Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Disabling security in the name of availability



Hello Chadwick,

  So the hyperbole would be to not let anyone have
access to technology/information right?  Only the L33t
should have access to information/knowledge?  Truth is
computer security threats will always out evolve any
panacea we can think up on any OS, vendor or
technology.  Lets not kid ourselves.  Economic
incentives breed threats and this isn't going to stop.
 

  However, there is a place in between these two
extremes where a system is usable and reasonably
secure.  As hilarious as it sounds I can't give granny
a copy of OpenBSD and expect her to know how to use
it.  But I could lock down any one of the vendors you
listed and make it reasonably secure.  And yes I have
seen very positive results from security awareness
training with friends and family.  Bugs,
vulnerabilities are often the fault of poor
programming practice or system design and have nothing
to do with users. Lets all be honest, if we want
bullet proof 100% security we need to shut down and
unplug.  Granny running OpenBSD would be quite funny
though.... =P  

Thanks,
J


Message: 1
Date: Tue, 14 Aug 2007 11:48:31 -0400
From: Chadwick <gmrwick-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
Subject: Disabling security in the name of
availability
To: discuss-mNDKBlG2WHs at public.gmane.org
Message-ID:

<437fd7770708140848p2b01250fta9302810b69ad27-JsoAwUIsXosN+BqQ9rBEUg at public.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1

On 8/14/07, Martin Owens <doctormo-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> >   Here is something that I personally am against. 
Do we all agree
> > that the more ubiquitous Linux becomes, the more
security will
 become
> > an issue?
>
> Most of the time the reason why the operating system
that shall not
 be
> named seems to have a lot of trouble with users is
that it gives
 users
> almost no power and gives anyone the user may know
who is experenced
> exactly the same amount of no power over the way the
software works.
> contrast that to the gnu platform where everything
can be changed by
> anyone; if a security problem exists then someone
will solve it, not
> just for themselves but for all of their 'lazy' user
friends too.
>
> >   Not that I'm against Linux on the desktop, and I
applaud SuSE,
> > Ubuntu, and whoever else is making these strides. 
But we have to
> > relearn people to the ways of the computer.  We
have to motivate
 the
> > large amount of lazy users today into realizing
that their lives
 are
> > in the hands of these computers that they take for
granted.
>
> I don't think it's worth talking about educating
users in a formal
> manner. There users are using computers to get stuff
done. I wouldn't
> appreciate being forced to learn about tcp/ip before
I could connect
> to the internet for exactly the same reason: why all
learn what a few
> can learn and reshape the tools and best practices
for everyone else?
>
> This was really my point, if experienced users are
helping their non
> experenced (or lazy as you put it) users; then
should they be making
> sure there is more not less securty. take for
instance the enabling
 of
> the root account, on a Debian machine there is
hardly any reason to
 do
> that unless you know what your doing and why.
>

   This is a discussion, and your points are helping
me to change my
mind as I read what you say.  The lazy ones are the
experienced ones
who decide that Apple, Microsoft, or Ubuntu. . .etc
are responsible
for making the system work, even though they are
perfectly and easily
capable of helping themselves.  At first, I did think
of the
everyperson user.. but now I realize that many people
should not be
asked to know so much.  Not everyone can become good
at using
computers.
  But to ask that every user should never have to know
anything?  That
is a bit far, in my opinion.  The security issues at
hand seem to
arise not from how the system works, but how it is
worked by the user.
 Phishing, spam, the 419 scam...etc. are great
examples of the user
problem.  People are being educated, but it is still
happening.  Is
this due to laziness or inexperience?

-- 
Chadwick

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org