On 14-01-26 10:03 AM, jdd wrote:
Le 26/01/2014 15:57, Ted Byers a écrit :
advise such a novice how to partition, say, a new system with one or two large
I wouldn't( avice a *novice* do tweek his install, the risk of opening a breach bigger than the hole he close being large
if you have really sensitive data, hire an expert
jdd
That advice is not acceptable for two reasons. 1) The novice, then, remains a novice. And if he is trying to start a venture and doesn't have a budget to let him hire an expert, he is left vulnerable. Mind you, if I had that expertise, I'd advise him to begin with a disposable machine, do a fresh install, and set up a website that begs to be attacked, so that if and when he has made a mistake, he can learn from that mistake without compromising anything (as he can always format the disk and try again). My preference is to provide information to ease the transformation of the novice into an expert (and to do so without sending him back to school): that is precisely what I do with junior and intermediate programmers and software engineers, and what I would do if i were a system administrator (which is why I sometimes ask questions a novice system administrator would be able to answer). 2) If he hires an expert, whether as a permanent employee or a consultant, and a dispute develops, he becomes even more vulnerable because he has no clue as to what ought to be done and how. As you probably know, a significant proportion of attacks on information systems are due to disgruntled employees, and from an IT perspective, the most dangerous disgruntled employee, or contractor, is one who knows his way around the employer's information systems while the employer does not. The fact is that if I had a venture, and had a budget to hire an expert, I'd hire one, but supervise him or her closely. But the purpose, there though, is to let me attend to other things. It does not absolve me of the duty to understand what that expert is doing at least as well has he or she does. That is why I sometimes ask experts what books they'd recommend, or what web resources can be relied upon for information that will not lead me astray. Cheers Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org