SuperQ wrote: > Apparmor is not overrated. Apparmor is a very easy to understand > jail system.
Sorry, can't agree. I learned the hard way when I wrote crypto software for CyberCash. You may have heard of CyberCash, we invented how to move money over the internet, which enabled ecommerce. Consumers want convenience, not security. CyberCash got it wrong. If its very easy to understand, why doesn't it "just work"? I posit that its because it is not "very easy to understand" > It's new so people are still taking a bit to get used > to it, and do the wrong thing just like they do everywhere when it > comes to security enhancments. "Oh god, security makes it not work, > it must be broken, turn it off." This is a boneheaded way of > thinking. Apparmor has it wrong. Not as badly as CyberCash did, (they folded). But it was wrong to release a security product and put it in widespread use until developers "get used to it" If the security is mis-configured, the normal reaction of consumers is to turn the damn thing off. Boneheaded or not, its how the world works. If you want to introduce security, you have to do it so that users are not tempted to turn the thing off. Vista's User Account Control got it wrong. So badly that Apple ran TV ads about the Secret Service dude asking you for OK for every command. The facts are that SqueezeCenter's installation scripts failed when using apparmor, and folks not only were tempted to, but did, turn it off. This is a massive fail of apparmor and squeezecenter, not of the consumers trying to use it. -- Pat Farrell http://www.pfarrell.com/ _______________________________________________ unix mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/unix
