Sure, John, I'm serious. Let's weigh the gains and the risks. Let's also look at some countermeasures for the risks.
What can be lost? In a world full of cable modem zombies, show me the harm of someone taking over another computer that happens to be in a library. Specifically, what new risk would you expose the patron to? Because of poor current security, I imagine that most libraries already have compromised systems. People like John Ashcroft already think they own the information. Patrons worried about their privacy are welcome to use the guest account. If you are worried about gaining the ire of publishers, you are too late because they already hate libraries. What I propose is much less difficult than posting to the world at large. I'm talking about a system limited to people who have actually walked into the building and proved their residence nearby. What is to be gained? Lots. The services I mentioned would be a real benefit to library patrons. This is the kind of computing that people are coming to expect. It is going to be delivered. One way to protect patron privacy is to not remember who has what account. This can be accomplished by remembering that a patron has an account but not it's name or creation date. The patron could be given a temporary name and password that they can change with reasonable instruction. Anyone breaking into the system would need additional information, such as cell phone location or email contacts, to know what accounts belong to what user. Anyone who has that much already can break through anything I can imagine. I don't need to put a box outside my firewall. I'm sure that the pros can already break through anything I put up. I'll bet that even yahoos like you and Dustin can break through my poor little 486 without much effort. Help me out, what am I missing? I understand that giving people shell accounts increases vulnerability. I know that sophisticated users can use local exploits to gain root. What I don't see is the harm in it that merits the loss of all that can be had. It seems that a system can be designed that assumes it will be broken anyway and protect the things that will be lost before it happens. On Thursday 06 May 2004 07:43 pm, John Hebert wrote: > The term "hax0r heaven" comes to mind here. > > C'mon Will, are you serious? Libraries are very > concerned with the legal issues concerning information > technology and privacy. Linux is not as secure as you > might think, especially if someone has local access to > your machine. > > Let me put it this way: why don't you put one of your > Linux boxes outside of your firewall and then post a > message to alt.warez.never.enough.drive.space that you > are offering free accounts? I'm sure you will learn a > lot. > >
