> -----Original Message----- > From: Alan P. Laudicina [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 19, 2000 4:09 AM > To: Marcus Brinkmann > Cc: Debian Hurd list > Subject: Re: "Small" Bug - silly question again > > > On Thu, Mar 16, 2000 at 08:41:59PM +0100, Marcus Brinkmann wrote: > > On Thu, Mar 16, 2000 at 07:59:15PM +0100, Zsombor Gergely wrote: > > > Everybody seems to know what the login shell is useful for. > > > I am an unfortunate exception. Please, explain me this! > > > > You are desperately in need for a shell, to read your email (via IMAP), > > browse the net, check a domain name, or whatever. A machine is nearby > > running the Hurd. > > > > You go to the machine and use it. > > > > Thanks, > > Marcus > > > > Ok, I started this thread, and I think it's time I make another comment > here. I see your example here, someone needing a shell to read email or > browse the net, check a domain, etc. Here's scenerio #2: Evil Cracker > at the university needs a shell he can use to telnet into a machine he > has obtained the passwords to illegally. A machine is nearby running > the Hurd....... Think about it. Sure, the idea of it is revolutionary, > but should it really be included by default on every installation of > the Hurd? I think there should at least be in option in the installation. >
Or, Evil Cracker #3 wants to use an obscene amount of bandwidth to browse the web to run MPEGS of porno and pirated MP3s, stuff that he would get nailed for using his own account... as is the case at most universities right now. Perhaps when bandwidth is cheaper, this really won't matter. I think the concept of an open shell is interesting -- God knows I could have used it many times, and it's actually a lot *more* secure than leaving yourself logged in all the #$%(*^ time, which most people aren't supposed to do (but still do anyway). It redefines exactly *why* one has to log in. The configuration is also minimal. The open shell will probably be implemented initially, but it will be one of those ideas that is dropped because people are used to doing it the old way. The potential for abuse is high -- *however*, it DOES allow a great amount of *freedom* because no one *has* to be logged in. The industry is moving toward complete and total accountability for every single person, and everyone needs to have a login so they can be tracked and cookied and labeled and put into nice, neat little boxes. ;-) Of course, tell that to the Feds when they confiscate your Hurd servers for being part of the link in a "Denial-of-Service" attack. Best wishes, Lucas -- Lucas C. Wagner President & CEO, Spindletop Software Dynamics, Inc. (SSDI) Box 390654 Cambridge, MA 02139 ph: 617-308-7789 e: [EMAIL PROTECTED]
