Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

[Gary E. Miller]

Yo Bernd!

On Mon, 18 Jan 2021 19:14:33 +0100
Bernd Zeimetz <bernd@bzed.de> wrote:

> On 1/18/21 2:05 AM, Gary E. Miller wrote:
> 
> >> Thats why sudo requires a password (unless you remove that
> >> requirement).  
> > 
> > Uh, no.  RTFM.  By default sudo only requires a password every five
> > minutes. In five minutes I can drive a train theough the hole.  
> 
> Thats configureable. No problem to be asked for a password every time.

Yes, but insecure by default.  Is yours congigured to always ask for
a password?

> > And when sudo does require a password, it requires the same stolen
> > password that prolly got the hax0r to you prompt.  Most people
> > still use, and mis use password, and they get stolen all the time.
> > 
> > Can you honstely say that none of your passwords has never shown up
> > on a public list?  You would be the one in one thousand.  
> 
> Passwords that I use on my systems? yes.

Lucky you.  I'm worried about the other 999 people.

> >> Please show what exactly fails for you with sudo and i'll try to
> >> fix it when I found an usb cable and the ubx thing I have
> >> somewhere.  
> > 
> > I'll not aid stupidity.  Sudon't.  
> 
> You are less helpful than a piece of old wood. I don't think you are
> even able to show such a problem.

I know it for fact.
Wearing my white hat, I have hacked many systems using sudo.
Wearning my admin hat, I have had many systems hacked using sudo.

If you wish to ignore my sage advice, feel free to run insecure systems.

But this list is for discussion of gpsd.  Not sudo.

Just sudon't.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        gem@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

pgpXayZDPXoDS.pgp
Description: OpenPGP digital signature