Cristian RodrC-guez wrote:
On 07/12/11 10:49, Marcus Meissner wrote:
"principle of least privilege" is probably the better wording.
Which usually becomes the "principle of least possible usability" :-(
---- Bingo. Principle of least privilege is great for systems designed to constrain and control users. You want to keep users under your thumb and allow them nothing unless they need it. That how the US government is becoming... The alternative is 'freedom' -- and educating users how to responsibly use that freedom. But in doing that -- you create users with more 'self power' -- not good if you are trying to center/gather power at the top. The US was built in an attempt to create a shared and distributed, on the idea that it would grow best by giving local authorities carte-blank except in key areas needed to be controlled by the central authority. Unix was created in the same spirit -- to enable people .. not to control them (look to VMS/ IBM for those OS's). Those controlling OS's are all but dead, and the innovation coming from those under those systems is likely VERY different from the level of innovation of someone developing on an open platform. In short. A desired for a 'controlled/controlling' system to be the 'default' is a reflection of wanting to dominate and control users -- which will lead to lower productivity (which as happened in the US as more freedoms were taken by the government (and made illegal), the US's economy has suffered -- instead of finding fulfillment through work and acquiring new knowledge, people are encouraged to have fun in beer football, and playing politics to see who can become the most powerful (at the expense of the rest of the players). Linux/Unix is designed top be open as it was designed to be LEARNED from. We don't want to hide thigns by *default* ... (which says nothing about making it have the ability to be configured 'closed' -- flexibility and configurability are good things). But the default configuration going out to users -- should be 'open' and transparent. And importantly -- an open source allows end users to discover flaws and more quickly fix them and/or work around them, vs. closed source OS's like *R*X, that had 10's of thousands of bugs filed against it (many from internal people). But policy was to only fix those bugs when a paying customer found them. The most secure system is one that is open and transparent -- where everyone can see the security code -- but even knowing the formulae, doesn't give them access, or benefit, as the algorithms create authentication tokens on the fly that are not decipherable/decryptable in any useful time period. I.e. it's security through good design, vs. security though obscurity -- and yes, a closed up system is a form of security through obscurity.... you may not be hiding passwords in the code, but you are hiding algorithms in the code, that, in well designed ones, don't give you any advantage. Their advantage is in the algorithm, not whether or not the algorithm is known. Please think about that Marcus. I'm 100% with you in having the *options* for strong hardening present, but don't think they should be the default... it's not the write-mindset for the space, IMO.... -linda -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org