 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, Aug 3, 2010 at 1:26 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote: > On Aug 3, 2010, at 12:15 PM, Jarod Wilson wrote: >> >> Its not about feeling secure. Its about keeping out stupid idiots. SSL >> + auth keeps stupid idiot vandals out. And to me, that's Good Enough >> for a non-critical system like a mythtv box. The determined will >> always find a way in if they really want to. > > See... this is where I see you feeling security rather than practicing security. ?You see keeping the vandals out of your MythTV box as the end of it, but it isn't. ?That's just the *start* of it. ?You see your Myth box as non-critical but if it is exposed to a public-facing network then it *is* critical, not in the way you see it used but in the ways that it can be used against you or someone else. I have a public-facing web server. One of the things it serves up is mythweb. I require access to mythweb to go over ssl with authentication. What else would you propose that I do, short of not running mythweb on a public-facing web server? -- Jarod Wilson jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
