Re: sudo in general, and not requiring password in particula…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Keith Smith via PLUG-discuss
Date:  
To: George Toft
CC: techlists, Main PLUG discussion list
Subject: Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)



On 2024-07-05 00:23, George Toft wrote:
> Had a chance to casually ask about the washed check thing today. Big
> eye-roll. Police report. Affidavits. Close the checking account. Big
> investigation. Sounds like a PITA.
>
> Regards,
>
> George Toft


I just want to approach this in a way that I have reasonably safe bank
transactions. I almost feel I need to learn cyber security.

Thank you for all your feedback!!





>
> On 7/4/2024 3:14 PM, wrote:
>> Thanks George!!  Lot s to think about.
>>
>>
>> On 2024-07-04 14:23, George Toft wrote:
>>> <scroll>
>>>
>>> Regards,
>>>
>>> George Toft
>>>
>>> On 7/4/2024 6:50 AM, wrote:
>>>> Thank you so much George!!
>>>>
>>>> Another Question.  I was a police officer in the 80's and 90's.
>>>> During my tenure the bank was on the hook for any criminal acts as
>>>> long as the customer was not negligent. I only dealt with this on a
>>>> couple occasional.
>>>>
>>>> So If someone gets access to my online banking and I report it in a
>>>> timely manner, or if someone washes one of my checks and I report it
>>>> in a timely manner, is the bank on the hook or am I?
>>>
>>> There are a ton of rules with more acronyms than the IT world has. I
>>> would love to tell you what I understand, but I'd be talking out my
>>> ass.
>>>
>>>
>>>> BTW I thought going old school was the most secure.  I do not trust
>>>> the Internet.  My daily driver is a Linux Box and I do not use my
>>>> cellular phone for anything except to talk and read some news.  I am
>>>> semiretired and have home officed for a long time.
>>>
>>> Not sure there is any magic incantation that I can say that would put
>>> you at ease, other than "Risk Analysis," "Government Regulation,"
>>> "Audit and Reviews," "Compliance," "Controls and Countermeasures,"
>>> and "Fines." We have to comply with a bazillion rules all designed to
>>> protect you, the bank customer. Some regions are really strict and
>>> their governments show they really care, like the EU - their rules
>>> are so restrictive. Here's an example: You cannot log into a server
>>> that serves the EU if Payment Card Information (PCI) is involved with
>>> the same user ID that you used to log into your work station. This
>>> prevents lateral movement from an insider attack should the attacker
>>> get an employee's credentials or Kerberos TGT (Hey!!! It's now
>>> on-topic!!!) . This is just an example. We have external inspectors
>>> and government auditors on site almost every two weeks making us
>>> prove compliance with all the rules, and the bigger we get, the more
>>> rules and more regulatory auditors we get to talk to. We actually
>>> have two people on my team of 27 whose job used to be project
>>> management, now is audit and compliance. All of this to protect you.
>>>
>>> Let's not forget about the Security Operations Center monitoring
>>> employee activities. Refer to the GTFOBins email from yesterday. I
>>> documented a chained attack to get root based on that page, and the
>>> SOC came knocking saying "George, we noticed suspicious activity on
>>> this server and this date. Whatcha doin'?" Fortunately, I documented
>>> everything and emailed it to my manager, so all I had to do was
>>> forward that back to the SOC.
>>>
>>> Mail scares me. I had to send my LEA ID in recently via USPS. I'm
>>> hoping they got it.
>>>
>>>
>>>> Any suggestions are appreciated.
>>>>
>>>>
>>>>
>>>> On 2024-07-03 21:48, George Toft wrote:
>>>>> Sorry, Kieth, I have bad news for you. You took a 30+ year leap
>>>>> backwards in security.
>>>>>
>>>>> I can tell you for certain, from my bank fraud analyst friend (just
>>>>> got promoted to financial crimes investigator), checks are the
>>>>> second most insecure way of transferring money, first being putting
>>>>> the money in the envelope. They helped the USPS bust a fraud ring
>>>>> who worked in the Post Office - fraudsters were pulling checks out
>>>>> of envelopes inside the local Post Office. My friend pulled out all
>>>>> the details for the Postmaster General.
>>>>>
>>>>> ACH is free (for you) and secure and guaranteed by the originator
>>>>> as they are on the hook to prove the identity of who initiated the
>>>>> transaction and they have to pay. It's all very complicated, and
>>>>> I'm not going into details here.
>>>>>
>>>>> I use ACH all the time. My physical devices have multi-layer
>>>>> physical protection. Logical access control is in-place. Both have
>>>>> multi-factor authentication. Password resets require multi-factor
>>>>> authentication.
>>>>>
>>>>> And the DoD is worse - their systems have so many layers, it was
>>>>> easier to just let my account get deleted from lack of use and
>>>>> rebuilt it from scratch. I have notes that tell me screen-by-screen
>>>>> what to put in each box and which ones to ignore. It's so secure,
>>>>> legitimate users can't even get in... and this is just my health
>>>>> insurance.
>>>>>
>>>>> Where all of this can break down - getting on topic - is with the
>>>>> SSH protocol and web proxies. When you connect to a website using
>>>>> HTTPS using a web proxy, your web browser uses it's cert to set up
>>>>> the connection, or so it thinks. What's really happening is the
>>>>> proxy is responding to the request and decrypting the message, then
>>>>> it forms a new request and sends it to the bank, which believes the
>>>>> proxy and sends it back. Everything gets decrypted on the proxy, so
>>>>> whoever has admin access to the proxy can see everything. Kinda
>>>>> like opening envelopes in the mail room :) Disclaimer: This is what
>>>>> some networking guys told me in a presentation about 10 years ago.
>>>>>
>>>>> In summary, ACH is safe if you do it from home without a proxy. Of
>>>>> course "safe" is relative, but it's safer than checks in the mail.
>>>>> Drop into your bank and ask the branch manager, or call their
>>>>> customer service and ask. They won't tell you checks are bad, but
>>>>> they will steer you to ACH and tell you it's better. Break out the
>>>>> Rosetta Stone and figure out what "better" means in
>>>>> corporate-speak. Banks are in it to win it, and they don't offer
>>>>> something for free unless they are saving money (cost avoidance) on
>>>>> the alternatives.
>>>>>
>>>>> Regards,
>>>>>
>>>>> George Toft
>>>>>
>>>>> On 7/3/2024 6:21 AM, wrote:
>>>>>> <scroll>
>>>>>>
>>>>>> On 2024-07-02 18:20, George Toft via PLUG-discuss wrote:
>>>>>>> I work for a bank, and you would be amazed at how much security
>>>>>>> is baked into the connecting your browser to their web servers.
>>>>>>> Makes the NSA look like freshmen. And no, I'm not telling you who
>>>>>>> I work for.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> George Toft
>>>>>>
>>>>>> I'd like to hear more.  The world is a hostile place.  I recently
>>>>>> went old school.  I asked the bank to disarm my online banking.  I
>>>>>> now deal with paper statements and everything gets paid by check.
>>>>>> Not as convenient as on-line banking, however I am hoping it makes
>>>>>> my world a little bit more secure.
>>>>>>
>>>>>> What are your thoughts?
>>>>>>
>>>>>> Keith
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> On 6/29/2024 5:19 PM, Keith Smith via PLUG-discuss wrote:
>>>>>>>> Mike,
>>>>>>>>
>>>>>>>> The world is a hostile place.  The more precautions you take the
>>>>>>>> better.  I cover the camera on my cellular phone while not in
>>>>>>>> use.  I cover the camera that is built into my laptop while it
>>>>>>>> is not in use. I think on-line banking is dangerous.  At some
>>>>>>>> point I want to turn off WIFI and go to wired only on my local
>>>>>>>> net.
>>>>>>>>
>>>>>>>> We lock our cars and houses for a reason.
>>>>>>>>
>>>>>>>> I do not know as much security as I'd like, however it might be
>>>>>>>> necessary at some point to to become more cyber.
>>>>>>>>
>>>>>>>> About 24 years ago the members of the Tucson Free Unix Group
>>>>>>>> (TFUG) helped me build a server that I ran out of my home.  We
>>>>>>>> left the email relay open and I got exploited. About 10 years
>>>>>>>> ago I became root and I accidentally overwrote my home
>>>>>>>> directory. yikes... both were painful. The first example is a
>>>>>>>> reason we must be more aware of what we are doing. The 2nd is an
>>>>>>>> example why we should use sudo as much as we can instead of
>>>>>>>> becoming root.
>>>>>>>>
>>>>>>>> Keith
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 2024-06-29 08:55, Michael via PLUG-discuss wrote:
>>>>>>>>> I just realized, while 99% of the people on this list are
>>>>>>>>> honest there
>>>>>>>>> is the diabolical 1%. So I guess I enter my password for the
>>>>>>>>> rest of
>>>>>>>>> my life. Or do you think that it really matters considering
>>>>>>>>> this is
>>>>>>>>> only a mailing list?
>>>>>>>>>
>>>>>>>>> On Sat, Jun 29, 2024, 10:22 AM Michael <>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Thanks for saying this. I realized that I only needed to run
>>>>>>>>>> apt as
>>>>>>>>>> root. I didn't know how to make it so I could do that..... but
>>>>>>>>>> chatgt did!
>>>>>>>>>>
>>>>>>>>>> On Sat, Jun 29, 2024, 5:53 AM Eric Oyen via PLUG-discuss
>>>>>>>>>> <> wrote:
>>>>>>>>>>
>>>>>>>>>>> NO WORRIES FROM THIS END RUSTY.
>>>>>>>>>>>
>>>>>>>>>>> As a general rule, I use sudo only for very specific tasks
>>>>>>>>>>> (usually updating my development package tree on OS X) and no
>>>>>>>>>>> where else will I run anything as root. I have seen what
>>>>>>>>>>> happens
>>>>>>>>>>> to linux machines that run infected binaries as root and it
>>>>>>>>>>> can
>>>>>>>>>>> get ugly pretty fast. In one case, I couldn’t take the
>>>>>>>>>>> machine
>>>>>>>>>>> out of service because of other items I was involved with, so
>>>>>>>>>>> I
>>>>>>>>>>> simply made part of the dir tree immutable after replacing a
>>>>>>>>>>> few
>>>>>>>>>>> files in /etc. That would fill up the system logs with an
>>>>>>>>>>> error
>>>>>>>>>>> message about a specific binary trying to replace a small
>>>>>>>>>>> number
>>>>>>>>>>> of conf files. Once the offending binary was found, it made
>>>>>>>>>>> things
>>>>>>>>>>> easier trying to disable it or get rid of it. However, after
>>>>>>>>>>> a
>>>>>>>>>>> while, I simply pulled the drive and ran it through a Dod
>>>>>>>>>>> secure
>>>>>>>>>>> erase and installed a newer linux bistro on it. I did use the
>>>>>>>>>>> same
>>>>>>>>>>> trick with chattr to make /bin, /sbin and /etc immutable.
>>>>>>>>>>> That
>>>>>>>>>>> last turned out to be handy as I caught someone trying to
>>>>>>>>>>> rootkit
>>>>>>>>>>> my machine using a known exploit, only they couldn’t get it
>>>>>>>>>>> to
>>>>>>>>>>> run because the binaries they wanted to replace couldn’t be
>>>>>>>>>>> written to. :)Yes, this would be a bit excessive, but over
>>>>>>>>>>> the
>>>>>>>>>>> long run, proved far less inconvenient than having to wipe
>>>>>>>>>>> and
>>>>>>>>>>> reinstall an OS.
>>>>>>>>>>>
>>>>>>>>>>> -Eric
>>>>>>>>>>> From the central Offices of the Technomage Guild, security
>>>>>>>>>>> Applications Dept.
>>>>>>>>>>>
>>>>>>>>>>>> On Jun 28, 2024, at 6:43 PM, Rusty Carruth via PLUG-discuss
>>>>>>>>>>> <> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> (Deep breath.  Calm...)
>>>>>>>>>>>>
>>>>>>>>>>>> I can't figure out how to respond rationally to the below,
>>>>>>>>>>>> so
>>>>>>>>>>> all I'm going to say is - before you call troll, you might
>>>>>>>>>>> want
>>>>>>>>>>> to research the author, and read a bit more carefully what
>>>>>>>>>>> they
>>>>>>>>>>> wrote.  I don't believe I recommended any of the crazy things
>>>>>>>>>>> you
>>>>>>>>>>> suggest.  And I certainly didn't intend to imply any of that.
>>>>>>>>>>>>
>>>>>>>>>>>> On the other hand, it may not have  been clear, so I'll just
>>>>>>>>>>>> say
>>>>>>>>>>> "Sorry that what I wrote wasn't clear, but english isn't my
>>>>>>>>>>> first
>>>>>>>>>>> language.  Unfortunately its the only one I know".
>>>>>>>>>>>>
>>>>>>>>>>>> And on that note, I'll shut up.
>>>>>>>>>>>>
>>>>>>>>>>>> On 6/26/24 15:05, Ryan Petris wrote:
>>>>>>>>>>>>> I feel like you're trolling so I'm not going to spend very
>>>>>>>>>>>>> much
>>>>>>>>>>> time on this.
>>>>>>>>>>>>>
>>>>>>>>>>>>> It's been a generally good security practice for at least
>>>>>>>>>>>>> the
>>>>>>>>>>> last 25+ years to not regularly run as a privileged user,
>>>>>>>>>>> requiring some sort of escalation to do administrative-type
>>>>>>>>>>> tasks.
>>>>>>>>>>> By using passwordless sudo, you're taking away that
>>>>>>>>>>> escalation.
>>>>>>>>>>> Why not just run as root? Then you don't need sudo at all. In
>>>>>>>>>>> fact, why even have a password at all? Why encrypt? Why don't
>>>>>>>>>>> you
>>>>>>>>>>> just put all your data on a publicly accessible FTP server
>>>>>>>>>>> and
>>>>>>>>>>> just grab stuff when you need it? The NSA has all your data
>>>>>>>>>>> anyway
>>>>>>>>>>> and you don't have anything to hide so why not just leave it
>>>>>>>>>>> out
>>>>>>>>>>> there for the world to see?
>>>>>>>>>>>>>
>>>>>>>>>>>>> As for something malicious needing to be written to use
>>>>>>>>>>>>> sudo,
>>>>>>>>>>> why wouldn't it? sudo is ubiquitous on unix systems; if it
>>>>>>>>>>> didn't
>>>>>>>>>>> at least try then that seams like a pretty dumb malicious
>>>>>>>>>>> script
>>>>>>>>>>> to me.
>>>>>>>>>>>>>
>>>>>>>>>>>>> You also don't necessarily need to open/run something for
>>>>>>>>>>>>> it to
>>>>>>>>>>> run. IIRC there was a recent image vulnerability in Gnome's
>>>>>>>>>>> tracker-miner application which indexes files in your home
>>>>>>>>>>> directory. And before you say that wouldn't happen in KDE, it
>>>>>>>>>>> too
>>>>>>>>>>> has a similar program, I believe called Baloo.
>>>>>>>>>>>>>
>>>>>>>>>>>>> There also exists the recent doas program and the systemd
>>>>>>>>>>> replacement run0 to do the same.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Jun 26, 2024, at 12:23 PM, Rusty Carruth via
>>>>>>>>>>> PLUG-discuss wrote:
>>>>>>>>>>>>>> Actually, I'd like to start a bit of a discussion on this.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> First, I know that for some reason RedHat seems to think
>>>>>>>>>>>>>> that
>>>>>>>>>>> sudo is
>>>>>>>>>>>>>> bad/insecure.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I'd like to know the logic there, as I think the argument
>>>>>>>>>>>>>> FOR
>>>>>>>>>>> using sudo
>>>>>>>>>>>>>> is MUCH stronger than any argument I've heard (which,
>>>>>>>>>>> admittedly, is
>>>>>>>>>>>>>> pretty close to zero) AGAINST it.   Here's my thinking:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Allowing users to become root via sudo gives you:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - VERY fine control over what programs a user can use as
>>>>>>>>>>>>>> root
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - The ability to remove admin privs (ability to run as
>>>>>>>>>>>>>> root)
>>>>>>>>>>> from an
>>>>>>>>>>>>>> individual WITHOUT having to change root password
>>>>>>>>>>>>>> everywhere.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Now, remember, RH is supposedly 'corporate friendly'. As a
>>>>>>>>>>> corporation,
>>>>>>>>>>>>>> that 2nd feature is well worth the price of admission,
>>>>>>>>>>>>>> PLUS I
>>>>>>>>>>> can only
>>>>>>>>>>>>>> allow certain admins to run certain programs? Very nice.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> So, for example, at my last place I allowed the 'tester'
>>>>>>>>>>>>>> user
>>>>>>>>>>> to run
>>>>>>>>>>>>>> fdisk as root, because they needed to partition the disk
>>>>>>>>>>>>>> under
>>>>>>>>>>> test.  In
>>>>>>>>>>>>>> my case, and since the network that we ran on was totally
>>>>>>>>>>> isolated from
>>>>>>>>>>>>>> the corporate network, I let fdisk be run without needing
>>>>>>>>>>>>>> a
>>>>>>>>>>> password.
>>>>>>>>>>>>>> Oh, and if they messed up and fdisk'ed the boot partition,
>>>>>>>>>>>>>> it
>>>>>>>>>>> was no big
>>>>>>>>>>>>>> deal - I could recreate the machine from scratch (minus
>>>>>>>>>>> whatever data
>>>>>>>>>>>>>> hadn't been copied off yet - which would only be their
>>>>>>>>>>>>>> most
>>>>>>>>>>> recent run),
>>>>>>>>>>>>>> in 10 minutes (which was about 2 minutes of my time, and 8
>>>>>>>>>>> minutes of
>>>>>>>>>>>>>> scripted 'dd' ;-) However, if the test user wanted to
>>>>>>>>>>>>>> become
>>>>>>>>>>> root using
>>>>>>>>>>>>>> su, they had to enter the test user password.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> So, back to the original question - setting sudo to not
>>>>>>>>>>> require a
>>>>>>>>>>>>>> password.  We should have asked, what program do you want
>>>>>>>>>>>>>> to
>>>>>>>>>>> run as root
>>>>>>>>>>>>>> without requiring a password? How secure is your system?
>>>>>>>>>>>>>> What
>>>>>>>>>>> else do
>>>>>>>>>>>>>> you use it for?  Who has access?  etc, etc, etc.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> There's one other minor objection I have to the 'zero
>>>>>>>>>>>>>> defense'
>>>>>>>>>>> statement
>>>>>>>>>>>>>> below - the malicious thing you downloaded (and, I assume
>>>>>>>>>>>>>> ran)
>>>>>>>>>>> has to be
>>>>>>>>>>>>>> written to USE sudo in its attempt to break in, I believe,
>>>>>>>>>>>>>> or
>>>>>>>>>>> it
>>>>>>>>>>>>>> wouldn't matter HOW open your sudo was. (simply saying 'su
>>>>>>>>>>>>>> -
>>>>>>>>>>> myscript'
>>>>>>>>>>>>>> won't do it).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> And, if you're truly paranoid about stuff you download,
>>>>>>>>>>>>>> you
>>>>>>>>>>> should:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1 - NEVER download something you don't have an excellent
>>>>>>>>>>> reason to
>>>>>>>>>>>>>> believe is 'safe', and ALWAYS make sure you actually
>>>>>>>>>>> downloaded it from
>>>>>>>>>>>>>> where you thought you did.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 2 - For the TRULY paranoid, have a machine you use to
>>>>>>>>>>>>>> download
>>>>>>>>>>> and test
>>>>>>>>>>>>>> software on, which you can totally disconnect from your
>>>>>>>>>>> network (not
>>>>>>>>>>>>>> JUST the internet), and which has NO confidential info,
>>>>>>>>>>>>>> and
>>>>>>>>>>> which you
>>>>>>>>>>>>>> can erase and rebuild without caring.  Run the downloaded
>>>>>>>>>>> stuff there,
>>>>>>>>>>>>>> for a long time, until you're pretty sure it won't bite
>>>>>>>>>>>>>> you.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 3 - For the REALLY REALLY paranoid, don't download
>>>>>>>>>>>>>> anything
>>>>>>>>>>> from
>>>>>>>>>>>>>> anywhere, disconnect from the internet permanently, get
>>>>>>>>>>> high-tech locks
>>>>>>>>>>>>>> for your doors, and wrap your house in a faraday cage!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> And probably don't leave the house....
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The point of number 3 is that there is always a risk, even
>>>>>>>>>>> with
>>>>>>>>>>>>>> 'well-known' software, and as someone else said - they're
>>>>>>>>>>> watching you
>>>>>>>>>>>>>> anyway.  The question is how 'safe' do you want to be? And
>>>>>>>>>>>>>> how
>>>>>>>>>>> paranoid
>>>>>>>>>>>>>> are you, really?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Wow, talk about rabbit hole! ;-)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 'Let the flames begin!' :-)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 6/25/24 18:50, Ryan Petris via PLUG-discuss wrote:
>>>>>>>>>>>>>>>> wanted sudo not to require a password.
>>>>>>>>>>>>>>> Please reconsider this... This is VERY BAD security
>>>>>>>>>>>>>>> practice.
>>>>>>>>>>> There's basically zero defense if you happen to download/run
>>>>>>>>>>> something malicious.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Jun 25, 2024, at 6:01 PM, Michael via
>>>>>>>>>>>>>>> PLUG-discuss
>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>> then I remember that a PLUG member mentioned ChatGPT
>>>>>>>>>>>>>>>> being
>>>>>>>>>>> good at troubleshooting so I figured I'd give it a go. I
>>>>>>>>>>> sprint
>>>>>>>>>>> about half an hour asking it the wrong question but after
>>>>>>>>>>> that it
>>>>>>>>>>> took 2 minutes. I wanted sudo not to require a password. it
>>>>>>>>>>> is
>>>>>>>>>>> wonderful! now I don't have to bug you guys. so it looks like
>>>>>>>>>>> this
>>>>>>>>>>> is the end of the user group unless you want to talk about OT
>>>>>>>>>>> stuff.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -- :-)~MIKE~(-:
>>>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail
>>>>>>>>>>>>>>>> settings:
>>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail
>>>>>>>>>>>>>>> settings:
>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail
>>>>>>>>>>>>>> settings:
>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list:
>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list:
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss