From owner-freebsd-questions@freebsd.org Tue Feb 25 17:11:56 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 19CAB238AA2 for ; Tue, 25 Feb 2020 17:11:56 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Rlpf1H9Bz3Gqg for ; Tue, 25 Feb 2020 17:11:53 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([94.222.16.81]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPA (Nemesis) id 1N8GIg-1jSj0W0n4q-0149Ly; Tue, 25 Feb 2020 18:11:48 +0100 Date: Tue, 25 Feb 2020 18:11:47 +0100 From: Polytropon To: Valeri Galtsev Cc: freebsd-questions@freebsd.org Subject: Re: rm | Cleaning up recycle bin Message-Id: <20200225181147.58b36f46.freebsd@edvax.de> In-Reply-To: References: <20200223184908.b35d656a.freebsd@edvax.de> <20200224145317.GA9130@neutralgood.org> <20200224151337.30d8d819e7cf74bde984b77a@sohara.org> <20200224165440.21312a52d2ed486f4d2f433a@sohara.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:qgznO9Nf/3v9v4SK9UAj5C+sLZfWJ5oJWgz1/yKfq46jGxNYnEy 4TjFvzPvU8+cyv/nKdDYjNIm7pTXHI9bpdHCRQPsXRsyawUo9nKkOBvKvakxPvuQNwpCDy5 MKSnj4I6TqvfyYtks5YUBTu8V63bdpjFyI3LhID6+PHFPP2sA0uhjuwTcrSiyZBfl5Bq+Np N4UtW6/trGBwsS7djHWiQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:PlMyGYrvmv0=:pUZAF75j3lmWJL/HT9gkUC FDZTejEGwWq+SDDB3Vl/xti/P4gCmIeb8eRNXAAY4NT2V6G+IJ8UlU6I2nMt983vfVF+K7ZK2 2Uy++KjY2a7ewDdUTq8nj0DzS16XqfHfdSZsrko/qF/+yMGt/SLX7fId644zFev2aVaAhI4S2 z6s6y8z0XBVfVecYdtugz3ZU2NcVE9c0hj+kKsvoU5ZanRzTd/HruMojBBAH6AonXa96S5Fk2 kjM8rWlnmmoPwKYzvW8j26OsXzBVAInnBvLGQ6PJtnaGp4AQrxpmQ5MmGZlUuWIHIJjUNbpa5 NGa3tySXd3jaXkHXfHqhLq/UlshhYGtW/uYGw3hwbluJG6xtMad+ktgvWq0XV9VHb7J6SR0M7 cINCeYXZ4CaJwNZvEDIH+nRyjgOB2YvV7MgRFVsIir+Er6uwarN3a2tSwkDdmAq/BvyQJD6Ad F/YS0v9rG6/ZQ62VJr4wgtlWFT05MCx0b17Aaa4g6lGmC6Ii3Pl2SPjtNZdWM6yJ/qguXbYUY S0w0CfbmN98WwUMaiIhxYkghyST33nea9AIKGQweFAIN+IFlpB/G8RqRLUG/L5qlgpZ9j3ta4 hOXTMhU3E6l+sGOyNU+L15oiAUxrB7JfRm8FpgV48VVT/sfg3IxVy5TxpfoYEt9rr5enet7Qp iK+6z/s6zdUamjRcMj4czcirSJawAHe9CxEpSIDEL0yfAdmIT5rkiINkomwFD6SGyRIzYKCIV vba4StOdefKtfUxqedlvQu6kIL3eKwfk1ezwkkmXtWTgO9vV4oUlZNicEguvWFQOELSpwz+aM YbLSW7Sv+CrlWfT5fkCb26LR9JXYK0MZs1UTD+Uw5eSgb8S2v0W5zCNhuQDDRha6pgjytNy X-Rspamd-Queue-Id: 48Rlpf1H9Bz3Gqg X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 217.72.192.73) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.93 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:217.72.192.0/20, country:DE]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[81.16.222.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.996,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[0.998,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[73.192.72.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.54)[ip: (0.17), ipnet: 217.72.192.0/20(0.35), asn: 8560(2.18), country: DE(-0.02)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Feb 2020 17:11:56 -0000 On Mon, 24 Feb 2020 10:59:50 -0600, Valeri Galtsev wrote: > > > On 2020-02-24 10:54, Steve O'Hara-Smith wrote: > > On Mon, 24 Feb 2020 09:38:46 -0600 > > Valeri Galtsev wrote: > > > >> Bad guy has physical access to your machine when it is up and > >> running. He opens the case, splashes liquid nitrogen onto your RAM, > >> pulls RAM modules, plugs them into his device. > > > > Bad guy will find my "machine room" a little cramped and the access > > rather awkward for the that plan. > > > > In my case "bad guy" will be my friend sysadmin from another Department > who helps me to recover data after I lost the key to my encrypted drive ;-) >From the trenches: Many years ago, regarding a company I did some work for. They decided that their "valuable business data" should be encrypted. As this was a "Windows"-based system, it required rebooting quite often, and the on-site IT guy got fed up with always waiting for the big boss to arrive in the "server room" (the janitor's closet) with his little black book to type in the password. So they agreed that there should be a yellow post-it on the server's screen with the password on it. "No! That's terribly insecure and dangerous!" said the highly-paid external consultant they hired to care for their "IT needs", "It's a lot better to put it on a USB stick. Here, look. For $$$, I can make the system read it whenever it reboots, from the USB stick. I put a file on it where the password is stored." They paid $$$ and were happy. The IT guy just needed to perform forced-resets every few days, the system would boot again, read the password, encrypt the data, and everyone was satisfied. Until the day burglars visited the company building, stole all the building machinery (very expensive!), and... the server. With the USB stick. That had the password. Very convenient, if you ask me. (Sidenote: The boss himself told me that story, he was very ashamed of how he could believe that paying $$$ would solve problems when no _thinking_ was involved.) And this, dear kids, is how we do "data protection" here in Germany. ;-) Sidenote: When physical access to a machine is granted, it's usually GAME OVER. Sure, you can create obstacles, but the bad guys will always be able to deal with them, depending on what they expect to find (and if the money they can make from it is worth the work they need to invest). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...