[techtalk] About prettyphysicslady on the linuxchix techtalk list...

Sun May 13 11:40:24 EST 2001

Coinneach MacSandair wrote:

> First, PrettyPhysicsLady is NOT being unreasonable.  It IS a back 
> door.  And we're not talking about using boot floppies or recovery CD's 
> or cracking the stupid case to erase the CMOS to override the BIOS 
> password here -- we're talking about a serious mistake in the default 
> shipping configuration of the operating system that is big enough to 
> drive a bloody MacTruck through.  A complete newbie can have 
> unchallenged root access to nearly any Linux box within 30 seconds 
> without any hardware related measures at all.

Um - 

1) it DOES involve hardware. It's only possible from the console.
If you have a single-user computer, it is its own console. But it does
require console access.

2) It's only the default shipping configuration of SOME distributions.
It's not default to all distributions. 

3) Noone has yet clarified why you're bothered about someone you invite
into your house having access to your system. If you don't trust someone,
why did you invite them into your house?

4) I still consider it a default-configuration and/or documentation
error. I still consider the *option* of single-user mode to be highly
valuable .. but if you're after a *secure* system, yes you want it
off by default.

> It is entirely relevant to bring up Windows in comparison -- linux is 
> directly vying with windows as a platform in the corporate workplace. 

But not as a marketing thing - I, at least, don't particularly 
care whether it 'makes it' in the corporate workplace.

> Suppose you or someone you know has been considering converting a small 
> mom and pop business (substitute whatever you like here -- insurance 
> company, NSA office, accounting firm, bank etc) over to linux because of 
> its performance and stability -- that decision must now be tempered with 
> the knowledge that you it isn't EVEN AS SAFE to leave a linux box out in 
> public as it is to leave a Windows box there. 

Hm. I haven't found a windows box which protects the system-
administration aspects at all, yet. Mind you, I've not used anything
later than '98.

And if you're going to leave a computer in a public area, surely you're
going to learn the basic security prevention things about that system, 
or hire someone who knows to set it up? 

The secure free Unixes, btw, are the *BSDs and Debian. Get one of the 
active sysadmins on this list to give their recommendations, if it 
bothers you as much as it seems to.

NOTE: the reason I am not personally giving the recommendations is that
(Duh) I Do Not Know It All. I'd probably give a bad recommendation. :)

> Fourth,  perhaps you should think a bit harder about what you are doing 
> when you make sexist remarks about the presumed physical appearance and 
> social habits of female scientists on women's forum of all places? 

Actually, it struck me as reasonable to assume that someone who
openly used 'prettyphysicslady' as a 'net address EITHER had not 
had experiences which I find common on the 'net, OR wasn't bothered
by the them, OR wasn't female. 

And the kind of experiences I've had, I'd find it strange for people
to not be bothered by. 

Jenn V.
-- 
     "Do you ever wonder if there's a whole section of geek culture
             you miss out on by being a geek?" - Dancer.

jenn at simegen.com     Jenn Vesperman     http://www.simegen.com/~jenn/