Path: utzoo!utgpu!watmath!att!dptg!rutgers!rochester!uhura.cc.rochester.edu!ur-valhalla!deke
From: deke@ee.rochester.edu (Dikran Kassabian)
Newsgroups: comp.sys.next
Subject: Re: Student's view of NeXT marketing plan
Message-ID: <1989Aug9.133139.4133@ee.rochester.edu>
Date: 9 Aug 89 13:31:39 GMT
References: <4866@tank.uchicago.edu>  <1054@adobe.UUCP>
Reply-To: deke@ee.rochester.edu (Dikran Kassabian)
Organization: University of Rochester Department of Electrical Engineering
Lines: 56

In article <1054@adobe.UUCP> greid@adobe.COM (Glenn Reid) writes:
< In article  J Greely  writes:
< 
< >	 The first problem I have with the "world in a pocket" idea is
< >that those NeXTs will of necessity be standalone or minimally
< >networked.
< >  If I were putting together a cluster of NeXTs here, they would be
< >diskless clients of a non-NeXT server, hooked into the department
< >network.  A few standalone machines for casual use wouldn't be a bad
< >idea, but they would not be networked to the rest.
< 
< I presume the reason you would not network these machines together is
< "security"?

I feel like its time to add my $.02 here.  Security is indeed one con-
sideration here, but so is 'correct' network behaviour.  Not everyone
is network connected to the arpanet, but those who are have additional
concerns.  I personally would worry that a student might wish to boot
up one of our network connected NeXT boxes with his/her own boot OD.
If things on that boot OD did not conform to the way in which my domain
operates, I may have a problem.  Examples?  Declaring some non fully
qualified domain name and then broadcasting beyond the confines of our
domain.  This is antisocial, and people like me are responsibile for
seeing that this doesn't happen.  How about when the student boots up
with version X of some networking or printing software when the rest of
us in my domain are using version Y.  Perhaps something else will break.
So I'm not only worrying about intentional tampering, I'm also concerned
that inadvertant misconfiguration will have adverse effects that are
more widespread than within one machine.

< Security can be a false idol, I think.  If you pretend the NeXT machine
< is yet another Vax or Sun or Apollo UNIX machine, and you tie it into
< your existing network, then you have some security problems to worry
< about, mainly because you are operating under the premise that your
< network is already secure.

Which, of course, many of us do not.  Security is relative.  I don't
give out keys to the machine room or root passwd, but I don't kid
anybody either.  When I was interviewed for my present position three
years ago, my boss asked me how to make a computer secure.  I said
"remove all network and serial connections, lock it in a room, throw
away the key, and then it will be almost secure."

< If you look at microcomputers, nobody even has a password on many of
< the systems.  If something is sensitive, you put it on a floppy and
< lock it up in your desk.  With the NeXT optical disks, that becomes
< completely practical, and the notion of security is less an issue,
< I think.

I love the idea of using the OD for data.  Cheap, portable, versatile.
I just want to be careful that we don't fall into potentially cavernous
pitfalls.


      ^Deke Kassabian,   deke@ee.rochester.edu   or   ur-valhalla!deke
   Univ of Rochester, Dept of EE, Rochester, NY 14627     (+1 716-275-3106)