From: Corey <corey@bitworthy.net>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] a few Q's regarding cpu/auth server
Date: Thu, 6 Aug 2009 22:04:23 -0700 [thread overview]
Message-ID: <200908062204.23944.corey@bitworthy.net> (raw)
In-Reply-To: <85c703317d78eeb4577945aa8c4b5470@proxima.alt.za>
On Thursday 06 August 2009 21:19:05 lucio@proxima.alt.za wrote:
<snip>
> If you think it's worth it, then you need to put your money where your
> mouth is.
>
Like I said:
"Anyhow... I guess there's no reason to argue/debate! Looks like I
have some options"
... and later:
"[...] plus, I've already been provided with solutions from which I can roll
my own."
> You are forgetting that the cost of security must be commensurate with
> the risk.
>
I'm forgetting what?
"The Plan 9 way of thinking (wrt the security of physical terminal access)
completely undermines, or somehow fails to recognize, the very real fact
that there is always a cost/risk effort/reward equation at play."
> When Plan 9 is popular enough for random visitors to desire to crack it,
> then the extra security will be worth the extra effort. Until then, we can
> all save ourselves the bother
>
Sheesh:
"I think the actual root of the situation, is simply that Plan 9 currently
tends to reside within domains with much more strict and secure
or trustworthy environments vs. being prevalent within the sphere of
the great unwashed masses of the industry where strong physical
security is either unobtainable, unaffordable, and/or unreliable at best."
> Am I remembering wrong that 2nd Edition had password control on CPU
> servers? I missed it briefly, then forgot about it. Oh, yes, the
> change arose from the new security infrastructure, Bell Labs did not
> have the resources to port it so they abandoned it. I adapted the old
> password check for something else, but what with NVRAM's failings and
> the effort involved, I never tried to get the CPU server to have a
> secured console.
>
I mention there are reasonable use-cases for a secured console on Plan 9
servers, and everybody attempts to show me why such a concept is completely
unnecessary.... but in fact it's simply a matter of Bell Labs and others not
having the resources to implement it in later editions. And in fact it was
a feature that previously existed.
> PS: Off the cuff, I'd say that adding auth/as to init(8) on a CPU
> server would be almost all that's needed, just like in Unix. So this
> discussion has been quite unnecessary.
>
Cool, it's a total no-brainer to implement; the discussion can end now.
next prev parent reply other threads:[~2009-08-07 5:04 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-07 4:19 lucio
2009-08-07 5:04 ` Corey [this message]
2009-08-08 4:26 ` lucio
-- strict thread matches above, loose matches on Subject: below --
2009-08-07 4:19 lucio
2009-08-07 4:55 ` Daniel Lyons
2009-08-08 4:08 ` lucio
2009-08-08 7:42 ` Daniel Lyons
2009-08-07 4:56 ` Corey
2009-08-07 4:19 lucio
2009-08-06 2:20 Corey
2009-08-06 2:42 ` Anthony Sorace
2009-08-06 6:15 ` Corey
2009-08-06 6:30 ` John Floren
2009-08-06 7:52 ` Corey
2009-08-06 8:19 ` Robert Raschke
2009-08-06 23:28 ` Corey
2009-08-07 0:01 ` John Floren
2009-08-07 0:14 ` ron minnich
2009-08-07 0:17 ` John Floren
2009-08-07 8:55 ` Steve Simon
2009-08-07 1:00 ` Corey
2009-08-06 10:33 ` Steve Simon
2009-08-07 1:34 ` blstuart
2009-08-07 2:50 ` Anthony Sorace
2009-08-07 12:37 ` Ethan Grammatikidis
2009-08-07 14:37 ` Anthony Sorace
2009-08-07 14:53 ` David Leimbach
2009-08-07 12:05 ` Ethan Grammatikidis
2009-08-07 12:29 ` Iruata Souza
2009-08-07 12:39 ` Ethan Grammatikidis
2009-08-07 13:02 ` Iruata Souza
2009-08-07 13:27 ` Ethan Grammatikidis
2009-08-07 14:44 ` Wes Kussmaul
2009-08-06 12:54 ` erik quanstrom
2009-08-06 15:16 ` David Leimbach
2009-08-06 11:47 ` erik quanstrom
2009-08-07 0:25 ` Roman Shaposhnik
2009-08-07 0:59 ` hiro
2009-08-07 3:04 ` Daniel Lyons
2009-08-07 3:36 ` John Floren
2009-08-07 9:51 ` erik quanstrom
2009-08-08 4:12 ` lucio
2009-08-07 1:29 ` blstuart
2009-08-10 10:06 ` Corey
2009-08-10 10:33 ` Steve Simon
2009-08-10 10:43 ` Corey
2009-08-10 16:01 ` ron minnich
2009-08-10 20:43 ` Corey
2009-08-11 1:18 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200908062204.23944.corey@bitworthy.net \
--to=corey@bitworthy.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).