|Thomas Delrue on 12 Jun 2017 11:37:02 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] PI being targeted for malware|
On 06/12/2017 02:16 PM, Soren Harward wrote: > On Mon, Jun 12, 2017 at 12:42 PM Thomas Delrue <firstname.lastname@example.org> > wrote: > >> On 06/12/2017 11:48 AM, Anthony Martin wrote: >> Why do we still have to tell people not to use >> the default password or that they should use a strong pass-phrase (if >> you HAVE to use pass-phrases that is, instead of key-based or some other >> stronger authentication)? >> >> At what point can we just revoke someone's privilege of touching >> computing devices ever again until they complete some sort of education >> with a verified skills assessment? > > Because you can just as legitimately ask "Why do we still ship software > that poses a huge security risk in the default configuration when we know > full well that users cannot or will not follow basic setup instructions? At > what point do we revoke the privileges of software engineers until they > complete some kind of education with verified skills assessment in creating > software that's secure by default?" I get your point and it's a valid one, but if instructions are available (and in this case there are good instructions available) then the instructions are there for a reason. If they 'cannot' follow the instructions, then they have no business working with the product in any serious capacity. If they 'will not' follow the instructions, then they have no business working with the product in any serious capacity. When you fail to adhere to instructions (i.e. traffic laws) while driving, your drivers license will also be taken away from you. How is this different? What makes software different? At what point did we decide that it's OK to be incompetent to operate this piece of machinery? No-touchy on the metal-sheet stamping machine but go right ahead with this piece of software here... I don't think it is wrong to ask a bit more from our users. I've spent just a tad bit too much time working with individuals who actively and aggressively reject any instructions you give them and then continue to blame stuff going wrong on you.
Description: OpenPGP digital signature