The time now is Fri 22 Jan 2021, 15:32
All times are UTC - 4 |
Page 1 of 2 [24 Posts] |
Goto page: 1, 2 Next |
Author |
Message |
night flight
Joined: 19 Feb 2019 Posts: 10 Location: Northern Germany
|
Posted: Tue 19 Feb 2019, 17:20 Post subject:
Self-introduction / security of this forum itself Subject description: no SSL certificate? my password plain text over the net? |
|
Hello world,
I am Tobias from Germany. Still I am 56 years old.
More than a year ago I decided not to switch to Windows 10. You only need to read the Wikipedia entry about Windows 10. I'm not a sheep, am I? (Well, as a Microsoft Windows user I always have been a sheep. Mööh!)
I've been interested in Linux for a very long time, but I always thougth it was a secret science.
distrochooser.de helped me to decide and to find what kind of Linux fits for me. I like(d) the idea to use hardware ten years old and it all works. I don't need all of that newfangled stuff. Not at all.
Consequently, Puppy Linux is made for me.
Pen Drive Linux was my escape agent! An extremely useful software to "defect" from Microsoft Windows to Linux. It was so easy. And I also found my way around Puppy Linux immediately. Some things were familiar, some other ones I learned quickly and gladly. Under Microsoft Windows the command line is not for "housewives", under Linux soon it is your friend. As some German car advertising said many years ago: "Reduce to the max".
It took months to set up the software equipment under Linux (by the way, Slacko 5.7, 32 Bit) that I was used to from Microsoft Windows.
I'm still learning a lot everyday. It is very fascinating. Linux gives me the feeling that I can always choose myself, not just as a sheep running along on rails. Together with many millions of other sheep.
So I registered in this forum. I belong here. Over the past few months I have sought a lot of advice here, now I hope I can give more and more back.
It's all emotional. With Microsoft Windows there is no such thing. It is a correct operating system. Absolutely no more than that.
Now, what does the headline mean?
Maybe here in Germany we are very crazy about privacy. So I wondered how this forum (especially including the registration process) seems to run completely unprotected. My password was transmitted in plain text over the net. It's like having unprotected sex with an unknown person. May be fun, may destroy you as well.
I thought Linux people are particularly aware of this all.
So only my love for Puppy Linux and for this forum made me so reckless!
If you want me to donate you a certificate, let me know.
Last edited by night flight on Tue 26 Feb 2019, 16:40; edited 1 time in total
|
Back to top
|
|
 |
Galbi

Joined: 21 Sep 2011 Posts: 1113 Location: Bs.As. - Argentina.
|
Posted: Tue 19 Feb 2019, 19:17 Post subject:
|
|
Hi Tobias, wellcome to the forums.
Nice words, they reflect exactly what we all have felt since using Linux, specially Puppy.
Why so crazy about privacy?
Are you going to tell me that someone has been spying, let's say, Frau Angela?
Saludos.
_________________ Remember: "pecunia pecuniam parere non potest"
|
Back to top
|
|
 |
musher0
Joined: 04 Jan 2009 Posts: 15041 Location: Gatineau (Qc), Canada
|
Posted: Tue 19 Feb 2019, 19:22 Post subject:
|
|
Hi Tobias.
Welcome aboard.
The reason this forum is so insecure, is that the whole gang here, we are
reckless risk-takers!
New to Linux and PuppyLinux, eh? It just looks insecure: Linux users do
not need as much "armor" as WhineDose users. You'll get used to it.
BFN.
_________________ musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
|
Back to top
|
|
 |
bigpup

Joined: 11 Oct 2009 Posts: 13981 Location: S.C. USA
|
Posted: Tue 19 Feb 2019, 20:18 Post subject:
|
|
We the users of this forum have no control over how it operates.
We have raised the issue of making this a https web site.
The person that provides this forum is the one to change it.
He is paying for it!
So far no action has been done by him.
Basically, it is what it is.
I gues someone could get your log in password and log in as you.
But they could also just as easily make there own login.
Ha, that is my real name bigpup!
_________________ The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
|
Back to top
|
|
 |
rufwoof

Joined: 24 Feb 2014 Posts: 3725
|
Posted: Tue 19 Feb 2019, 22:14 Post subject:
|
|
Puppy running the browser as spot is as good as pointless. Running as a restricted userid has many holes through which a attacker can elevate to root. A single compromised system on a LAN jeopardises the entire LAN. Hosts can be attacked and the entire user/password database extracted. Much of security is a illusion (and governments like the weaknesses also).
For what matters, online banking etc. being able to boot a known clean system, as though just newly installed and configured, to then go directly to your banks web site with a clean browser, nowhere else before or after ... is about the best you can do. For most systems, installing freshly etc. is a lengthy process, with Puppy resetting to a clean setup can be very quick (typically the time it takes to reboot).
For other things, just accept that browsing around from your home 'secure' system is no more secure than if you were using a public library PC to do the same. For casual online spending (buying using a card), use a pre-paid card topped up to relatively small amounts, so if compromised the financial loss is relatively small and just accept that the world we live in has your personal details in effect being exchanged for 'free services', advertisers pay for the 'net', governments hate not being able to monitor. For a banking site, yes you want encryption between you and them. For posting/reading a public forum ... encryption is pretty much irrelevant.
If are concerned about security, then you should be doing many things, that most don't bother with. As just one example - something like the following (which assumes cwm window manager is installed (nice as it has no titles/tray etc) and you're running portable firefox (that is started with a ff script))...
Code: | Xephyr :1 -fullscreen -title FireFox -br -nolisten tcp -nolisten local &
sleep 3
DISPLAY=:1 cwm &
DISPLAY=:1 unshare -m capsh --drop=cap_sys_admin,cap_sys_boot,
cap_sys_chroot,cap_sys_ptrace,cap_sys_time,cap_sys_tty_config,
cap_chown,cap_kill,cap_dac_override,cap_dac_read_search,cap_fowner,
cap_setfcap,cap_setpcap,cap_net_admin,cap_mknod,cap_sys_module,
cap_sys_nice,cap_sys_resource -- ff |
Capabilities names tend to vary, so you'd have to run capsh --print to see what names are allocated under your system. If you're not applying something like the above additional security measures then worrying about the forum having no encryption is just focusing upon one hole of many holes.
_________________ ( ͡° ͜ʖ ͡°) :wq
Fatdog multi-session usb
echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh
|
Back to top
|
|
 |
rokytnji
Joined: 20 Jan 2009 Posts: 2288
|
Posted: Wed 20 Feb 2019, 17:32 Post subject:
|
|
Plus being lucky enough once by wordpress to lock me out of a forum I admin at because some of my passwords were old and hacked on a few sites.
All I had to dig me out of a hole was find the sites hacked
https://haveibeenpwned.com/
Change some passwords. Move on with life. I have not logged in here in while and posted.
I be not afeared of lack of padlock.
Plus:
Down on the Mexcan border here.
We don't need no stinking badges.
|
Back to top
|
|
 |
rufwoof

Joined: 24 Feb 2014 Posts: 3725
|
Posted: Wed 20 Feb 2019, 19:46 Post subject:
|
|
Description |
|
Filesize |
49.78 KB |
Viewed |
396 Time(s) |

|
_________________ ( ͡° ͜ʖ ͡°) :wq
Fatdog multi-session usb
echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh
|
Back to top
|
|
 |
night flight
Joined: 19 Feb 2019 Posts: 10 Location: Northern Germany
|
Posted: Sat 23 Feb 2019, 06:31 Post subject:
|
|
A thousand thanks for the warm welcome from all over the world. This is really a great community. The dangers I've written about can't spread from this forum to other areas of mine (but I shouldn't use passwords more than once…). So I will join your carelessness, because I want to be part of the gang. But with the German point of view I will come back again sometimes
_________________ I use a Lenovo IdeaPad S10-2, built in 2009. I love it. My Slacko 5.7 (32 Bit) is on a 10 GB SD Card. So I can boot it everywhere (Smartphones excluded ).
|
Back to top
|
|
 |
tallboy

Joined: 21 Sep 2010 Posts: 1767 Location: Drøbak, Norway
|
Posted: Sun 24 Feb 2019, 00:12 Post subject:
|
|
The best thing is still to keep your secrets to yourself, and not using the forum as a diary!
bigpup wrote: | The person that provides this forum is the one to change it.
He is paying for it! |
That person is John Murga, and his extremely impressive CV can tell us, that he has probably forgotten more about programming and computers than our combined brains can remember! So relax, this forum is in good hands!
_________________ True freedom is a live Puppy on a multisession CD/DVD.
|
Back to top
|
|
 |
MrDuckGuy

Joined: 31 Jan 2019 Posts: 159 Location: Hermosa Beach, CA, USA
|
Posted: Tue 26 Feb 2019, 17:43 Post subject:
Self-introduction / security of this forum itself Subject description: My Account is Locked - Email to Sysop Ignored |
|
bigpup wrote: | The person ... John Murga, and ... this forum is in good hands!  | I tried to change my email address on my logon profile, the system froze, I got locked out of the account, and emailed the sysop - no answer to that email and another email to what I could gather was one of the administrators.
I had to create an entirely fresh account. How's THAT for security? B'H.
|
Back to top
|
|
 |
Makoto

Joined: 03 Sep 2009 Posts: 2267 Location: Out wandering... maybe.
|
Posted: Tue 26 Feb 2019, 22:51 Post subject:
|
|
Which administrator did you PM? Your best bet would be Flash, as he's more likely to see it at some point throughout the day.
_________________ [ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
|
Back to top
|
|
 |
MrDuckGuy

Joined: 31 Jan 2019 Posts: 159 Location: Hermosa Beach, CA, USA
|
Posted: Wed 27 Feb 2019, 00:20 Post subject:
Self-introduction / security of this forum itself Subject description: My Account is Locked - Email to Sysop Ignored |
|
Makoto wrote: | Which administrator did you PM? ... | John Murga, ttuuxxx, and MarkUlrich. No answers from any of these after over three weeks, so I'm a bit demoralized. Quote: | ... best bet would be Flash, as he's more likely to see it ... | Thanks for the reply. I don't have the email address. I don't think the forum actually has contact info for any of the sysops set out in one page. I could be wrong though.
Kelikaku B'H.
|
Back to top
|
|
 |
Makoto

Joined: 03 Sep 2009 Posts: 2267 Location: Out wandering... maybe.
|
Posted: Wed 27 Feb 2019, 01:40 Post subject:
|
|
(Note: Taken to PM.)
_________________ [ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
|
Back to top
|
|
 |
bigpup

Joined: 11 Oct 2009 Posts: 13981 Location: S.C. USA
|
Posted: Wed 27 Feb 2019, 07:29 Post subject:
|
|
Anyone that is a registered member of this forum can be sent a private message(PM).
That is the best way to contact anyone.
Flash is the best person to contact if there is any problems with the forum.
At top of forum page is memberlist.
Click on that to go to a list of members.
Flash is #9 on the list.
Click on PM by his name.
That will open a PM input to be able to post a PM to him.
_________________ The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
|
Back to top
|
|
 |
Flash
Official Dog Handler

Joined: 04 May 2005 Posts: 13653 Location: Arizona USA
|
Posted: Wed 27 Feb 2019, 09:45 Post subject:
|
|
Well, if he couldn't log into the forum he couldn't send me a PM. And I don't make my email address public, so he couldn't send me an email.
It seems that if you change your email address, either the forum doesn't send a confirmation email or sends it to your old email address. Possibly the email gets put in a spam folder. I have no way of finding out what happens. At any rate, I've received lots of requests for help from forum members who send me PMs about others who have changed their email address but never got a confirmation email from the forum and so couldn't log into the forum.
What happens is, if you change your email address, the forum deactivates your account until it receives the confirmation reply from you. If you never get the email the forum is supposed to send, that can't happen.
All I can suggest is, if you plan to change your email address, try to send me a PM before you do it, so I can reactivate your account after the forum deactivates it.
|
Back to top
|
|
 |
|
Page 1 of 2 [24 Posts] |
Goto page: 1, 2 Next |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|