Really?
Consider the consequences of this happening... again:
Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline. ...
One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key.
Now imagine an admin had performed a dist-style upgrade from Fedora 11 to 12 (install the F12 "release" RPM, then "yum update"), without knowing about this default change to his systems' security, because it would never have occurred to him that Fedora/RH could make such an incredible policy decision. A few days later the Fedora/RH servers are hacked (again), but this time they're not so lucky. Meanwhile, user "blogs" on the admin's network is told (by PackageKit) there are important security updates available, so he decides (without any malice) to go ahead and apply the updates. Thanks to this new "security" policy, he is able to do so, but unknown to him, he's just rooted the system, thanks to the injection of a modified (and re-signed) malicious package on the hacked Fedora/RH server. This malicious package begins by deactivating SELinux (root privileges), then proceeds to delivering it's malware payload across the entire system, and (depending on what's visible to the host) the rest of the network (perhaps also by E-mail).
Now you might think this would have happened anyway, even if it had been the admin who'd performed the update, but there are a few important differences:
The system(s) are supposed to be the admin's responsibility. This is a crucial point, even in a "home" network. Someone has to be delegated to take responsibility for the system(s), because otherwise the result is conflict and chaos. So if the admin screws up, then he only has himself to blame, and users who screw up, should not affect any other account, or the system at large
The admin has the ability to perform full system backups prior to deploying updates, so if things go wrong, then he has the ability to put them right. Users with selectively elevated privileges do not, and this is a potentially fatal combination
There needs to a clear separation of privileged from unprivileged access on a computer system, so that incident like the above don't happen. User "root" doesn't run X11, doesn't run a Web browser, doesn't play games, in fact doesn't do anything other than essential maintenance, and thus is not susceptible to certain attack vectors like social engineering. Unprivileged users are, but this doesn't matter because they are (or should be) unable to make any system-wide changes
Even on a single-user system, Fedora's new Windows-style (in)security policy is dangerous, counter-productive, and frankly insane.
Isn't it the other way round, since Blair has much more to gain. The UK is not exactly a superpower. Most people that I know over here in the UK feel we are turning into a third-world country. AFAICT it's already happened. However, it would appear that there are those who feel this is happening in the US as well, so maybe it's a global thing.
"And British culture is so bloody wonderful!"
I don't know who you're quoting, or paraphrasing (Bush I guess), but that isn't my view.
First and foremost, I consider myself a "Netizen". Then I'm Scottish. I'm not British, nor European - despite what is says on my passport.
Yeah, right, I'm gonna stand in the middle of Virgin or HMV with that list and compare it against every CD I look at... duh. The staff will think I'm stocktaking... or casing the joint for a midnight "visit".
Hm, well I could always dedicate a couple of days to memorising the list, I guess - or I could spend a couple of days watching paint dry. Tough choice.
I suppose the implication is that we're supposed to research the CDs before we go buy them. That's sad dude. That's worse than storing your CDs alphabetically.
Nah... here's the simplest solution - just keep stealing the fucking music like we've always done.
Yeah I know... I should fight the good fight, but sorry, I just can't be arsed.
Slashdot Mirror
This is a good thing.
Really? ... again:
Consider the consequences of this happening
Now imagine an admin had performed a dist-style upgrade from Fedora 11 to 12 (install the F12 "release" RPM, then "yum update"), without knowing about this default change to his systems' security, because it would never have occurred to him that Fedora/RH could make such an incredible policy decision. A few days later the Fedora/RH servers are hacked (again), but this time they're not so lucky. Meanwhile, user "blogs" on the admin's network is told (by PackageKit) there are important security updates available, so he decides (without any malice) to go ahead and apply the updates. Thanks to this new "security" policy, he is able to do so, but unknown to him, he's just rooted the system, thanks to the injection of a modified (and re-signed) malicious package on the hacked Fedora/RH server. This malicious package begins by deactivating SELinux (root privileges), then proceeds to delivering it's malware payload across the entire system, and (depending on what's visible to the host) the rest of the network (perhaps also by E-mail).
Now you might think this would have happened anyway, even if it had been the admin who'd performed the update, but there are a few important differences:
Even on a single-user system, Fedora's new Windows-style (in)security policy is dangerous, counter-productive, and frankly insane.
This is definitely not a good thing.
1. Print -> Fold -> Lick -> Stamp
2. Goto 1.
A small step for robotics, a giant leap for Snail-mail spamming :)
What American would ever use the word "arsed"?
A wonderful, but sadly neglected word :)
Oh, right, Bush sucking up to Blair.
Isn't it the other way round, since Blair has much more to gain. The UK is not exactly a superpower. Most people that I know over here in the UK feel we are turning into a third-world country. AFAICT it's already happened. However, it would appear that there are those who feel this is happening in the US as well, so maybe it's a global thing.
"And British culture is so bloody wonderful!"
I don't know who you're quoting, or paraphrasing (Bush I guess), but that isn't my view.
First and foremost, I consider myself a "Netizen". Then I'm Scottish. I'm not British, nor European - despite what is says on my passport.
How many labels are on that list?
Yeah, right, I'm gonna stand in the middle of Virgin or HMV with that list and compare it against every CD I look at ... duh. The staff will think I'm stocktaking ... or casing the joint for a midnight "visit".
Hm, well I could always dedicate a couple of days to memorising the list, I guess - or I could spend a couple of days watching paint dry. Tough choice.
I suppose the implication is that we're supposed to research the CDs before we go buy them. That's sad dude. That's worse than storing your CDs alphabetically.Nah ... here's the simplest solution - just keep stealing the fucking music like we've always done.
Yeah I know ... I should fight the good fight, but sorry, I just can't be arsed.