On Mon, 12 Apr 2004 00:25:34 +0000, Cichlidiot wrote:
> How I normally post is to connect to their student shell machine pool via
> SSH and use tin on that machine. I'll have to check into the rules about
> tunnelling though. Last I heard, those that were trying tunnelling to

It's possible they have disabled port forwardings through their sshd.
Or so I thought; I don't see it as an option in openssh's sshd_config.
Perhaps they're using a different sshd.

> suppose I could always try setting up my machine on campus to be a tunnel
> if the problem was that they restricted access to campus IPs (which

That's how I'd do it. If you have your own IP, reachable from outside,
run your own sshd. If not, sorry, this was a useless suggestion. In
that case maybe you could install gpg in your $HOME/bin. (I wouldn't
trust my secret key there for anything important, like your latest
plans for regime change. But it would be good enough for signing
Usenet posts.)

> but I hate to leave that thing on when I'm not around (seems wasteful).

How so? Memory? I don't think sshd is a big deal even for low memory
machines, but you could always save a few KB by running it from inetd
(so it only starts when a connection is made.)

Oh, you're talking about ELECTRICITY, right? Well, hmmm. Yes, that's
partly true. But look at light bulbs, when do they pop and go out?
Always and only when they're being turned on. I think it's stressful
for electrical devices to be turned on after inactivity. Almost every
time I've had a hard drive die, it was when powering it on. I believe
that by leaving your computer on, you are probably extending the life
of the hardware. It costs a pittance in electricity to run it.

If you're thinking "green", think of the environmental costs of
manufacture and distribution of hardware goodies. Surely there's a lot
of that tied up in a hard drive. It's difficult or impossible to know
for sure, but it's not hard to imagine that you're wasting more energy
than you save.

Perhaps your concern is another kind of green, like the predominant ink
in those dollar bills. In this case there's little question: you'll pay
more if your hard drive dies 6 months sooner than you would if you had
left the machine running.

Since the University probably buys the computer (I think I remember you
posting about that when you got it) and the electricity I guess you're
worried about the first type of greenery, and that green is gray, if
you can tolerate some mixed chromatic metaphors. But you can do your
part to save some power: "modprobe apm" and set up some power-saving
settings in your CMOS. I would not have it spin the hard drives
down,[1] but you can probably save more power by having the CPU slow
itself down. And since there are no moving parts in that chunk of
silicon, I don't think you'll damage it. You'll WANT a new one before
it ever burns out. (I don't think that's so with hard drives.)

So I hope there's something useful here. I'm sure you can work it out
somehow. I look forward to seeing a new trashy PGP'er.



[1] It's a default setting in all MS OS's since Win95 OSR2, to spin
down hard drives after 30 minutes of idle time. MS benefits from
hardware sales. 'Nuff said.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

/dev/rob0 <rob0@gmx.co.uk> wrote:
> On Mon, 12 Apr 2004 00:25:34 +0000, Cichlidiot wrote:
>> How I normally post is to connect to their student shell machine pool via
>> SSH and use tin on that machine. I'll have to check into the rules about
>> tunnelling though. Last I heard, those that were trying tunnelling to

> It's possible they have disabled port forwardings through their sshd.
> Or so I thought; I don't see it as an option in openssh's sshd_config.
> Perhaps they're using a different sshd.

Well, the manuals are OpenSSH, but I'm not gonna take that as gospel on
these systems. I do have contacts into the campus network operation center
though from a project I was working on last summer. I'll drop them a line
to see what they know about the campus policies on tunneling to the news
server. Hopefully they won't be as anal about that as they are about web
proxies, although that policy is mostly due to external pressures.

<snip>
>> but I hate to leave that thing on when I'm not around (seems wasteful).

> How so? Memory?
<snip>
> Oh, you're talking about ELECTRICITY, right?
<snip>
> If you're thinking "green",
<snip>
> Perhaps your concern is another kind of green, like the predominant ink
> in those dollar bills.
<snip>

I'm thinking more towards the issues I have with the campus machines (in
so far as getting a decent one) and why I work mostly from home (because
sadly I have better machines available at home). My Slack machine on
campus is a Dell P4 workstation that has irritated me so much with its
lack of performance on my simulations that I haven't actually turned it on
in geeze... months. It's also tied to the current project I'm on and could
be taken away if I got assigned to another project. Anyways, most of the
time when I'm on campus, I'm in meetings. If I am using a machine, it's
one of the old Celeron Windows workstations to give the illusion of doing
work while actually checking my email, Slashdot, etc. I've found the
people in the labs tend to ignore me when I do these activities on the
Windows box, but the Slackware one draws attention, maybe because I use
Enlightenment with the Ganymede theme and that's very foreign looking even
to the RedHat users (there's only 2 other Slack users in the department
and they're in another lab room). At least it seemed like when I was
trying to use the Dell that people were always bugging me while I was
trying to code (yet another reason to work from home). So I suppose of all
of the above, electricity would be the closest answer since right now it's
nothing more than a glorified door stop, heh.

On Mon, 12 Apr 2004 00:10:44 +0000 (UTC), Cichlidiot
<fishlover@nospam.invalid> wrote:
> Don't bother arguing with Mr. Cordially. He and others like him have an
> obvious lack of understanding about basic public key cryptography and a
> lack of desire to educate themselves about the subject. They don't
> understand the basic premises of a web of trust and all the caveats that
> come with that. Instead they harp on certain caveats as if they were fatal
> errors. In essence, they are trolls, so don't feed them.

His reaction to your post shows, he don't understand the web of trust, so
your are right, I stop feeding him.

Sebastian
--
http://www.hpfsc.de/ - die Seite rund um:
Assembler, Bundeswehr, TFT LCDs, Halle/Saale, Fahrradtouren, Neuseeland,
Wanderstaat Mauma, Raumschiff USS Nathan, Enemy Room, MLCAD Tutorial

Sebastian Stein <seb_stein@gmx.de> wrote:
> On Mon, 12 Apr 2004 00:10:44 +0000 (UTC), Cichlidiot
> <fishlover@nospam.invalid> wrote:

> > Don't bother arguing with Mr. Cordially. He and others like him
> > have an obvious lack of understanding about basic public key
> > cryptography and a lack of desire to educate themselves about
> > the subject. They don't understand the basic premises of a web
> > of trust and all the caveats that come with that. Instead they
> > harp on certain caveats as if they were fatal errors. In
> > essence, they are trolls, so don't feed them.

> His reaction to your post shows, he don't understand the web of
> trust, so your are right, I stop feeding him.

Your reaction to my post shows that you don't speak English as a
first language so perhaps you didn't catch on that I was being
facetious. Or it could be that you are simply thick. In any case,
it's perfectly feasible for a forger to put a pgp signature of his
own creation on a posting with a different domain and then the onus
would be on the original poster to prove that he wasn't using a
second key.

PGP can guarantee that a posting came from a certain person. But
it most certainly does _not_ prove that a posting did not come from
that person. If you don't understand this then you are wasting
your time considering pgp. Some of the posters to this group
routinely forget to use a pgp signature about half the time. You
know what that means?

cordially, as always,

rm

On Mon, 12 Apr 2004 11:43:01 GMT, Realto Margarino <boogie@eewwww.org> wrote:
>> His reaction to your post shows, he don't understand the web of
>> trust, so your are right, I stop feeding him.
>
> Your reaction to my post shows that you don't speak English as a
> first language so perhaps you didn't catch on that I was being
> facetious.

Right, English isn't my mother language, but the best way to let people know
you are jocking is to just put some smilies or <joke>...</joke> around the
joking lines. Your lines could be understood in both ways, you don't
transport emotions. To prevent such misunderstandings smilies were invented!

> In any case, it's perfectly feasible for a forger to put a pgp signature
> of his own creation on a posting with a different domain and then the onus
> would be on the original poster to prove that he wasn't using a second
> key.

This is true, I never argumented against it. But let's come back to my
initial argument, which has not been answered. See my initial post to this
thread! I just want people to respect the freedom of everybody. If someone
wants to sign his posts, he should do it. A PGP signature isn't hurting
anybody, so it is ok. Forcing him to remove the signature means limiting his
personal freedom. That's not ok, it is undemocratic.

Think about this argument and not just if the signatures are valuable!

Sebastian
--
http://www.hpfsc.de/ - die Seite rund um:
Assembler, Bundeswehr, TFT LCDs, Halle/Saale, Fahrradtouren, Neuseeland,
Wanderstaat Mauma, Raumschiff USS Nathan, Enemy Room, MLCAD Tutorial

On Mon, 12 Apr 2004 16:15:17 +0000, Sebastian Stein wrote:
> This is true, I never argumented against it. But let's come back to my
> initial argument, which has not been answered. See my initial post to
> this thread! I just want people to respect the freedom of everybody. If
> someone wants to sign his posts, he should do it. A PGP signature isn't
> hurting anybody, so it is ok. Forcing him to remove the signature means
> limiting his personal freedom. That's not ok, it is undemocratic.

Sebastian,

I think you make a good point, but perhaps you have not been lurking here
long enough to appreciate the irony of your comment. A long time ago, it
seems like forever, a group alternately known as "the regulars" and
"bozos" spent a lot more time responding to posts in this newsgroup. Some
of them provided some useful answers, but many of them spent a great deal
of time deriding posters for not following the set of rules they felt
should be followed. This can still be observed from time to time, but to
a lesser extent, I believe, than before. They were not always as nice as
they could have been. Many times they provided very little help other than
the suggestion that the poster was somehow inferior to them. Not everyone
appreciates that kind of help and some openly objected to their behavior,
but the group would stick together and verbally abuse them until they
tired of it and stopped posting.

Apparently Mr. Margarino is more persistent than most. He has kept this up
for quite some time. I believe that his original point was that there are
no (enforceable) rules, and that if you don't have a helpful answer or you
don't like the format of a post, then just ignore it and say nothing. I
agree with him on that. I think he has just latched on to this PGP thing
not because it is arguably just a pretentious affectation, but because, at
least to him, it suggests that "the regulars" are only interested in
"enforcing" rules that suit them, and that they don't really care about
rules at all. I doubt that he cares that much about PGP, really. But I
don't mean to speak for Mr. Margarino, that's just my impression of his
"argument."

So now you are making the same observations about Mr. Margarino that he
had originally made about "the regulars."

Ironic, isn't it?

/dev/rob0 <rob0@gmx.co.uk> wrote:
> Or so I thought; I don't see it as an option in openssh's sshd_config.
> Perhaps they're using a different sshd.

Look at this:
$ grep Tcp /etc/shh/sshd_config
AllowTcpForwarding no

It is not disabled by default in the sshd_config, but you can change it,
when you want to (and on our site THIS is the setting!).
--
************************************************** ******************
** Eef Hartman, Delft University of Technology, dept. EWI/TW **
** e-mail: E.J.M.Hartman@math.tudelft.nl, fax: +31-15-278 7295 **
** snail-mail: P.O. Box 5031, 2600 GA Delft, The Netherlands **
************************************************** ******************

Well, to follow up to myself (and many days late), turns out the campus
news server is IP restricted to the campus subnets. In order to access
directly from off-campus, one has to use a web browser to authenticate via
Kerberos. Now, when I have some testing time, I'll see if one can
authenticate via the page then use any newsreader or if they've rigged it
somehow to be tied to the browser. Right now I can't be arsed as I have
more pressing issues to look into. Besides, being the weekend I couldn't
go mutter at the campus IT if they have rigged it to be tied to the
browser.

On Sun, 18 Apr 2004 12:25:05 +0000, Cichlidiot wrote:
> Well, to follow up to myself (and many days late), turns out the campus
> news server is IP restricted to the campus subnets. In order to access
> directly from off-campus, one has to use a web browser to authenticate via

The ssh tunnelling thing *might* work but this sounds easier. The one
thing you'll want to address is how to keep your last-read pointers
synchronised, if you're going to continue using tin from the shell
account. That, however, should be simple.

> Kerberos. Now, when I have some testing time, I'll see if one can
> authenticate via the page then use any newsreader or if they've rigged it
> somehow to be tied to the browser. Right now I can't be arsed as I have

I'd think this improbable, since NNTP is a separate protocol. The
authentication probably just adds your IP to an access list. You might
still have to separately authenticate to the news server, if it
requires authentication to post.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply