begin quoting Lan Barnes as of Wed, Apr 20, 2005 at 12:09:07PM -0700: [snip] > Likewise, I understand that there are people skillful enough to > penetrate my firewall and own my Linux systems in my house w/o console > access (I can root any Linux box from the console, and so can you). I'm
Do I get to choose the hardware? And can I impose a reasonable time-limit, like, say, an hour? You have unlimited preparation time, and can bring anyone you like, and you have full specifications to the machine, naturally. I would choose a system with a password-protected PROM and encrypted hard-disks (with the key stored in the PROM). No network-visible services. Replace the disks? No boot. Move the disks to a known-good machine? No key to decrypt. Replace the VRAM? No key to decrypt. Anything that shuts off or crashes the machine? No reboot without password. Open the case? Immediate shutdown. > not sure how, but I've been told it's true by people who should know > what they're doing. I also realize that it would be beyond my skill > level and price range to prevent this. > > So I take what I think are reasonable precautions to force the thieves > to go elsewhere. I try not to be low-hanging fruit. It's always a tradeoff. :) > My concern about Lindows (or whatever the kids are calling it now) is > that it hangs the fruit way low and doesn't attempt to even educate the > new buyers that there could be problems. Yup. Teaches bad habits. Fails to foster the appropriate paranoia. Maybe. It's been said that people would drive slower if you put a foot-long steel spike in the steering wheel pointed at the driver's heart. It's all about staying at a comfortable level of risk. Make things less risky, we take more chances; make things more risky, we take fewer chances. Perhaps those who run as root won't trust live data; maybe those who run multi-user "because it's more secure" will run that program that aunt suzie appeared to have sent, because she's a nice person "and I'm safe 'cuz I'm using Linux". Trying to figure out how people will react to risk is /hard/. > When I read the comments of what's-his-name, the former MP3 and present > Lindows guy, I come away convinced that he is personally clueless. Not > the end of the world for a business type, but in this case, both > clueless and unwilling to listen to others. Bad combination. I came away with a technically shrewd but generally misleading statement. He put a finger on a flaw, and it hurts. Claiming it really isn't a flaw is a reaction we'd expect from Microsoft users. We've had a half-dozen good suggestions as to tools and techniques that eliminate that flaw, but that's not _today_. We should at least _grudgingly_ admit to the flaw. If we do that, we'll likely have an itch that someone will scratch, and we'll all be better off for it. > So IMO Lindows will end up adding to the already overpopulated pool of > machines that will be rooted by spammers etc. I think it will as well, but for different reasons. [snip] -Stewart "It'll attract the careless and gullible sorts of users" Stremler
pgpTNL1zHUs8U.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
