SoylentNews is people
SoylentNews
I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.
I do not have time.
- For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
- For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
- I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.
The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...
I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).
-Signed: A Frustrated Tired Old Nerd (with children)
[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]
(Score: 1) by cpghost on Tuesday October 06 2015, @12:57PM
I'm not sure that standardizing on one Unix distro would be such a good idea. Diversity can also be a way to increase security too. Just think of the Heartbleed vulnerability. If we had linked against multiple (API-)compatible Openssl library implementations, this particular vulnerability wouldn't have had this big impact in the field. Some distros would have been affected, others wouldn't have been, depending on their set up.
Or think of a similar kind of vulnerability: a security bug in glibc would affect all Linux distros (except for those using tiny C libs in embedded settings), but would spare the BSDs who use their own libc, and vice versa. Thus, once again, there's a use in diversity here again.
Cordula's Web. http://www.cordula.ws/
(Score: 2) by Runaway1956 on Tuesday October 06 2015, @02:20PM
Perhaps I phrased it wrong - one person doing IT for himself and his family can easily justify standardizing those installations which he administers. For all of us, no, standardization is the wrong thing to do. Any monoculture invites exploitation. That is what is so wrong with Windows, aside from my personal opinions about Microsoft.
If tonight, all the various distros were to be combined into one "Master Distro", with all installations using the same patches, the same kernels, everything the same, we would be compromised in short order.
Security by obscurity has been badmouthed plenty, in various places, but if obscurity is what it takes, I'll go with it.
Abortion is the number one killed of children in the United States.