Misunderstanding Computers

Why do we insist on seeing the computer as a magic box for controlling other people?
Why do we want so much to control others when we won't control ourselves?

Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
コンピュータの記憶というものはただ改良した紙ですし、CPU 何て特長ある筆に特殊の消しゴムがついたものにすぎないし、ネットワークそのものは裏庭の塀が少し拡大されたものぐらいです。

(original post/元の投稿 -- defining computers site/コンピュータを定義しようのサイト)

Saturday, January 14, 2012

You Thought User Names and Accounts Were Easy?

After re-reading, I remembered I'd left out a discussion of user names.

The initial start-up program that walks you through setting up your first accounts and passwords usually suggests a user name for you. That might be good enough for you, but, then again, ...

There are two ways of choosing suggested user names.

One is to just borrow the first or last name of the owner name you typed in just a page or two back. Another is to borrow the initials. For someone named "Harriet Maxine Smith", user names likely to be suggested would include "harriet", "hms", and "smith".

But you are usually allowed to change the user name, so you might change it to "harrie", or "smitty", or "girlgeek", or "admin".

Hmm. I don't recommend "admin". Let's see why.

The computer (operating system) needs some ways to identify you, so that it can help you keep your stuff separate from the system stuff, and maybe from other users' stuff. Usually, there is a numeric userid (numbers are easier for the computer to work with) and another username that looks like a regular name, with letters and stuff (easier for you).

In most current Linux and Unix systems, numeric ids below 80 are treated special. System processes use them. In many recent systems, from 81 to 500 or 1000 are treated special in a different way. (How is a topic for a later time.)

You might have a reason to choose some number for your numeric user id, but, you should be okay with the one the system suggests for you. In fact, the system may not go to the trouble of even mentioning the numeric id, so as to save you a step in the setup process.

The user name, however, should be one you are comfortable with. And you want it to be easy to type, because you are likely going to need to type it sometimes.

One thing you may want to consider: Logging in to the computer requires ...

OH. I said "log in" again. And you may not know what that means.

Many jobs require the worker to keep a log of what she does on duty. Logging in, in a simple case, would be just making a note in the log book --

Solardate Harriet Smith on duty.
Now she can write down notes and stuff, and the assumption is that she is the one wriiting:
Solardate Passed solar east of Ceres.
And when she goes off duty,
Solardate Harriet Smith on duty.
And the next entry would be the name of her replacement.

You don't have to write fancy stuff like that in the computer log. (But IT system administrators may.)

Instead, the computer needs to know that you want to start using it, so that it can show you your files and stuff. And you probably don't want strangers using your files, so you want the system to make sure it's you.

Files and stuff. That would be your user account on the computer -- all your files and records and stuff.

So, you tell the computer your user name. And then it asks for your password, just to be sure. That's what loggin in is all about.

Now, if a bad guy doesn't know that Harriet's user name is "harrie", then the bad guy has to waste time guessing a user name before he can even start trying to crack the password.

Which is why I don't recommend "admin" as a password. (Unless you want to use the account as a trap for the bad guys, instead of as a system administrator account.) PIck another name.

Maybe Harrie surfs the web as "geekgirl", works as "harrie", and administers her computer as "carrottop". Three different accounts, three different names, not hard to guess, but not completely obvious, either. Easy enough for Harrie to remember.

Bonus question: Linux and Unix computers pretty much are guaranteed to have a user named "root". This is account number zero, and it is really, really special. It's the super-duper-omnipotent administrator for the computer. If you log in as "root", the entire machine is at your mercy. If you fall asleep at the keyboard at the wrong time, you could erase everything in the computer. Or worse.

You really don't want to log in as "root".

Bad guys know about "root". It's a name they don't have to guess. That's why you don't want to allow anyone to log in as root, ever. That's the real reason you want a separate administrator account.

Most OSses that you may find yourself using these days disable root login by default. If the system setup program asks if you want to leave it that way, say yes. But make sure you set up the administrator account, too -- with a name that isn't obvious.

And, if you're using one of the OSses (like OpenBSD) oriented towards serious technical work, you should check whether root is disabled or not, because the people who build those OSses assume that you know that you should check. (OpenBSD is one that asks, actually.)

Off topic here, but MSWindows, in theory, doesn't even have a root user. Don't misunderstand this. Senior level administrators still know how to get the whole system at their mercy. And if you have to be responsible for a MSWindows computer, or have to own a MWindows phone, make sure you change the default administrator account name. And "admin1" is hardly better than "administrator" or "admin".

"addm1n" would be a terrible password, but maybe not a bad user name for your administrator user. Just don't make it the default administrator user name for the entire company.

Passwords. Now we can move on to passwords.

No comments:

Post a Comment