On Wed, Jun 03, 2009 at 09:53:07AM -0400, Glen Barber wrote: > My colleagues never understood (nor do they to this day) my paranoia > regarding security and untrusted code. I always point them in the > same direction: > > http://cm.bell-labs.com/who/ken/trust.html
YES! An absolute classic. We're using it to teach sysadmin trainees about trust and security very early on in their careers. Always an excellent reminder. Another perfect example that open source alone can't guarantee security: I remember a CPAN perl module that used to warn you that you shouldn't blindly install software as root without checking it first. It didn't do anything harmful (really just a 'warn'), but potentially, it could have wreaked havoc... at least until someone spotted and reported it. I don't recall exactly what module it was or if it is still in CPAN now, but that was also a good reminder to be careful and use common sense. > Glen Barber > http://www.dev-urandom.com > http://www.linkedin.com/in/glenjbarber -cpghost. -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"