Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

There's never enough time to do it right...

10 views
Skip to first unread message

Joe Thompson

unread,
Dec 31, 2009, 3:45:58 PM12/31/09
to
...but always time to blame the sysadmin.

Where I ork ($WEUSEDTOBUILDMAINFRAMES), we had two largish federal
contracts run out of the building my cube is in. This year both of
those contracts have moved on to greener pastures, so those of us
sysadmins left here[0] have been moving on to other work.

Now, one would expect that with a much-reduced workload, just as much
project management running around, and fewer sysadmins, that
processes might be retooled for higher efficiency and more reliable
delivery. Well, actually, one wouldn't, because we all know better,
and in fact the main project I'm currently assigned to has no plan at
all.

No, really. What they laughingly called a build spec was "insert Red
Hat Enterprise Linux DVD, and install OS on the system"[1]. Security
planning was still a to-do. Well, they got *exactly* what they asked
for (a bog-standard RHEL 5 install with minimal hardening) and now
they're upset about it because the security standards (that didn't
exist at install time) aren't being met. And the minimal hardening
that was done post-install has caused them grief because as near as I
can tell, their Oracle DBAs are 100% Grade-A clueless morons[2].

It's actually far worse than it sounds there; seemingly not a day goes
by that I don't get a phone call about this or that component of the
app stack that needs to be ripped apart and redone, or something "needs"
rebooting for a reason that makes no sense whatsoever, or something
similarly distant from anything approaching reasonable.

Ah well, I finally took the VMware VCP exam and passed it, so hopefully
better things are coming my way[3]. -- Joe

[0] Most of the admins have left to follow one contract or the other to
the new contractors. Being the least senior admin involved in both,
this has yet to be an option for me.
[1] I'm not kidding.
[2] What is it about Oracle? Every project I've worked on that had
expensive Oracle DBAs, those same DBAs knew incredibly little about
things like "why allowing remote root login is the *wrong* thing".
[3] Yes, I know better.

Message has been deleted

Joe Zeff

unread,
Jan 2, 2010, 6:23:29 PM1/2/10
to
On Sat, 02 Jan 2010 22:59:03 +0000, Satya wrote:

> "Why do you have sudo on your workstation?" (not heard that one yet)

I use GangsterHat, and infest one of their help fora. I'm constantly
amused by the number of people there using that distro at home, with no
other user who insist on using that for admin. IMAO, if that's the way
they want to do things, they should just use African and be done with it.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
It's a funny world out there, and the only things that come in
absolute black and white are squad cars.

Message has been deleted

Steve VanDevender

unread,
Jan 3, 2010, 4:24:51 AM1/3/10
to
Joe Zeff <the.guy.with....@lasfs.info> writes:

> On Sat, 02 Jan 2010 22:59:03 +0000, Satya wrote:
>
>> "Why do you have sudo on your workstation?" (not heard that one yet)
>
> I use GangsterHat, and infest one of their help fora. I'm constantly
> amused by the number of people there using that distro at home, with no
> other user who insist on using that for admin. IMAO, if that's the way
> they want to do things, they should just use African and be done with it.

I am really quite puzzled as to why you find it amusing that people
would decide to use a non-privileged account most of the time and use
sudo for those occasional times they truly require privileged access,
since that sounds like perfectly reasonable practice to me. Or why you
think Hohagh does any better at that. I can't imagine that you're
thinking that those people should just use root all the time. But maybe
I've been a sysadmin and a UNIX weenie for too long. Actually, long
enough that my habit is to use su instead of sudo mainly because su has
always been there while sudo is a bit of a latecomer and often not part
of the initial installation.

--
Steve VanDevender "I ride the big iron" http://hexadecimal.uoregon.edu/
ste...@hexadecimal.uoregon.edu PGP keyprint 4AD7AF61F0B9DE87 522902969C0A7EE8
Little things break, circuitry burns / Time flies while my little world turns
Every day comes, every day goes / 100 years and nobody shows -- Happy Rhodes

Maarten Wiltink

unread,
Jan 3, 2010, 10:14:14 AM1/3/10
to
"Paul Martin" <p...@nowster.org.uk> wrote in message
news:slrnhjvr...@nowster.eternal-september.org...
> In article <4b3fd570$0$25022$ec3e...@unlimited.usenetmonster.com>,
> Joe Zeff wrote:

>> I use GangsterHat, and infest one of their help fora.

> *BLAM*

Arguably, after a preposition the ablative might have been used.
But for English usage, in my opinion the accusative is just fine.
Perhaps better.

Tebrgwrf,
Maarten Wiltink


Joe Zeff

unread,
Jan 3, 2010, 1:30:26 PM1/3/10
to
On Sun, 03 Jan 2010 01:24:51 -0800, Steve VanDevender wrote:

> I can't imagine that you're
> thinking that those people should just use root all the time.

Absolutely not! To me, sudo is a tool used to allow people who don't
have the root password *limited* access to root. If it's your box and
you set it up, you know the root password, or should and there's no need
for sudo IMAO.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

When all you have is a stick, every problem looks like a kneecap.
http://www.lasfs.info http://www.zeff.us

Dave Hughes

unread,
Jan 3, 2010, 4:02:35 PM1/3/10
to
On Sun, 03 Jan 2010 18:30:26 +0000, Joe Zeff wrote:

> Absolutely not! To me, sudo is a tool used to allow people who don't have
> the root password *limited* access to root. If it's your box and you set
> it up, you know the root password, or should and there's no need for sudo
> IMAO.

I tend to have a bet each way. sudo is nice because that extra bit of
typing at the start is a reminder that you're about to do something that
could have consequences. If I'm going to be doing a fair bit of admin work
I'll use su (often as sudo su to save me retyping a password, because I'm
lazy).

sudo is not just limited to Hohagh for admin stuff. If you're playing with
kitty cats it's rather useful as well.

--
Dave Hughes - da...@hired-goons.net
"Soon we will be able to harness the rotational energy from Orwell's
grave to solve all world energy problems" - GigsVT

Joe Thompson

unread,
Jan 3, 2010, 4:14:07 PM1/3/10
to
On 2010-01-03, Joe Zeff <the.guy.with....@lasfs.info> wrote:
> Absolutely not! To me, sudo is a tool used to allow people who don't
> have the root password *limited* access to root. If it's your box and
> you set it up, you know the root password, or should and there's no need
> for sudo IMAO.

AIUI, the main benefit to using sudo instead of having a shell-enabled
root account is that it makes it harder to gain root access via an
exploit. There is no root password to know and no root shell to obtain,
but the concept of UID 0 still exists.

I have however run across software (which may or may not have been from a
company now owned by $WEMAKEYELLOWSOFTWARE) which would not work with sudo
because it depended on invoking `su -` and using the root password itself.
I did make it work with sudo eventually anyway (UI left as an exercise for
the reader). -- Joe

Joe Zeff

unread,
Jan 3, 2010, 4:46:44 PM1/3/10
to
On Sun, 03 Jan 2010 21:14:07 +0000, Joe Thompson wrote:

> AIUI, the main benefit to using sudo instead of having a shell-enabled
> root account is that it makes it harder to gain root access via an
> exploit. There is no root password to know and no root shell to obtain,
> but the concept of UID 0 still exists.

Vs lbh unir fhqb(NYY) naq pna gryarg/ffu va, gurer'f abguvat gb fgbc lbh
sebz hfvat fhqb fh. I do hope that's not UI for anybody who belongs here.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

Thomas Womack

unread,
Jan 3, 2010, 7:16:11 PM1/3/10
to
In article <slrnhjviqk...@gort.thesatya.com>,
Satya <sat...@satyaonline.cjb.net> wrote:

>On Thu, 31 Dec 2009 20:45:58 +0000 (UTC), Joe Thompson wrote:
>> [2] What is it about Oracle? Every project I've worked on that had
>> expensive Oracle DBAs, those same DBAs knew incredibly little about
>> things like "why allowing remote root login is the *wrong* thing".
>
>In general, some of those who know why it's the wrong thing say things like
>"it doesn't apply to us anyway, no one targets Solaris."
>"I thought you said Linux was secure?"
>"We're low-visibility targets." (We're not.)
>
>And then there are the ones who take that kind of stuff waaaaay too seriously.

>"Why do you have sudo on your workstation?" (not heard that one yet)

I'd interpreted that as 'why are you being an unauditable security
risk by allowing yourself to do things as root on your workstation
without getting a change request form filled by the IT department',
and everyone else seems to have read it as 'what's wrong with su'.

I've had a job with the former protocol and now have a 'the NFS server
is here; the LDAP server is here; here's your new workstation, please
put an OS on it' one. I think it makes me more productive, and when
developing commercial software for Linux it's quite useful to have
four distributions across the six programmers; if it breaks on any of
them we notice at once, and if it works on all four it's probably not
going to fail too badly on other ones.

Tom

Joe Thompson

unread,
Jan 3, 2010, 7:35:27 PM1/3/10
to
On 2010-01-03, Joe Zeff <the.guy.with....@lasfs.info> wrote:
> On Sun, 03 Jan 2010 21:14:07 +0000, Joe Thompson wrote:
>
>> AIUI, the main benefit to using sudo instead of having a shell-enabled
>> root account is that it makes it harder to gain root access via an
>> exploit. There is no root password to know and no root shell to obtain,
>> but the concept of UID 0 still exists.
>
> Vs lbh unir fhqb(NYY) naq pna gryarg/ffu va, gurer'f abguvat gb fgbc lbh
> sebz hfvat fhqb fh. I do hope that's not UI for anybody who belongs here.

Abg vs ebbg qbrfa'g unir na vagrenpgvir furyy frg. Which I thought was
the default for Hohagh but in looking at my own system, I'm not so sure.
Maybe time to fire up a VM and test.

I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
as is the default on RatCorpse, the security benefits of administering via
sudo are minimal at best. -- Joe

Joe Zeff

unread,
Jan 3, 2010, 7:44:20 PM1/3/10
to
On Mon, 04 Jan 2010 00:16:11 +0000, Thomas Womack wrote:

> I'd interpreted that as 'why are you being an unauditable security risk
> by allowing yourself to do things as root on your workstation without
> getting a change request form filled by the IT department', and everyone
> else seems to have read it as 'what's wrong with su'.

And I'm thinking in terms of, "It's your home box; nobody uses it except
you. Why bother with sudo if you've got su?"

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

"If you haven't seen it, it's new to you."

Alan J Rosenthal

unread,
Jan 3, 2010, 8:49:42 PM1/3/10
to
Joe Zeff <the.guy.with....@lasfs.info> writes:
>On Sat, 02 Jan 2010 22:59:03 +0000, Satya wrote:
>> "Why do you have sudo on your workstation?" (not heard that one yet)
>
>I use GangsterHat, and infest one of their help fora. I'm constantly
>amused by the number of people there using that distro at home, with no
>other user who insist on using that for admin.

It's better than the opposite extreme, which is to use root as a user account.

I think that the Hohagh (or Znp BF K) use of sudo is pretty good practice
for lusers. It gets them being root for a minimal amount of time, which is a
habit which otherwise seems hard to instil even with a heavy-weight cluebat.
And, sudo works just as well in RH as in Hohagh.

TimC

unread,
Jan 3, 2010, 10:40:32 PM1/3/10
to
On 2010-01-03, Dave Hughes (aka Bruce)
was almost, but not quite, entirely unlike tea:

> I tend to have a bet each way. sudo is nice because that extra bit of
> typing at the start is a reminder that you're about to do something that
> could have consequences. If I'm going to be doing a fair bit of admin work
> I'll use su (often as sudo su to save me retyping a password, because I'm
> lazy).

And I never use sudo to reboot, poweroff or invocations of init. It's
bad enough when I restart the wrong service because of being rather
too careless with history expansion.

--
TimC
You're trying to trick me into being intelligent. It won't work.
-- David P. Murphy in ASR

Lawns 'R' Us

unread,
Jan 3, 2010, 11:00:06 PM1/3/10
to
On 2010-01-04, Joe Zeff <the.guy.with....@lasfs.info> wrote:
> On Mon, 04 Jan 2010 00:16:11 +0000, Thomas Womack wrote:
>
>> I'd interpreted that as 'why are you being an unauditable security risk
>> by allowing yourself to do things as root on your workstation without
>> getting a change request form filled by the IT department', and everyone
>> else seems to have read it as 'what's wrong with su'.
>
> And I'm thinking in terms of, "It's your home box; nobody uses it except
> you. Why bother with sudo if you've got su?"

Consistency with what you do at work - if you're using sudo all the
time at work, it requires less thinking to just keep using it at home.

Ultimately, though, who cares? Really, I just don't understand why
this is such a hot issue ...

Garrett Wollman

unread,
Jan 4, 2010, 1:43:27 AM1/4/10
to
In article <slrnhk2250...@localhost.localdomain>,
Joe Thompson <sp...@orion-com.com> wrote:

>AIUI, the main benefit to using sudo instead of having a shell-enabled
>root account is that it makes it harder to gain root access via an
>exploit. There is no root password to know and no root shell to obtain,
>but the concept of UID 0 still exists.

Of course, there's no particular reason why it would be any more
difficult for an exploit to get a root shell whether or not it has a
password or a shell in /etc/passwd, whereas having sudo (and using the
user's normal login password) gives an attacker with a sniffed (or
social-engineered) password access to everything the user can do.

At work, the root accounts allow logins, but we don't tell the lusers
the root password (I hope that would be obvious). We generally use
ksu for administration and sudo for the users (who we allow to get a
shell, so we're completely vulnerable to the password-sniffing attack
too). I don't know what the root password on the workstations is.
(There's also an ssh key that has root access to everything, which is
not normally used, and which I also don't have.)

At home, I also use ksu for admin, but I [UI deleted] so that only I
can log in, and only with Kerberos or public-key. (I would do without
the public-key stuff were there not far too many ssh clients I find
myself needing to use that can't (reliably) use Kerberos.) Same for
my server (although it has an ELOM so it's possible to log in as root
on the console).

-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wol...@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993

Garrett Wollman

unread,
Jan 4, 2010, 1:47:11 AM1/4/10
to
In article <4b411044$0$11852$ec3e...@unlimited.usenetmonster.com>,
Joe Zeff <the.guy.with....@lasfs.info> wrote:
>sebz hfvat fhqb fh.

Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
even get it into their heads that "fhqb fh" would be a useful thing to
type. If you actually mean "fhqb fu", just fscking type that! (And
if you set up fhqb to allow "fh" and not "fu", you're an idiot.)

-GAWollman

[1] And I've seen it done before my own eyes.

Jed Davis

unread,
Jan 4, 2010, 2:54:48 AM1/4/10
to
wol...@bimajority.org (Garrett Wollman) writes:

> Joe Zeff <the.guy.with....@lasfs.info> wrote:
>> sebz hfvat fhqb fh.
>
> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
> even get it into their heads that "fhqb fh" would be a useful thing to
> type. If you actually mean "fhqb fu", just fscking type that!

For us perverts with our mariachi-enabled shells, there's a better way
to do that, without even typing any more characters.

--
(let ((C call-with-current-continuation)) (apply (lambda (x y) (x y)) (map
((lambda (r) ((C C) (lambda (s) (r (lambda l (apply (s s) l)))))) (lambda
(f) (lambda (l) (if (null? l) C (lambda (k) (display (car l)) ((f (cdr l))
(C k))))))) '((#\J #\d #\D #\v #\s) (#\e #\space #\a #\i #\newline)))))

Joe Thompson

unread,
Jan 4, 2010, 3:56:54 AM1/4/10
to
On 2010-01-04, Garrett Wollman <wol...@bimajority.org> wrote:
> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
> even get it into their heads that "fhqb fh" would be a useful thing to
> type. If you actually mean "fhqb fu", just fscking type that! (And
> if you set up fhqb to allow "fh" and not "fu", you're an idiot.)

fhqb fu and [fhqb] fh are not equivalent.

If you know root's password you might as well fh, but somebody given
root access only through fhqb might well fhqb fh (or fhqb fh -). -- Joe

Message has been deleted

Shmuel Metz

unread,
Jan 4, 2010, 10:22:27 AM1/4/10
to
In <4b40e242$0$26603$ec3e...@unlimited.usenetmonster.com>, on 01/03/2010

at 06:30 PM, Joe Zeff <the.guy.with....@lasfs.info> said:

>Absolutely not! To me, sudo is a tool used to allow people who don't
>have the root password *limited* access to root. If it's your box and
>you set it up, you know the root password, or should and there's no need
>for sudo IMAO.

Google for "belt and suspenders". Just because I know the root password
doesn't mean that I want to log on to root for routine work. And, no, I
don't want to use su in order to issue a single command; there's less
chance of error with sudo. If this is UI, Bog help you.

ISAGN: a version of sudo that requires a physical security key in addition
to or in place of the root password.

--
Shmuel (Seymour J.) Metz <http://patriot.net/~shmuel> ISO position
Reply to domain Patriot dot net user shmuel+bspfh to contact me.
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

mikea

unread,
Jan 4, 2010, 11:52:46 AM1/4/10
to
Maarten Wiltink <maa...@kittensandcats.net> wrote in <4b40b448$0$22945$e4fe...@news.xs4all.nl>:

Concur.

--
"And now the traveler's weather report from Luna: Dayside will be
hot, dry, and clear. Nightside will be cold, dry and clear.
Please dress accordingly."
-- Danny Sichel, in rasfw

Brian Kantor

unread,
Jan 4, 2010, 12:06:50 PM1/4/10
to
Maarten Wiltink <usene...@mfw.dds.nl> wrote:
>Arguably, after a preposition the ablative might have been used.
>But for English usage, in my opinion the accusative is just fine.

J'accuse, but then I find that the former tends to wear me down
and could blow me away. But only at first remove.
- Brian

Brian Kantor

unread,
Jan 4, 2010, 12:08:49 PM1/4/10
to
Joe Zeff <the.guy.with....@lasfs.info> wrote:
> ... IMAO.

Awesome?
Awful?
Abysmal?
Authoritative?
Ancient?
Arbitrary?
&c.

EXPN por favor!?
- Brian

Brian Kantor

unread,
Jan 4, 2010, 12:17:44 PM1/4/10
to
Joe Thompson <sp...@orion-com.com> wrote:
>AIUI, the main benefit to using sudo instead of having a shell-enabled
>root account is that it makes it harder to gain root access via an
>exploit. There is no root password to know and no root shell to obtain,
>but the concept of UID 0 still exists.

Why yes, that's true. It means that all you have to do is intercept
(or guess) the password of any of a number of logins, instead of the
single one that everyone knows must be protected the most.

Meh. AFAIAC, sudo was invented to enable low-life student tape hangers
to be able to run nightly dumps using 'tar' because 'dump' hadn't been
invented yet and making the raw disk device readable by the 'dump'
role user didn't work with tar.*

But if I *have* to give the researcher access, he gets sudo.
- Brian

* Don't confuse me with facts; that's my story and I'm sticking with it!

Brian Kantor

unread,
Jan 4, 2010, 12:19:51 PM1/4/10
to
>I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
>as is the default on RatCorpse, the security benefits of administering via
>sudo are minimal at best. -- Joe


sudo -s

arrgh.
- Brian

Maarten Wiltink

unread,
Jan 4, 2010, 2:21:14 PM1/4/10
to
"mikea" <mi...@mikea.ath.cx> wrote in message
news:uvi917-...@mikea.ath.cx...

> Maarten Wiltink <maa...@kittensandcats.net> wrote in
<4b40b448$0$22945$e4fe...@news.xs4all.nl>:
>> "Paul Martin" <p...@nowster.org.uk> wrote in message
>> news:slrnhjvr...@nowster.eternal-september.org...
>>> In article <4b3fd570$0$25022$ec3e...@unlimited.usenetmonster.com>,
>>> Joe Zeff wrote:

>>>> I use GangsterHat, and infest one of their help fora.
>>> *BLAM*
>>
>> Arguably, after a preposition the ablative might have been used.
>> But for English usage, in my opinion the accusative is just fine.
>> Perhaps better.
>
> Concur.

That's just almost Latin for 'me too.'

Tebrgwrf,
Maarten Wiltink


Garrett Wollman

unread,
Jan 4, 2010, 2:27:59 PM1/4/10
to
In article <slrnhk3bam...@localhost.localdomain>,

Joe Thompson <sp...@orion-com.com> wrote:
>On 2010-01-04, Garrett Wollman <wol...@bimajority.org> wrote:
>> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
>> even get it into their heads that "fhqb fh" would be a useful thing to
>> type. If you actually mean "fhqb fu", just fscking type that! (And
>> if you set up fhqb to allow "fh" and not "fu", you're an idiot.)
>
>fhqb fu and fhqb fh are not equivalent.

In what way, precisely? (Well, beyond the obvious observation that if
root's shell is of the brain-damaged variety rather than The Shell
That God Intended, the latter command gets you the brain-damaged one
by default (unless, of course, you specify something different on the
command line).

-GAWollman

Peter H. Coffin

unread,
Jan 4, 2010, 2:55:02 PM1/4/10
to
On Mon, 4 Jan 2010 00:35:27 +0000 (UTC), Joe Thompson wrote:
> I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
> as is the default on RatCorpse, the security benefits of administering via
> sudo are minimal at best. -- Joe

The logging is nice. For those "Now what the hell did I do last time?"
moments...

--
72. If all the heroes are standing together around a strange device and
begin to taunt me, I will pull out a conventional weapon instead of
using my unstoppable superweapon on them.
--Peter Anspach's list of things to do as an Evil Overlord

mikea

unread,
Jan 4, 2010, 3:26:26 PM1/4/10
to
Garrett Wollman <wol...@bimajority.org> wrote in <hhtffv$19km$1...@grapevine.csail.mit.edu>:

> In article <slrnhk3bam...@localhost.localdomain>,
> Joe Thompson <sp...@orion-com.com> wrote:
>>On 2010-01-04, Garrett Wollman <wol...@bimajority.org> wrote:
>>> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
>>> even get it into their heads that "fhqb fh" would be a useful thing to
>>> type. If you actually mean "fhqb fu", just fscking type that! (And
>>> if you set up fhqb to allow "fh" and not "fu", you're an idiot.)
>>
>>fhqb fu and fhqb fh are not equivalent.
>
> In what way, precisely? (Well, beyond the obvious observation that if
> root's shell is of the brain-damaged variety rather than The Shell
> That God Intended, the latter command gets you the brain-damaged one
> by default (unless, of course, you specify something different on the
> command line).

Oh, good! Editor wars aren't enough; now Garrett wants to start the
first shell war of 2010.

So tell us, Garret: which shell is TSTGI?

--
Einstein argued that there must be simplified explanations of nature, because
God is not capricious or arbitrary. No such faith comforts the software
engineer.
- Fred Brooks, Jr.

Garrett Wollman

unread,
Jan 4, 2010, 3:50:25 PM1/4/10
to
In article <igv917-...@mikea.ath.cx>, mikea <mi...@mikea.ath.cx> wrote:
>Oh, good! Editor wars aren't enough; now Garrett wants to start the
>first shell war of 2010.
>
>So tell us, Garret: which shell is TSTGI?

I am intentionally not saying. You should fill in the semantic frame
with whatever shell you consider to be Right And Proper.

Jed Davis

unread,
Jan 4, 2010, 4:39:31 PM1/4/10
to
wol...@bimajority.org (Garrett Wollman) writes:

> mikea <mi...@mikea.ath.cx> wrote:
>> Oh, good! Editor wars aren't enough; now Garrett wants to start the
>> first shell war of 2010.
>>
>> So tell us, Garret: which shell is TSTGI?
>
> I am intentionally not saying. You should fill in the semantic frame
> with whatever shell you consider to be Right And Proper.

So what you're saying is that root's shell should be Emacs?

Greg Andrews

unread,
Jan 4, 2010, 4:43:06 PM1/4/10
to

Arrogant (i.e. the converse of IMHO)

-Greg
--
::::::::::::::: Greg Andrews :::::: ge...@panix.com :::::::::::::::
Just machines to make big decisions. Programmed by fellows with
compassion and vision. We'll be clean when their work is done.
We'll be eternally free, yes, and eternally young. -- D.Fagen "IGY"

Richard Bos

unread,
Jan 4, 2010, 5:14:00 PM1/4/10
to
Brian Kantor <br...@ucsd.edu> wrote:

What does the H stand for in IMHO?

What is the Monk-appropriate opposite of that word?

Richard

Peter H. Coffin

unread,
Jan 4, 2010, 6:25:02 PM1/4/10
to

"Horrible", obviously.

--
73. I will not agree to let the heroes go free if they win a rigged
contest, even though my advisors assure me it is impossible for
them to win.

David Cameron Staples

unread,
Jan 4, 2010, 7:48:05 PM1/4/10
to
in Mon, 04 Jan 2010 23:25:02 +0000, Peter H. Coffin in hic loco scripsit:

> On Mon, 04 Jan 2010 22:14:00 GMT, Richard Bos wrote:
>> Brian Kantor <br...@ucsd.edu> wrote:
>>
>>> Joe Zeff <the.guy.with....@lasfs.info> wrote:
>>> > ... IMAO.
>>>
>>> Awesome?
>>> Awful?
>>> Abysmal?
>>> Authoritative?
>>> Ancient?
>>> Arbitrary?
>>> &c.
>>>
>>> EXPN por favor!?
>>
>> What does the H stand for in IMHO?
>>
>> What is the Monk-appropriate opposite of that word?
>
> "Horrible", obviously.

Hideous.
Hoary.
Haggard.

--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | School of Engineering | IT Support
the program I just wrote 1) compiled the first time without any errors
and 2) worked like it was supposed to I don't know whether to be proud
or scared to death -- bash.org/?17271

Joe Zeff

unread,
Jan 4, 2010, 9:30:29 PM1/4/10
to
On Mon, 04 Jan 2010 17:17:44 +0000, Brian Kantor wrote:

> But if I *have* to give the researcher access, he gets sudo.
> - Brian

IMAO, that's what sudo is for, especially if you limit him to the
commands you think he needs.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

I've taken a vow of poverty To annoy me send money.

Joe Zeff

unread,
Jan 4, 2010, 9:33:02 PM1/4/10
to
On Mon, 04 Jan 2010 10:22:27 -0500, Shmuel (Seymour J.) Metz wrote:

> And, no, I
> don't want to use su in order to issue a single command;

Man su will tell you a way around that. I'd be more specific if I didn't
suspect that it's UI for you.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

I mostly just wanted something to grouch about, as it had been
too good a day.

Steve VanDevender

unread,
Jan 4, 2010, 11:22:14 PM1/4/10
to
mikea <mi...@mikea.ath.cx> writes:

> Garrett Wollman <wol...@bimajority.org> wrote in <hhtffv$19km$1...@grapevine.csail.mit.edu>:

>> The Shell That God Intended

> So tell us, Garret: which shell is TSTGI?

Thou art God. All who grok system administration are God.

--
Steve VanDevender "I ride the big iron" http://hexadecimal.uoregon.edu/
ste...@hexadecimal.uoregon.edu PGP keyprint 4AD7AF61F0B9DE87 522902969C0A7EE8
Little things break, circuitry burns / Time flies while my little world turns
Every day comes, every day goes / 100 years and nobody shows -- Happy Rhodes

Joe Thompson

unread,
Jan 4, 2010, 11:22:35 PM1/4/10
to
On 2010-01-04, Brian Kantor <br...@ucsd.edu> wrote:
> Joe Thompson <sp...@orion-com.com> wrote:
>>AIUI, the main benefit to using sudo instead of having a shell-enabled
>>root account is that it makes it harder to gain root access via an
>>exploit. There is no root password to know and no root shell to obtain,
>>but the concept of UID 0 still exists.
>
> Why yes, that's true. It means that all you have to do is intercept
> (or guess) the password of any of a number of logins, instead of the
> single one that everyone knows must be protected the most.

But first you have to find out the name of one of those logins. Also,
unless the admin has done something really daft, you have to chance upon
one of the accounts with sudo permission -- *any* user login won't do.

Of course you can always [UI elided], but there are (or were -- I
imagine things must have improved recently, neh?) things that will break
if there isn't an account called 'root' with UID 0. -- Joe

Joe Thompson

unread,
Jan 4, 2010, 11:26:29 PM1/4/10
to
On 2010-01-04, Garrett Wollman <wol...@bimajority.org> wrote:
> In article <slrnhk3bam...@localhost.localdomain>,
> Joe Thompson <sp...@orion-com.com> wrote:
>>On 2010-01-04, Garrett Wollman <wol...@bimajority.org> wrote:
>>> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
>>> even get it into their heads that "fhqb fh" would be a useful thing to
>>> type. If you actually mean "fhqb fu", just fscking type that! (And
>>> if you set up fhqb to allow "fh" and not "fu", you're an idiot.)
>>
>>fhqb fu and fhqb fh are not equivalent.
>
> In what way, precisely?

On at least some systems, you will note that certain environment variables
will be set differently. -- Joe

mikea

unread,
Jan 5, 2010, 8:42:03 AM1/5/10
to
Steve VanDevender <ste...@hexadecimal.uoregon.edu> wrote in <hhueq1$12rj$1...@isis.novusordo.net>:

> mikea <mi...@mikea.ath.cx> writes:
>
>> Garrett Wollman <wol...@bimajority.org> wrote in <hhtffv$19km$1...@grapevine.csail.mit.edu>:
>>> The Shell That God Intended
>
>> So tell us, Garret: which shell is TSTGI?
>
> Thou art God. All who grok system administration are God.

"God, root, what is difference?"

--
Physics graduate: "I wonder why that works."
Engineering graduate: "I wonder how that works."
Accounting graduate: "I wonder how much it cost to make that work."
English graduate: "Do you want fries with that?" -- Deforest

Erwan David

unread,
Jan 5, 2010, 2:08:38 PM1/5/10
to
Joe Zeff <the.guy.with....@lasfs.info> disait le 01/05/10 que :

> On Mon, 04 Jan 2010 17:17:44 +0000, Brian Kantor wrote:
>
>> But if I *have* to give the researcher access, he gets sudo.
>> - Brian
>
> IMAO, that's what sudo is for, especially if you limit him to the
> commands you think he needs.

Do not forget also what happens when an admin leaves...

--
Le travail n'est pas une bonne chose. Si �a l'�tait,
les riches l'auraient accapar�

Alan J Rosenthal

unread,
Jan 5, 2010, 9:06:33 PM1/5/10
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> writes:
>ISAGN: a version of sudo that requires a physical security key in addition
>to or in place of the root password.

All versions of sudo arguably have this, in a certain vacuous sense.
(N.B. your second-last word above.)

Alan J Rosenthal

unread,
Jan 5, 2010, 9:05:15 PM1/5/10
to
Lawns 'R' Us <nob...@nowhere.example.com> writes:
>Ultimately, though, who cares? Really, I just don't understand why
>this is such a hot issue ...

Linux weenies, and equivalent people in other spheres, show off by explaining
how the thing they just discovered last week separates the geniuses (e.g.
them) from the morons (e.g. everyone else).

Alan J Rosenthal

unread,
Jan 5, 2010, 9:07:14 PM1/5/10
to
Brian Kantor <br...@ucsd.edu> writes:
>EXPN por favor!?

"Please".

hth,

Alan J Rosenthal

unread,
Jan 5, 2010, 9:12:26 PM1/5/10
to
mikea <mi...@mikea.ath.cx> writes:
>So tell us, Garret: which shell is TSTGI?

The Adventure Shell!
http://groups.google.com/group/comp.unix.questions/msg/b8839022c9537124?output=gplain

Steve VanDevender

unread,
Jan 6, 2010, 1:08:34 AM1/6/10
to

A conversation in The Other Place once spawned this speculative vision
of the NetHack Shell:

peter writes:

> stevev wrote:
> > What do you have to do to ascend in Unix?

> cd ..

$ cd ..
$ pwd
/
$ cd ..
Beware, there will be no return! Still chdir? [yn] (n) y
Do you want your processes identified? [ynq] (n)
Do you want to see your file attributes? [ynq] (n)
Do you want to see your stderr output? [ynq] (n)

Goodbye peter the Rogue...

You escaped from the filesystem with 35284 blocks and 285 files
after 28.32 cpu-seconds.
You were uid 103, gid 103 when you escaped.

You did not make the top 100 list.

Dave Hughes

unread,
Jan 6, 2010, 2:13:21 AM1/6/10
to
On Wed, 06 Jan 2010 02:05:15 +0000, Alan J Rosenthal wrote:

> Linux weenies, and equivalent people in other spheres, show off by
> explaining how the thing they just discovered last week separates the
> geniuses (e.g. them) from the morons (e.g. everyone else).

I knew that...

--
Dave Hughes - da...@hired-goons.net
... it is important to realize that any lock can be picked with a big
enough hammer." -- Sun System & Network Admin manual

Maarten Wiltink

unread,
Jan 6, 2010, 2:46:23 AM1/6/10
to
"Dave Hughes" <spam...@hired-goons.net> wrote in message
news:pan.2010.01.06....@hired-goons.net...

> On Wed, 06 Jan 2010 02:05:15 +0000, Alan J Rosenthal wrote:

>> Linux weenies, and equivalent people in other spheres, show off by
>> explaining how the thing they just discovered last week separates
>> the geniuses (e.g. them) from the morons (e.g. everyone else).
>
> I knew that...

...Even last week. Really!

It's not about the thing, it's about the discovering. Incidentally,
the ability to discover things makes you brilliant, not a genius.
Geniuses produce the things other people discover, and they do it
without howtos.

Tebrgwrf,
Maarten Wiltink


Lionel

unread,
Jan 6, 2010, 6:12:49 AM1/6/10
to
On 5/01/2010 6:55 AM, Peter H. Coffin wrote:
> On Mon, 4 Jan 2010 00:35:27 +0000 (UTC), Joe Thompson wrote:
>> I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
>> as is the default on RatCorpse, the security benefits of administering via
>> sudo are minimal at best. -- Joe
>
> The logging is nice. For those "Now what the hell did I do last time?"
> moments...

I just try very hard not to have moments like that.

--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------

Lionel

unread,
Jan 6, 2010, 6:14:31 AM1/6/10
to
On 5/01/2010 7:26 AM, mikea wrote:
> Garrett Wollman<wol...@bimajority.org> wrote in<hhtffv$19km$1...@grapevine.csail.mit.edu>:
>> In article<slrnhk3bam...@localhost.localdomain>,
>> Joe Thompson<sp...@orion-com.com> wrote:
>>> On 2010-01-04, Garrett Wollman<wol...@bimajority.org> wrote:
>>>> Why, oh why, oh why, do otherwise seemingly intelligent people[1] ever
>>>> even get it into their heads that "fhqb fh" would be a useful thing to
>>>> type. If you actually mean "fhqb fu", just fscking type that! (And
>>>> if you set up fhqb to allow "fh" and not "fu", you're an idiot.)
>>>
>>> fhqb fu and fhqb fh are not equivalent.
>>
>> In what way, precisely? (Well, beyond the obvious observation that if
>> root's shell is of the brain-damaged variety rather than The Shell
>> That God Intended, the latter command gets you the brain-damaged one
>> by default (unless, of course, you specify something different on the
>> command line).
>
> Oh, good! Editor wars aren't enough; now Garrett wants to start the
> first shell war of 2010.

*snicker*

> So tell us, Garret: which shell is TSTGI?

BASH, but that's only because I'm used to it - I'm not religious about it.

Lionel

unread,
Jan 6, 2010, 6:16:37 AM1/6/10
to

"You are in a maze of twisty little symlinks, all different."

Lionel

unread,
Jan 6, 2010, 6:19:25 AM1/6/10
to
On 6/01/2010 6:08 AM, Erwan David wrote:
> Joe Zeff<the.guy.with....@lasfs.info> disait le 01/05/10 que :
>
>> On Mon, 04 Jan 2010 17:17:44 +0000, Brian Kantor wrote:
>>
>>> But if I *have* to give the researcher access, he gets sudo.
>>> - Brian
>>
>> IMAO, that's what sudo is for, especially if you limit him to the
>> commands you think he needs.
>
> Do not forget also what happens when an admin leaves...

What, total chaos?

Julien Goodwin

unread,
Jan 6, 2010, 6:34:44 AM1/6/10
to
On 04 Jan 2010 04:00:06 GMT, Lawns 'R' Us wrote:
> On 2010-01-04, Joe Zeff <the.guy.with....@lasfs.info> wrote:
>> On Mon, 04 Jan 2010 00:16:11 +0000, Thomas Womack wrote:
>>
>>> I'd interpreted that as 'why are you being an unauditable security risk
>>> by allowing yourself to do things as root on your workstation without
>>> getting a change request form filled by the IT department', and everyone
>>> else seems to have read it as 'what's wrong with su'.
>>
>> And I'm thinking in terms of, "It's your home box; nobody uses it except
>> you. Why bother with sudo if you've got su?"
>
> Consistency with what you do at work - if you're using sudo all the
> time at work, it requires less thinking to just keep using it at home.

Eek, if I did it like at work I'd be root for *everything*.

I like sudo becuase it allows me to be both lazier and more secure (ok,
arguable in theory) then su.

Peter H. Coffin

unread,
Jan 6, 2010, 8:25:02 AM1/6/10
to
On Wed, 06 Jan 2010 22:12:49 +1100, Lionel wrote:
> On 5/01/2010 6:55 AM, Peter H. Coffin wrote:
>> On Mon, 4 Jan 2010 00:35:27 +0000 (UTC), Joe Thompson wrote:
>>> I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
>>> as is the default on RatCorpse, the security benefits of administering via
>>> sudo are minimal at best. -- Joe
>>
>> The logging is nice. For those "Now what the hell did I do last time?"
>> moments...
>
> I just try very hard not to have moments like that.

I try too. It doesn't always work how I intend it to.

--
This was, apparently, beyond her ken. So far beyond her ken that she
was well into barbie territory.
-- J. D. Baldwin

John Burnham

unread,
Jan 6, 2010, 10:12:27 AM1/6/10
to
On Wed, 06 Jan 2010 22:19:25 +1100, Lionel wrote:

> On 6/01/2010 6:08 AM, Erwan David wrote:
>>
>> Do not forget also what happens when an admin leaves...
>
> What, total chaos?

I was thinking of an almighty piss up myself. Hmm. Actually, total chaos
tends to describe that as well.
J

John Burnham

unread,
Jan 6, 2010, 10:16:25 AM1/6/10
to
On Tue, 05 Jan 2010 07:42:03 -0600, mikea wrote:

>
> "God, root, what is difference?"

To which the standard reply is
"God is FAR more forgiving."

J

Message has been deleted

Richard Bos

unread,
Jan 6, 2010, 11:06:08 AM1/6/10
to
Lionel <imag...@gmail.com> wrote:

> On 6/01/2010 1:12 PM, Alan J Rosenthal wrote:
> > mikea<mi...@mikea.ath.cx> writes:
> >> So tell us, Garret: which shell is TSTGI?
> >
> > The Adventure Shell!
> > http://groups.google.com/group/comp.unix.questions/msg/b8839022c9537124?output=gplain
>
> "You are in a maze of twisty little symlinks, all different."

s/symlinks/distros/.

Richard

Shmuel Metz

unread,
Jan 6, 2010, 9:37:26 AM1/6/10
to
In <2010Jan5.2...@jarvis.cs.toronto.edu>, on 01/06/2010

at 02:06 AM, fl...@dgp.toronto.edu (Alan J Rosenthal) said:

>All versions of sudo arguably have this, in a certain vacuous sense.
>(N.B. your second-last word above.)

If I use the -u option, it requires that user's password in place of the
root password; it still does not require a physical security key.

FWIW, I only use sudo to issue commands for root; never to issue commands
from root. My reasons would almost certainly be UI.

--
Shmuel (Seymour J.) Metz <http://patriot.net/~shmuel> ISO position
Reply to domain Patriot dot net user shmuel+bspfh to contact me.
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

Shmuel Metz

unread,
Jan 6, 2010, 8:12:20 AM1/6/10
to
In <4b42a4de$0$6401$ec3e...@unlimited.usenetmonster.com>, on 01/05/2010

at 02:33 AM, Joe Zeff <the.guy.with....@lasfs.info> said:

>Man su will tell you a way around that. I'd be more specific if I didn't
> suspect that it's UI for you.

The prohibition against UI is a little ambiguous, but my reading is that
if it's UI for anybody in the froup then you shouldn't post it. I've been
told offline that it's legitimate to ask a question about software that I
use only at home, but since others might use the same software at work,
I'd be leary even then.

Niklas Karlsson

unread,
Jan 6, 2010, 11:41:02 AM1/6/10
to
On 2010-01-06, Shmuel Metz <spam...@library.lspace.org.invalid> wrote:
>
> The prohibition against UI is a little ambiguous, but my reading is that
> if it's UI for anybody in the froup then you shouldn't post it. I've been
> told offline that it's legitimate to ask a question about software that I
> use only at home, but since others might use the same software at work,
> I'd be leary even then.
^^^^^
Is that an oblique way of saying you'd be on drugs?

Niklas
--
New, from IKEA: DARCKENSE, the chair. Available in white only.
All-natural materials!

Brian Kantor

unread,
Jan 6, 2010, 12:01:46 PM1/6/10
to
>> I'd be leary even then.
>Is that an oblique way of saying you'd be on drugs?

The owl and the pussycat went to sea
in a beautiful pea-green boat.
They took some honey, and plenty of money
wrapped up in a five pound note. Which was
worthless even before they sank while crossing
the channel.

with apologies to all owners of runcible spoons
- Brian

G. Paul Ziemba

unread,
Jan 6, 2010, 2:10:23 PM1/6/10
to
Brian Kantor <br...@ucsd.edu> writes:
> with apologies to all owners of runcible spoons

Accepted. But is there any use for a runcible spoon [2] beyond
eating grapefruit? [1] (Maybe for a melon, but if you need anything
beyond a plain old spoon (POS?) I submit that it's not ripe
enough)

[2] The issue recently took a liking to grapefruit while we were
visiting family over the holidays. Of course this led to
discussion of the two obvious word-related matters, viz.,
the definition of "runcible spoon" and the etymology of
"grapefruit"[3].

[3] "But grapes are sweet!" Clearly I have neglected part of
their viticultural education.

[1] Note: Not GrapeFruit.

--
G. Paul Ziemba
FreeBSD unix:
11:06AM up 23 days, 12:47, 18 users, load averages: 0.15, 0.19, 0.43

Garrett Wollman

unread,
Jan 6, 2010, 2:31:52 PM1/6/10
to
In article <hi2n6v$2v7q$1...@hairball.ziemba.us>,

G. Paul Ziemba <paul+...@w6yx.stanford.edu> wrote:

>Accepted. But is there any use for a runcible spoon [2] beyond
>eating grapefruit? [1]

Alton Brown describes the grapefruit spoon as a "multitasker" but I
can't remember what he used it for. (Certainly not eating
grapefruit!) Maybe it was seeding a squash?

-GAWollman

--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wol...@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993

Joe Zeff

unread,
Jan 6, 2010, 2:52:21 PM1/6/10
to
On Wed, 06 Jan 2010 08:12:20 -0500, Shmuel (Seymour J.) Metz wrote:

> In <4b42a4de$0$6401$ec3e...@unlimited.usenetmonster.com>, on 01/05/2010
> at 02:33 AM, Joe Zeff <the.guy.with....@lasfs.info> said:
>
>>Man su will tell you a way around that. I'd be more specific if I
>>didn't
>> suspect that it's UI for you.
>
> The prohibition against UI is a little ambiguous, but my reading is that
> if it's UI for anybody in the froup then you shouldn't post it. I've
> been told offline that it's legitimate to ask a question about software
> that I use only at home, but since others might use the same software at
> work, I'd be leary even then.

Having been unwillingly recovered for several years, I use Yvahk only at
home. Even so, I'd never ask here for help with it simply because
whatever I asked about *would* be UI for somebody else. Note that the
comment you're replying to is an excellent example of exactly that.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
Sometimes when you fill a vacuum it still sucks.

Paul

unread,
Jan 6, 2010, 3:50:11 PM1/6/10
to
"G. Paul Ziemba" <paul+...@w6yx.stanford.edu> wrote in
news:hi2n6v$2v7q$1...@hairball.ziemba.us:

> [2] The issue recently took a liking to grapefruit while we were
> visiting family over the holidays. Of course this led to
> discussion of the two obvious word-related matters, viz.,
> the definition of "runcible spoon" and the etymology of
> "grapefruit"[3].

Be sure to teach the name of the fruit in French, also.

--
Paul the Legacy Server
Full Recovery reached May 30, 2008
"People can be educated beyond their intelligence"
-- Marilyn vos Savant

Richard Johnson

unread,
Jan 6, 2010, 3:31:04 PM1/6/10
to
On 2010-01-04, Shmuel Metz <spam...@library.lspace.org.invalid> wrote:
> ISAGN: a version of sudo that requires a physical security key in addition
> to or in place of the root password.

I wanted to go beyond that for some job(-1) cow-orkers:

1) Insert needle for blood draw.
2) Await toxicology results.
3) Maybe if you used more than just two fingers...


Richard

--
To reply via email, make sure you don't enter the whirlpool on river left.

My mailbox. My property. My personal space. My rules. Deal with it.
http://www.river.com/users/share/cluetrain/

Shmuel Metz

unread,
Jan 6, 2010, 4:26:31 PM1/6/10
to
In <7qjsou...@mid.individual.net>, on 01/06/2010

at 04:41 PM, Niklas Karlsson <ank...@yahoo.se> said:

>Is that an oblique way of saying you'd be on drugs?

I am, but AFAIK Prof. O'L didn't use Warfarin.

Shmuel Metz

unread,
Jan 6, 2010, 4:28:48 PM1/6/10
to
In <hi2n6v$2v7q$1...@hairball.ziemba.us>, on 01/06/2010

at 07:10 PM, "G. Paul Ziemba" <paul+...@w6yx.stanford.edu> said:

>Accepted. But is there any use for a runcible spoon [2] beyond eating
>grapefruit?

I don't know about the spoon[1], but RUNCIBLE was a programming language.

[1] Although the manual did quote the verse.

Shmuel Metz

unread,
Jan 6, 2010, 4:31:21 PM1/6/10
to
In <4b44e9f5$0$4957$ec3e...@unlimited.usenetmonster.com>, on 01/06/2010

at 07:52 PM, Joe Zeff <the.guy.with....@lasfs.info> said:

>Note that the comment you're replying to is an excellent example of
>exactly that.

Is that an oblique way of saying that I provided UI? It seemed basic
enough that any ready here should already have known about it.

Just zis Guy, you know?

unread,
Jan 6, 2010, 4:47:35 PM1/6/10
to
On Wed, 06 Jan 2010 16:31:21 -0500, Shmuel (Seymour J.) Metz
<spam...@library.lspace.org.invalid> wrote:

>>Note that the comment you're replying to is an excellent example of
>>exactly that.
>
>Is that an oblique way of saying that I provided UI? It seemed basic
>enough that any ready here should already have known about it.

I don't think man counts as arcana, certainly.

Guy
--
http://www.chapmancentral.co.uk/
The usenet price promise: all opinions offered in newsgroups are guaranteed
to be worth the price paid.

Lawns 'R' Us

unread,
Jan 6, 2010, 5:25:36 PM1/6/10
to
On 2010-01-06, Richard Bos <ral...@xs4all.nl> wrote:
> Lionel <imag...@gmail.com> wrote:
>
>> On 6/01/2010 1:12 PM, Alan J Rosenthal wrote:
>> > mikea<mi...@mikea.ath.cx> writes:
>> >> So tell us, Garret: which shell is TSTGI?
>> >
>> > The Adventure Shell!
>>
>> "You are in a maze of twisty little symlinks, all different."
>
> s/symlinks/distros/.

s/l d/l gratuitously d/

Joe Zeff

unread,
Jan 6, 2010, 5:22:11 PM1/6/10
to
On Wed, 06 Jan 2010 16:31:21 -0500, Shmuel (Seymour J.) Metz wrote:

> In <4b44e9f5$0$4957$ec3e...@unlimited.usenetmonster.com>, on 01/06/2010
> at 07:52 PM, Joe Zeff <the.guy.with....@lasfs.info> said:
>
>>Note that the comment you're replying to is an excellent example of
>>exactly that.
>
> Is that an oblique way of saying that I provided UI? It seemed basic
> enough that any ready here should already have known about it.

No. It's an explanation of why I answered the way I did.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

Where there's a flamethrower, there's a way.

Alan J Rosenthal

unread,
Jan 6, 2010, 8:14:43 PM1/6/10
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> writes:

[


>>Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> writes:
>>>ISAGN: a version of sudo that requires a physical security key in addition

>>>to or in place of the root password.
]

>at 02:06 AM, fl...@dgp.toronto.edu (Alan J Rosenthal) said:
>
>>All versions of sudo arguably have this, in a certain vacuous sense.
>>(N.B. your second-last word above.)
>
>If I use the -u option, it requires that user's password in place of the
>root password; it still does not require a physical security key.

My point was that sudo does not require the root password, it requires the
user's personal password which is also their Facebook password which they once
typed into http://www.facebook.com.no-need-to-read-further.badguy.com.

But I now see what you might have meant by "in place of the root password" in
a way I didn't see upon my previous reading of your previous article.

Of course, the following sort of program suffices to require a physical
security key:

#include <stdio.h>

int main()
{
printf("Insert physical security key and press return: ");
(void)getchar();
return(0);
}

It just doesn't enforce the requirement very well.

I recommend that sudo be enhanced to require a physical security key in
this sense.

On a similar note, since the xmas day terrorist went to the W.C. at about
10:45 to arrange his explosives, I think that all airplane flights should
prohibit passenger use of the W.C. from 10:40 to 10:50 AM each day.

Oh wait, they're already doing something which is basically that.

Joe Zeff

unread,
Jan 6, 2010, 9:17:47 PM1/6/10
to
On Thu, 07 Jan 2010 01:14:43 +0000, Alan J Rosenthal wrote:

> On a similar note, since the xmas day terrorist went to the W.C. at
> about 10:45 to arrange his explosives, I think that all airplane flights
> should prohibit passenger use of the W.C. from 10:40 to 10:50 AM each
> day.

If you're referring to the ID10T I think you are, Roberta Pournelle has
christened him the Johnson Bomber.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

*Disclaimer: following the above advice constitutes
your consent to be classified under the clinical
definition of moron.

David Cameron Staples

unread,
Jan 6, 2010, 10:19:42 PM1/6/10
to
in Thu, 07 Jan 2010 02:17:47 +0000, Joe Zeff in hic loco scripsit:

> On Thu, 07 Jan 2010 01:14:43 +0000, Alan J Rosenthal wrote:
>
>> On a similar note, since the xmas day terrorist went to the W.C. at
>> about 10:45 to arrange his explosives, I think that all airplane
>> flights should prohibit passenger use of the W.C. from 10:40 to 10:50
>> AM each day.
>
> If you're referring to the ID10T I think you are, Roberta Pournelle has
> christened him the Johnson Bomber.

My nipples^Wpants are exploding with delight^Whatred for the infidel!

--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | School of Engineering | IT Support
You know, I don't think you can call it a "friendly rivalry" after you've
killed your opponent's parents. -- bash.org/?42958

Olivier Galibert

unread,
Jan 7, 2010, 3:08:13 AM1/7/10
to
On 2010-01-06, Niklas Karlsson <ank...@yahoo.se> wrote:
> On 2010-01-06, Shmuel Metz <spam...@library.lspace.org.invalid> wrote:
>>
>> The prohibition against UI is a little ambiguous, but my reading is that
>> if it's UI for anybody in the froup then you shouldn't post it. I've been
>> told offline that it's legitimate to ask a question about software that I
>> use only at home, but since others might use the same software at work,
>> I'd be leary even then.
> ^^^^^
> Is that an oblique way of saying you'd be on drugs?

Or that he likes young women with an IQ smaller than his shoe size
(.eu) or room temperature (.us).

OG.

Message has been deleted

Lionel

unread,
Jan 7, 2010, 3:20:31 AM1/7/10
to
On 7/01/2010 12:25 AM, Peter H. Coffin wrote:
> On Wed, 06 Jan 2010 22:12:49 +1100, Lionel wrote:
>> On 5/01/2010 6:55 AM, Peter H. Coffin wrote:
>>> On Mon, 4 Jan 2010 00:35:27 +0000 (UTC), Joe Thompson wrote:
>>>> I do agree that if you have n ebbg nppbhag jvgu n cnffjbeq naq furyy frg,
>>>> as is the default on RatCorpse, the security benefits of administering via
>>>> sudo are minimal at best. -- Joe
>>>
>>> The logging is nice. For those "Now what the hell did I do last time?"
>>> moments...
>>
>> I just try very hard not to have moments like that.
>
> I try too. It doesn't always work how I intend it to.

So far[0], it's worked well for me.

[0] /me touches wood.

--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------

Lionel

unread,
Jan 7, 2010, 3:24:42 AM1/7/10
to
On 7/01/2010 12:12 AM, Shmuel (Seymour J.) Metz wrote:
> In<4b42a4de$0$6401$ec3e...@unlimited.usenetmonster.com>, on 01/05/2010
> at 02:33 AM, Joe Zeff<the.guy.with....@lasfs.info> said:
>
>> Man su will tell you a way around that. I'd be more specific if I didn't
>> suspect that it's UI for you.
>
> The prohibition against UI is a little ambiguous,

No, it isn't. And ROT13 is no excuse.

> but my reading is that
> if it's UI for anybody in the froup then you shouldn't post it. I've been
> told offline that it's legitimate to ask a question about software that I
> use only at home, but since others might use the same software at work,
> I'd be leary even then.

And rightly so.

Lionel

unread,
Jan 7, 2010, 3:25:41 AM1/7/10
to
On 7/01/2010 3:41 AM, Niklas Karlsson wrote:
> On 2010-01-06, Shmuel Metz<spam...@library.lspace.org.invalid> wrote:
>>
>> The prohibition against UI is a little ambiguous, but my reading is that
>> if it's UI for anybody in the froup then you shouldn't post it. I've been
>> told offline that it's legitimate to ask a question about software that I
>> use only at home, but since others might use the same software at work,
>> I'd be leary even then.
> ^^^^^
> Is that an oblique way of saying you'd be on drugs?

I actually met the guy some years ago. Either he was somewhat senile, or
he'd done too many drugs.

Lionel

unread,
Jan 7, 2010, 3:29:45 AM1/7/10
to
On 5/01/2010 4:08 AM, Brian Kantor wrote:
> Joe Zeff<the.guy.with....@lasfs.info> wrote:
>> ... IMAO.
>
> Awesome?
> Awful?
> Abysmal?
> Authoritative?
> Ancient?
> Arbitrary?
> &c.
>
> EXPN por favor!?

"Annoying"?

Lionel

unread,
Jan 7, 2010, 3:33:53 AM1/7/10
to
On 5/01/2010 9:14 AM, Richard Bos wrote:

> Brian Kantor<br...@ucsd.edu> wrote:
>
>> Joe Zeff<the.guy.with....@lasfs.info> wrote:
>>> ... IMAO.
>>
>> Awesome?
>> Awful?
>> Abysmal?
>> Authoritative?
>> Ancient?
>> Arbitrary?
>> &c.
>>
>> EXPN por favor!?
>
> What does the H stand for in IMHO?
>
> What is the Monk-appropriate opposite of that word?

Honest, Heretical, Hierarchical, Horizontal[0], Horological, Hateful,
Horrible.

[0] ie; drunk.

Peter Corlett

unread,
Jan 7, 2010, 5:31:10 AM1/7/10
to
Lionel <imag...@gmail.com> wrote:
[...]

> I actually met the guy some years ago. Either he was somewhat senile, or
> he'd done too many drugs.

I'm somewhat surprised he hasn't also copied the pancreatic cancer from Bill
Hicks.

Shmuel Metz

unread,
Jan 7, 2010, 8:55:31 AM1/7/10
to
In <o61ak5l061eis9j8d...@4ax.com>, on 01/06/2010

at 09:47 PM, "Just zis Guy, you know?" <guy.c...@spamcop.net> said:

>I don't think man counts as arcana, certainly.

I use info. Is a well documented option on a well known command UI?

Shmuel Metz

unread,
Jan 7, 2010, 9:01:33 AM1/7/10
to
In <2010Jan6.2...@jarvis.cs.toronto.edu>, on 01/07/2010

at 01:14 AM, fl...@dgp.toronto.edu (Alan J Rosenthal) said:

>My point was that sudo does not require the root password, it requires
>the user's personal password

Well, I'd like a version of sudo that requires a physical security key in
addition to or in place of the user's password.

>But I now see what you might have meant by "in place of the root
>password" in a way I didn't see upon my previous reading of your
>previous article.

But what's really relevant is "a physical security key".

>Of course, the following sort of program suffices to require a physical
>security key:

Perhaps to a politician. For a programmer, require means more then simply
saying that it's required.

Shmuel Metz

unread,
Jan 7, 2010, 9:07:53 AM1/7/10
to
In <hi45oa$g5n$3...@xen1.xcski.com>, on 01/07/2010
at 07:24 PM, Lionel <imag...@gmail.com> said:

>No, it isn't.

"Useful (to our job) information is forbidden" doesn't make it clear
whether that includes the totally trivial.

>And ROT13 is no excuse.

Il va sans dire; the FAQ explicitly states "It doesn't matter if you
ROT-13 it,".

Peter Corlett

unread,
Jan 7, 2010, 11:28:18 AM1/7/10
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> wrote:
> "Just zis Guy, you know?" <guy.c...@spamcop.net> said:
[...]

>> I don't think man counts as arcana, certainly.
> I use info. Is a well documented option on a well known command UI?

*twitch*

I just *love* man pages that tell me they're a stub and I should consult the
info page. Especially when the "info page" is actually just the *same* man
page telling me to consult the info page, displayed in an awful pager.

It's almost as user friendly as man pages telling me they're a stub and I
should consult such-and-such a website, which does of course no longer
exist.

I really should take some piano lessons so I can get a higher-status job in
a brothel.

Peter H. Coffin

unread,
Jan 7, 2010, 11:55:02 AM1/7/10
to
On Thu, 07 Jan 2010 09:01:33 -0500, Shmuel Metz wrote:

> In <2010Jan6.2...@jarvis.cs.toronto.edu>, on 01/07/2010 at
> 01:14 AM, fl...@dgp.toronto.edu (Alan J Rosenthal) said:
>
>>My point was that sudo does not require the root password, it requires
>>the user's personal password
>
> Well, I'd like a version of sudo that requires a physical security key
> in addition to or in place of the user's password.

Great! Where do you want to plug it in? Local laptop? It'll be more on
SSH than sudo, then. KVM? physical hardware? That'll require OS support,
but it's doable. I'd hate to have to drive in to bounce a stuck process,
but if you're volunteering for pager duty...

--
Because of the diverse conditions of humans, it happens that some acts
are virtuous to some people, as appropriate and suitable to them, while
the same acts are immoral for others, as inappropriate to them.
-- Saint Thomas Aquinas

LP

unread,
Jan 7, 2010, 12:10:21 PM1/7/10
to
Bah[0]

On 2010-01-07, Peter Corlett <ab...@mooli.org.uk> wrote:
>
> I just *love* man pages that tell me they're a stub and I should consult the
> info page. Especially when the "info page" is actually just the *same* man
> page telling me to consult the info page, displayed in an awful pager.

That annoys me, but every time I encounter it, I think back to $ORK[-1]
and think "hey, at least man is installed on this box"

A critical box, running an unfamiliar flavour of unix, in single user
mode[1], with no man pages installed and no useful means of acquiring them.
In a machine room with no internet access for my laptop, Lots and lots
of walking up and down the corridor to fetch man pages off the internet
with the aim of confirming that the command line switches I'm used to
do what I'm expecting and haven't been re-assigned to something more
destructive.

> It's almost as user friendly as man pages telling me they're a stub and I
> should consult such-and-such a website, which does of course no longer
> exist.

At least <UI> usually has those cached.

> I really should take some piano lessons so I can get a higher-status job in
> a brothel.

Surely we don't need piano lessons to get a higher-status job in a brothel.

-Paul
[0] Lets try again with a chicken shall we. Not having a good day today.
I've had elderly parents slipping over and breaking limbs, a marvellously
intertwined combination of major routing changes with unexpected side
effects, external companies who can't keep their web servers together long
enough to process our customers payments, usual UK "we've had snow,
all transport is fucked" meaning that all of the above is being orchestrated
from home, where the cat is being *super* needy.

I've bloody run out of tea as well.

[1] I have at least managed to forget what the actual problem with it
was, but it took a lot of liquid refreshment to achieve that.
--
http://paulseward.com

Brian Kantor

unread,
Jan 7, 2010, 1:20:56 PM1/7/10
to
On Thu, 07 Jan 2010 09:01:33 -0500, Shmuel Metz wrote:
>
> Well, I'd like a version of sudo that requires a physical security key
> in addition to or in place of the user's password.

I suggest the installation of Prof Guillotin's marvelous invention
and the key being the user's head.
- Brian

Message has been deleted

Joe Zeff

unread,
Jan 7, 2010, 3:42:42 PM1/7/10
to
On Thu, 07 Jan 2010 17:10:21 +0000, LP wrote:

> [1] I have at least managed to forget what the actual problem with it
> was, but it took a lot of liquid refreshment to achieve that.

I take it, then, that the liquid refreshed everything except your memory?

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info

If it ain't broke, it ain't Micro$oft!

Steve VanDevender

unread,
Jan 7, 2010, 5:12:15 PM1/7/10
to
Joe Zeff <the.guy.with....@lasfs.info> writes:

> On Thu, 07 Jan 2010 17:10:21 +0000, LP wrote:
>
>> [1] I have at least managed to forget what the actual problem with it
>> was, but it took a lot of liquid refreshment to achieve that.
>
> I take it, then, that the liquid refreshed everything except your memory?

From what I have seen, refreshing beverages are consumed to refresh the
spirit and perhaps the body, but rarely to refresh memory.

--
Steve VanDevender "I ride the big iron" http://hexadecimal.uoregon.edu/
ste...@hexadecimal.uoregon.edu PGP keyprint 4AD7AF61F0B9DE87 522902969C0A7EE8
"bash awk grep perl sed df du, du-du du-du,
vi troff su fsck rm * halt LART LART LART!" -- the Swedish BOFH

Graham Reed

unread,
Jan 7, 2010, 5:02:08 PM1/7/10
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> writes:
> Well, I'd like a version of sudo that requires a physical security key in
> addition to or in place of the user's password.

Shirley, on Systems Where Equipped, there already exists something
that you could Plug an additional Module into that would do such a
thing.

Also Shirley, given that a computer company in California has
Smart-card enabled logins, such Modules already, in fact, Exist.

Getting that to work on space-alien-described UNIX is left as an
exercise for the insane.

--
"If you only do anything once, it's always your personal best."
-- Rick Mercer

Graham Reed

unread,
Jan 7, 2010, 4:54:08 PM1/7/10
to
Joe Zeff <the.guy.with....@lasfs.info> writes:
> Absolutely not! To me, sudo is a tool used to allow people who don't
> have the root password *limited* access to root. If it's your box and
> you set it up, you know the root password, or should and there's no need
> for sudo IMAO.

Ah, there you go. Sudo is a much more flexible tool than that, of
course, in that it doesn't have to be limited and of course it doesn't
have to be "to root".

Aside from other stuff, sudo's way of running a command is much nicer
than su's.

Other stuff can include things like, root doesn't have a password.
FruitCo boxes use this approach.

--
As for the completion stuff, well, I'd be very surprised if you couldn't
get zsh to do whatever you want, including calling up and hiring a
mariachi band to sing the names of the possible completions....
-- Shalon Wood

David Cameron Staples

unread,
Jan 7, 2010, 6:05:23 PM1/7/10
to
in Thu, 07 Jan 2010 19:25:41 +1100, Lionel in hic loco scripsit:

> On 7/01/2010 3:41 AM, Niklas Karlsson wrote:
>> On 2010-01-06, Shmuel Metz<spam...@library.lspace.org.invalid> wrote:
>>>
>>> The prohibition against UI is a little ambiguous, but my reading is
>>> that if it's UI for anybody in the froup then you shouldn't post it.
>>> I've been told offline that it's legitimate to ask a question about
>>> software that I use only at home, but since others might use the same
>>> software at work, I'd be leary even then.
>> ^^^^^
>> Is that an oblique way of saying you'd be on drugs?
>
> I actually met the guy some years ago. Either he was somewhat senile, or
> he'd done too many drugs.

Are you sure that's not an inclusive OR? 'Either' tends to imply XOR,
after all...

--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | School of Engineering | IT Support

i beat the internet. the end guy is hard. -- bash.org/?4278

It is loading more messages.
0 new messages