Hello,
on 17.03.2017 08:10, Mayuresh Kathe wrote:
i just installed 6.0 amd64 and rebooted the machine after creating
/etc/hostname.iwn0.
the boot script(s) issued a warining related to the permissions on the above
file.
they mentioned "hostname.iwn0 is insecure, fixing it".
that word should not be insecure, but should be "unsecured".
after all, "insecure is a feeling, while unsecured is a _state_".
At the risk of getting yelled at for engaging in linguistic discussion
here (we're not talking about a technical problem, after all) ...
A) Let's look at the OED (Oxford English Dictionary), which is nice in
that it documents the historical usage of words and their meanings in
the respective contexts. It lists, as the first meaning of "insecure",
the following:
"wanting assurance, confidence, or certainty; uncertain; without
certainty of (something)"
(from the references, which I'll not quote, it is clear that this word
meaning refers to the feeling of insecurity)
With this specific meaning, the word has been in use since the year
1649. In modern psychology, the word has been in use since 1935.
BUT - the OED also lists a second meaning which has been in use for a
long, long time:
"2. Unsafe; exposed to danger; not firm; liable to give way, fail, or
be overcome"
Here, I will quote the references from the OED - the numbers at front
being the year the word was first found in literature:
"1655 H. L'Estrange Reign King Charles 56 So in-secure did
overmuch security make them.
1706 Phillips's New World of Words (new ed.) Insecure, that is
not secure, or out of Danger, unsafe.
a1808 Hurd (T.), Am I going to build on precarious and insecure
foundations?
1849 Macaulay Hist. Eng. II. ix. 406 The insecure and agitated
life of a conspirator.
1860 J. Tyndall Glaciers of Alps i. x. 66 The ice on the edge..was
loose and insecure.
1885 S. Cox Expos. 1st Ser. vi. 81 Outside the defenced cities
life and property were insecure."
Without wider context, it's not always easy to discern what the exact
meaning may have been - we'll have to trust the authors of the OED
here - but especially the quote from 1860 seems like a rather good
example.
So yes, in my (not so humble) opinion, "insecure" is correctly used in
OpenBSD (and in so much other software) to describe a lack of security
in a computer software / network / configuration context.
B) IF you prefer a word other than insecure, please start with a
_better_ solution - preferably one which is suitable for replacing
"insecure" in more than just one context.
Your suggestion "unsecured", as a participle, comes with the
implication of some action - something along the way of "somebody
(actively) made the configuration non-secure". That may actually be
true with regard to a configuration file - but in many other computer
security contexts, replacing "insecure" with "unsecured" feels rather
wrong (to me, anyway):
"Telling somebody else your password is considered an unsecured practice."
(Or something like that. I'm sure, others can come up with better
examples!)
So if you insist on replacing "insecure", please suggest an
appropriate adjective. One might use "non-secure", for example, but
then again
... ah, well, please just let me rephrase this e-mail:
"If it ain't broken, don't fix it."
With best regards,
Christoph
--
open...@aixplosive.net
