On Fri, Oct 03, 2003 at 01:42:28AM +0100, Karsten M. Self wrote: > E.g.: there are _good_, _solid_ reasons Debian doesn't allow Mozilla to > run as root, why X11 TCP connections are disabled by default, and why > SSH is strongly recommended. Yes, it's possible to override or ignore > these settings, but that's not information I share, particularly not > with newbies, on the simple principle that learning how to shoot > yourself in the foot _might_ just provide you with some clue as to why > this is a bad idea. I agree that security is generally a good thing, but some people turn it into some sort of cult. Once upon a time I tried running FreeBSD (or was it NetBSD) and some script I had died, because I didn't have permission to write to /dev/null. That really made me laugh. One thing I really like to do is disable passwords for local logins. But I'm sure there are people who will tell me that the CIA is going to come to my house, tie me up, log into my computer and steal all my mp3s or something :) I really like doing this because it saves me from typing my password 300 times a day, and it doesn't make my computer any easier to hack over the network. So I think there should be a proper balance between convenience and security. For instance the current version of Outlook Express (aka outhouse excess, etc.) defaults to preventing users from opening any attachments: "Sorry this attachment could be a virus.". It does this even with "plain/text" attachments. I've had to fix this on any number of people. Even worse is the fact that Outlook's GPG/Mime handling is broken and it actually doesn't show the message but shows it as an attachment, which if the user clicks on it, gives them a warning saying that it may be a virus. I mean this prevents legitimate attachments like jpegs, etc. So users simply disable it, and you're back to square one. P.S. It might have been a security upgrade or something that added this "feature" to OE, but still I've seen people struggling to open plain/text attachments because of it. Bijan -- Bijan Soleymani <bijan@psq.com> http://www.crasseux.com
Attachment:
signature.asc
Description: Digital signature