[geeks] root equivalent user

[Kurt Huhn]

woods at weird.com (Greg A. Woods) wrote:

 
> Telling people not to use what are obviously bad tools and techniques
> _is_ constructive -- it could _prevent_ serious damage.  If people want

Only if you supplement it with what you believe is the correct method. 
Anything less is arrogance - plain and simple.

> to know the reasons why they shouldn't use bad tools and techniques as
> security solutions then they can easily enough ask or do their own
> research.  It is enough for me to initially warn of the problems and I
> only did that because I know damn well that these issues are generally
> so poorly misunderstood that most average people will follow the pied
> piper right over the brink.  I'm not participating in this discussion

It's not enough.  You assume people are using broken technology because they
don't know any better, yet you offer no nudges in the 'correct' direction. 
You think that based on your less than helpful input, people are going to
research the subject?  Give it a break - you can't possibly be that
arrogant. Or perhaps you can, which is why you offer nothing more than what
you do...

> just to hold everyone's hand and babysit.  If y'all want to have a
> meaningful discussion about something like this then that's fine, and if
> I find it interesting and if I have the time to spare then I'll
> participate.  However when all that's happening is bad answers to
> questions popping out of the blue, then I'm only going to jump in with
> quick corrections out of the blue.
> 

Hey, that's your choice.  Nobody here asked to be spoon-fed, but a pointer
in your 'right' direction would be nice.  We can read.  We can research. 
Links to infornmation are alwats appreciated.  If you find it interesting
enough to pop up with a statement about a stupid piece of software, you can
certainly give it the extra few seconds to provide information on the
'correct' way.  Unless you don't really want to participate, and would
rather just stir the fire from time to time.  Just my observation, Greg. 
More often than not, your posts seem meant to illicit an emotional reaction,
nothing more.

> I.e. if the questions have obviously had as much time and effort and
> thought put into them as I put into my previous reply then I will find
> the discussion a whole lot more engaging and I'm likely to give more
> detailed and interesting replies.  Now I don't want to put too much of a
> personal attack against the originator of this thread because _everyone_
> does the same thing all too regularly, but in this case I suspect if
> even a small amount of extra effort in background research had been used
> before posting the question then the right answer might have been
> obvious.  Of course in this case there are a couple of key and

So two wrongs make a right?  Why worsen a situation that you think is so bad
by providing less info, or confusing the situation even more.  How is that
helpful?  Why not elevate the conversation to your level instead of sinking
to ours?  Hmmm?

> fundamental concepts that are a lot harder to learn, such as the unix
> security model and the concept of the superuser and how that all fits
> together.  There's lots of information about all this stuff readily
> available on the WWW and in many books and magazines, but of course as
> with every subject, especially on the WWW, not all of this info is good
> and correct.
> 

If you think the original poster didn't fully research the subject, why not
provide some links to material?  Help along that research instead of
hindering it with unhelpful remarks. 

> 
> If "good enough" is good enough then there would not have been a
> question in the first place because the answer would have been glaringly
> obvious to even a non-techie.  However there was a question and people
> started answering with what I've called "stupid", and perhaps damaging,
> and definitely totally inappropriate advice:  technical approaches to a
> relationship problem, and technical approaches that create more problems
> than they could ever solve.
> 

Then help out, Greg.  How else do you hope to ever bring someone to your
level of enlightnment and knowledge?  Buddha taught, he didn't expect others
to somehow gain enlightenment without help.

> Perhaps you don't understand just how critical good systems security is
> in _all_ cases where _any_ level of security is necessary.  I would
> recommend that anyone wondering what I'm talking about read and _re-read_
> Bruce Schneier's "Secrets & Lies", cover-to-cover, twice at least.
> 

Ad Hominem attack.  Apparently what's good for the goose is not good for
you, Greg.  You complained that someone had launched an Ad Hominem attack
your way, yet here you are calling in to question my knowledge of the Unix
security model - a subject that I have not brought up, and a discussion I
have not entered into.  I asked that you be helpful, I have not otherwise
contributed to the current thread.  For what it's worth, Secrets and Lies is
sitting right here on my desk, and I have read it a few times - some
portions several times.

-- 
Kurt
kurt at k-huhn.com