* Richard Laager <rlaa...@wiktel.com> [200129 19:05]: > On 1/29/20 8:28 AM, Marvin Renich wrote: > There are plenty of shades of > grey in this, and what counts as "minimal", "medium", or "massive" is > going to be at least somewhat subjective.
Completely agree. > I'd say that "massive breakage" (breaking lots of things) is not the > same as "maximal disruption" (the most disruption). Maximum disruption > would be, for example, breaking things that were "fully correct" (not > doing something "dodgy") before the change. This would be a "flag day" > change. That level of disruption needs to be avoided if at all possible, > and carefully managed if completely unavoidable and worth the pain. My intended meaning of disruption, in my previous message, was not the inevitable churn associated with ironing out the bugs. It was the resulting decrease in ease of use (and increase of other costs) after the bugs settled. Sorry if that wasn't clear. There is always a trade-off between security and usability. My point is to not force more security on everybody _as the default_ when only some users need that security, and most of the time the users who need the security are the ones who are able figure out the knob to tweak to get it (and many times they are using something like puppet to ensure that all the machines they support get the configuration they want). Because of this, distributions, when choosing defaults, should give more weight to the needs of those less likely to be able to do the configuration themselves than to those with more advanced needs. I do agree that sometimes having a slightly higher level of security is the best default; just give appropriate thought to the associated costs. > > Time and time again I see security expert "wannabes" pushing for the > > most security possible. Even real experts sometimes lose sight of the > > balance between usability and security. Unfortunately, there are a lot > > more "wannabes" than real experts, and the "wannabes" are typically much > > more vocal. > > While I understand your point, I think it would be better to focus on > the arguments rather than the people making them. Okay, that paragraph was too pejorative. Let me rephrase it. (Note, however, that I did not identify anyone in particular, nor did I have any specific person or persons in mind.) Some people actively and regularly encourage others (distributions, large ISPs, etc.) to use a higher level of security as a default than most people need without regard to how it affects usability and other real costs (such as bandwidth and CPU usage, which affects how much people have to spend). Not only is setting the default level of security too high a bad thing, but the act of promoting this is a bad thing. (This last sentence was really the point I was trying to make with the paragraph in my previous message.) If I offended anyone who considers themselves to be one of the people described in the previous paragraph by calling them security expert "wannabes" in my original message, I do apologize. But please, stop pushing for higher-than-necessary defaults for security. As a specific example of unnecessary default security, take the "https everywhere" campaign. Having https available on most servers is definitely good. However, if you explicitly go to http://www.google.com/ you are redirected to the https version. Of all the (hundreds of?) billions of google searches done every day, how many of them would really cause any harm at all if the communications were unencrypted? Yet the entire computer-using segment of society pays the price for higher bandwidth and CPU usage. Note that my whole argument is not about what should or shouldn't be available. It is about what the defaults should be. ...Marvin
