On Thu, 14 Feb 2008, Tim Cutts wrote:
their password is sane. It's a similar scenario. The authors' high and mighty principles don't actually necessarily make my systems any more secure at all, quite possibly the reverse. Quite apart from the extra workload it puts on me. The average scientist doesn't really want to have to learn about ssh-agent and all that stuff.
Amen to that (about ssh-agent), brother. And all the rest. Most of the sysadmins I know (and I know a LOT of them) are really, really smart. I'm talking rocket scientists gone bad, so to speak, turned to the dark world and away from the light. Just kidding;-) They have to solve complex problems in order to make the environment they manage "work" with whatever mix of users, systems, and tasks that constitute productivity at their place of employment. In many cases the solutions they implement are -- correctly -- solutions to cost-benefit analyses that optimize productivity AT THE RISK of certain security compromises. For example, who actually shuts down their entire network when the word comes in that e.g. the linux kernel has an exploit that allows any user to root at will? Only sites that have to maintain NSA-level security and integrity of data, maybe banks and the like. Everywhere else the sysadmin crosses their mental fingers that they (being in touch with various private channels that quietly get the word out) know about it before their users, gets a patched kernel in all seemly haste, and then wait for the next suitable moment to reboot each system after the next update. It spreads out the fix for a day, maybe even for a few days, sure, but it also doesn't cost their organization days worth of work times the number of employees who rely on the computers. Which can easily have a cash value in the tens of thousands of dollars. Similarly, there are all sorts of reasons one might want to set up a particular network differently from those based on the assumption "this system is exposed to every evil cracker in the Universe and must be so hardened that it can withstand any possible attack". Mind you, the latter is a GREAT default configuration. But one has to trust the judgement of a professional sysadmin to trump the one-size-fits-all mentality. If the systems are all going to sit inside a locked room such that one has to physically be inside the room and sitting at a console to access them, WAN-level security is sort of moot and may be counterproductive. Or e.g. diskless cluster nodes inside a firewall -- there's nothing there to steal, a nasty bottleneck (at best) to get to it, and if the bottleneck/firewall is itself compromised, nothing including ssh is going to save the nodes anyway, as the master serves their "disk(s)". So I'm all for giving sysadmin's powerful tools and choices. Otherwise, hey, they're rocket scientists. They'll just work around the obstacles anyway. They'll have to work HARDER, and they'll be grumbly and bitter as a consequence, but they'll find and install rsh, they'll hack the source, they'll find an alternative implementation. And then they'll go back to their homes that night, pull a rocket out of a storage tube in their basement, and target the idiot who stands between them and the stress-free accomplishment of their work. I warned you...;-) rgb
Tim
-- Robert G. Brown Phone(cell): 1-919-280-8443 Duke University Physics Dept, Box 90305 Durham, N.C. 27708-0305 Web: http://www.phy.duke.edu/~rgb Book of Lilith Website: http://www.phy.duke.edu/~rgb/Lilith/Lilith.php Lulu Bookstore: http://stores.lulu.com/store.php?fAcctID=877977 _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
