ask a question about
>>> software that I use only at home, but since others might use the same
>>> software at work, I'd be leary even then.
>> ^^^^^
>> Is that an oblique way of saying you'd be on drugs?
>
> I actually met the guy some years ago. Either he was somewhat senile, or
> he'd done too many drugs.
Are you sure that's not an inclusive OR? 'Either' tends to imply XOR,
after all...
--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | School of Engineering | IT Support
i beat the internet. the end guy is hard. -- bash.org/?4278