[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC/Discuss: Replace KDE by LXDE on LTSP?



On Torsdag 30. april 2009, Jonas Smedegaard wrote:
> I am baffled that Knut still consider switches a security measure now 6
> years later.

Jonas'es ideal take on the world is always exiting, especially when he 
takes things out of context, using a straw man argument. Here is what I 
wrote: 

> switching gives you a better starting point preventing 
> package sniffing compared with hubs. 

Does this sentence says that I'm asking people to disregard use of other 
security measures? No, it does not. It only states a fact. Switches 
provides a better starting point preventing package sniffing than hubs, 
implying that you should do more. 

Secondly. In an educational context, a schools with scarce resources may 
have to throw out 250 fully working pc's to the junk yard, if developers 
under estimates how little computational power such clients may have. What 
may seems as a small insignificant security addition, might be a measure 
which stops Skolelinux, where the clients don't work. Then Skolelinux get 
the blame. 

Some municipalities which has experienced this have later switched to 
Windows. Such municipalities are able to get a full Windows solution with 
the costly licenses and twice as expensive hardware at every school. And 
I'm talking about twice the cost compared to a full hardware upgrade with 
Skolelinux clients. Clients which can run all security measures you 
recommend Jonas. 

My concern is to prevent an unfortunate assumption: That Skolelinux don't 
work because of a small technical security chance, which may give a huge 
change on old machines (changes which has almost no impact on newer 
machines with 10X power compared to old ones). The security change may not 
be a show stopper in it self. But the software which runs the new security 
feature may use more resources. 

And Jonas, since you're using a straw man argument. I'm asking for a 
little perceptive concerning security, not a circus. Linus Torvalds had a 
comment on that (15 Jul 2008):

"one reason I refuse to bother with the whole security circus is that I 
think it glorifies -- and thus encourages -- the wrong behavior. It makes 
'heroes' out of security people, as if the people who don't just fix normal 
bugs aren't as important. In fact, all the boring normal bugs are way more 
important, just because there's a lot more of them." 

Source: http://article.gmane.org/gmane.linux.kernel/706950

Best regards

Knut Yrvin
-- 
Open Source Community Manager
Qt Software, Nokia
cell: + 47 934 79 561, phone: +47 21 60 27 58
http://qtsoftware.com


Reply to: