Mailinglist Archive: opensuse (6210 mails)
| < Previous | Next > |
Re: [opensuse] Routing Root's Mail to Another User
- From: Carl Hartung <suselinux@xxxxxxxxxxxxx>
- Date: Sun, 9 Oct 2005 12:49:03 -0400
- Message-id: <200510091249.04110.suselinux@xxxxxxxxxxxxx>
On Sunday 09 October 2005 09:41, nordi wrote:
> When you see this as being insecure, what about GRUB not being password
<snippage>
Hi Nordi,
In my mind, the question was "Should the use of auto login be encouraged or
suggested?" *not* "Does disabling auto login create a secure computer?"
Password protecting the desktop helps to prevent casual or opportunistic
snooping and attacks. Access to documents and frequently used "private"
applications like IM, chat, VOIP and e-mail clients, also one's reading
material and playlists or financial correspondence, etc., is made more
difficult... obviously, not impossible... but the front door won't always
swing wide open and invite such mischief, which is the main concern I have
with auto login.
Mind you, casual events aren't always "trivial," either They can range from
jokes gone awry, like someone posing as you sending a dirty joke to your
spouse but cc's the CEO or the Chief of Police or the Mayor... or someone
more vengeful sending threats to your Ex or downloading illegal content
or attempting to destroy your data. Anticipating, and guarding against, such
potentialities is everybody's responsibility, including Novell/SUSE's.
You and I and others experienced in such matters know enough to uncheck that
little box during installation. My concern is that it conveys an impression
to new and unsophisticated customers that auto login is a normal and accepted
practice within the Linux community, which my belief is it *is not*
(emphasized for clarity).
Also, leading starts with behavior. If you convey, through your actions as
well as words, a consistent philosophy and attention to detail, people
witnessing or participating in some way with you are more likely to follow
suit. If your actions are contradictory (for instance, seeming to recommend
auto login during the installation process,) others... particularly those who
are naive and inexperienced, can be discouraged from making the right
decision. IMHO, the "right" decision is auto login disabled.
regards,
- Carl
> When you see this as being insecure, what about GRUB not being password
<snippage>
Hi Nordi,
In my mind, the question was "Should the use of auto login be encouraged or
suggested?" *not* "Does disabling auto login create a secure computer?"
Password protecting the desktop helps to prevent casual or opportunistic
snooping and attacks. Access to documents and frequently used "private"
applications like IM, chat, VOIP and e-mail clients, also one's reading
material and playlists or financial correspondence, etc., is made more
difficult... obviously, not impossible... but the front door won't always
swing wide open and invite such mischief, which is the main concern I have
with auto login.
Mind you, casual events aren't always "trivial," either They can range from
jokes gone awry, like someone posing as you sending a dirty joke to your
spouse but cc's the CEO or the Chief of Police or the Mayor... or someone
more vengeful sending threats to your Ex or downloading illegal content
or attempting to destroy your data. Anticipating, and guarding against, such
potentialities is everybody's responsibility, including Novell/SUSE's.
You and I and others experienced in such matters know enough to uncheck that
little box during installation. My concern is that it conveys an impression
to new and unsophisticated customers that auto login is a normal and accepted
practice within the Linux community, which my belief is it *is not*
(emphasized for clarity).
Also, leading starts with behavior. If you convey, through your actions as
well as words, a consistent philosophy and attention to detail, people
witnessing or participating in some way with you are more likely to follow
suit. If your actions are contradictory (for instance, seeming to recommend
auto login during the installation process,) others... particularly those who
are naive and inexperienced, can be discouraged from making the right
decision. IMHO, the "right" decision is auto login disabled.
regards,
- Carl
| < Previous | Next > |