Path: utzoo!utgpu!watmath!att!dptg!rutgers!rochester!uhura.cc.rochester.edu!ur-valhalla!deke From: deke@ee.rochester.edu (Dikran Kassabian) Newsgroups: comp.sys.next Subject: Re: Student's view of NeXT marketing plan Message-ID: <1989Aug9.133139.4133@ee.rochester.edu> Date: 9 Aug 89 13:31:39 GMT References: <4866@tank.uchicago.edu><1054@adobe.UUCP> Reply-To: deke@ee.rochester.edu (Dikran Kassabian) Organization: University of Rochester Department of Electrical Engineering Lines: 56 In article <1054@adobe.UUCP> greid@adobe.COM (Glenn Reid) writes: < In article J Greely writes: < < > The first problem I have with the "world in a pocket" idea is < >that those NeXTs will of necessity be standalone or minimally < >networked. < > If I were putting together a cluster of NeXTs here, they would be < >diskless clients of a non-NeXT server, hooked into the department < >network. A few standalone machines for casual use wouldn't be a bad < >idea, but they would not be networked to the rest. < < I presume the reason you would not network these machines together is < "security"? I feel like its time to add my $.02 here. Security is indeed one con- sideration here, but so is 'correct' network behaviour. Not everyone is network connected to the arpanet, but those who are have additional concerns. I personally would worry that a student might wish to boot up one of our network connected NeXT boxes with his/her own boot OD. If things on that boot OD did not conform to the way in which my domain operates, I may have a problem. Examples? Declaring some non fully qualified domain name and then broadcasting beyond the confines of our domain. This is antisocial, and people like me are responsibile for seeing that this doesn't happen. How about when the student boots up with version X of some networking or printing software when the rest of us in my domain are using version Y. Perhaps something else will break. So I'm not only worrying about intentional tampering, I'm also concerned that inadvertant misconfiguration will have adverse effects that are more widespread than within one machine. < Security can be a false idol, I think. If you pretend the NeXT machine < is yet another Vax or Sun or Apollo UNIX machine, and you tie it into < your existing network, then you have some security problems to worry < about, mainly because you are operating under the premise that your < network is already secure. Which, of course, many of us do not. Security is relative. I don't give out keys to the machine room or root passwd, but I don't kid anybody either. When I was interviewed for my present position three years ago, my boss asked me how to make a computer secure. I said "remove all network and serial connections, lock it in a room, throw away the key, and then it will be almost secure." < If you look at microcomputers, nobody even has a password on many of < the systems. If something is sensitive, you put it on a floppy and < lock it up in your desk. With the NeXT optical disks, that becomes < completely practical, and the notion of security is less an issue, < I think. I love the idea of using the OD for data. Cheap, portable, versatile. I just want to be careful that we don't fall into potentially cavernous pitfalls. ^Deke Kassabian, deke@ee.rochester.edu or ur-valhalla!deke Univ of Rochester, Dept of EE, Rochester, NY 14627 (+1 716-275-3106)