**** BEGIN LOGGING AT Fri Nov 16 02:59:58 2012
Nov 16 19:21:03 <GNUtoo-hplaptop> hi, hmmm I need to merge some patches
Nov 16 20:47:38 <PaulFertser> radekp: so here's what i suggest to add to the startup scripts: "ip6tables -A INPUT ! -i usb0 -p tcp --dport 22 -j DROP; iptables -A INPUT ! -i usb0 -p tcp --dport 22 -j DROP" I've just tested it on my up-to-date Debian unstable, works as expected.
Nov 16 20:48:59 <lindi-> DROP is not very nice
Nov 16 20:49:54 <lindi-> it causes long timeouts for normal users and allows fingerprinting for malicious users (since you can see which ports are firewalled and which ones aren't)
Nov 16 21:00:27 <radekp> lindi-: PaulFertser: hi
Nov 16 21:00:44 <radekp> lindi-: any suggestions how to improve it?
Nov 16 21:03:48 <PaulFertser> lindi-: REJECT then?
Nov 16 21:03:58 <lindi-> PaulFertser: yeah that'd be nicer
Nov 16 21:04:12 <PaulFertser> lindi-: i still fail to see when DROP is worse than REJECT and i would be grateful if you explain it.
Nov 16 21:04:31 <lindi-> PaulFertser: well it causes long timeouts if you try to accidentally connect to it
Nov 16 21:05:06 <PaulFertser> lindi-: btw, does your IceWM setup allow for automatic resizing of the active app to give the space to the keyboard when you want to show it and to "stretch" back when you hide it?
Nov 16 21:05:15 <lindi-> PaulFertser: if you use "-j REJECT --reject-with tcp-reset" then malicious users can't see the difference between firewalled ports and closed ports
Nov 16 21:05:25 <PaulFertser> lindi-: yes, it causes long timeout but i do not see any problem with that.
Nov 16 21:05:57 <lindi-> PaulFertser: icewm doesn't but I have bound power button to toggle between maximize
Nov 16 21:05:58 <PaulFertser> lindi-: is that considered the best practicies? Thanks a lot, noted!
Nov 16 21:06:18 <lindi-> PaulFertser: by default REJECT will reply with icmp error message
Nov 16 21:07:12 <lindi-> PaulFertser: .icewm/keys has:    key "XF86PowerOff" wmctrl -r :ACTIVE: -b toggle,fullscreen
Nov 16 21:08:52 <PaulFertser> lindi-: btw, i do not see .icewm at your site, is it on purpose?
Nov 16 21:09:39 <PaulFertser> Fully tiling behaviour is something i got used too since long, probably i'll have to try XMonad.
Nov 16 21:09:45 <PaulFertser> On gta02 or gta04.
Nov 16 21:10:43 <lindi-> PaulFertser: http://iki.fi/lindi/openmoko/home-lindi-dot-2009-10-04.tar.gz at least has it
Nov 16 21:21:03 <PaulFertser> lindi-: thanks!
Nov 16 21:29:00 <radekp> PaulFertser: got it commited now, it will be in next qtmoko release, thanks a lot
**** ENDING LOGGING AT Sat Nov 17 03:00:00 2012