From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <60b700435d11446a1fd14ba560f0f45f@proxima.alt.za>
To: corey@bitworthy.net, 9fans@9fans.net
Date: Sat,  8 Aug 2009 06:26:15 +0200
From: lucio@proxima.alt.za
In-Reply-To: <200908062204.23944.corey@bitworthy.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] a few Q's regarding cpu/auth server
Topicbox-Message-UUID: 3dd2e4dc-ead5-11e9-9d60-3106f5b1d025

> "The Plan 9 way of thinking (wrt the security of physical terminal access)
> completely undermines, or somehow fails to recognize, the very real fact
> that there is always a cost/risk effort/reward equation at play."

Sure, but you used this against Plan 9 when you should have used it as
a stimulus for further investigation.  The Plan 9 developers added
factotum and the secstore and re-evaluated security out of necessity.
They highlighted what was already known, namely that physical security
is essential for real protection and based their efforts on this
discovery.  Merely acting on this principle was a break with tradition
for which they should be thanked, specially as they did not take away
the option to re-introduce the ability to pull the wool over the
system administrator's eyes.

You may do this if you want, I'd be curious to see what kind of
following you will find in this audience.

++L

PS: I think that illusion has some value in security, but the risk it
creates is much greater.  Like all security, what you see is more
important than what you have to dig to discover (a closed door is a
greater deterrent than an open one, even when it is unlocked).

PPS: The tone of your second reply suggests that my little barb had
much greater effect than you admitted.  Don't take it to heart, this
is a mailing list where the occasional insult becomes irresistible :-)