Mailinglist Archive: opensuse (6210 mails)
| < Previous | Next > |
Re: [opensuse] Routing Root's Mail to Another User
- From: Allen <gorebofh@xxxxxxxxxxx>
- Date: Sun, 9 Oct 2005 19:55:17 -0400
- Message-id: <20051009235517.GA7098@xxxxxxxxxxxxxxxxxxxxxx>
On Mon, Oct 10, 2005 at 01:05:38AM +0200, nordi wrote:
> Carl Hartung wrote:
> > Meanwhile, I doubt you believe the need for a password makes your ATM
> > "harder" to use.
> You are confusing things: With an ATM you _do_ have the risk of someone
> standing in front of the ATM that is not trusted. As a result, passwords
> are necessary. With a PC at somebody's home you very often do not have
> the risk of local attacks.
And with a computer someone could sniff your passwords for things like your
bank account....
> E.g. many video recorders/TVs have _optional_ passwords that can be
> activated to prevent the kids messing with it. However, this password
> function is by default _de_activated (=auto login), since in most cases
> the there is no "attacker". Hence password protection is unnecessary and
> would make the video recorder/TV harder to use than necessary. Or how
> would you like to enter a password every time you switch on your TV?
> Password protected fridges, anyone? After all, these could get raided as
> well.
You seem to live in Germany, meaning you probably haven't ever had someone
rack up your cable bill, mainly because there isn't one, but in America you
pay for watching things on TV and it's VERY SIMPLE to rack up the amount of
money they have to pay each month to the cable company and ordering movies
which costs A LOT extra.
> The same argument goes for your PC at home(which for many users is not
> more than a TV + telephone + gaming console): If there is no attacker,
> you do not need a defense!
Ummm, you don't need to be sitting at a computer to get to it. Remote
attacks have existed longer than the standing near you ones have.
> > Yes, I think auto login is a nice *feature*
> Password protection is the feature, not auto login. You need lots of
> additional programs and infrastructure for password protection, auto
> login needs nothing. Think of MS DOS, did that have an auto login
> program? Maybe you should see auto login more as the removal of an
> _unnecessary_ feature...
No, MS-DOS didn't have auto log in programs, it was single user single
tasking, there is a difference.
> > but it should be a feature that requires a bit of knowledge
> > forethought and effort to enable
> Auto login is aimed at the non-technical users, so making it hard to use
> makes it useless. Btw, a good distribution should _reduce_ the effort it
> takes to do things, not increase it. And maybe include a few warning
> signs for the unwary. But with auto login you do not need to be a
> computer expert to see the security implications.
>
> Regards
> nordi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: opensuse-unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail: opensuse-help@xxxxxxxxxxxx
>
> Carl Hartung wrote:
> > Meanwhile, I doubt you believe the need for a password makes your ATM
> > "harder" to use.
> You are confusing things: With an ATM you _do_ have the risk of someone
> standing in front of the ATM that is not trusted. As a result, passwords
> are necessary. With a PC at somebody's home you very often do not have
> the risk of local attacks.
And with a computer someone could sniff your passwords for things like your
bank account....
> E.g. many video recorders/TVs have _optional_ passwords that can be
> activated to prevent the kids messing with it. However, this password
> function is by default _de_activated (=auto login), since in most cases
> the there is no "attacker". Hence password protection is unnecessary and
> would make the video recorder/TV harder to use than necessary. Or how
> would you like to enter a password every time you switch on your TV?
> Password protected fridges, anyone? After all, these could get raided as
> well.
You seem to live in Germany, meaning you probably haven't ever had someone
rack up your cable bill, mainly because there isn't one, but in America you
pay for watching things on TV and it's VERY SIMPLE to rack up the amount of
money they have to pay each month to the cable company and ordering movies
which costs A LOT extra.
> The same argument goes for your PC at home(which for many users is not
> more than a TV + telephone + gaming console): If there is no attacker,
> you do not need a defense!
Ummm, you don't need to be sitting at a computer to get to it. Remote
attacks have existed longer than the standing near you ones have.
> > Yes, I think auto login is a nice *feature*
> Password protection is the feature, not auto login. You need lots of
> additional programs and infrastructure for password protection, auto
> login needs nothing. Think of MS DOS, did that have an auto login
> program? Maybe you should see auto login more as the removal of an
> _unnecessary_ feature...
No, MS-DOS didn't have auto log in programs, it was single user single
tasking, there is a difference.
> > but it should be a feature that requires a bit of knowledge
> > forethought and effort to enable
> Auto login is aimed at the non-technical users, so making it hard to use
> makes it useless. Btw, a good distribution should _reduce_ the effort it
> takes to do things, not increase it. And maybe include a few warning
> signs for the unwary. But with auto login you do not need to be a
> computer expert to see the security implications.
>
> Regards
> nordi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: opensuse-unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail: opensuse-help@xxxxxxxxxxxx
>
| < Previous | Next > |