[CentOS] Another Fedora decision

Tue Feb 3 00:49:40 UTC 2015
Warren Young <wyml at etr-usa.com>

> On Feb 2, 2015, at 5:10 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> 
> should a software
> vendor make their code stop working for you because they think you
> aren't working hard enough?

When the consequence of widespread bad security is botnets and all the ills that derive therefrom — DDoS armies, spam, etc. — then yes, I think we do need to raise the industry’s overall level of security.

At risk of bringing out some *actual* Internet nutters, the question of minimum password security levels is directly analogous to that of vaccination.  When a large population stops vaccinating, we start seeing previously-defeated diseases coming back, like the measles outbreaks in California and rural Australia:

    http://goo.gl/7caiui
    http://goo.gl/8lT8Pd

Polio was almost completely eradicated, but it’s starting to come back in the middle east after the CIA used a fake vaccination campaign as a pretext to try to get into bin Laden’s Pakistan compound:

    http://goo.gl/KbbMUC
    http://goo.gl/C2B5EE

I believe personal freedom should count quite highly in policy discussions.  But, when your failure to protect yourself endangers me, it stops being a question of personal freedom.

Practice safe hex!