On 7 Jan, Dana J. Laude wrote:
>
> Michael Johnson wrote:
>>
>> On Thu, 7 Jan 1999, Rick Chandler wrote:
>> > >You should have your machine secure if you are connected to the
>> > >internet at all....not just because you are using IRC. There are
>> > >other ways to discover your IP than having it discovered on IRC. IRC
>> > >isn't the culprit...its poor administration.
>> > I'll give you that. How many newbies do we have using Linux who don't
>> > know about security at all? My statement is that if your going to use a
>> > program that will easily give you someones IP address, then you'd better
>> > secure your system. I didn't have mine secure because, I really don't
>> > care, if it gets distroyed then I just simply re-install it. Others
>> > system are most likely more valuable to them than me.
>>
>> With all due respect, someone who doesn't even bother having a password
>> for the root
>> account is certainly the LAST person who should be giving advice TO
>> ANYONE on system adminstration and unix/linux security. There is no
>> rational justification for it. There is nowhere
> <snip>
>>
>> A billion other things, but you get the point. If you use Linux, Solaris,
>> FreeBSD, it is not like using Windows. It's a different mentality. I don't
>> mean to preach, but I feel like even though all this sounds insanely
>> obvious, that it apparently needed saying.
>
> First off, since I started this thread..., thanks to all that helped
> with my original question. Now specifically to Michael, you have a
> very valid point, it just seems that those coming into Linux from the
> Windows world are totally unaware of most, if not all of the security
> issues with Linux. Now, SuSE has a pretty good manual..., but it
> doesn't really get into security issues to well. Remember all of
> those manuals you got with SCO, ESIX, Xenix and Solaris? ;-)
> I'm not aware of any site that has specific FAQ's on Linux security
> issue's (as in how to bulletproof your system type) but it sounds
> like a worth while project, although I would assume such info
> already exists. Also to be fair to those migrating for the world
> of Windows 9x, security is a nonexistent feature. (ok, they
> have a login box that you hit cancel at.;) Being that they no
> not what they do when running stuff as root, (I'd say 99% of
> which is because root works, stuff as a user does not) and they
> don't know how to fix permissions, or add the user to a specific
> group. It's not a matter of being stupid, just unaware of the
> what they are doing. (well, at least in *most* cases)
>
> That's about it. ;)
>
> Dana
> --
> [EMAIL PROTECTED] Dana J. Laude, Fluid Computer Designs Ltd (US)
> -
> To get out of this list, please send email to [EMAIL PROTECTED] with
> this text in its body: unsubscribe suse-linux-e
> Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
> archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html
Since I like using "insecure" things like irc and looking at basic
security issues such as protecting my little investment I am interested
in both sides of this debate. I could imagine Jerry Springer landing
this juicy tidbit; saying, "Today its rich stuff. The folks that don't
password protect their root accounts and their lives". My interest is
more than just from a personal level. I want to protect my investment
in both learning this stuff and knowing that I understand that running
a linux workstation is not the same as "using a win98 desktop". I do
both sometimes and I use NT sometimes and I have watched people get
their NT systems messed up with no admin password.
Now one point is that a personal investment that one has no interest in
does not have to be protected since the person is making his or her own
decision regarding its importance. The other valid point is that it
makes a statement about how and what we all do or in common
sociological terms we are labelled. As a sociologist friend one told
me, "it doesn't matter if the label is true or not. What matters is
that it was applied".
So my interest is in protecting my investment even if its useless. I
am the final arbiter in what is useful to me. But others along the way
can determine whether they can take away that use. If I can protect
even the uselessness so I can make a decision; more points for me. But
you know what? Anything that has so much time put into it as a linux
workstation is not useless. For why would someone build something, do
all the work, then to just let it get torn down by something as
careless as a password not applied? So, my point is - I want to protect
what I value. Its not a matter of being unaware or not understanding
or running stuff as root; although thats all important stuff. To me,
its a matter of what I value and what linux provides that I value.
And thats it for me.
--
Michael E. Perry
[EMAIL PROTECTED]
------------------
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html
