Small world / breeding morons / a PAM-related rant / secular Christmas
It's a small world. That aphorism is in danger of becoming a cliché, but I keep being surprised. It appears I may soon be introduced to the son of a Computer Science researcher whose work is well known to me. It also turns out that one friend of mine once went out with another friend's sister, before any of us knew one another. Not bad for one week's addition to the pile of coincidences.
This story makes me despair. There should be some kind of law against being any of the people mentioned in it - the Ankh-Morporkian Being Bloody Stupid Act of 1581 ought to do the trick. Or maybe we should just nuke Mansfield from orbit.
We did better at the Bridge club last week than ever before - in the middle of the field. We're pretty good at getting a few very good results, but the problem is avoiding having them counteracted by very bad ones. At least we still seem to be improving.
I am getting ready to migrate one of our main servers in the office from OpenBSD to Debian, and I've realised something important: PAM scares me silly. It's of no use whatever to me, and looks like a pointless and unacceptable security risk. Since only a very few packages of any relevance to me try to use it, and they can all be recompiled from source to work in the traditional way, I am pondering trying to put together some kind of no-pam kit. This would be non-pam builds of assorted bits and pieces, plus a replacement PAM library that simply said no to everything. Actually, I'm tempted to be even more draconian than that, making a PAM replacement that emits a diagnostic to syslog then abort()s if used. Does anyone fancy helping? Is there any chance at all of getting Debian to take this on board officially?
More generally, I'm worried that in the wild scramble to make Linux everything that Windows is, people are losing sight of a lot of what used to make Linux good: the ability for competent people to configure things quickly and tersely without heaps of hand-holding; a structure that made it easy to understand everything your system was doing, all the time; inherent security, and an understanding that the secure way of doing something is normally the right way. The way things are going, if Linux ever seriously rivals Windows, the crackers will turn their attention to it and discover it's just as riddled with insecure-by-design crocks.
Security isn't easy. I have an 80-line program that I wrote to be absolutely as secure as possible, then had audited by three paranoid people; even then I discovered a flaw the following year. People are complicating the things they should be simplifying.
Finally, religious groups are getting upset that The Damned have been invited to switch on Cambridge's Christmas lights. I think they have to face the fact that Christmas is a secular as well as a religious festival.
This story makes me despair. There should be some kind of law against being any of the people mentioned in it - the Ankh-Morporkian Being Bloody Stupid Act of 1581 ought to do the trick. Or maybe we should just nuke Mansfield from orbit.
We did better at the Bridge club last week than ever before - in the middle of the field. We're pretty good at getting a few very good results, but the problem is avoiding having them counteracted by very bad ones. At least we still seem to be improving.
I am getting ready to migrate one of our main servers in the office from OpenBSD to Debian, and I've realised something important: PAM scares me silly. It's of no use whatever to me, and looks like a pointless and unacceptable security risk. Since only a very few packages of any relevance to me try to use it, and they can all be recompiled from source to work in the traditional way, I am pondering trying to put together some kind of no-pam kit. This would be non-pam builds of assorted bits and pieces, plus a replacement PAM library that simply said no to everything. Actually, I'm tempted to be even more draconian than that, making a PAM replacement that emits a diagnostic to syslog then abort()s if used. Does anyone fancy helping? Is there any chance at all of getting Debian to take this on board officially?
More generally, I'm worried that in the wild scramble to make Linux everything that Windows is, people are losing sight of a lot of what used to make Linux good: the ability for competent people to configure things quickly and tersely without heaps of hand-holding; a structure that made it easy to understand everything your system was doing, all the time; inherent security, and an understanding that the secure way of doing something is normally the right way. The way things are going, if Linux ever seriously rivals Windows, the crackers will turn their attention to it and discover it's just as riddled with insecure-by-design crocks.
Security isn't easy. I have an 80-line program that I wrote to be absolutely as secure as possible, then had audited by three paranoid people; even then I discovered a flaw the following year. People are complicating the things they should be simplifying.
Finally, religious groups are getting upset that The Damned have been invited to switch on Cambridge's Christmas lights. I think they have to face the fact that Christmas is a secular as well as a religious festival.