LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Forcing updates

Forcing updates

Posted Feb 12, 2009 8:59 UTC (Thu) by pcampe (guest, #28223)
Parent article: Forcing updates

Why not forcing the user to change its password and root password often?

Maybe because it's Unix, made and developed with the fundamental assumption that users are not stupid?

(Log in to post comments)

Forcing updates

Posted Feb 12, 2009 11:35 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

Non-technical users are not stupid and Unix was never targeted at desktop users anyway. With Linux distributions increasingly reaching a non-technical audience, it is good to relook some long held assumptions.

Forcing updates

Posted Feb 12, 2009 11:44 UTC (Thu) by pcampe (guest, #28223) [Link]

I couldn't care less of non-techical people that cannot be educated to understand what an upgrade is and how and when to accomplish it.

Fedora has SELinux enabled for default, which is the _right_ way to protect system from malware (assuming that such malware exists, I am not yet see it in the wild). Also Fedora has an icon tray and a pop up appears when a secuirity update is available, and the user _must_ _choose_ whether to perform it.


Forcing updates

Posted Feb 12, 2009 20:52 UTC (Thu) by southey (subscriber, #9466) [Link]

Which is why many people just disable SELinux when installing Fedora, disable soon after when it becomes too much effort to maintain, or just apply the recommended 'fix' to get those stupid messages away.

Forcing updates

Posted Feb 20, 2009 4:36 UTC (Fri) by Drone (guest, #56757) [Link]

Btw, Vista got backslashed due to excessive annoyance. Someone want to repeat this mistake with Linux? The more system annoys and fools the users, the less trust it will have. And how can I recommend or use system to which I do not trust? I will surely abandon such system. After all, it's my computer for me and I have to control it's behavior. Not I am for my computer so it can be allowed to dictate me what I have to do right now...

It could SUGGEST what I may want to do. Nothing more.

Forcing updates

Posted Feb 12, 2009 12:25 UTC (Thu) by flewellyn (subscriber, #5047) [Link]

Frequent password changes don't necessarily enhance security. In fact, they can be a detriment, because if you have to change your password often, it means you have to remember a new one, and this can lead to either using easier-to-remember passwords based on dictionary words (bad), or writing passwords down and taping them to your monitor (also bad).

Far better, I think, to insist on users having a good, solid, secure password that is not easy to predict, and then keeping it safe and in place for as long as it's secure. Or creating an environment in which fewer passwords are necessary, using things like cryptographic keys and such.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds