From: Corey <corey@bitworthy.net>
To: 9fans@9fans.net
Subject: Re: [9fans] how to lock cpu console
Date: Wed, 1 Sep 2010 13:23:14 -0700 [thread overview]
Message-ID: <201009011323.14673.corey@bitworthy.net> (raw)
In-Reply-To: <a871f53b5e7efc43e3707ab2771b53a7@coraid.com>
On Wednesday 01 September 2010 12:52:40 erik quanstrom wrote:
> > Also, a logical fallacy: Since X could sometimes be used to thwart Y,
> > then Y is useless in all cases.
>
> i think the correct statement of the thinking (or
> at least my thinking) is
>
> we want to assert X, but
> since Y defeats X, we require !Y to assert X.
>
> in something closer to english, the assertion is that
> if one requires a secure server, you've got to have physical
> security. since there are too many easy ways to circumvent
> most known security measures given physical access.
>
> i don't think this assertion has anything to say about
> console locking, just that it doesn't solve the stated problem—
> execepting, of course, if the data on non-volatile storage is
> is encrypted and the key is lost on reboot.
>
Well, security isn't a binary state; it exists within a spectrum:
it's prudent and logical to utilize all means possible - and especially
to cover the low hanging fruit.
It could be said that a locked door is security theatre - because all
it takes is a lockpick or crowbar to circumvent. Or that a helmet
is useless, because it doesn't prevent death from blood-loss or
shock sustained from other injuries.
Console passwords are an effective and relevant _auxiliary_precaution_ ,
to be utilized in addition to the other available methods at one's
disposal - and they're such a no-brainer... it seems like more of
a questionably useful symbolic gesture to not include such a
simple mechanism right out of the box as standard ops.
BUT... that's all for me with regards to this debate - I don't want
to get into it again. (c8= I know better than to argue on 9fans. <grin>
Cheers!
Corey
next prev parent reply other threads:[~2010-09-01 20:23 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-31 14:20 baux80
2010-08-31 14:31 ` Robert Raschke
2010-08-31 14:55 ` John Floren
2010-08-31 15:04 ` erik quanstrom
2010-08-31 15:25 ` David Leimbach
2010-08-31 15:25 ` Skip Tavakkolian
2010-08-31 18:18 ` Francisco J Ballesteros
2010-08-31 19:54 ` andrey mirtchovski
2010-08-31 20:45 ` Skip Tavakkolian
2010-09-01 4:21 ` Federico G. Benavento
2010-09-01 4:44 ` John Floren
2010-09-01 15:11 ` erik quanstrom
2010-09-01 16:57 ` Federico G. Benavento
2010-09-01 17:22 ` erik quanstrom
2010-09-01 17:44 ` John Floren
2010-09-01 18:14 ` erik quanstrom
2010-09-01 18:31 ` John Floren
2010-09-01 18:51 ` erik quanstrom
2010-09-01 19:41 ` John Floren
2010-09-01 18:24 ` frank
2010-09-01 17:56 ` Federico G. Benavento
2010-09-01 10:09 ` baux80 at gmail.com
2010-09-01 10:09 ` baux80
2010-09-01 9:56 ` baux80 at gmail.com
2010-09-01 9:56 ` baux80
[not found] ` <E1Oqk2g-0003Ze-1W@gouda.swtch.com>
2010-09-01 19:14 ` Corey
2010-09-01 19:52 ` erik quanstrom
2010-09-01 20:23 ` Corey [this message]
2010-09-01 9:48 ` baux80 at gmail.com
2010-09-01 9:48 ` baux80
[not found] <E1OqRh3-0005IS-Hi@gouda.swtch.com>
2010-08-31 14:29 ` erik quanstrom
-- strict thread matches above, loose matches on Subject: below --
2010-08-31 14:20 baux80 at gmail.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201009011323.14673.corey@bitworthy.net \
--to=corey@bitworthy.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).