Am Mittwoch, den 01.03.2006, 13:22 -0500 schrieb Ivan Gyurdiev: > The ordinary user does care about security - ask any Windows user who > has had trouble with viruses.
No he doesn't. He hates the Virus, but his aim is that he just doesn't have to care about security, i.e. security should be guaranteed automagically without having to deal with it. Look how naive and obvious people often enter the secret numbers of their credit cards. People are often unaware how simple it is to harvest CC numbers and passwords. There is a reason why most passwords can be cracked using dictionary attacks, when the dictionary is adapted to the cultural background of the victims. Peope prefer laziness over security. We as programmers can force people to use some minimum level of security (login passwords), and try to eliminate as many exploitable leaks as possible. It's the task of media to make people aware of security, activists just can't reach enough people. As of writing SElinux is an interesting security approach, because it tries to combine some of the MLA aspects with the traditional UNIX permission model, but it doesn't offer anything for the mass market, because it's limited to /etc foo, i.e. tied to the OS/host instead of also having some of the connectivity needs of people in scope. Something fundamentally new would be: I'd like to be able to tag a file as "All", and have it available through a sharing service to all people knowing my ID, and all people logged in on my system in a "Shared Resources" listing. Another tag "Family" would allow my family to authenticate themselves with their ID on the sharing service, on my local host or through samba and have the Documents right on their machine. Sort of cross-OS/machine ACLs that try to be both secure and seamless, which is really high-hanging fruit. -- Christian Neumair <[EMAIL PROTECTED]> -- nautilus-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/nautilus-list
