Michael Moore aside, we're a lot closer on this issue than my previous post might have implied.
First off, I did not vote for Bush -- I lean much farther left. I think invading Afghansitan was the right thing to do. However, I think Iraq was a major screw up and Bush's handling of this without UN involvement did nothing but destroy any respect for US foreign policy.
I do not advocate violating borders on a whim or pre-emptively striking any country only because they are developing nuclear weapons and don't happen to like the US very much. We certainly didn't invade the USSR or China back in the cold war days.
However, the fact of the matter is that North Korea, by their own admission, has nuclear weapons and can probably stike the US west coast with them. Kim might just be nuts enough to try it. Taking measures to protect ourselves and limit the threat is prudent (damn, that kind of sounds like Bush, doesn't it?). If we have to play a little rough diplomatically and get our hands a little dirty, so be it. It should be clear that if North Korea uses those weapons against us, they will very quickly cease to exist.
I'll agree that there's quite a bit of hypocrisy with the US playing favorites with certain countries and not others over the same issues. I'll also agree that we created some of the mess. However, we really can't treat all countries the same. Like friendships, we have better relations with some countries than others. Some countries will never be our "friends". If you do not like the US, fine. But don't expect any favors.
I'd like to see the US move toward a more friendly foreign policy and try to patch some of these relationships. These days, the borders between countries are becoming much more transparent (i.e. China) and we should look toward building relationships -- not pissing everyone off.
WhoTF said that it is ok for the USA to have nukes but not ok for Iraq, NK or else?
Nobody.
And WhoTF asked the USA to enforce this?
Nobody.
Then whyTF do the USA dare to act like they had anything to say to anyone outside their own borders?
Because ICBMs tend to ignore borders. If some nutjob dictator is threatening you with them, then some reasonable precautions/politics/defenses are in order.
I'm thinking out loud here, but let's assume there is an account or role (lets call it Auditor) that is used to create admin accounts and can recover password/encryption keys. Ideally, this account would be separate from the admin accounts used to manage the system and be the only one with access to certain audit logs/resources/encryption keys.
This way, the Auditor account cannot manage the system or have root access to the file system, but it can recover encrypted data or create/delete admin accounts. On the other hand, the admin accounts cannot administer the Auditor account or delete audit logs, but can do just about anything else on the system.
Granted, there is nothing that prevents the Auditor from resetting an admin password or creating a new admin, but that can be tightly controlled and monitored by manual process. For example, the Auditor credentials are only known by the CIO and only used when needed with direct supervision. These credentials can also be sealed and locked up in case the CIO dies or something. Any other use of those credentials should immediately throw up red flags and launch black helicopters.
It would be nice if the OS enforced these roles, and I think that's what this discussion is all about.
Slashdot Mirror
Michael Moore aside, we're a lot closer on this issue than my previous post might have implied.
First off, I did not vote for Bush -- I lean much farther left. I think invading Afghansitan was the right thing to do. However, I think Iraq was a major screw up and Bush's handling of this without UN involvement did nothing but destroy any respect for US foreign policy.
I do not advocate violating borders on a whim or pre-emptively striking any country only because they are developing nuclear weapons and don't happen to like the US very much. We certainly didn't invade the USSR or China back in the cold war days.
However, the fact of the matter is that North Korea, by their own admission, has nuclear weapons and can probably stike the US west coast with them. Kim might just be nuts enough to try it. Taking measures to protect ourselves and limit the threat is prudent (damn, that kind of sounds like Bush, doesn't it?). If we have to play a little rough diplomatically and get our hands a little dirty, so be it. It should be clear that if North Korea uses those weapons against us, they will very quickly cease to exist.
I'll agree that there's quite a bit of hypocrisy with the US playing favorites with certain countries and not others over the same issues. I'll also agree that we created some of the mess. However, we really can't treat all countries the same. Like friendships, we have better relations with some countries than others. Some countries will never be our "friends". If you do not like the US, fine. But don't expect any favors.
I'd like to see the US move toward a more friendly foreign policy and try to patch some of these relationships. These days, the borders between countries are becoming much more transparent (i.e. China) and we should look toward building relationships -- not pissing everyone off.
WhoTF said that it is ok for the USA to have nukes but not ok for Iraq, NK or else?
Nobody.
And WhoTF asked the USA to enforce this?
Nobody.
Then whyTF do the USA dare to act like they had anything to say to anyone outside their own borders?
Because ICBMs tend to ignore borders. If some nutjob dictator is threatening you with them, then some reasonable precautions/politics/defenses are in order.
For that amount of money, I'd expect to see her in the passenger seat.
Although, I'm sure my wife would not agree.
If you call your staff normals, what do you call managers? Abnormals?
Works for me.
It helps separate responsibility.
I'm thinking out loud here, but let's assume there is an account or role (lets call it Auditor) that is used to create admin accounts and can recover password/encryption keys. Ideally, this account would be separate from the admin accounts used to manage the system and be the only one with access to certain audit logs/resources/encryption keys.
This way, the Auditor account cannot manage the system or have root access to the file system, but it can recover encrypted data or create/delete admin accounts. On the other hand, the admin accounts cannot administer the Auditor account or delete audit logs, but can do just about anything else on the system.
Granted, there is nothing that prevents the Auditor from resetting an admin password or creating a new admin, but that can be tightly controlled and monitored by manual process. For example, the Auditor credentials are only known by the CIO and only used when needed with direct supervision. These credentials can also be sealed and locked up in case the CIO dies or something. Any other use of those credentials should immediately throw up red flags and launch black helicopters.
It would be nice if the OS enforced these roles, and I think that's what this discussion is all about.
I'll shut up now.