RE: Secure 2.4.x kernel

To: "Juha Jäykkä" <juolja@utu.fi>, <debian-security@lists.debian.org>
Subject: RE: Secure 2.4.x kernel
From: "Gary MacDougall" <gary@freeportweb.com>
Date: Thu, 27 Dec 2001 11:48:02 -0500
Message-id: <[🔎] ADECINAPILIIOCDLADFDOECJCMAA.gary@freeportweb.com>
In-reply-to: <[🔎] Pine.SOL.4.30.0112271506550.26678-100000@alya.utu.fi>

>  Now, I do not know about American law, but at least in Finland the
>guy whose gun (assault rifles are illegal anyway unless they are
>rendered non-automatic) was stolen, is likely to get punished as well!
>It depends on how the gun was stored: it needs to be locked away in a
>different location than its ammunition etc. I think THIS is something
>we need to see in the computer break-in laws as well: the owner of an
>exceedingly insecure system being used as a launchpad for further
>attacks should be punished as well.

In the US the person who owns the gun could be punished (small penatly),
only if:  The gun was illegal or not registered.  The penalty is usually
a fine, not more than $1000.00.  So its conceivable that someone could
steal a firearm from your home, which wasn't legal in the first place,
then commit a crime with that firearm and all that you would be charged
is the fine for not registering the gun.  If it was registered, its not
a crime, regardless of how you store the gun or where you keep it.  In
the US, the home is a private and protected sancuary.


>  I do not know why I replied to this particular message... probably
>because most people whose systems are very insecure are in some
>aspects "dumb": either because they are too lazy or they simply lack
>the knowledge to keep it secure (and are too lazy to obtain the
>knowledge).  I would call that dumbness.

>  Some do not even have the slightest idea of what can be done with
>their computer which is sitting 24/7 on a DSL line - that is most
>unfortunate. Ever heard the phrase: "There is nothing valuable on my
>computer - why would anyone break into it?" Who would educate them..?


Here is where you and I have a problem.  Calling a person a "dumbass"
because he or she doesn't know about computer security is basically
avoiding the simple fact that "not everyone knows everything", or better,
not everyone *understands* computers as much as the people that bestow
the knowledge.  Unlike some Linux people, I don't have a problem with
a person not knowing how Linux works, even at the security level.  Does
it bother me that people use Linux and don't know how to harden it up
and make it secure, sure, I wish everyone knew about security and how
to use an operating system like Linux/Unix.  It would make all of our
lives a little easier considering the amount of "spoofing" that
goes on.

<soapbox>
I'm gong to get flamed like hell for this, but I think the general
attitude of people that consider themselves "Linux Security Guru's" sucks!
If you've ever visited #linux on IRC or talked with people in a chat room
about Linux (in general) its amazing the amount of venom these Linux
Pundits have towards people that are "newbies".

People forget that we were all "newbies" at one point.  Just because you
were using Linux in 1994 doesn't mean you weren't a newbie in 1993,
catch my drift?  I think its kind of sad when I visit #linux and someone
drops in and says:

"Hey, can someone help me, I can't figure out how to shut off telnetd".

The respones range from, "hey, go to #LinuxHelp you newbie troll...".
to "hey, MS troll go use Micro$oft and stop bothering us...".
Or and I love this one:
"RTFM... there is plenty of documentation".

Really sad.

Anyway, I think if people helped more "dumbass" people along with the
security issues and general hardening of Linux up, things would get
better. But I don't have much confidence that this community will take a
step down from the attitude and try and remmeber that this is JUST an
OS and not a friggin' elite club.  People seem to want to keep Linux this
little "OS that could", but its so far past that now and people can't
let go...

In a related note, I got banned from #linux because I asked what people
thought about Red Hat RPM vs. apt-get.  Someone called me a troll and
banned me... My reason for asking was simple: I was trying to convince
someone to move all of their 32 boxes over to Debian and needed some other
interesting opinions (ammunition) about apt-get vs. rpm (My reasoning was
security updates are easier etc. etc.)... Getting kicked and banned made
me realize that that most people (at least in that channel) aren't really
interested in Linux but are interested in "flexing their dick" and proving
to everyone about how much more knowledgable they are about a topic <sigh>.

I guess its a form of "geek revenge".

</soapbox>





--
		 -----------------------------------------------
		| Juha Jäykkä, juolja@utu.fi			|
		| home: http://www.utu.fi/~juolja/		|
		 -----------------------------------------------


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001

Reply to:

References:
- Re: Secure 2.4.x kernel
  - From: Juha Jäykkä <juolja@utu.fi>

Prev by Date: Re: sending password in the command line
Next by Date: Re: sending password in the command line
Previous by thread: Re: Secure 2.4.x kernel
Next by thread: RE: Secure 2.4.x kernel
Index(es):
- Date
- Thread