From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1SPTFU-00049b-Mn for mharc-grub-devel@gnu.org; Wed, 02 May 2012 02:41:16 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55458) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SPTFR-00048K-LR for grub-devel@gnu.org; Wed, 02 May 2012 02:41:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SPTFP-00018H-GN for grub-devel@gnu.org; Wed, 02 May 2012 02:41:13 -0400 Received: from mail-wi0-f171.google.com ([209.85.212.171]:61519) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SPTFP-00017q-4Q for grub-devel@gnu.org; Wed, 02 May 2012 02:41:11 -0400 Received: by wibhj13 with SMTP id hj13so3246433wib.12 for ; Tue, 01 May 2012 23:41:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; bh=aGDGsTUiHYCvB64z75bdlEWIr4w/xIxkSqdWQXTV394=; b=h9+hZ4WwpTvMgB3E+1xCG38iiCWnH93j90CepZaBs+71r8VcpXrIqtymM+4/5aGISg VKqf4i9c9Wb9VPSxEv7dlf59mWeCKV9bqcwxKvHU7T2JVXYkwFRWBe+gXvoxvABzvbEt 3BC62+Zy9B8cyqCmCdHRieeuuSaUOjmvyjjWaGSkABsp7w0imxKMIFlpuiVuYiWHL34m m3O+nIqsLswZUk7gBiZ8XaI87520wSYnrR4PBdupO6w7kTmnZFAnlaO8TCVD1P6PBatE 4kWcIAMQbI4dsHM3lCidy7o9YXJiVL+gqRCIQJO1sqbnMSgSIAESzrDI0djBnxhD7WzF jI5A== Received: by 10.216.215.33 with SMTP id d33mr4703699wep.59.1335940868933; Tue, 01 May 2012 23:41:08 -0700 (PDT) Received: from debian.x201.phnet (35-233.197-178.cust.bluewin.ch. [178.197.233.35]) by mx.google.com with ESMTPS id ea6sm42235721wib.5.2012.05.01.23.41.06 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 01 May 2012 23:41:07 -0700 (PDT) Message-ID: <4FA0D6F9.5080102@gmail.com> Date: Wed, 02 May 2012 08:40:57 +0200 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120329 Icedove/10.0.3 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: Looking for a Grub frontend for end user References: In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig26BDCE562DAB7DDF1F746B21" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.212.171 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 May 2012 06:41:15 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig26BDCE562DAB7DDF1F746B21 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02.05.2012 04:27, Kf Lee wrote: > 2) The user OS are all installed in the usb. When computer startup, the Grub take the control and check which usb has an OS in it that is bootable. In this way I can play with different OS having them installed in several usb. Most of USB sticks around are a cheap unreliable stuff slow compared to SSDs or traditional HDDs for most tasks. They're useful for recovery scenarios and to have a familiar environment when travelling but are of bad quality for primary OS. > > 3) In office, the staff carry their entire OS with him. Plug in and > work at any computer, when job done, take him usb with him. All > security issue solved. If his OS got virus, he is the only one suffer > from it. > This point simply doesn't hold. Using USB rather than fixed HDD presents no additional challenges to a virus writer. After all, if the virus is able to write itself on a HDD, what makes USB different? Quite the opposite, the USB themselves that people carry all the time with them is in itself a major virus carrier. Even if you put regulations like "Don't put this USB stick into other computers", someone who need to transfer data and by chance has only this stick will use it and in the meanwhile get all the viruses of both target and destination computer. It makes data theft more likely since people may intentionally or unintentionally often carry these sticks around and they'll get stolen or lost. After all, it's easier to get one of your employees drunk beyond remembering in a bar and get the stick off him than it's to break into an adequately protected physical facility. Moreover in the case of break-in into your facility the law is on your side (you're a victim of break-in) while in later it's against you (you failed to secure customer data) and depending on country penalties apply and your public image will get disastrous as well. Also it puts everyone into managing his own OS which is a bad thing unless all your stuff consists of sysadmins. It's unreasonable to require anyone from cleaner (who have no idea) to CEO (who consider it too low for their duties), including the people in non-IT jobs like accountants (who are neither educated nor paid for computer security) to be an educated sysadmin. Imagine a village where everyone constructs his own house without knowing anything about building. Many of them will be shaky from the beginning and crumble in few days, most won't survive full year, and after a good winter only few will remain, probably, done by people who learned how to build or have a talent. Even if you distribute initial OS yourself there are still many routine tasks you simply can't expect everyone to do properly. For security just stick to usual scenarios (network of centrally managed computers or servers+thin clients) with adequate permission policy. Also if you have no idea about security or don't have enough experience hire someone who does (if your company is big enough) or purchase a network administration contract with a company who offers such services or, most commonly, some combination of both like a part- or full-time sysadmin and a support contract with a company like Red Hat. After all you buy/rent your building from specialists rather than attempting to construct yourself. In my country, and probably in others, failing to secure adequately customer data is a criminal offence, so it's probably better not to risk it and let professionals do their job. --=20 Regards Vladimir '=CF=86-coder/phcoder' Serbinenko --------------enig26BDCE562DAB7DDF1F746B21 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREKAAYFAk+g1voACgkQNak7dOguQgnU1QD/ajcMVxVq1m6lgP3OGTpx6cH1 KCbDwYV89rI3HhVmOJYBAI/4okyExMIvePpDXTa0dqyTl5l+F5lwbXl32xmJcdGT =RUTI -----END PGP SIGNATURE----- --------------enig26BDCE562DAB7DDF1F746B21--