On Wed, Jun 03, 2009 at 09:53:07AM -0400, Glen Barber wrote:
> My colleagues never understood (nor do they to this day) my paranoia
> regarding security and untrusted code.  I always point them in the
> same direction:
> 
> http://cm.bell-labs.com/who/ken/trust.html

YES! An absolute classic. We're using it to teach sysadmin trainees
about trust and security very early on in their careers. Always
an excellent reminder.

Another perfect example that open source alone can't guarantee
security: I remember a CPAN perl module that used to warn you
that you shouldn't blindly install software as root without
checking it first. It didn't do anything harmful (really just
a 'warn'), but potentially, it could have wreaked havoc... at
least until someone spotted and reported it. I don't recall
exactly what module it was or if it is still in CPAN now, but
that was also a good reminder to be careful and use common
sense.

> Glen Barber
> http://www.dev-urandom.com
> http://www.linkedin.com/in/glenjbarber

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to