All informative and interesting, and way over my head. But very important.

By coincidence my next email was from my credit card company titled 
"About the Equifax breach." I don't know who Equifax is, in fact I don't 
really know how to use a credit card (mine has a chip). At the local 
store the local newspaper had an article about counterfeit cash, and the 
store checks all their bills.

Personally, I think about the only real economic growth since 1980 is a 
result of computer technology. Without smart industry, energy, 
agriculture, health care, communications, transportation we would be in 
trouble. So maintaining skilled oversight will not be trivial.

Marc Skinner wrote:
> LUKS disk encryption is your friend.  Very easy to setup these days.
>
>
> On 09/13/2017 08:33 PM, r hayman wrote:
>> True Story
>>
>> Give an untrusted person physical access to a machine and you're pwned.
>>
>> That's been the story for decades. Modern enhancements make it more
>> difficult but all bets are off when a bad person has physical access
>> to the hardware.
>>
>> Even if they don't actually obtain access to the unencrypted data on
>> the hardware, your recovery is only as good to when you last had a
>> good backup if you end up with missing hardware.
>>
>> Misconfigure the VM or the container or access to your platform and
>> physical access to the hardware takes on a new meaning.
>>
>> If I can create a container on your hardware, I may have physical
>> access to your hardware.
>> See https://blog.jessfraz.com/post/docker-containers-on-the-desktop/
>> Specifically look at #7 Gparted
>>
>> Modern technologies have opened new vectors and closed old vectors for
>> pwning your stuff.
>>
>> Stay vigilant.
>>
>>
>> On Wed, 2017-09-13 at 12:10 -0500, Clug wrote:
>>> The thing is, if someone has physical access to your machine, they've
>>> pretty much bypassed 99% of any security measures you have. This is not
>>> new and not unknown; most people simply ignore that because who's
>>> going to
>>> go into your house with a USB stick just to boot your computer?
>>>
>>> That said, there are many ways to block this. You can have a boot
>>> password
>>> right in the BIOS. Then nobody can boot your machine. You can also block
>>> booting from CD or USB in the BIOS and put a password on the BIOS setup.
>>>
>>> Course, that means someone can just steal your harddrive and plug that
>>> into another computer. This is where full-disk ecryption comes in.
>>>
>>> If that's too much for you, most Linux distros will let you encrypt your
>>> homedir.
>>>
>>>
>>>
>>> On Wed, 13 Sep 2017, Rick Engebretson wrote:
>>>
>>>> As I play around backing up, upgrading, and what-not, I use
>>>> not-so-hotswappable hard disk drives. Sometimes I goof up and have a
>>>> bad /etc/fstab file and the system will hang at boot. In older
>>>> distros there were some instructions to boot to root and use "mc" to
>>>> edit /etc/fstab. This newer opensuse distro had me stumped how to
>>>> just get the filesystem going. So I tried the Fedora Live DVD and
>>>> booted to DVD, mounted the boot hard drive in KDE "dolphin" file
>>>> manager, opened the KDE editor "kwrite," edited and saved the system
>>>> file /etc/fstab, and rebooted the opensuse hard drive smooth as
>>>> silk. I might be wrong, but these Linux Live DVDs seem to open a
>>>> giant security hole. _______________________________________________
>>>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>>>> tclug-list at mn-linux.org <mailto:tclug-list at mn-linux.org>
>>>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>>
>>> _______________________________________________
>>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>>> tclug-list at mn-linux.org <mailto:tclug-list at mn-linux.org>
>>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>>
>>
>>
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>