[vox-tech] User with root privileges

Michael Wenk vox-tech@lists.lugod.org
Mon, 24 Nov 2003 19:19:54 -0800 

On Monday 24 November 2003 05:26 am, rhonda@dirac.org wrote:
> On Mon 24 Nov 03,  2:39 AM, Michael Wenk <wenk@praxis.homedns.org> said:
> > On Sunday 23 November 2003 03:21 am, Peter Jay Salzman wrote:
> > > On Sun 23 Nov 03, 12:53 AM, Michael Wenk <wenk@praxis.homedns.org> said:
> > > > On Saturday 22 November 2003 06:51 pm, Peter Jay Salzman wrote:
> > > > > > > [snip]
>
> Pete said:
> > > > > you ain't administrating any machine that i own, that's for sure! 
> > > > > ;)
>
> Michael said:
> > > > Ya know, there's one thing that always makes me laugh, and that's
> > > > when a non professional gets all anal about their home system.  Get a
> > > > grip, the absolute worst thing that can happen is you have to spend
> > > > an hr or two reloading your system.   Its one thing to expend the
> > > > level of effort to learn about something, another thing to just do it
> > > > cuz you're afraid of being hacked.
>
> Pete said:
> > > you have to laugh because i value my system?!?
> > >
> > > that is one of most callous and non-professional things i've ever heard
> > > anybody claiming to be "system administrator" say.
>
> Michael said:
> > Funny that you are calling me unprofessional.  That is a good one.  Maybe
> > you ought to act the way
> >
> > And I am laughing because you are missing the obvious.  I wonder how good
> > the lock is on your door?  Or the door itself?  If someone wants your
> > data bad enough, its quite trivial to break in and steal the system
> > itself.  Remember kids, physical security is much more important than
> > data security.  And there's the added benefit that if your system is
> > physically stolen, you really are deprived of its use.  So then you're
> > screwed more ways than one.
>
> Hi there,
>
> (sorry everyone for the crappy snip and quote, i am in a rush and the
> message was getting too long.)
>
> I don't think this is such an obvious point. Let's suppose I am a
> researcher who does computational work. I have data at home, simulations
> running, etc. I am not worried that someone wants to steal my research
> enough to seek it out cuz there's no money in it. ;) but, it is my
> life's work, and very precious. Let's also suppose I am a bit lazy, and
> don't backup as often as I should, or maybe I do, but the backup is not
> as reliable as it should be, or maybe I have recent data that has not
> made it to my weekly backup. whatever.
>
> as i said before, no one would want to break into my house to steal my
> data specifically. but, i have some script kiddie who is sniffing around
> for a box to set up an IRC client, shuffle pron, or whatever. They
> happen to get into my system, and overwhelemed with their power, they
> may happen to delete my work. now they can brag about rooting me.
>
> maybe the situation is farfetched, maybe not. the point is, if i did not
> lock down my home system, i am opening myself to this, which i happen to
> think is much more likely than someone deliberately seeking me out,
> breaking in to my house, and taking my computer for my data.
>
> thankfully, i haven't begun my research yet. :)
> rhonda


Very valid scenario.  I have worked with people that have lost tons of work.  
In all cases it was not due to any system security(hardware or software) in 
the sense of maliciousness, but due to system failures.  That nice shiny 
linux box may be good, but what happens to your data if you have a drive 
crash, or an interface crash and your drive is garbage?  You're still 
"rooted" aren't you?  

So I ask you this, what will save you more in the long run?  Spending the time 
needed to really secure your system, or spending the time to instill proper 
backup discipline?  




-- 
wenk@praxis.homedns.org
Mike Wenk