Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 508847
To read all comments associated with this story, please click here.
by siki_miki on Wed 29th Feb 2012 00:44 UTC
Member since:

Not a good example. It makes sense to have one universal "machine" time (e.g. UTC) while users could have time displayed as they wish (like per-user timezones). This needs to be supported in UI's to be presented properly. however if the clock is off by minutes or seconds, there should be a way to tune it. For example user could initiate sync with time servers (which still can be spoofed in emulated network setup unless secure NTP is used).

For everything else he said I agree. Many things should be looser by default (for home desktops at least) like printers, wifi, etc. Network printers are good example of nonsense. Even if "secured" CUPS is there, what (in theory) prevents user from opening a network port to talk to a printer?

Microsoft also had to deal with these problems when they adopted UAC. Windows7 already has it much better toned down than Vista.

Reply Score: 2