Privacy
Linas Vepstas
linas at linas.org
Wed Mar 17 18:00:14 EET 2004
Josh, great reply,
I'm crossposting to two desktop mailing lists ...
On Tue, Mar 16, 2004 at 08:56:57PM -0500, Josh Sled was heard to remark:
> On Tue, 2004-03-16 at 17:11, Charles Goodwin wrote:
>
> > On Tue, 2004-03-16 at 15:28, Linas Vepstas wrote:
> > > Yes, this was discussed to death on the gnucash mailing lists.
> > > -- encryption is not enough if your kid can still delete your data files.
> > > The point is really access control, not encryption per se.
> > > -- one should stick to OS-provided security mechanisms for many good reasons
> >
> > As you imply, this is the job of the OS and not of the application.
To emphasize:
-- the security part is the job of the OS, because only the OS
is in a position to handle file ACL's and etc.
-- the sysadmin part is the job of the desktop/desktop distro.
And I really mean people like Lindows and Xandros here; they
have to have to tools in place to automate this, and have
the infrastructure so that users are able to effectively
manage thier desktops, and they have to have the cultural slant
to make thier users comfortable with apps that need a password
login.
> That was the argument on gnucash-user.
> http://thread.gmane.org/gmane.comp.gnome.apps.gnucash.user/10141 is
> probably the best entry-point into the thread, there.
>
> > And besides, if somebody was that concerned about privacy they simply
> > would log out when they're finished and keep that user account private
> > and give the (presumably) family members their own user accounts.
>
> That -- very reasonably -- doesn't work for a large class of users. I
> hate logging out ... it stops my music, causes me to miss IRC scrollback
> buffers, kills my IM client... all sorts of badness.
Life ends without IRC scrollback, and my 8 year old shares my mp3
player with me. Logging out is not an option.
> > Creating yet another user really won't make the accounts more secure.
> > Just more obscurely located. I thought only MS practiced security
> > through obscurity? ;)
>
> Sure it will; as per your previous statement: using the OS ACL
> mechanisms is a very valid access-control mechanism, and is the one that
> should be respected.
>
> I think the idea is more a "gnome-standard" way to allow the paradigm of
> "use a different user for that purpose".
>
> In any case, it looks like there already is:
> http://sourceforge.net/projects/xsu/ though I hate it when a project's
> homepage goes away, or doesn't exist in the first place. :(
>
> [BTW, there's nothing wrong with security through obscurity ... it just
> can't be the _only_ security you have. Otherwise, pile on the
> obscurity to slow 'em down. ;) ]
I use obscurity to hide most of my stuff from my 8-year old.
I have no other choice, because the current gnome/linux desktop
just doesn't offer anything better. And so far, obscurity is
enough to hide things from him.
>
> ...jsled
>
> --
> http://www.asynchronous.org/ - `a=jsled; b=asynchronous.org; echo ${a}@${b}`
--
pub 1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas at linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984 3F54 64A9 9A82 0104 5933
More information about the xdg
mailing list