Intro & observations

Bryan J. Smith b.j.smith at ieee.org
Tue Aug 21 18:58:30 UTC 2007 

Davidson Rodrigues Paulo <davidsonpaulo at gmail.com> wrote:
> No. This is what the people say. The process is simple, when the
> tools are simple.

Okay, then create the CGI characters for the next, animated film. 
The tools are easy.  So just go do it.

Oh, wait, that's right, there are concepts involved that software
can't teach you.  At _most_ you could create a wizard that creates a
"stock" character with a few options, and a few animations.

But that still doesn't get you to film.  ;)

> Welcome to the Earth. :-)

One person does that and BAM!  Fedora potentially compromised!

> If a computer don't turns on, the owner will say to the technician
> "My computer don't turns on", not "My computer don't turns on
> because one of the RAM modules".

And what do they do when the technician states, "I need your password
to fix your computer."  That's authentication 101.  Now multiple the
complexity of the concepts by an order of magnitude.  Welcome to
public key authentication.  ;)

> Do you understand?

Apparently you didn't understand mine.

Also understand you are talking to someone who stared down the
executives at the #1 entertainment company going, "no, Capital One
will sign their files."

Someone who said, "no, your support technicians will not support bank
servers on the WAN, they will go over to a separate room and login in
there, because it is on a completely different LAN with absolutely no
Internet or other corporate WAN (let alone inter-company)
connectivity."  

> We have an issue with the process, but we need to know that
> the problem is not the process itself, same way as the problem
> with the computer is not the computer,
> but something inside it that the owner don't know what it and the
> technician needs to discover.

I have heard the "the processes are too difficult, to hard, we need a
'tool' that is 'secure' and people don't need to understand how they
work."  Sorry, doesn't fly with me on _basic_ security concepts.

Especially when just *1* user compromised means the _entire_ Fedora
project in compromised.  Tools don't help that.  ;0

A wizard is nice, but that wizard must _train_ the person on the
process.  They can_not_ just ignore the details.  So yes, that means
the user needs to know when its the memory, and when its not.  ;)


-- 
Bryan J. Smith   Professional, Technical Annoyance
b.j.smith at ieee.org    http://thebs413.blogspot.com
--------------------------------------------------
     Fission Power:  An Inconvenient Solution

More information about the Fedora-marketing-list mailing list