From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from u2.inri ([107.191.125.208]) by pp; Wed May 20 16:47:14 EDT 2015
Date: Wed, 20 May 2015 14:46:43 -0400
From: sl@9front.org
To: 9front@9front.org
Subject: Re: [9front] proposal: disable most of /rc/bin/services/tcp* by default
Message-ID: <9501acf0d1f59f958a12fcb0aaba3371@u2.sfldmibb.det.wayport.net>
List-ID: <9front.9front.org>
X-Glyph: ➈
X-Bullshit: stateless basic WEB2.0 CSS firewall cache component
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

> i'm not against this, but what exactly is the problem? its not like
> these services are usable unless you have an actual account on the 
> auth server (and created a mailbox for the user in case of imap/pop3).

Potentially, Skynet connecting to open ports and wasting system
resources when the ports are not even being used for any legitimate
purpose. It's just bad practice to leave the windows broken, even if
you trust the security guard asleep at the desk inside.


> what we really want is a authorization scheme that would allow us to
> grant a user the services he can use on the system. right now its
> a all or nothing. if you have an account you can use every service
> in the network.

Yes. But why ship broken windows?

sl