[vox-tech] User with root privileges

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Mon, 24 Nov 2003 05:26:15 -0800 

On Mon 24 Nov 03,  2:39 AM, Michael Wenk <wenk@praxis.homedns.org> said:
> On Sunday 23 November 2003 03:21 am, Peter Jay Salzman wrote:
> > On Sun 23 Nov 03, 12:53 AM, Michael Wenk <wenk@praxis.homedns.org> said:
> > > On Saturday 22 November 2003 06:51 pm, Peter Jay Salzman wrote:
> > > > > > [snip] 
Pete said:
> > > > you ain't administrating any machine that i own, that's for sure!  ;)
> > >
Michael said:
> > > Ya know, there's one thing that always makes me laugh, and that's when a
> > > non professional gets all anal about their home system.  Get a grip, the
> > > absolute worst thing that can happen is you have to spend an hr or two
> > > reloading your system.   Its one thing to expend the level of effort to
> > > learn about something, another thing to just do it cuz you're afraid of
> > > being hacked.
> >
Pete said:
> > you have to laugh because i value my system?!?
> >
> > that is one of most callous and non-professional things i've ever heard
> > anybody claiming to be "system administrator" say.
> 
Michael said:
> Funny that you are calling me unprofessional.  That is a good one.  Maybe you 
> ought to act the way 
> 
> And I am laughing because you are missing the obvious.  I wonder how good the 
> lock is on your door?  Or the door itself?  If someone wants your data bad 
> enough, its quite trivial to break in and steal the system itself.  Remember 
> kids, physical security is much more important than data security.  And 
> there's the added benefit that if your system is physically stolen, you 
> really are deprived of its use.  So then you're screwed more ways than one. 

Hi there,

(sorry everyone for the crappy snip and quote, i am in a rush and the
message was getting too long.)

I don't think this is such an obvious point. Let's suppose I am a
researcher who does computational work. I have data at home, simulations
running, etc. I am not worried that someone wants to steal my research
enough to seek it out cuz there's no money in it. ;) but, it is my
life's work, and very precious. Let's also suppose I am a bit lazy, and
don't backup as often as I should, or maybe I do, but the backup is not
as reliable as it should be, or maybe I have recent data that has not
made it to my weekly backup. whatever.

as i said before, no one would want to break into my house to steal my
data specifically. but, i have some script kiddie who is sniffing around
for a box to set up an IRC client, shuffle pron, or whatever. They
happen to get into my system, and overwhelemed with their power, they
may happen to delete my work. now they can brag about rooting me.

maybe the situation is farfetched, maybe not. the point is, if i did not
lock down my home system, i am opening myself to this, which i happen to
think is much more likely than someone deliberately seeking me out, breaking
in to my house, and taking my computer for my data.

thankfully, i haven't begun my research yet. :)
rhonda