On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx> wrote: > >> >> Yes, computers and the way people access them are pretty much a >> commodity now. If you are spending time building something exotic for >> a common purpose, isn't that a waste? > > Do I have to take that people who are not sysadmins themselves just hate > an existence of sysadmins? No, I think there are better things for sysadmins to do than fix settings that should have had better defaults. >> There are probably still people that take their cars apart to check >> that they were assembled correctly too. But that doesn't mean that >> things should not be shipped with usable defaults. >> > > No, I'm not the driver of my cars, I mean computers. I am a mechanic of > racing car competition team, my cars go into competition, and the life of > driver riding it depends on me having taken the whole mechanism apart, and > making sure nothing breaks and kills driver and hundreds of spectators. So don't you think it would be a good thing if the thing was built so it didn't break in the first place? That is, so nobody gets killed running it as shipped, even it they don't have your magical expertise? > I really hate these car analogies. They are counter-productive. In your > eyes my server is indeed a commodity, which I refuse to agree with pretty > much like I refuse to join ipad generation. My ipad would be commodity, > but I for one will never trust that ipad and will not originate connection > to secure box from it. The point I'm trying to make is that whatever setting you might make on one computer regarding security would probably be suitable for a similar computer doing the same job in some other company. And might as well have been the default or one of a small range of choices. And in particular, rate limiting incorrect password attempts and/or providing notifications about them by default would not be a bad thing. Unless there's some reason you need brute-force attacks to work... -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos