Bulletproof Linux and Related Issues
Jon Pruente
jdpruente at gmail.com
Mon Sep 29 17:25:13 CDT 2008
On Fri, Sep 26, 2008 at 11:35 AM, Oren Beck <orenbeck at gmail.com> wrote:
> The only comment beyond my lead in for rethinking client/server
> security is an admonition of ethics.
>
> If we lived in a world like RMS envisioned we'd need no passwords.
I like to think he was wrong on that. Passwords are like locks on
doors, as the saying goes "they keep an honest person honest", even if
a criminal can just break the door in. Locks don't just keep the
baddies out, they help maintain a degree of expected privacy and
security. Above this though, is that even asking for a password when
doing an su, for example, you have to stop and think for a split
second about what you are doing. It a step to keep flying fingers and
mind in check when performing possibly dangerous commands/actions. A
password is not just an anti-evil-doer measure, but an
anti-boneheaded-mistake preventer. Passwords are used for increasing
levels of security control to prevent people from easily making
critical mistakes. Having a wide-open system is just asking for some
noob to walk up, find you are low on disk space or something and
kindly make some available to you at random. Even though I used the
quote above, the honesty of people has absolutely nothing to do with
their competanance or capability, which using passwords can help keep
in check.
Jon.
More information about the Kclug
mailing list