From owner-freebsd-hackers  Tue Apr 23  3:31:50 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP
	id 27F3537B417; Tue, 23 Apr 2002 03:31:47 -0700 (PDT)
Received: from pool0061.cvx21-bradley.dialup.earthlink.net ([209.179.192.61] helo=mindspring.com)
	by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #2)
	id 16zxaH-0006H5-00; Tue, 23 Apr 2002 03:31:42 -0700
Message-ID: <3CC537F1.7F571CD2@mindspring.com>
Date: Tue, 23 Apr 2002 03:31:13 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Greg 'groggy' Lehey <grog@FreeBSD.org>
Cc: Jordan Hubbard <jkh@winston.freebsd.org>,
	Robert Watson <rwatson@FreeBSD.ORG>,
	Oscar Bonilla <obonilla@galileo.edu>,
	Anthony Schneider <aschneid@mail.slc.edu>,
	Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>,
	hackers@FreeBSD.ORG
Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support 
 considered harmful?)
References: <rwatson@FreeBSD.ORG> <Pine.NEB.3.96L.1020422223923.64976i-100000@fledge.watson.org> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Greg 'groggy' Lehey wrote:
> I've been noticing a continuing trend for more and more "safe"
> configurations the default.  I spent half a day recently trying to
> find why I could no longer open windows on my X display, only to
> discover that somebody had turned off tcp connections by default.
> 
> I have a problem with this, and as you imply, so will a lot of other
> people.  As a result of this sort of thing, people trying to migrate
> from other systems will probably just give up.  I certainly would
> have.  While it's a laudable aim to have a secure system, you have to
> be able to use it too.  I'd suggest that we do the following:

I think we need to make an ACPI call in the loader to power off
the machine before it becomes dangerously functional.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message