On 3/22/07, Marc Espie <[EMAIL PROTECTED]> wrote:
On Thu, Mar 22, 2007 at 03:28:29PM -0400, Douglas Allan Tutty wrote:
> Their challenge is that they need to provide choice so they
> have what they call reasonable defaults.
No, they don't need to provide choice. At least not that many. They decide
to do so. That's most of what's wrong with OS stuff these days. Too
many choices. Too many knobs. Every day, I see people shoot themselves in
the foot, not managing to administer boxes and networks in a simple way,
making stupid decisions that don't serve any purpose.
ACL, enforced security policies, reverse proxy setups, user accounts,
network user groups, PAM, openldap, reiserfs, ext3fs, ext2fs...
so many choices. So many wrong choices.
At some point, the people who package the software need to make editorial
decisions. Remove knobs. Provide people with stuff that just works.
Remove options. Or definitely give them the means to do the trade-off
correctly.
Security comes from this. As Bruce Schneier and Niels Ferguson write
in ``Practical Cryptography'', on page 12,
``There are no complex systems that are secure.
Complexity is the worst enemy of security, and it almost always comes
in the form of features or options.''
We try not to be as bad, to provide default configs that work, and not
so many choices.
Again, from the same book,
``One of the things we have tried to do in this book is to define
simple interfaces for cryptographic primitives. No features, no
options, no special cases, no extra things to remember.''
The fact that an OpenBSD system is secure out of the box is the main
reason I started using it.
