[CoLoCo] UBUNTU SURVIVAL : SAVE THY SELF

TJ Heaney tjheaney at gmail.com
Thu Nov 29 17:34:00 GMT 2007 

Based upon some of my planning and design notes, here is what I envision:

[Script] -----Triggered----->[Notify Mod]<---------|
     |                 |                                          |
     |                 |                                          |
     |                 |                                          |
     |                 |                                          |
[Flag Profile]    [Consults DB of hot words]     |
     |                                                            |
     | (If multiple offenses)                              |
     |------------------------------------------------------------|

At the same time, on the front end:

[DB]---------->[Output of what the command does]

Now, since I am not the most familiar with RegEx, I'm not sure what this
would entail.


On Nov 29, 2007 10:10 AM, Neal McBurnett <neal at bcn.boulder.co.us> wrote:

> On Wed, Nov 28, 2007 at 08:31:07PM -0700, Brett Trigg wrote:
> > What about some sort of "sudo tutorial" built into Ubuntu?
> > Maybe something along the lines of when a user first tries to sudo, it
> gives
> > them a warning that they have to read (indicated by entering their
> password at
> > the end or something) that gives them a brief rundown of stuff like
> this.
> > Maybe something like that, along with the regex script TJ is putting
> together,
> > would provide enough education.
> > Which, I think, is the primary problem regardless of OS.  Lack of
> education
> > causes problems.
>
> I think a sudo tutorial is a very interesting idea.  Don't know how
> hard it would be to do it right since there is ongoing frustration
> with the lack of "root" in some quarters, there are language barriers,
> and it would in some sense break most of the help pages out there.
>
> I think that it would be very difficult in practice and impossible in
> theory to do a regex script that did more help than harm.  As many
> threads have discussed, planting trojans is a very sophisticated art
> form these days.  If there was a cool-looking script to check for
> trojans that people recommended and knew about, it would provide only
> a false sense of security, because it would be know by many attackers
> and could be trivially bypassed.  The virus/anti-virus wars prove this
> all the time, and software seems to constantly need to tell people
> "turn off your anti-virus software before installing this" which
> must just make people's heads spin....
>
> Another approach is to help people understand what sorts of things
> they can trust and what they can't trust.  Trust software from
> official repositories and official documentation.  Be cautious about
> wiki pages and forum posts, especially if they are very recent.
>
> Neal McBurnett                 http://mcburnett.org/neal/
>
> >         phillip tribble wrote:
> >         > "I'd like to take a moment of your time to discuss a recent
> >         disturbing
> >         > trend the staff has been noticing on the forums, and also take
> this
> >         as
> >         > an opportunity to raise awareness of this situation through
> >         > education." - tfa
> >         >
> >         > http://ubuntuforums.org/announcement.php?a=54
>
> --
> Ubuntu-us-co mailing list
> Ubuntu-us-co at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-co/attachments/20071129/a6e12103/attachment.htm

More information about the Ubuntu-us-co mailing list