[ale] Telnet or SSH? (Was: Re: anonymize google searches and tor for android)
Michael B. Trausch
mbt at zest.trausch.us
Tue Oct 27 17:42:03 EDT 2009
On Tue, 2009-10-27 at 17:36 -0400, Jim Kinney wrote:
> One _would_ think that until one has had to sit in meetings where the
> only thing said from the ones who "approve" things is "how much will
> that cost?"
Yes. I've been there, and I've never been happy about it because the
_real_ question, the ones that management types never seem to ask, is
"How much will this cost now, and how much could it cost if it's not
done now?" That said, I thought that at least for very large, corporate
structures, there was supposed to be some level of tamper-proofness and
accountability for who can access what, and all of that would indicate
things like usage of secure (or at least more secure than
wide-freaking-open!) software configurations. *shrugs*
> IT is often treated like a hand tool. Purchase once, use it until it
> breaks or is lost or stolen. Hammers don't get upgrades on a per item
> basis so why spend resources upgrading IT that does actually work.
>
> Short sighted? Absolutely.
>
> Common practice? Most certainly. The only practice more common is CYA
> pertaining to who denied the upgrade that led to the failure event.
The commonality of it is saddening.
That said, going back to my earlier comment: Just what sort of sense
does it make to enforce the use of sudo, when the rest of the show is
woefully insecure anyway? I mean, it's not like they required the use
of one-time-pads with sudo. Just plain passwords... 8 characters or
less. I think it's hilarious.
--- Mike
--
Blog: http://mike.trausch.us/blog/
Misc. Software: http://mike.trausch.us/software/
“The greater danger for most of us lies not in setting our aim too
high and falling short; but in setting our aim too low, and achieving
our mark.” —Michelangelo
More information about the Ale
mailing list