[opensuse] How-to VETO a particular update?
Hi list I'm on SUSE11, for various reasons I need to run the exact JAVA (plugin) that I finally got installed and working (It's needed for homebanking). Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to. How/where can I tell YaST to stop trying? -- ------------------------------ Med venlig hilsen/Best regards Verner Kjærsgaard Novell Certified Linux Professional 10035701 http://www.os-academy.dk "There are 10 types of people; those who understand binary, and those who don't" ------------------------------ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi! Am Montag 25 August 2008 schrieb Verner Kjærsgaard:
Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to.
How/where can I tell YaST to stop trying?
You could ceck if it helps to set the packge to protected in yast. You have to right-click on the package to do so. The option seems not to be available via the package menu. However it seems somewhat strange to use an outdated java for something security sensetive like banking. Regards, Matthias -- Matthias Bach www.marix.org „Der einzige Weg, die Grenzen des Möglichen zu finden, ist ein klein wenig über diese hinaus in das Unmögliche vorzustoßen.“ - Arthur C. Clarke
On Monday 25 August 2008, Matthias Bach wrote:
Hi!
Am Montag 25 August 2008 schrieb Verner Kjærsgaard:
Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to.
How/where can I tell YaST to stop trying?
You could ceck if it helps to set the packge to protected in yast. You have to right-click on the package to do so. The option seems not to be available via the package menu.
However it seems somewhat strange to use an outdated java for something security sensetive like banking.
Regards, Matthias
Yes i have an almost identical but opposite problem with 10.3 i am running IcedTea Runtime Environment (build 1.6.0-b09) but the updater keeps on insisting on trying to install java-1.5.0-sun and will not take no for an answer how does one educate the updater to give it a rest and let java-1.5.0 a rest Pete . -- SuSE Linux 10.3-Alpha3. (Linux is like a wigwam - no Gates, no Windows, and an Apache inside.) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi! Am Montag 25 August 2008 schrieb peter nikolic:
Yes i have an almost identical but opposite problem with 10.3 i am running IcedTea Runtime Environment (build 1.6.0-b09) but the updater keeps on insisting on trying to install java-1.5.0-sun and will not take no for an answer how does one educate the updater to give it a rest and let java-1.5.0 a rest
Same answer ;) Choose the ban option in Yast Package Managment. It's even available from the package menu. Regards, Matthias -- Matthias Bach www.marix.org „Der einzige Weg, die Grenzen des Möglichen zu finden, ist ein klein wenig über diese hinaus in das Unmögliche vorzustoßen.“ - Arthur C. Clarke
On Monday 25 August 2008, Matthias Bach wrote:
Hi!
Am Montag 25 August 2008 schrieb peter nikolic:
Yes i have an almost identical but opposite problem with 10.3 i am running IcedTea Runtime Environment (build 1.6.0-b09) but the updater keeps on insisting on trying to install java-1.5.0-sun and will not take no for an answer how does one educate the updater to give it a rest and let java-1.5.0 a rest
Same answer ;) Choose the ban option in Yast Package Managment. It's even available from the package menu.
Regards, Matthias
Hummmmmm nice try but been there it dont work still get the same old red triangle showing i update for java-1.5.0-sun and i am getting more than a little hissed with it now Pete -- SuSE Linux 10.3-Alpha3. (Linux is like a wigwam - no Gates, no Windows, and an Apache inside.) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Oops, sorry. My first answer was not sent to the list. Pls look below. Matthias Bach skrev:
Hi!
Am Montag 25 August 2008 schrieb Verner Kjærsgaard:
Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to.
How/where can I tell YaST to stop trying?
You could ceck if it helps to set the packge to protected in yast. You have to right-click on the package to do so. The option seems not to be available via the package menu.
However it seems somewhat strange to use an outdated java for something security sensetive like banking.
Regards, Matthias Hi
- thanks for the answers. Yes, it's strange to be forced to used an outdated package for banking. If one wishes to use DanskeBank (a major danish bank) with Linux, you MUST go with either java 1.5 or java 1.6u3 (NOT u6...) This is confirmed by several users. Actually this bank will tell you that their recommendation is IE with active-X due to the higher security level of that system. Sigh. -- ------------------------------ Med venlig hilsen/Best regards Verner Kjærsgaard Novell Certified Linux Professional 10035701 http://www.os-academy.dk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 25 Aug, 2008 at 21:46:51 +0200, Verner Kjærsgaard wrote:
Yes, it's strange to be forced to used an outdated package for banking. If one wishes to use DanskeBank (a major danish bank) with Linux, you MUST go with either java 1.5 or java 1.6u3 (NOT u6...)
This is confirmed by several users.
Actually this bank will tell you that their recommendation is IE with active-X due to the higher security level of that system.
Sigh.
Switch bank. Jyske Bank has a sort of challenge-response 'token' system where you have a little leaflet with pairs of "4 character alphanumeric"<->"4 digit numbers". Authetication means that you have to; - know the username - know the passphrase - know the 'id code' on the 'token' leaflet - respond with the correct 4 digits to the 4 character challenge It's simple and effective. No 'keyfiles', no java, and it works with Firefox on Linux. Just remeber to tell Danske *why* you're switching ;) /jon -- YMMV -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Aug 26, 2008 at 12:47 AM, Jon Clausen <jon@ymmv.dk> wrote:
On Mon, 25 Aug, 2008 at 21:46:51 +0200, Verner Kjærsgaard wrote:
Actually this bank will tell you that their recommendation is IE with active-X due to the higher security level of that system.
Switch bank.
Jyske Bank has a sort of challenge-response 'token' system where you have a little leaflet with pairs of "4 character alphanumeric"<->"4 digit numbers".
Authetication means that you have to; - know the username - know the passphrase - know the 'id code' on the 'token' leaflet - respond with the correct 4 digits to the 4 character challenge
It's simple and effective. No 'keyfiles', no java, and it works with Firefox on Linux.
One of my banks requires flashplayer as a security measure. It uses it to "register" your machine so you aren't asked a challenge question. Of course the challenge questions aren't very hard to guess either, so...... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/26/08, Larry Stotler <larrystotler@gmail.com> wrote:
On Tue, Aug 26, 2008 at 12:47 AM, Jon Clausen <jon@ymmv.dk> wrote:
On Mon, 25 Aug, 2008 at 21:46:51 +0200, Verner Kjærsgaard wrote:
Actually this bank will tell you that their recommendation is IE with active-X due to the higher security level of that system.
Switch bank.
Jyske Bank has a sort of challenge-response 'token' system where you have a little leaflet with pairs of "4 character alphanumeric"<->"4 digit numbers".
Authetication means that you have to; - know the username - know the passphrase - know the 'id code' on the 'token' leaflet - respond with the correct 4 digits to the 4 character challenge
It's simple and effective. No 'keyfiles', no java, and it works with Firefox on Linux.
One of my banks requires flashplayer as a security measure. It uses it to "register" your machine so you aren't asked a challenge question. Of course the challenge questions aren't very hard to guess either, so...... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi My bank (Rabo, NL) requires me to athenticate with a "Random Reader" (a small handheld device) in order to log in. I insert my card and enter my code. It generates a code wich I have to enter on the site. This code can only be used once (or, rather, a looong time in between) and I can only vieuw my bank accounts and prepare transactions. To sign transactions (so they will not dissapear at logoff) I have to use the random reader again, but now I also have to enter a validation code from the site into the random reader before it gives the sign code. As long as the site isn't "spoofed" this will be safe, at least as far as I know and care (I am a student. There aren't many millions of euro's available thru my account. Only a couple :P) This also prevents me from loosing my leaflet with the codes, because all random readers are equal. I can just walk into my bank and ask for a new one. No one can acces my account w/o my pass and my PIN (as far as I know). Neil -- There are two kinds of people: 1. People who start their arrays with 1. 1. People who start their arrays with 0. ----------------------------------------------------------------------- ** Hi! I'm a signature virus! Copy me into your signature, please! ** ----------------------------------------------------------------------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 26 Aug, 2008 at 16:13:26 +0200, Neil wrote:
On 8/26/08, Larry Stotler <larrystotler@gmail.com> wrote:
On Tue, Aug 26, 2008 at 12:47 AM, Jon Clausen <jon@ymmv.dk> wrote:
It's simple and effective. No 'keyfiles', no java, and it works with Firefox on Linux.
One of my banks requires flashplayer as a security measure. It uses it to "register" your machine so you aren't asked a challenge question. Of course the challenge questions aren't very hard to guess either, so......
Sounds dubious to me in the first place, but other than that it just seems kind of 20th century to register any specific system for banking purposes...
Hi
My bank (Rabo, NL) requires me to athenticate with a "Random Reader" (a small handheld device) in order to log in. I insert my card and enter my code. It generates a code wich I have to enter on the site. This code can only be used once (or, rather, a looong time in between) and I can only vieuw my bank accounts and prepare transactions. To sign transactions (so they will not dissapear at logoff) I have to use the random reader again, but now I also have to enter a validation code from the site into the random reader before it gives the sign code.
Pretty much the same deal as with the code leaflet. Each transaction uses one of the code-pairs, which then becomes invalid. Once all the codes have been used, you need a new leaflet.
As long as the site isn't "spoofed" this will be safe, at least as far as I know and care (I am a student. There aren't many millions of euro's available thru my account. Only a couple :P)
I'm not too worried about the site being spoofed, since the chances of anyone being able to reproduce the code-pairs on any given leaflet are pretty slim. Basically the bad guys would have to get acces to the algorithm that generated the codes, or hack into the bank's systems, in which cases all bets are off anyway.
This also prevents me from loosing my leaflet with the codes, because all random readers are equal. I can just walk into my bank and ask for a new one. No one can acces my account w/o my pass and my PIN (as far as I know).
Security-wise, losing the leaflet is no big deal: Noone's going to be able to use it for anything without knowing which account it's for, passphrases, and the other stuff. It might be inconvenient, but not a problem, to have to wait a few days until I got a new set of codes. Actually I'd be much less interested in Yet another Device to carry around... but that's just me... /jon -- YMMV -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Aug 26, 2008 at 10:26 PM, Jon Clausen <jon@ymmv.dk> wrote:
On Tue, 26 Aug, 2008 at 16:13:26 +0200, Neil wrote:
On 8/26/08, Larry Stotler <larrystotler@gmail.com> wrote:
On Tue, Aug 26, 2008 at 12:47 AM, Jon Clausen <jon@ymmv.dk> wrote:
It's simple and effective. No 'keyfiles', no java, and it works with Firefox on Linux.
One of my banks requires flashplayer as a security measure. It uses it to "register" your machine so you aren't asked a challenge question. Of course the challenge questions aren't very hard to guess either, so......
Sounds dubious to me in the first place, but other than that it just seems kind of 20th century to register any specific system for banking purposes...
Hi
My bank (Rabo, NL) requires me to athenticate with a "Random Reader" (a small handheld device) in order to log in. I insert my card and enter my code. It generates a code wich I have to enter on the site. This code can only be used once (or, rather, a looong time in between) and I can only vieuw my bank accounts and prepare transactions. To sign transactions (so they will not dissapear at logoff) I have to use the random reader again, but now I also have to enter a validation code from the site into the random reader before it gives the sign code.
Pretty much the same deal as with the code leaflet. Each transaction uses one of the code-pairs, which then becomes invalid. Once all the codes have been used, you need a new leaflet.
As long as the site isn't "spoofed" this will be safe, at least as far as I know and care (I am a student. There aren't many millions of euro's available thru my account. Only a couple :P)
I'm not too worried about the site being spoofed, since the chances of anyone being able to reproduce the code-pairs on any given leaflet are pretty slim.
Basically the bad guys would have to get acces to the algorithm that generated the codes, or hack into the bank's systems, in which cases all bets are off anyway.
This also prevents me from loosing my leaflet with the codes, because all random readers are equal. I can just walk into my bank and ask for a new one. No one can acces my account w/o my pass and my PIN (as far as I know).
Security-wise, losing the leaflet is no big deal: Noone's going to be able to use it for anything without knowing which account it's for, passphrases, and the other stuff. It might be inconvenient, but not a problem, to have to wait a few days until I got a new set of codes.
Actually I'd be much less interested in Yet another Device to carry around... but that's just me...
/jon -- YMMV -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Well, the random reader has a default place on my desk, while I already have more than enough pieces of paper with important data on it. These I tend to lose...... And what is the difference between a small (1cm thick 8cm long and 5 cm wide or so) device or a piece of paper to carry around? Neil -- There are two kinds of people: 1. People who start their arrays with 1. 1. People who start their arrays with 0. ----------------------------------------------------------------------- ** Hi! I'm a signature virus! Copy me into your signature, please! ** ----------------------------------------------------------------------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 27 Aug, 2008 at 18:50:15 +0200, Neil wrote:
Actually I'd be much less interested in Yet another Device to carry around... but that's just me...
And what is the difference between a small (1cm thick 8cm long and 5 cm wide or so) device or a piece of paper to carry around?
To me: 1x8x5 cm vs. creditcard-sized leaflet == BIG difference But enough of this; Reply-to: set to opensuse-offtopic@opensuse.org /jon -- YMMV -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 26 Aug 2008 03:38:00 Matthias Bach wrote:
Hi!
Am Montag 25 August 2008 schrieb Verner Kjærsgaard:
Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to.
How/where can I tell YaST to stop trying?
You could ceck if it helps to set the packge to protected in yast. You have to right-click on the package to do so. The option seems not to be available via the package menu.
However it seems somewhat strange to use an outdated java for something security sensetive like banking.
Regards, Matthias
Matthias, I asked this question about a week ago under "Blacklisting certain updates" and got no responses. In my original post I stated that YOU was showing particular updates as available and wanting to install them despite the packages being marked as protected in Yast. It would seem that YOU and Yast don't treat the list of installed packages the same way (or YOU does not check the status of installed packages to see if they're protected). In short, the answer seems to be that there is currently no (easy) way to tell YOU to ignore or veto specific updates. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== Reality is an obstacle to hallucination.
On 2008/08/26 07:43 (GMT+0930) Rodney Baker apparently typed:
In short, the answer seems to be that there is currently no (easy) way to tell YOU to ignore or veto specific updates.
That's why I do all my updating with Smart. It provides both lock and multi-version by package. -- "Love is not easily angered. Love does not demand its own way." 1 Corinthians 13:5 NIV Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Rodney Baker wrote:
On Tue, 26 Aug 2008 03:38:00 Matthias Bach wrote:
Hi!
Am Montag 25 August 2008 schrieb Verner Kjærsgaard:
Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to.
How/where can I tell YaST to stop trying? You could ceck if it helps to set the packge to protected in yast. You have to right-click on the package to do so. The option seems not to be available via the package menu.
However it seems somewhat strange to use an outdated java for something security sensetive like banking.
Regards, Matthias
Matthias,
I asked this question about a week ago under "Blacklisting certain updates" and got no responses. In my original post I stated that YOU was showing particular updates as available and wanting to install them despite the packages being marked as protected in Yast. It would seem that YOU and Yast don't treat the list of installed packages the same way (or YOU does not check the status of installed packages to see if they're protected).
In short, the answer seems to be that there is currently no (easy) way to tell YOU to ignore or veto specific updates.
Rodney, Seems like a bug report is in order: http://bugzilla.novell.com -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 26 Aug 2008 11:19:56 David C. Rankin wrote:
Rodney Baker wrote:
On Tue, 26 Aug 2008 03:38:00 Matthias Bach wrote:
Hi!
Am Montag 25 August 2008 schrieb Verner Kjærsgaard:
Now, YaST updater or whatever it's called now keeps suggesting that I upgrade to the latest and shiniest Java 1.6-somthing. I don't want to.
How/where can I tell YaST to stop trying?
You could ceck if it helps to set the packge to protected in yast. You have to right-click on the package to do so. The option seems not to be available via the package menu.
However it seems somewhat strange to use an outdated java for something security sensetive like banking.
Regards, Matthias
Matthias,
I asked this question about a week ago under "Blacklisting certain updates" and got no responses. In my original post I stated that YOU was showing particular updates as available and wanting to install them despite the packages being marked as protected in Yast. It would seem that YOU and Yast don't treat the list of installed packages the same way (or YOU does not check the status of installed packages to see if they're protected).
In short, the answer seems to be that there is currently no (easy) way to tell YOU to ignore or veto specific updates.
Rodney,
Seems like a bug report is in order: http://bugzilla.novell.com
Reported as Bug #420606. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== I'm a Lisp variable -- bind me!
Verner Kjærsgaard escribió:
How/where can I tell YaST to stop trying?
zypper help addlock -- "A computer is like an Old Testament god, with a lot of rules and no mercy. " Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
participants (10)
-
Cristian Rodríguez -
David C. Rankin -
Felix Miata -
Jon Clausen -
Larry Stotler -
Matthias Bach -
Neil -
peter nikolic -
Rodney Baker -
Verner Kjærsgaard