Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!cs.utexas.edu!usc!csun!csusac!mmsac!bob From: bob@mmsac.UUCP (Bob Brown) Newsgroups: comp.misc Subject: Re: Ten Commandments of Personal Computing Message-ID: <1411@luna.mmsac.UUCP> Date: 2 Aug 89 17:16:06 GMT References: <66667@yale-celray.yale.UUCP> <1393@helios.mmsac.UUCP> <1005@unify.UUCP> Organization: Martin Marietta Data Systems, Sacramento Lines: 46 In-reply-to: jde@unify.UUCP's message of 31 Jul 89 23:33:31 GMT >>Scott Horne hit it on the head: read permission to my files is >>implicit permission to browse. >I disagree, but what follows is what I really contest... >>[...] if you don't want it seen, then RSA or >>DES it (of course, if you simply crypt(1) it, you're inviting someone >>to spend 7 minutes with Crypt Breaker's Workbench). >Okay, there are no smileys here, so I'm assuming you meant what you said. >ABSOLUTELY NOT! This is frankly rediculous. This kind of "If I CAN do it, >it must be OK with you" attitude is a real problem in today's computer >industry. Gee, With an attitude like that, worms & viruses are completely >allright, because you were stupid enough to have an insecure system The >idea that I would have to encrypt a file to keep a coworker out of it >really scares me. This is not the way things should be run. Just because >you didn't lock your door, it's okay for me to come inside and watch TV >in your house? BULL! (My excuse: Well, you didn't stop me, and I wasn't >hurting anything...) The analogy sounds good but I'm afraid it doesn't hold up. The house is the computer, your files are simply desks and rooms in the house. To get into the house, someone must have the key (password). The point is that the door is locked and the person coming in has a key. Anything you leave laying around will probably be read. No one would be so impolite as to touch your stuff, but your roommates (other users) will probably read your mail if you leave it on top of your desk for all to see. The phrase "stupid enough to have an insecure system" is a bit much. In order for computers to be useful, people need to have access to them. We know the design of the system well enough to know that if a file (directory) has read access -- Joe Guest can browse. When something really needs to be secure, you give out less keys, you make special rules for this house (in advance) and you lock your desks and rooms. Worms and viruses would be more like having your roommates take an ax to your desk or burn your papers or break into your locked rooms and desks. It's clear that this is vandalism -- which mom (sys admin) would not and should not tolerate. 'nuff said bb