Tom (my boss) and I arrived in Chicago last night for Drupalcon 2011. I will be blogging my notes from training classes & sessions, but I will not be placing them in the "planet" category, so they will not be syndicated on Planet Ubuntu & Planet Georgia, unless there is content significantly relevant to the Ubuntu community. (If you're interested in my Drupalcon 2011 coverage, please check my site or subscribe to its feed.)
Many of the notes will be intended for my later consumption, but I'm hoping they may also help others address the same issues. Let me know if there are confusing parts you'd like me to expand upon.
As a memo to myself, and in case others aren't aware of this:
If you move the entirety of a mysql server (e.g., all databases, especially the "mysql" database) to a new Debian-based (Debian, Ubuntu, etc.) server, you need to make sure the debian-sys-maint user is created or updated.
If moving from a non-Debian-ish environment, try:
GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '--password--' WITH GRANT OPTION;
where "--password--" comes from /etc/mysql/debian.cnf.
If moving from another Debian-ish environment, copy the password from /etc/mysql/debian.cnf on the old server to the same file on the new server.
First off, let me say that I commend Steve Gibson's attempts to bring information security to the masses. I think it's important to educate the user base, and most of the time, he does a great job of it. Unfortunately, a lot of his advice also seems to be filled with either "marketing speak", or (worse) just plain incorrect information.
In February, the Atlanta Linux Enthusiasts mailing list had a long discussion about the merits of "CLOSED" vs "STEALTHED" ports as advocated by Steve Gibson of grc.com. I, for one, love spirited discussion, and thought it was good to discuss a variety of viewpoints and issues. I believe that >90% of the discussion was very professional and mature discussion, which is something I attribute largely to the membership of the ALE mailing list. Many other mailing lists would have resulted in a very quick flame war. During that discussion, I stated that I felt that much of his advice (though overall sound advice) was misleading to users, and I still believe that. Even if the end result is users taking corrective action, misleading them is not helpful in the long run.
Today, I saw a link to Steve's page password generation page. Looking at it, I had several concerns about the page.
I'm a big advocate of GnuPG, the Free implementation of the OpenPGP standard. I've even recently begun to use a smart card for storing my keys. I've also answered some questions about why I do this, so I thought I'd write about it here. Put simply: the Bill of Rights is important to me. My privacy is important to me. Security is important to me. OpenPGP can help me protect the things that are important to me.