Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!bbn!bbn.com!cosell
From: cosell@bbn.com (Bernie Cosell)
Newsgroups: comp.misc
Subject: Re: Ten Commandments of Personal Computing
Message-ID: <43611@bbn.COM>
Date: 1 Aug 89 17:41:46 GMT
References: <66667@yale-celray.yale.UUCP> <1393@helios.mmsac.UUCP> <1005@unify.UUCP> <68274@yale-celray.yale.UUCP>
Sender: news@bbn.COM
Reply-To: cosell@BBN.COM (Bernie Cosell)
Organization: Bolt Beranek and Newman Inc., Cambridge MA
Lines: 52

In article <68274@yale-celray.yale.UUCP> Horne-Scott@cs.yale.edu (Scott Horne) writes:
}In article <1005@unify.UUCP>, jde@unify (Jeff Evarts) writes:
}> In article <1393@helios.mmsac.UUCP> eben@mmsac.UUCP (Eben R.S. Visher) writes:
}> >[...] if you don't want it seen, then RSA or
}> >DES it (of course, if you simply crypt(1) it, you're inviting someone
}> >to spend 7 minutes with Crypt Breaker's Workbench).
}> 
}> Okay, there are no smileys here, so I'm assuming you meant what you said.
}> ABSOLUTELY NOT!  This is frankly rediculous. This kind of "If I CAN do it,
}> it must be OK with you" attitude is a real problem in today's computer
}> industry.
}
}I see what you mean, but I don't think that Eben Visher meant that.  It seems
}that that remark about `crypt' was made as a warning about security, not as a
}suggestion that people should be allowed to browse ~/personal/top_secret.crypt
}just because the decryption method is well-known.

That's not what he said: what he *said* was that if it has read access
you can *expect* people to feel free to browse.  That if you encrypt it
you can *expect* people to try to crack the encryption.... sounds like
a nice professional place to work.  And the implication about
encryption was even more ominous: it says that in HIS shop. *so* many
people have root/operator/whateverforhisopsys privileges that you can't
even trust PERMISSIONS!  [if you think there is some other way to
interpret that, you or he can let me know].

}> The
}> idea that I would have to encrypt a file to keep a coworker out of it
}> really scares me. This is not the way things should be run.
}
}Does the idea that you should have to use a password scare you?  How about the
}idea that you should have to lock your door?  Take your keys out of the car?
}Seal your envelopes?  Hide your valuables?

Yeah, it does... I don't think I could work at a place that requires
the kind of aggressive paranoia that Eben apparently engenders and
encourages in his shop.  I don't lock my office door much, I don't
tamper-proof-seal interoffice memos, I don't have the hifi in my office
bolted down to its table.  That EVERY time I take my eyes off of my
attache case I can be assured taht some will be seeing if they can pick
the lock; that every time I step out of my office I can expect that
unless I lock my desk someone will rifle through it to see if there is
anything interesting (and heaven forfend I should leave my attache
case, or desk, or office door unlocked -- that means 'open season',
right?).  What is so special about a person's computer files that
doesn't entitle them to the same respect and privacy that you would
give to anything else of theirs?

   __
  /  )                              Bernie Cosell
 /--<  _  __  __   o _              BBN Sys & Tech, Cambridge, MA 02238
/___/_(<_/ (_/) )_(_(<_             cosell@bbn.com