From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-amd64+bounces-13587-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id A724713877A
	for <garchives@archives.gentoo.org>; Tue, 17 Jun 2014 17:05:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 4B417E0BC6;
	Tue, 17 Jun 2014 17:05:58 +0000 (UTC)
Received: from mail-ve0-f174.google.com (mail-ve0-f174.google.com [209.85.128.174])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 90D6DE0BBB
	for <gentoo-amd64@lists.gentoo.org>; Tue, 17 Jun 2014 17:05:57 +0000 (UTC)
Received: by mail-ve0-f174.google.com with SMTP id jx11so5114836veb.19
        for <gentoo-amd64@lists.gentoo.org>; Tue, 17 Jun 2014 10:05:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date:message-id:subject
         :from:to:content-type;
        bh=hRJ8UwjpwP2ePgxEMIGb8H8mScFrMFZdnzfmER1Sias=;
        b=gmotUHg+8N+4lsHoecIlS5E3x6F6qJ5zliH7PFGq9+r91TxpojYUaAu67OfSkIy7Kp
         RJhEB4Naois8Mcz4fPsmmalASdOHrOIRzoZL1LvjfEKhs1B9djn/tzE/yzJhbwiLWqk/
         X9Cxd9xaKnAIwQm4Xt/ohzZ/0vLIHH5hzjQ2MEiQHEnyetCtfh0MJ7RKrhs1TB26L1yi
         eeLJ3yRZoFcagidJJP/BUZGzq+CZn/9Ix6aZy/I7hdpuLCF0Q7VL0R0x5Z7tZMc9sCBE
         vsX55k0In+G/HGt3DkCI0SRA7QDdkKHpHGg2dgquHKS8gFk4zV75caSX9Y8kDZ9CE3bj
         qqCQ==
Precedence: bulk
List-Post: <mailto:gentoo-amd64@lists.gentoo.org>
List-Help: <mailto:gentoo-amd64+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-amd64+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-amd64+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-amd64.gentoo.org>
X-BeenThere: gentoo-amd64@lists.gentoo.org
Reply-to: gentoo-amd64@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.220.176.68 with SMTP id bd4mr1451570vcb.70.1403024756248;
 Tue, 17 Jun 2014 10:05:56 -0700 (PDT)
Sender: freemanrich@gmail.com
Received: by 10.52.30.227 with HTTP; Tue, 17 Jun 2014 10:05:56 -0700 (PDT)
In-Reply-To: <20140617090434.808f07dc8de711afefc8e1d1@comcast.net>
References: <20140616201859.08fe8a30e168efbd42071331@comcast.net>
	<pan$228d7$9e7927df$1012324f$9cf4baee@cox.net>
	<20140617090434.808f07dc8de711afefc8e1d1@comcast.net>
Date: Tue, 17 Jun 2014 13:05:56 -0400
X-Google-Sender-Auth: vH1RvV1rLDWJeTv7voFMLb3M7uY
Message-ID: <CAGfcS_ndhVeCQhy2mhc6fAK_zZXKUsezOy1UM2MaTU_08AZBvQ@mail.gmail.com>
Subject: Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-amd64@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 80227d93-b03a-42c0-af22-f9d727eef973
X-Archives-Hash: abb6d4c2aaf3cac64f64d6a225dc5e10

On Tue, Jun 17, 2014 at 9:04 AM, Frank Peters <frank.peters@comcast.net> wrote:
>
> The problem with all Linux distributions, and not just Gentoo, is that
> they are directed toward a multi-user, networked environment.  As a
> consequence, they exhibit security and other features that generally
> make no sense whatsoever for a single-user desktop machine that optionally
> connects externally only with an ISP through a router/modem.
>...
> My system is configured in a way that is quite contrary
> to recommended Linux practice (for example I run only and always as the
> root superuser and have no need for file permissions) but yet it makes
> perfect sense for my situation.
>

Keep in mind that there are many elements to data security.  Not
beeing pwned by script kiddies is certainly one of them, and that
doesn't really apply so much to the single-user desktop.  However, if
you take a broader definition of data security then things become more
nuanced.

Let's define data security as "the prevention of unintended
destruction or dissemination of data stored on a system, or an
unintended loss of system functionality."

When you use a broader definition then security really ought to be
important to the single-user desktop.  Features that should be
considered important include:
* Disaster recovery / backups / etc.
* Prevention of unintentional system changes (ie don't be root)
* Robustness in the face of or rapid recovery from common failure
modes (ie RAID, rapid restoration, etc).
* Protection from whatever is lurking in that banner ad your browser
just downloaded (ie SSP/SELinux/etc).

So, I wouldn't be too quick to dismiss security.  My only
personally-owned laptop is a Chromebook and its features include being
trivial to restore to factory condition, having all data backed up
online continuously, having full-disk encryption, and having automatic
updates to keep all of that stuff working.  That certainly isn't the
only model for a desktop machine, but from a data-security standpoint
it is about as good as it gets, and it is the result of a design that
keeps security in mind.

Rich