Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Hello Chadwick, So the hyperbole would be to not let anyone have access to technology/information right? Only the L33t should have access to information/knowledge? Truth is computer security threats will always out evolve any panacea we can think up on any OS, vendor or technology. Lets not kid ourselves. Economic incentives breed threats and this isn't going to stop. However, there is a place in between these two extremes where a system is usable and reasonably secure. As hilarious as it sounds I can't give granny a copy of OpenBSD and expect her to know how to use it. But I could lock down any one of the vendors you listed and make it reasonably secure. And yes I have seen very positive results from security awareness training with friends and family. Bugs, vulnerabilities are often the fault of poor programming practice or system design and have nothing to do with users. Lets all be honest, if we want bullet proof 100% security we need to shut down and unplug. Granny running OpenBSD would be quite funny though.... =P Thanks, J Message: 1 Date: Tue, 14 Aug 2007 11:48:31 -0400 From: Chadwick <gmrwick-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> Subject: Disabling security in the name of availability To: discuss-mNDKBlG2WHs at public.gmane.org Message-ID: <437fd7770708140848p2b01250fta9302810b69ad27-JsoAwUIsXosN+BqQ9rBEUg at public.gmane.org> Content-Type: text/plain; charset=ISO-8859-1 On 8/14/07, Martin Owens <doctormo-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote: > > Here is something that I personally am against. Do we all agree > > that the more ubiquitous Linux becomes, the more security will become > > an issue? > > Most of the time the reason why the operating system that shall not be > named seems to have a lot of trouble with users is that it gives users > almost no power and gives anyone the user may know who is experenced > exactly the same amount of no power over the way the software works. > contrast that to the gnu platform where everything can be changed by > anyone; if a security problem exists then someone will solve it, not > just for themselves but for all of their 'lazy' user friends too. > > > Not that I'm against Linux on the desktop, and I applaud SuSE, > > Ubuntu, and whoever else is making these strides. But we have to > > relearn people to the ways of the computer. We have to motivate the > > large amount of lazy users today into realizing that their lives are > > in the hands of these computers that they take for granted. > > I don't think it's worth talking about educating users in a formal > manner. There users are using computers to get stuff done. I wouldn't > appreciate being forced to learn about tcp/ip before I could connect > to the internet for exactly the same reason: why all learn what a few > can learn and reshape the tools and best practices for everyone else? > > This was really my point, if experienced users are helping their non > experenced (or lazy as you put it) users; then should they be making > sure there is more not less securty. take for instance the enabling of > the root account, on a Debian machine there is hardly any reason to do > that unless you know what your doing and why. > This is a discussion, and your points are helping me to change my mind as I read what you say. The lazy ones are the experienced ones who decide that Apple, Microsoft, or Ubuntu. . .etc are responsible for making the system work, even though they are perfectly and easily capable of helping themselves. At first, I did think of the everyperson user.. but now I realize that many people should not be asked to know so much. Not everyone can become good at using computers. But to ask that every user should never have to know anything? That is a bit far, in my opinion. The security issues at hand seem to arise not from how the system works, but how it is worked by the user. Phishing, spam, the 419 scam...etc. are great examples of the user problem. People are being educated, but it is still happening. Is this due to laziness or inexperience? -- Chadwick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |