Re: RFC/Discuss: Replace KDE by LXDE on LTSP?
On Torsdag 30. april 2009, Jonas Smedegaard wrote:
> I am baffled that Knut still consider switches a security measure now 6
> years later.
Jonas'es ideal take on the world is always exiting, especially when he
takes things out of context, using a straw man argument. Here is what I
wrote:
> switching gives you a better starting point preventing
> package sniffing compared with hubs.
Does this sentence says that I'm asking people to disregard use of other
security measures? No, it does not. It only states a fact. Switches
provides a better starting point preventing package sniffing than hubs,
implying that you should do more.
Secondly. In an educational context, a schools with scarce resources may
have to throw out 250 fully working pc's to the junk yard, if developers
under estimates how little computational power such clients may have. What
may seems as a small insignificant security addition, might be a measure
which stops Skolelinux, where the clients don't work. Then Skolelinux get
the blame.
Some municipalities which has experienced this have later switched to
Windows. Such municipalities are able to get a full Windows solution with
the costly licenses and twice as expensive hardware at every school. And
I'm talking about twice the cost compared to a full hardware upgrade with
Skolelinux clients. Clients which can run all security measures you
recommend Jonas.
My concern is to prevent an unfortunate assumption: That Skolelinux don't
work because of a small technical security chance, which may give a huge
change on old machines (changes which has almost no impact on newer
machines with 10X power compared to old ones). The security change may not
be a show stopper in it self. But the software which runs the new security
feature may use more resources.
And Jonas, since you're using a straw man argument. I'm asking for a
little perceptive concerning security, not a circus. Linus Torvalds had a
comment on that (15 Jul 2008):
"one reason I refuse to bother with the whole security circus is that I
think it glorifies -- and thus encourages -- the wrong behavior. It makes
'heroes' out of security people, as if the people who don't just fix normal
bugs aren't as important. In fact, all the boring normal bugs are way more
important, just because there's a lot more of them."
Source: http://article.gmane.org/gmane.linux.kernel/706950
Best regards
Knut Yrvin
--
Open Source Community Manager
Qt Software, Nokia
cell: + 47 934 79 561, phone: +47 21 60 27 58
http://qtsoftware.com
Reply to: