[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing from L4 to something else...

From: Jonathan S. Shapiro
Subject: Re: Changing from L4 to something else...
Date: Sun, 30 Oct 2005 13:16:05 -0500

On Sun, 2005-10-30 at 18:58 +0100, Bas Wijnen wrote:
> On Sat, Oct 29, 2005 at 04:10:19AM +0200, Yoshinori K. Okuji wrote:
> > On Friday 28 October 2005 07:10 pm, Jonathan Shapiro wrote:
> > > It is a curious thing that people simultaneously want safety from the 
> > > admin
> > > and help from them. Sometimes you have to pick one or the other.
> > 
> > You are right. Fortunately or unfortunately, this is the truth. So I 
> > repeatedly claim that balancing is the key point in making decisions.
> Still, telling people "I am the owner of this computer, you can use it, and I
> am not technically able to spy on you or change your things, except if you
> give me your password" should be understandable for "normal" people.  When
> they know this, they will also know that asking the the owner to change their
> data without remembering their password will result in a negative response.
> They may not like that, but I think they consider it a good idea to be
> protected from the sysadmin.  And if they don't, nothing stops them from
> installing a back door for him.  That is, this can be realised on a per-user
> basis.  That sounds like a good idea to me. :-)

Indeed. There is nothing wrong with an "I trust my administrator" bit
somewhere in the per-use profile information, as long as this bit cannot
be altered by the administrator.

The question will then come down to: which way should this bit be set by
the account creation software?  There is no one correct answer, and my
personal preference in the absence of a correct answer is to configure
for stronger privacy by default.

By the way, there is an additional argument in favor of "default to
privacy". The administrator can also say to law enforcement: "I had no
technical means to restrict the actions of this user, and I therefore am
not liable for them." This is why your phone company cannot be sued if
you plan a murder over the phone.

Configurability here is a liability (literally) as well as a benefit.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]