bad defaults and autoconfiguration [was: Keylogger]

Xen list at xenhideout.nl
Sun Dec 3 18:11:41 UTC 2017 

Ralf Mardorf schreef op 03-12-2017 17:52:
> On Sun, 3 Dec 2017 12:42:58 -0400, Duane Whitty wrote:
>> Additionally, Tools -> Options -> LibreOffice -> Memory -> Undo lets
>> you specify how many undo levels you have.  I have never changed the
>> setting so apparently the default is 100.
> 
> Undo histories could be tricky. I don't know LibreOffice's undo 
> history,
> but for text applications there at least could be an issue regarding
> undo each written character or word. Undoing each character could be a
> PITA.

It's a pain in the ass, and when you complain about it on their mailing 
list(s) they tell you that you are an idiot for wanting word-based 
undelete.

Even though almost all software contains word-level undelete (although 
Vim is misconfigured by default to only undo _sessions_ (of editing 
mode)).

Add this to your .vimrc to have word-level undos:

inoremap <Space> <Space><C-g>u

Linux is a pain in the butt with all these bad defaults.

Add this to your .vimrc to have persistent undo across editing sessions:

set undodir=~/.vim
set undofile

Lol my current list of patches/modification changes includes:

- make the systemd journal persistent for 3 days
- allow me to run iotop as a regular user
- add "users" to the default skel group config
- add "staff" and "users" to the default user

(Did you know the installer does not use the skel group list?)

- disable automatic updates
- disable bash color prompt
- turn on vdir color
- fix the Konsole to have a normal font size
- install KDE shortcuts for Dolphin and Konsole
- service to wipe empty systemd tmp directories
- service to fix improperly closed Windows drives
- don't require the main user to need a password for sudo ;-)

Even though this makes it easier for a "local resident" (ie. child, 
spouse, etc.) to use sudo, a real adversary can just download and 
install a keylogger within a millisecond and then only has to wait until 
you have used sudo once.

- fix a gtk package file name bug
- install and fix my scanner driver
- make sure the users group from my local LDAP also applies to me so 
that Samba mounts won't complain that I don't have access (when I do).

And I'm not really done yet... but all of this is done automatically 
now.

On a different system:

- enable SSH root login for trusted IP ranges
- install an fstrim service
- install a service that restarts openvpn if it's gone
- block nfsd and rpcbind so that the host cannot be used for portmapper 
amplification attacks

And I guess I need a lot more.

- changing all of the logrotate defaults so they make sense.

Etc. etc.

More information about the ubuntu-users mailing list