[Cryptography] Use Linux for its security
Thierry Moreau
thierry.moreau at connotech.com
Sat Oct 1 16:04:30 EDT 2016
On 01/10/16 01:26 PM, Ben Laurie wrote:
> On 28 September 2016 at 17:33, Ron Garret <ron at flownet.com> wrote:
>>
>> On Sep 28, 2016, at 6:20 AM, Ralf Senderek <crypto at senderek.ie> wrote:
>>
>>> On Tue, 27 Sep 2016, Jerry Leichter wrote:
>>>
>>>> Not.
>>>
>>> Everyone who complains about this situation should have asked himself:
>>> "When did I last donate my time and effort to essential code review?"
>>> (including efforts to reduce complexity).
>>
>> I’m working on reducing complexity every single day: https://sc4.us/
>
> Better drop jquery, then!
Indeed, for any seriously security-minded web-enabled application.
Client-side logic is incompatible with a self-defense strategy for an
http server application.
Even en HTML 4.1 "disabled" user interface element must not be trusted
as preventing the disabled user action from occurring.
Even then, the user might be mislead by the display logic being
intrinsically client-side dependent.
A secure system equates with a features-lean one. Period.
The Linux kernel may be configured with only the required device drivers
and file system support (e.g. no NTFS support for USB flash devices).
- Thierry Moreau
More information about the cryptography
mailing list