Link: Ten Risks of PKI
Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure is a paper by Carl Ellison and Bruce Schneier. These aren't technical risks, at least not directly, and it makes for interesting reading. (And after you're done reading your printed copy of the PDF you can leave it out in a strategic spot for other people to run across.)
Another little sysadmin twitch or two
One of my little sysadmin twitches is that when I am
mv to move things into a different directory, I try to always
write it as:
mv foo bar/
(Note the the trailing slash on the directory.)
This is a safety measure: if I typo the directory name,
mv will error
out with a no-such-directory error message instead of renaming the file
to 'br' or the like. Speaking from personal experience, tracking down
just what happened to your file when you make this mistake and don't
notice right away is immensely frustratingly difficult.
(The difficulty is compounded by two of my habits: my shell history is
per-shell, not global, and I discard shells/windows once I'm done with
the particular thing I was using them for, which of course destroys
that shell's history. Thus if I typo the
mv and don't notice before
I discard the shell, the history that would let me back up and see the
Of course I am also a strange mutant who likes having rm, mv, and cp
aliased so that they have '
-i' on. (My personal aliases for them turn
off this behavior if I explicitly use '
-f', so that things like '
-rf blah' are not annoying.)
(As an aside, the habit of advising new sysadmins that they should on no account do this for their own accounts because they'll screw themselves up when they work as root or whatever without it has always struck me as an exercise in masochism. The right solution is to fix your root environment so that it also has things set this way. Nor is it terribly difficult to arrange for different people to have different root environments in most situations, to accommodate co-workers with different preferences.)