Comments for Peter's Soapbox

Comment on On Fresh Ubuntu, Fiber Optics, and Divorce by TedRoche

TedRoche — Fri, 10 Oct 2008 17:54:54 +0000

Been there, done that, lost the T-shirt ;). Hang in there, Peter. Things do get better, eventually.

Sorry, too, to hear of the retirement of Fresh Ubuntu. It was fresh, and you and Harlem had a great rapport. Looking forward to MPM.

Comment on On Fresh Ubuntu, Fiber Optics, and Divorce by peter

peter — Fri, 10 Oct 2008 13:56:04 +0000

I think you’ll find the Man Page Minutes may have a lot of the same open source goodness that FUP had.

Comment on On Fresh Ubuntu, Fiber Optics, and Divorce by FergatROn

FergatROn — Fri, 10 Oct 2008 13:36:38 +0000

Hey Peter, sorry to hear about the divorce. Good luck with that. As for the show, I’m sorry to see it put on hiatus, but life is life and I’ll have to deal.

Comment on Question for InfoSec Types: Is DHCP a Security Risk? by bill_mcgonigle

bill_mcgonigle — Mon, 01 Sep 2008 06:14:07 +0000

I can capture and emulate the MAC of one of your ‘trusted’ machines inside of a couple minutes. There are even things out there to confuse switch ports about which MAC is on which port. MAC addresses should be used for ARP, not security. It’s fine to use them too for static DHCP so you can centralize device addressing.

That said, if somebody can get onto your network, get an address via DHCP, and is then automatically authorized to do anything other than make recursive DNS queries and access a part of your Internet connection, you’ve got problems.

Most people don’t need secure switch ports - it’s sufficient to secure services. If you do need secure switch ports, look into 802.1x or VPN’s. And a security guard named Charlie with a .40S&W.

Note: I’ve met auditors who don’t know what they’re doing and run down a checklist hammered out by college interns. Their fees have nothing to do with their competence, especially their ability to understand protocols.

Comment on Question for InfoSec Types: Is DHCP a Security Risk? by TedRoche

TedRoche — Thu, 28 Aug 2008 15:47:54 +0000

Disclaimer: I’m not truly an InfoSec, though I play one on my own network (don’t we all?)

I think the auditor may be confusing physical access issues with network access… “if an intruder can just plug in a device” you have far more serious problems. Most offices don’t let people off the street plug in. If your client is in that situation (like a school or a cybercafe or an incubator), then those network jacks ought to be _outside_ the firewall, with VPN access to corporate resources.

That said, access to the corporate network ought to be limited. MAC address filtering should only allow known devices. An employee bringing in a compromised home computer is just as large a threat. Wireless access should be filtered by MAC address and WPA2 or better (and perhaps firewalled VPN access from the WAP to the intranet). But computer users are going to have authorized devices (iPhones, laptops, etc.) that need to be using DHCP for their access on the road. Accomodating this can be done without significantly compromising the network.

Comment on Question for InfoSec Types: Is DHCP a Security Risk? by DamienHull

DamienHull — Mon, 25 Aug 2008 20:20:12 +0000

A few years back I would have said no. Times have changed.

I don’t view DHCP as a security issue. I see it more as a plug and play issue. It’s been my experience that people who have no idea how a network functions love to plug wireless access points and routers into the network. This makes trouble shooting fun.

Security could be an issue if data on servers and workstations isn’t protected. If someone can walk in with a laptop, plug into the network and access data, you have a problem.

When it comes to security one size does not fit all. Security is balancing act. Be safe but not so safe that users can’t get anything done.

Comment on Tim Nulty’s Response: “My Turn” by Trying To Find The Sun » Blog Archive » Why Johnny Can’t Lay Fiber, Part 1

Sun, 24 Aug 2008 23:55:47 +0000

[...] each customer it picks up is a new one that brings in $130 in incremental revenue. At that rate, as BT’s experience shows, a competitor can quickly cover the cost of building the network. But if an incumbent telco builds [...]

Comment on Dual Boot Your Firefox and Thunderbird on Ubuntu 7.10 Guty Gibbon by Poldi

Poldi — Sat, 14 Jun 2008 15:31:17 +0000

Hi.

Thx for this fine tutorial! It is working great

Poldi

Comment on Apology to the Woman I Offended - Rescinded by iblogscott

iblogscott — Mon, 09 Jun 2008 20:03:52 +0000

I agree. Well said. If we go around apologizing to everyone who wants it, we’ll never be able to say or do anything. I try to be respectful of others within reason, but, that’s about the best I can or will do.

Comment on Bethel Signs on to EC Fiber by Justin Hayes DOT com

Justin Hayes DOT com — Thu, 29 May 2008 18:32:11 +0000

Funpidgin is now Carrier Instant Messenger, releases version 2.4.2…

I know this news is a little late, but I’ve been busy Funpidgin is now known as Carrier Instant Messenger. This name was suggested by Peter Nikolaidis of the Fresh Ubuntu podcast and the rest of the devs and users we talked to all agreed that it wa…