On Thu, Jul 30, 2015 at 1:20 PM, Warren Young wyml@etr-usa.com wrote:
On Jul 29, 2015, at 5:40 PM, Chris Murphy lists@colorremedies.com wrote:
On Wed, Jul 29, 2015 at 4:37 PM, Warren Young wyml@etr-usa.com wrote:
Security is *always* opposed to convenience.
False. OS X by default runs only signed binaries, and if they come from the App Store they run in a sandbox. User gains significant security with this, and are completely unaware of it. There is no inconvenience.
You must not use OS X regularly, else you’d know there is plenty of inconvenience in this policy. There’s a whole lot of good software that is both unsigned and not in the App Store. Examples:
a. Most open source software. Many of these projects (e.g. KiCad) can barely manage to serve community-provided unsigned binaries on OS X as it is. Signing apps and managing the App Store submission process is out of the question. The next version of OS X will block all the third-party app repositories (e.g. Homebrew) by default, in order to provide better security:
http://www.imore.com/os-x-el-capitan-faq
b. Most network monitoring software, because putting en0 into promiscuous mode violates the Gatekeeper rules. (Wireshark, etc.) Some App Store networking software (e.g. RubberNet) manages to get around this by offering a second app download from the author’s web page. You don’t call that inconvenient?
c. Low-level utilities, such as Karabiner and Scroll Reverser, since they also need to bypass the sandbox guidelines to do their job.
On top of all that, to bypass Gatekeeper, you need to right-click an app and disable Gatekeeper for it on the first launch. Another inconvenience.
I’m not saying Gatekeeper and such are bad, only that they are in fact exemplars of the rule: better security always causes greater inconvenience.
What is the inconvenience of encrypting your device compared to the security?
I can’t hook my iPad up to my PC and browse it as just another filesystem, as I can with any other digital camera or MP3 player. Apple must do this in order to prevent sideloading malicious apps.
Did you see my exchange with James Byrne? His bogus counter to my claim that iPads
+Snip+
Can someone mod this thread, I'm sure everyone has an opinion about this I know I do and obviously so do other but I think the fedora mail list would be more suited to this discussion.
I think enough points and counter points have been said, lets move onto more relevant Centos Topics.
Thanks