lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.33.0302092206090.874-100000@stratigery.local>
From: eballen1 at qwest.net (Bruce Ediger)
Subject: SQL Slammer - lessons learned (fwd)

On Mon, 10 Feb 2003, Steve Wray wrote:

> One word. Ok two;
> Driving Test.
>
> Do you have a driving license?
> Did you buy it from a shop or did you have to demonstrate
> an acceptable level of competence?
>
> Who administers it?

Holy Crap.  You've got to be kidding.  What an insane analogy.

First, the typical driver's license proves next to nothing about the
person who obtains it.  The test has very little to do with day-to-day
safe driving.  Go to any high school parking lot in the USA and watch
legally licensed drivers perform hair raising maneovers at 3:30pm any
school day to verify this.  So, NO, you don't have to demonstrate
an acceptable level of confidence.

Second, the testing is administered by people without wisdom.  I refuse to
let my competence at anything be judged by some mean-spirited weenie like
a driver's license bureau person ever again.

Third, I got my driver's license 2 states, 7 cars and 24 years ago.  Do you
imagine that any skills demonstrated by the person I used to be have any
bearing on how I drive today?

In the USA, driver's licenses don't serve their nominal purpose very well.
They're used more as an internal passport and a method of control, rather
than a way to regulate who gets to drive and who doesn't.

All that some state- or nationally-certified "internet license" would do
is put in place extremely arbitrary control over who gets to run a server.
Security would not increase one jot or tittle.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ