On Wednesday 01 September 2010 12:52:40 erik quanstrom wrote: > > Also, a logical fallacy: Since X could sometimes be used to thwart Y, > > then Y is useless in all cases. > > i think the correct statement of the thinking (or > at least my thinking) is > > we want to assert X, but > since Y defeats X, we require !Y to assert X. > > in something closer to english, the assertion is that > if one requires a secure server, you've got to have physical > security. since there are too many easy ways to circumvent > most known security measures given physical access. > > i don't think this assertion has anything to say about > console locking, just that it doesn't solve the stated problem— > execepting, of course, if the data on non-volatile storage is > is encrypted and the key is lost on reboot. >
Well, security isn't a binary state; it exists within a spectrum: it's prudent and logical to utilize all means possible - and especially to cover the low hanging fruit. It could be said that a locked door is security theatre - because all it takes is a lockpick or crowbar to circumvent. Or that a helmet is useless, because it doesn't prevent death from blood-loss or shock sustained from other injuries. Console passwords are an effective and relevant _auxiliary_precaution_ , to be utilized in addition to the other available methods at one's disposal - and they're such a no-brainer... it seems like more of a questionably useful symbolic gesture to not include such a simple mechanism right out of the box as standard ops. BUT... that's all for me with regards to this debate - I don't want to get into it again. (c8= I know better than to argue on 9fans. <grin> Cheers! Corey
