From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  3 15:29:42 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6610F10656B6
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Jun 2009 15:29:42 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id DF0FF8FC17
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Jun 2009 15:29:41 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from phenom.cordula.ws (phenom [192.168.254.60])
	by fw.farid-hajji.net (Postfix) with ESMTP id D32AE3540E;
	Wed,  3 Jun 2009 17:29:39 +0200 (CEST)
Date: Wed, 3 Jun 2009 17:29:39 +0200
From: cpghost <cpghost@cordula.ws>
To: Glen Barber <glen.j.barber@gmail.com>
Message-ID: <20090603152939.GF1988@phenom.cordula.ws>
References: <4ad871310906020843n3e7dc96ap28d5d622e844abf1@mail.gmail.com>
	<alpine.BSF.2.00.0906021757290.2065@wojtek.tensor.gdynia.pl>
	<20090603004914.73f40a60@gluon.draftnet>
	<alpine.BSF.2.00.0906030848330.49751@wojtek.tensor.gdynia.pl>
	<20090603091800.GA1177@phenom.cordula.ws>
	<alpine.BSF.2.00.0906031120260.50636@wojtek.tensor.gdynia.pl>
	<20090603102720.GB1349@phenom.cordula.ws>
	<alpine.BSF.2.00.0906031310420.51077@wojtek.tensor.gdynia.pl>
	<20090603133343.GB1988@phenom.cordula.ws>
	<4ad871310906030653o62d7e708w1a7be44334ab8dab@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4ad871310906030653o62d7e708w1a7be44334ab8dab@mail.gmail.com>
User-Agent: Mutt/1.5.19 (2009-01-05)
Cc: freebsd-questions@freebsd.org
Subject: Re: Open_Source
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2009 15:29:42 -0000

On Wed, Jun 03, 2009 at 09:53:07AM -0400, Glen Barber wrote:
> My colleagues never understood (nor do they to this day) my paranoia
> regarding security and untrusted code.  I always point them in the
> same direction:
> 
> http://cm.bell-labs.com/who/ken/trust.html

YES! An absolute classic. We're using it to teach sysadmin trainees
about trust and security very early on in their careers. Always
an excellent reminder.

Another perfect example that open source alone can't guarantee
security: I remember a CPAN perl module that used to warn you
that you shouldn't blindly install software as root without
checking it first. It didn't do anything harmful (really just
a 'warn'), but potentially, it could have wreaked havoc... at
least until someone spotted and reported it. I don't recall
exactly what module it was or if it is still in CPAN now, but
that was also a good reminder to be careful and use common
sense.

> Glen Barber
> http://www.dev-urandom.com
> http://www.linkedin.com/in/glenjbarber

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/