SuperQ wrote:
> Apparmor is not overrated.  Apparmor is a very easy to understand
> jail system.  


Sorry, can't agree. I learned the hard way when I wrote crypto software
for CyberCash. You may have heard of CyberCash, we invented how to move
money over the internet, which enabled ecommerce.

Consumers want convenience, not security.

CyberCash got it wrong.


If its very easy to understand, why doesn't it "just work"?
I posit that its because it is not "very easy to understand"

>  It's new so people are still taking a bit to get used
> to it, and do the wrong thing just like they do everywhere when it
> comes to security enhancments.  "Oh god, security makes it not work,
> it must be broken, turn it off."  This is a boneheaded way of
> thinking.

Apparmor has it wrong. Not as badly as CyberCash did, (they folded). But
 it was wrong to release a security product and put it in widespread use
until developers "get used to it"

If the security is mis-configured, the normal reaction of consumers is
to turn the damn thing off. Boneheaded or not, its how the world works.
If you want to introduce security, you have to do it so that users are
not tempted to turn the thing off.

Vista's User Account Control got it wrong. So badly that Apple ran TV
ads about the Secret Service dude asking you for OK for every command.

The facts are that SqueezeCenter's installation scripts failed when
using apparmor, and folks not only were tempted to, but did, turn it
off. This is a massive fail of apparmor and squeezecenter, not of the
consumers trying to use it.


-- 
Pat Farrell
http://www.pfarrell.com/

_______________________________________________
unix mailing list
[email protected]
http://lists.slimdevices.com/lists/listinfo/unix

Reply via email to