Linux

There's some major changes and updates coming to Firewall/SOSDG 0.9.4.  I've been changing code and adding functions, trying to simplify how things are laid out.  I'm hoping over the next month or two to get the code up to production status (1.0 would be nice).

Just a quick note to everyone, version 0.9.3 of Firewall/SOSDG has been released.  This update features a new ability to create files with custom commands to inject at specific places during the file loading.  I've also tweaked the coloring of the output a bit prettier.

Recently on the NANOG list, there was discussion going on about IPv6 and e-mail, and it slightly diverged into SMTP TLS.  After some off-list discussion about SMTP level security and what a Debian system will do on a default install, I've made some observations I'd like to share.

• The default install of Debian unstable with EXIM4 will have TLS support enabled by default thanks to the options in /etc/exim4/conf.d/main - its not the most optimal setup, but it will work for basic TLS support.
• SMTP TLS security can't really easily be compared to HTTP SSL/TLS security.  When you browse to a HTTPS website, its an entirely interactive process, which gives you a chance to see the certificate in question and respond.  In an SMTP TLS session, its done entirely by the MTA in an automated matter
• Depending on TLS to give security, authentication, and reliability to SMTP is a long, and probably fruitless process.  Unless you are going to refuse connections to every server which you can't verify their certificate or which doesn't have a certificate, you aren't really solving anything.  In tests, I've yet to have a system refuse to talk to my SMTP server because its using a self signed certificate.
• TLS will provide wire level security when talking to another mail server - however, your message will most likely be stored plain text on the sending server, receiving server, and places in between, including the MUA, completely defeating the purpose of keeping the contents of the message secret.  PGP/GPG is the proper answer to the message security issue.

Given how easy its been for people in the past to get valid but fake certs from Verisign and similar companies, is dependng on TLS/SSL certificates to guarantee the identity of the person you are communicating with really such a great idea?

So, I've been thinking about this for a while...  I really would like a upnp option for cisco, but what about a workaround?

My idea is simple:

A daemon that sits on a linux box or something similar, pretends to be a upnp IGD, and sends console commands to create/delete ports on the actual Cisco device?

Yeah, kinda ugly, but I've seen worse.  Anyone got any ideas on how to do this, or how feasable this may be?

Ohhh boy, this is quite amusing. From 'Shelly The Republican' who claims "We are counteracting the liberal war of lies!" Linux: A European threat to our computers Quotes worth mentioning:

For example, this rugged IBM laptop I am using was designed and built by an American company. It runs software built by Microsoft, one of America's most productive organizations. My computer does everything I could possibly want: I can do my work, submit my taxes and even search the Bible.

Built by an American company... Wonder if he bothered to read the label on the bottom of his laptop that says "Made in (China/India/Japan/Korea/Hong Kong)"?

Like all the greatest American engineering, it's an example of innovation that makes a growing group of European and Chinese hackers jealous. They hate our lead in computing technology and will stop at nothing until they have control of all of our computers.

Do I need to say anything?

This would be certainly true were in not for the Linux project's seductive Marxist ideology and the effect that it has on 'Blue-State' liberals. Indeed, Linux is so pervasive amongst the blue states and many liberal universities that a leading computer expert Steve Balmer (from Microsoft) described Linux as cancer.

Ahh, those damn blue state commies! Thats right, quote Monkey Boy Ballmer (it's two L's, Tristan).

Imagine if the State of the Union address were hacked because the TV station decided to save money by using Linux? Imagine if a stealth-bomber crashed because it's software was written by anonymous Chinese or European hackers. It would make as much sense as inviting the French to come over and take over the White-House.

Hacking the state of the union address... Geeze, we should be so lucky! I don't know of any anonymous 'Chinese or European hackers' working on Linux - but I do know of quite a few non-anonymous Chinese and European programmers who are paid to work on Linux and various parts. There are many American programmers being paid to work on Linux as well.

And guess what software Osama Bin Laden uses on his laptop? If you guessed it was Linux you would be 100% right. Osama uses Linux because he knows designed to counterfit DVDs, curcumventing the Digital Millenium Copyright Act, and defraud companies like Disney.

Hahaha! I almost wet myself reading that.

If you see a company using Linux, it may be that they have not paid for this software. Report them to the Business Software Alliance who have the legal authority to inspect any company's computers for illegal programs like Linux.

Please do report to the BSA that the web server hosting my blog runs Linux. I'd be more then happy to show them that my system runs that 'illegal' Linux operating system!

Finally, remember to include Linux users in your prayers tonight. As individuals we may not be able to change people's minds, but the Bible teaches that God can make any sinner repent.

Yup, I think we've just confirmed how far out in right field this individual is. I'm Buddhist, but thank you anyway for your prayers.