Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3

public inbox for gentoo-amd64@lists.gentoo.org
 help / color / mirror / Atom feed

From: Rich Freeman <rich0@gentoo.org>
To: gentoo-amd64@lists.gentoo.org
Subject: Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
Date: Tue, 17 Jun 2014 13:05:56 -0400	[thread overview]
Message-ID: <CAGfcS_ndhVeCQhy2mhc6fAK_zZXKUsezOy1UM2MaTU_08AZBvQ@mail.gmail.com> (raw)
In-Reply-To: <20140617090434.808f07dc8de711afefc8e1d1@comcast.net>

On Tue, Jun 17, 2014 at 9:04 AM, Frank Peters <frank.peters@comcast.net> wrote:
>
> The problem with all Linux distributions, and not just Gentoo, is that
> they are directed toward a multi-user, networked environment.  As a
> consequence, they exhibit security and other features that generally
> make no sense whatsoever for a single-user desktop machine that optionally
> connects externally only with an ISP through a router/modem.
>...
> My system is configured in a way that is quite contrary
> to recommended Linux practice (for example I run only and always as the
> root superuser and have no need for file permissions) but yet it makes
> perfect sense for my situation.
>

Keep in mind that there are many elements to data security.  Not
beeing pwned by script kiddies is certainly one of them, and that
doesn't really apply so much to the single-user desktop.  However, if
you take a broader definition of data security then things become more
nuanced.

Let's define data security as "the prevention of unintended
destruction or dissemination of data stored on a system, or an
unintended loss of system functionality."

When you use a broader definition then security really ought to be
important to the single-user desktop.  Features that should be
considered important include:
* Disaster recovery / backups / etc.
* Prevention of unintentional system changes (ie don't be root)
* Robustness in the face of or rapid recovery from common failure
modes (ie RAID, rapid restoration, etc).
* Protection from whatever is lurking in that banner ad your browser
just downloaded (ie SSP/SELinux/etc).

So, I wouldn't be too quick to dismiss security.  My only
personally-owned laptop is a Chromebook and its features include being
trivial to restore to factory condition, having all data backed up
online continuously, having full-disk encryption, and having automatic
updates to keep all of that stuff working.  That certainly isn't the
only model for a desktop machine, but from a data-security standpoint
it is about as good as it gets, and it is the result of a design that
keeps security in mind.

Rich

next prev parent reply	other threads:[~2014-06-17 17:05 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-17  0:18 [gentoo-amd64] Disable SPP On GCC-4.8.3 Frank Peters
2014-06-17  7:11 ` [gentoo-amd64] " Duncan
2014-06-17 13:04   ` Frank Peters
2014-06-17 14:11     ` Volker Armin Hemmann
2014-06-17 17:04       ` Volker Armin Hemmann
2014-06-17 18:47         ` Frank Peters
2014-06-17 19:04           ` Volker Armin Hemmann
2014-06-17 19:57           ` Barry Schwartz
2014-06-17 20:29             ` Volker Armin Hemmann
2014-06-17 20:51               ` Barry Schwartz
2014-06-17 21:10                 ` Volker Armin Hemmann
2014-06-17 20:56               ` Frank Peters
2014-06-17 21:02                 ` Barry Schwartz
2014-06-17 21:22                   ` Barry Schwartz
2014-06-17 22:47           ` Rich Freeman
2014-06-18  1:01             ` Barry Schwartz
2014-06-18  1:15               ` Mark Knecht
2014-06-18  1:44                 ` Barry Schwartz
2014-06-18  1:59                   ` Mark Knecht
2014-06-17 17:12       ` Frank Peters
2014-06-17 17:05     ` Rich Freeman [this message]
2014-06-17 17:44       ` Barry Schwartz
2014-06-17 20:28     ` thegeezer
2014-06-17 21:01       ` Frank Peters
     [not found]         ` <20140617213852.GA12511@crud>
2014-06-17 22:21           ` Frank Peters
2014-06-17 22:56             ` Barry Schwartz
2014-06-18  3:31     ` Duncan
2014-06-18  4:45       ` Frank Peters
     [not found]         ` <20140618050635.GA14626@crud>
2014-06-18  5:24           ` Frank Peters
2014-06-18  5:37             ` Barry Schwartz
2014-06-18  6:49         ` Duncan
2014-06-17 15:41   ` Slightly OT (Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3)k Barry Schwartz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGfcS_ndhVeCQhy2mhc6fAK_zZXKUsezOy1UM2MaTU_08AZBvQ@mail.gmail.com \
    --to=rich0@gentoo.org \
    --cc=gentoo-amd64@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox