Email Clients and digital signatures

R.EmoryLundberg R.EmoryLundberg
Fri Jul 4 11:01:07 2003


--Apple-Mail-6--479204316
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed


On Thursday, July 3, 2003, at 7:59 PM, John Clizbe wrote:

> I don't think Emory was arguing that the design/architecture of a Linux
> worksatiion was no more secure than that of DOS, but that the *use* of
> one, in the hands of an inexperienced user, often is. Usually, for the
> exact reason Joseph mentioned, they login and run as root. They also  
> tend
> to over-install and run network services which would be better left  
> disabled.

You couldn't be more correct.

There is literally an outbreak of inexperienced administrators of  
newly-installed Linux hosts that cause more problems for people than an  
IIS webserver would, say, in the hands of competent administrators.

The learning curve for Linux isn't as low as it could be yet.  This  
isn't news.  People often run as a privileged user to get around having  
to deal with things they don't have to deal with when they're root.   
Add to this the installation problems, maintenance, patches, there  
isn't anything as good as "Windows Update" or "System Update" that I'm  
aware of outside of RedHat Network - which may be great, but isn't the  
most user-friendly UI I've ever seen to a patch and update system.

> Different security designs because of OS heritages - DOS on signle-user
> PCs; Unix evolving on networked shared timeshare systems. Unix/Linux
> systems make the assumption that one knows what he is doing. That is  
> their
> heritage. Windows approaches from the philosophy of making computers
> <ack-ack> "easy to use". Microsloth wants you to eXPerienthhh your
> computer (I want to *beat* the marketing-droids that created THAT
> concept/campaign).

:)  By all means, beat the marketroids into a bloody pulp.  My issue is  
that the answer to anyone's problem is to install <Insert GNU/Linux  
distribution here> and all their problems will be solved.

That's crap.  It's crap and people KNOW it's crap.  Education and  
attitudes will ALWAYS win over throwing technology at a problem.   
Especially when as far as the user is concerned, THERE IS NO PROBLEM  
WITH THE TECHNOLOGY THEY KNOW HOW TO USE AND HAVE DEPLOYED.

The constant hand-wringing and "Oh, Golly.  I wish you wouldn't use  
Outlook, it sucks," is just really irritating and does nothing to help  
anyone seeking assistance.  It just annoys people and uses FUD to make  
them switch.

> I agree that not running OE/Outlook (LookOut?) is a positive step. I  
> think
> I once saw Outlook described as "A huge security hole with a small  
> e-mail
> client attached". But I disagree that one must switch to Linux to get a
> safe(r) email client. Clients exist for WIN32 that avoid all, if not  
> most,
> of the problems stemming from MSFT's tight coupling of client and OS:
> Mozilla/Phoenix, Beonex, Pegasus, Eudora, Becky, The Bat!,... Some of
> these like Mozilla and Phoenix make encrytion/signing relatively easy  
> with
> the Enigmail addon for GnuPG. Eudora supports a PGP plugin.

Yes.  Exactly.

Thank you for taking the time to post this.

r. emory lundberg (finger emory AT hellyeah DOT com for PGP, email, etc)
........................................................................ 
..
print: 92E4 FCA5 B843 55C0 11FE  8967 A222 76CB 65A8 7225
ahref: http://canikickit.org/ http://incumbent.org/  
http://powerpage.org/


--Apple-Mail-6--479204316
Content-Transfer-Encoding: 7bit
Content-Type: text/enriched;
	charset=US-ASCII



On Thursday, July 3, 2003, at 7:59 PM, John Clizbe wrote:


<excerpt>I don't think Emory was arguing that the design/architecture
of a Linux

worksatiion was no more secure than that of DOS, but that the *use* of

one, in the hands of an inexperienced user, often is. Usually, for the

exact reason Joseph mentioned, they login and run as root. They also
tend

to over-install and run network services which would be better left
disabled.

</excerpt>

You couldn't be more correct.


There is literally an outbreak of inexperienced administrators of
newly-installed Linux hosts that cause more problems for people than
an IIS webserver would, say, in the hands of competent administrators.


The learning curve for Linux isn't as low as it could be yet.  This
isn't news.  People often run as a privileged user to get around
having to deal with things they don't have to deal with when they're
root.  Add to this the installation problems, maintenance, patches,
there isn't anything as good as "Windows Update" or "System Update"
that I'm aware of outside of RedHat Network - which may be great, but
isn't the most user-friendly UI I've ever seen to a patch and update
system.


<excerpt>Different security designs because of OS heritages - DOS on
signle-user

PCs; Unix evolving on networked shared timeshare systems. Unix/Linux

systems make the assumption that one knows what he is doing. That is
their

heritage. Windows approaches from the philosophy of making computers

<<ack-ack> "easy to use". Microsloth wants you to eXPerienthhh your

computer (I want to *beat* the marketing-droids that created THAT

concept/campaign).

</excerpt>

:)  By all means, beat the marketroids into a bloody pulp.  My issue
is that the answer to anyone's problem is to install <<Insert
GNU/Linux distribution here> and all their problems will be solved.


That's crap.  It's crap and people KNOW it's crap.  Education and
attitudes will ALWAYS win over throwing technology at a problem. 
Especially when as far as the user is concerned, THERE IS NO PROBLEM
WITH THE TECHNOLOGY THEY KNOW HOW TO USE AND HAVE DEPLOYED.


The constant hand-wringing and "Oh, Golly.  I wish you wouldn't use
Outlook, it sucks," is just really irritating and does nothing to help
anyone seeking assistance.  It just annoys people and uses FUD to make
them switch.


<excerpt>I agree that not running OE/Outlook (LookOut?) is a positive
step. I think

I once saw Outlook described as "A huge security hole with a small
e-mail

client attached". But I disagree that one must switch to Linux to get a

safe(r) email client. Clients exist for WIN32 that avoid all, if not
most,

of the problems stemming from MSFT's tight coupling of client and OS:

Mozilla/Phoenix, Beonex, Pegasus, Eudora, Becky, The Bat!,... Some of

these like Mozilla and Phoenix make encrytion/signing relatively easy
with

the Enigmail addon for GnuPG. Eudora supports a PGP plugin.

</excerpt>

Yes.  Exactly.  


Thank you for taking the time to post this.


<bold><fontfamily><param>Courier</param>r. emory lundberg (finger
emory AT hellyeah DOT com for PGP, email, etc)

..........................................................................

print:
</fontfamily></bold><fontfamily><param>Courier</param><color><param>2121,1F1F,FFFF</param>92E4
FCA5 B843 55C0 11FE  8967 A222 76CB 65A8 7225</color><bold>

ahref: http://canikickit.org/ http://incumbent.org/
http://powerpage.org/

</bold></fontfamily>


--Apple-Mail-6--479204316--