Slashdot Mirror
Should the Internet Be Secure By Default? (esecurityplanet.com)
darthcamaro writes:
There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.
"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?
Should the internet be secure by default?
"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?
Should the internet be secure by default?
The internet can not be secure if the carriers are not neutral.
If they had built encryption in from the beginning it would have been obsoleted long ago. Would you still want to be running WEP? Then we'd all have to upgrade our routers every year to stay on the latest encryption that hasn't been compromised. Having endpoint to endpoint encryption is the right answer.
And if that's not enough, we need an open and free internet and we need carriers to not be messing with any of my bits and bytes.
Mike @ The Geek Pub. Let's Make Stuff!
Yes. It should be secure by default. Otherwise you get the shit-shows like IoT that's been a botnet maker's dream...
http://www.rageboy.com/stupidnet.html
which is over twenty years old, explains the concept well. A good analogy is how X Windows has survived because it didn't enforce policy.
Whoever you let define what is 'secure' could and likely would control all information allowed on the internet.
The original intent of the Internet isn't what we see here today. It was supposed to be a military and government communications system to withstand a nuclear war - and used by universities. Meaning, security wasn't even thought of because it was supposed to be a closed system.
I bet they cringe at the .ru domain! Or the .cn one!
And if a new internet is created - somehow - hackers will find a way to infiltrate it because that's what they do: find weaknesses that no one thought of.
Give everyone a key with his name on it. If he does bad, take away his key.
How would we get all this entertaining news otherwise?
I tend to rant.
Security is the responsibility of the client. The net cannot be trusted. Either we block malicious traffic such as Facebook's, or it does whatever it wants.
Answer = No
The revisionists claiming that those who designed the Internet were at fault for not predicting future deficiencies should return to using the OSI networks like X25 that were indeed conceived with every imaginable contributor's input -- but that were so unwieldily that they lost out to IP even with the weight of national every national telecom operator behind them. The AT&Ts the France Telecoms, the BTs, etc, all told us that IP was badly adapted to real world and that it would be quickly replaced with "proper" and "secure" OSI networks.
Not encumbering IP with "solutions" to every future possible problem is in large part why we are using IP today, & not X25.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Security means different specific things in different specific contexts. Security in transit, which seems to be what this is focusing on, is mainly a defensive step against nation-states. Most of us don't worry horribly about organized crime tapping Internet backbone switches - for now that's the domain of intelligence and military organizations. At that point the entire conversation veers off from science into philosophy - the proper role of the state (if any) in monitoring communications for stuff it doesn't like. This tends to break down better on the newer and cleaner authoritarian / libertarian axis than it does the older and more muddled conservative / progressive axis. Authoritarians want more control so that they can implement and enforce their agendas. Libertarians want less control because they (generally) believe that authoritarian structures - even those created and begun with the best of intentions - eventually get taken over by thugs and then are used for totalitarian purposes.
Help save the critically endangered Blue Iguana
No, "the internet" shouldn't be "secure by default", whatever that means. It's the transport.
All devices connected to it, ought to be. But even that is hazardous to demand. Before you know it, you get "secure boot", "trusted computing", "DRM", and all you're left with is an entertainment console (tablet, set-top box, what-have-you) that you get to rent at inflated prices so you can "consume content" and otherwise get to STFU and like it, consumer.
I for one welcome our botnet eradicating corporate overlords to control our every move, and charge us for it, too.
I understand the sentiment, but the risk mitigation is low to none. Intercepting or hijacking encrypted traffic is done all the time, encryption is even used for C2 communications. Whether you have end to end encrypted communication, or even double-blind encrypted communications this does nothing to secure the end points at which that encryption occurs. Concerns around exposure and possible hacking, are much more likely user side followed by server side, than to be intercepted mid stream.
"Dumb network, smart edges" is the key difference between the internet and the many networks it has replaced and is replacing. To give up that principle would just give rise to another dumb network, possibly first running tunnels through the "secure" internet and using it as dumb pipes. The internet is the evolutionary opponent to the "intelligently designed" protocols. It's winning for a reason.
If you can define what that means. But that's not even what the guy is saying. He's saying ISPs shouldn't be in charge of securing customers computers or traffic.
If you imagine what a "secure by default" Internet would do for you, it would protect you from any unintended consequences from your actions. Now imagine how good ISPs would be at doing that for you. Most of them can barely run their own networks competently, much less understand their customers' businesses.
ISPs certainly have a role in responding to certain kinds of cyber attacks, like DDOS, or attacks on DNS infrastructure. But they don't really have the ability to protect customers from themselves.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Yeah, that's a good idea... until you try to decide WHO gets to doing the securing?
It's like "which Christianity should we adhere to in the USA?"
So... who do you want to have in charge of Internyet security? The Taliban, perhaps? ISIS? The Fundamentalist Baptists? The Prosperity Gospel Preachers?
As Bruce Schneier has asked multiple times: Who do YOU trust? (Flashes back to the title sequence from "Crusade"...)
As the Internet currently exists, it simply cannot be "secure by default." To have such a system you need hardware and software designed from the ground up to be secure, but the current system was designed to be robust, which is pretty much the other end of the spectrum from secure. Everyone at every level of use would have to start all over again.
A better solution might be to have separate networks for those who need such high levels of security; this would be cheaper and far more likely to happen. Still going to be expensive, but it might be a better -- as in possible -- solution.
Everything in the Universe sucks: It's the law!
The problem you not only need "security" but it also needs to be updateable. There is no foolproof software and or complex protocol proofs. There are all sorts of assumptions made which change all the time compounded by implementation errors and outright bugs. It may all be based on logic but you can't guarantee what makes sense today will make sense in twenty years.
So you have to be able to update software and complex digital hardware. That is simply impractical. You can write a law saying pi=3 but that doesn't make it so. By it's very nature it would require some level of all software and hardware being open source such that the security routines and how they work could be changed. Not going to happen.
Everyone though that OSI model would go beyond layer 3. That there would be standard dynamic libraries for end to end encryption and that programmers wouldn't need to be that involves in the minutia of the design. Instead what we got was a role your own and linking to available static libraries idiocy. And https.... nuf said.
I think what is needed is that governments should require programmers both to guarantee a specific lifetime guarantee for where there should be minimums depending on the software. The software should be bonded by an insurance/review company (which will have the code) for that period of time. Programmers and publishers need to be liable for the quality of their products where money is exchanged. There needs to be minimum standards and review.
... I think we should have neutral carriers in the middle ...
No way the current crop of ISPs are going to allow this to occur. It will destroy their plans to charge tolls on any and every aspect of the Internet.
Making the network "secure" in the sense that packets sent from A to B go from A to B, by well designed routes, rather than being intercepted or redirected and rather than being easily hijacked in other ways, would seem good. Ideally this would make surveillance simply fail to work.
Somehow having the network "understand' what is going on and blocking undesirable traffic sounds like just the kind of thing the Chinese government (and others) are trying to do...censorship all over.
In practice, though, specifying who "A" and "B" are gets tricky and arguably if you want to make surveillance fail to function, you must not have immutable network mechanisms that connect "A" and/or "B" with particular carbon units (people).
It seems better that the immutable identification be handled at end points, so people know directly when they authenticate and it cannot be done for them.
Oh, those silly medieval peasants and all their famines! Why didn't they just eat at KFC?
Seriously, when the Internet was developed, cryptography was in its infancy, connections were physically secured, and the backbone consisted of 16 bit processors with up to 32k of core memory, and I mean core memory. When the web was developed, it was still not really possible to encrypt everything.
Long term, encryption alone isn't the right thing anyway. The next generation shouldn't just have encryption but also peer-to-peer service, decentralized naming, etc. People are trying to build that kind of internet using blockchain technology. You should support it.
The internet is supposed to be a simple pipe. You open and close the 'valves' at your end. Leave everybody else alone.
“He’s not deformed, he’s just drunk!”
If you can define what that means. But that's not even what the guy is saying. He's saying ISPs shouldn't be in charge of securing customers computers or traffic.
That's fine for larger corporate customers who at least in principle should be able to manage to secure their networks. But less sophisticated customers hugely out number the sophisticated ones so there HAS to be some mechanism for helping them to keep their little network and devices secure. If this isn't the ISP then who should it be? I like the idea of smart edges and a dumb network but we cannot assume that every edge has a tech savvy sysadmin on the end of it.
Having endpoint to endpoint encryption is the right answer. And if that's not enough, we need an open and free internet and we need carriers to not be messing with any of my bits and bytes.
I agree but I'd actually go further and say that the only way to secure a network is with endpoint-to-endpoint encryption because how can anyone trust all the network providers in between? Once you send your packet out you have no control where different networks will route it and if it is routed through somewhere like the US, even if that is not the final destination, you know that the government there may potentially look at it.
Pick one - you can't have both.
This sig left unintentionally blank.
No such thing as absolute security or zero risk. The best strategy is to assume that nothing on the internet is safe and proceed accordingly. No one security strategy will work. Everyone using the internet should apply some kind of layered security depending on the value of what they want to protect. Then there are the bots that may not necessarily attack your machine but act as infection vectors and instruments of DDoS. Mitigating these things pretty much depends on how well the user is educated. But most users can't be bothered event to change the default credential of their devices or use password vaults for lengthy random passwords. So does this mean they should be protected from on high? That probably wouldn't do any good if the user isn't educated and concerned. Accessing the internet is convenient and security tends to interfere with that.
"Gentlemen, you can't fight in here! This is the War Room!" -- Dr. Strangelove
The problem with embedding security protocols in the network itself is the same one we've seen with network capacity: the providers have little incentive to upgrade once they've invested in the initial roll-out. If we embed security at the level of the ISPs and backbone providers, we'll have a massive problem when that security is inevitably broken (whether by malicious action or simply advances in computing power making the algorithms it uses obsolete). We'd also likely see major abuses, either by laziness (your Linux OS isn't supported, we won't allow it to connect) or greed (good-bye routers, you'll have to connect computers directly for security to work and that means paying per computer to connect them). Good-bye having your own domain, for security all email has to be routed through your ISP's mail servers which only support your ISP's email addresses or you'll have to use webmail interfaces which also put you at the mercy of a mail provider (eg. no S/MIME signed/encrypted email unless your mail provider supports it and you give them your private key). And in general I distrust any claims that ISPs and backbone carriers will implement any kind of security correctly, they won't even implement current security measures like spoofed-address filtering.
And what kind of security would we gain? This idea can't protect us from malicious actors gaining network access, ISPs can still sign up customers and there'll always be ISPs who can be fooled by false IDs or who won't look too closely at the background of a customer offering them money. It can't protect us from false identity claims, see above. It can't protect us from malicious content, we've already seen that in the way new exploits get past software designed for the sole purpose of detecting malicious content.
I'm fine with the network enforcing things like default encryption of traffic, but it should be a case of IP-level protocols requiring endpoints to encrypt traffic (eg. all IPv6 traffic requires AH and ESP or the routers will reject it). Authentication should be done directly between the parties that need to authenticate, eg. your email provider issues x.509 certificates for it's users certifying they're who they claim to be (or at least own the address they're using), DNS registries issue certificates certifying that an email provider or mail server operator controls the domain name they're using to send email and so on. Example: if I'm operating my own mailserver for silverglass.org, I'd create my own master issuing certificate and get it signed by either my domain registrar (who'd be using a certificate signed by the registry) or the .org registry saying that my certificate is good for issuing certificates within the silverglass.org domain. Then part of turning on a new mail user would be me issuing them a certificate valid for the email addresses they've asked for. I'd also be issuing the server certificates for my own mailservers. During email handling (receiving a message from my server or delivering a message to it) one check would be "Is this server's certificate valid for the relevant domain for the message?". When you signed or encrypted email messages, you'd do so using a certificate I'd issued to you (saying "This is the true owner of the email address sending this message.") or another one issued by a party who knows your identity (eg. one from your employer saying "This is really our employee and he's shown us ID proving he's really X."). And as far as malicious content goes, well, we already have AV software in use but I've found that the only people who don't have a problem with malware are the ones who refuse to directly handle content from outside or unknown/unexpected sources. The only solutions I have are a) use less complex formats that don't require hairy error-prone code to parse and b) run programs that access that content in a VM that doesn't have unmediated system access (most OSes now are capable of running lightweight VMs or containers). No, languages won't solve the problem of vulnerabi
Should the roads be secure by default?
Yes I want an internet that is secure by default. No this does not involve the carriers. I personally think this starts with distributed, federated identity meaning that your presence on the internet can be known to others but only to others you trust. Think BitCoin but for identity.
For example, imagine you made your own authentication realm that was just a presence on the internet. You would create identities within it that represent you and people that you trust along with this trust relationship. It would also store data regarding your interactions with others in some way. This could then be exported by you under your supervision to other entities that would use it to determine if they trusted you or not. With cryptographic protocols and fingerprints you would be building a long-term history of trusted actions much like how we interact face-to-face.
The goal would be to remove identity from places like Facebook or Google. OAuth, X.509, PGP/GPG, and some other technologies either get us close or do parts of this right now. It's just not in an easy-to-use cohesive bundle that you can stand up on a mobile phone. My idea would also be unwelcome at commercial sites unless they are truly willing to negotiate attribute release. Ideally I'd like something like 2-way EULA that allows me to know and alter what data these companies collect on me and how they use it.
Until we start treating the internet like a real place where real people interact in real ways I'm not sure we'll be in the right frame of mind to solve these issues.
You can't actually find stuff on the Internet any more, because the first 2,500 search results do not even contain the search terms you used, but things you might conceivably been thinking of buying if you were someone else in a parallel universe.
If you want "secure" as in privacy you might want to write it on paper and carry it there in person. I would suggest you avoid putting it in an electronic format of any kind.
You might also wish to buy a tin foil hat from my Ebay shop - in case the thoughts leak from your brain.
Sent from my ASR33 using ASCII
The job of ISPs is to deliver packets quickly, not to waste time encrypting, an exercise that would be bound to disappoint because governments will insist on a clear stream, and they are one of the biggest threats.
But encryption is not security. We already have great end-to-end encryption (and don't governments hate it?) The weakness comes at the two ends. Saying that the Internet should provide security for us is like saying banks should provide financial responsibility for us, or that roads should provide safe driving.
Secure Internet comes from well written programs. Well written programs can be secure even though the whole world is looking at the data streaming past and trying to modify it for fun and profit.
Newall
The big mistake that so many ppl believe that TRUE TOTAL security is possible. It is not. The reason is that new approaches to defeat a security will be found. ALWAYS.
What is really needed is the ability to change security quickly.
For example, the DOD recently asked for ideas on how to secure the net and communication as a whole. With plug-gable architecture that can negotiate with the other side on what protocol and what settings, is the only possible solution.
Likewise, for IOT and with our appliances at home, there should be a 'button' that connects between say a POE from the applice and can then deal with wifi, or zwave or nuwave or blue tooth, or simply IPv6 over cat5. Down the road, if the house is updated, then the 'button' is changed.
And anybody that believes that the net can be 'secured by default' is not really into security, but is just a PHB.
I prefer the "u" in honour as it seems to be missing these days.
The phrase "Original Sin" isn't applicable. The technology for packet switching predates the technology for the encryption Darth Technoid would like to be applied to the packets. If you want to talk about making a transition from where we are now to something different, you can't just say "secure by default." You have to be very specific about the design of the technology for where you want to end up and then about the transition process to get there from where we are now. Otherwise, it's like asking "should all school lunches come with universal health protecting pills for free." Whether or not you agree is irrelevant if the pills don't exist.
What is a "secure" internet?
Secure for whom and against whom? If we let the government define what is safe and secure for us as citizens, we might be in for a totalitarian authoritarian run type of internet.
We're already fighting viruses and worms, a "safe internet" won't secure against that, this is what we do on OS level to protect our computers, and that needs updating all the time - nothing is ever going to be 100% secure.
But if you mean security against pr0n, hate-mail, cyber bullying, fake news and whatnot - you need to start on citizen level - not censoring the roads, blocking countries and communication - that's borderline dictatorship. Education is the way forward, not censorship.
What this world is coming to - is for you and me to decide.
Years ago, in mostly adoring interviews with Vint Cerf and Bob Metcalfe about security, I asked each of them how they screwed up so badly on security.
They didn't. Jonathan Postel screwed up when he wrote RFC 821.
By early 90's inaction to correct this was no longer Jon's fault. Today given 35 years of time having elapsed on a network with billions of users inaction is a "sin" anyone who can write a program that compiles is now on the hook for.
They both didn't think that mattered quite as much as I do. Thus, I feel that the lack of security design is the Original Sin of the Internet.
It really doesn't matter.
Most operators don't route packets over random anonymous physical links they know nothing about nor do they partake in BGP sessions in a similarly unqualified and unfiltered manner. Operators are not perfect. They can be influenced by error, indifference, poor judgment, saboteurs and governments just the same. A certain amount of trust and competence among operator community enables the Internet to function at all (e.g. Reasonably successful chance of global delivery of packets from peer A to peer B). It just isn't expressed in any field of any IP layer protocol header nor is it enabled by fancy algorithms. Security is enforced physically by professional relationships and aligned business interests.
I don't see that happening any time soon, what with IoT DDoS bots, increasingly massive data hacks and so on.
Blaming the Internet itself for these things is like blaming baseball bat manufacturers whenever someone decides to wield them as bludgeons.
My thought is that the Facebook CSO is wrong, in that end-to-end security requires eternal vigilance at all levels of the stack and through the system.
The point of end-end security is minimization of what is required to be in the trusted path and still have a system remain trustworthy. Trusting operators with unaligned interests is nonsensical. Attempting to secure everything means your wasting massive amounts of resources that can be better focused on shit that actually matters increasing likelihood of mission failure.
On global scale there is simply no viable alternative to E2E nor is there a substitute for tools to practically enable users to create and manage their own trust relationships amongst themselves "for better or worse".
The security of a network is irrelevant if the software using it is insecure. That's why we won't have real security until all software is written in a provably safe language like Rust.
Rust builds on the legacy of languages like Ada and Erlang. It doesn't treat safety as an afterthought, like languages like C and C++ do. The Rust language, compiler and Code of Conduct work together to guarantee that Rust code doesn't have thread safety flaws. That's why we need to rewrite more of our software in Rust.
Mozilla has taken the lead and is rewriting parts of Firefox in Rust. Now it is up to Google to start using Rust for Chrome.
CPU Processing power was quite expensive at the time, so it's not surprising that security was not as strongly considered as after-thought would have it.
IMHO the biggest weakness of the current Internet is that every packet must contain the full source and destination. I'd like it to be more like a Russian doll-style, every node on the source side should only give a reference and the destination should be unwrapped layer by layer. So if I want to send a packet from 1.2.3.4 to 5.6.7.8 my node should send to 1.2.3.x and only relay to 1.2.x that "someone" from 1.2.3.x wants to contact 5.x with an ID, from 1.2.x it'll relay to 1.x that someone from 1.2.x wants to talk to 5.x, then 1.x will relay to 5.x that someone from 1.x wants to talk to a 5.x node, 5.x will decrypt and find 5.6.x, 5.6.x will decrypt and find 5.6.7.x, 5.6.7.x will decrypt and find 5.6.7.8. I'm sure there's a lot of complications involved, but it would make breaking a single link much less valuable.
Live today, because you never know what tomorrow brings
See subject: Better in efficiency & abilities vs. browser addons (does far more for far less) APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script/malware rob speed/security/privacy.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99.999% of ISP DNS != patched vs. it) + lighten DNS load & resolve faster from local system RAM!
* Via what u NATIVELY have in the FASTER kernelmode IP stack!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
Nobody gives a shit about Rust. Rust doesn't fix LOGIC issues.
Because the Internet cannot be "secure by default", unless you forbid everything, make all computers closed and unhackable and make writing software a capital crime. Of course, that needs to be done globally.
While there are some fascist tendencies in that direction, they have zero change of succeeding in this regard, fortunately.
The real solution is that commercial vendors must be made accountable for the insecure and often unpatchable crap they put out there. As soon as that happens, the problem will essentially go away except for minor incidents that do not really matter.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I used to think that n-gate (http://n-gate.com/) was being kind of harsh regarding Rust and the Rust community, but fools like you make me think now they are pretty much spot-on.
Two people standing in a field having a conversation - that's the default human condition. Are there eavesdroppers? Are their communications subject to interception? Can somebody demand that somebody follow them around and write down everything they say or demand that all of their conversations are relayed via a biased third party?
All of those are "no", so all of those things are violations of the default human condition (what some call "human rights" though that unnecessarily complicates matters). The violations themselves are unethical, so there's no need to look further for political theories.
Human technology should reflect basic human ethics and work to maintain, if not improve, the default human condition, so, yeah, the Internet should at least enable communications that are secure by default, if not necessarily require them.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
If the internet was a proprietary, closed system, sure. Maybe.
But it's not. You don't control every router on the internet. They're run by millions of individual people/companies, under hundreds of different legal jurisdictions.
Trying to make it secure is a fools errand.
Of course this royal ass wants this. It's so that he can force everyone to collectively pay for their ads. Same with netflix and spamazon. They want your ISP, and therefore you (cost passon), to eat the bill for their bandwidth regardless if you use netflix or not. Stop supporting net neutrality. The useful provisions are there to con you! Separate them out!
The whole point of security is that I can verify it. If I can't, it is not secure, period.
Putting the carrier in charge means I can't. When they turn of encryption and authentication during nightly maintenance and forget to turn it back on - nobody will be the wiser.
Assorted stuff I do sometimes: Lemuria.org
Let applications decide what needs security, as it always was.
The principal of a tool doing one job the best it can is still a good paradigm.
Internet transit providers should only worry about about providing transit.
You're making the rust community look bad. It's a good language IMO, but enforcing memory safety doesn't prevent every type of error, especially not with things as delicate/complex as security.
Rust's Code of Conduct is better served as toilet paper. If you have to explicitly codify the expected conduct of your peers, then it's clear that those people can't conduct themselves appropriately and should just be ejected from the project.
I will never have a Code of Conduct for my projects. If you can't act like a decent human being, don't contribute to it.
In the early 1990s, there was a battle between heavily locked down set-top devices, which used phone lines for content and the Internet. Thankfully the Internet won out.
Imagine if the "secure" element (secure as in keeping jailbreaks from happening, not secure as in keeping the bad guys out) won:
We would have plenty of forums... but it would be like Prodigy, where you don't submit a post, but request a moderator to look at your stuff, and if he/she pleases their own political leanings, they might allow it to go on there.
Email? Sure. Pay the postage stamp.
Of course, you will be charged by the hour for the time you are online.
Imagine if the world managed air traffic the same way it manages cyber traffic? Each airline would be individually responsible for air/ground movement. Of course we should require clean pipes from and to Internet sources and destinations. Such a solution should inlude an auditing mechanism to ensure all ISPs/IXPs are following an internationally agreed upon standard.
Imagine if all of our internet security was as screwed up as the broken CA system for https is!
The result is we would need end to end encryption running over the resource eating but not actually trustworthy default security (with the deliberate hole for governments and organized crime)
.
Well, what I saw when the Ruby CoC was adopted was that it provoked people like you to be complete assholes on the matter. Unfortunately the irony seemed to be lost rather than it being a self-selecting set. Pity.
You're too short sighted. When Rust prevents certain types of bugs it lets the programmers put more focus on avoiding the other types of bugs thst Rust can't prevent.
When you use C your attention is split across avoiding many different types of bugs. Each gets only a small amount of focus. But when you use Rust you can put your full attention toward getting your logic right, and you don't even have to worry about memory or thread safety.
Good gods no one fucking cares about Rust. You rusters are some rentseeking dudes.
Obviously it's opposite day ;)
- Betteridge
It means different things to different people. Some people seem to think Confidentiality (encryption). Other people think of Authentication. Still others think security means something else entirely.
The Internet is already 100% secure ... depending on your definition of secure.
What the Internet is, was, and is supposed to be was laid out a long time ago and in a very non-ambiguous way and it's worked famously for a long, long, LONG time.
It's wonderfully working as it was supposed to do.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
A good example is the telephone network. It tries to have some security features, such as having identifiable source numbers. In reality that doesn't work and leads to false assumptions about the network.
Essentially you cannot outsource security.
The approach of the Internet is much saner. Just have a dumb network and have the endpoints do the actual security. This also allows for swift upgrades in security and for custom solutions addressing the specific security problems.
Whenever you work with security you must ask yourself "For who do I implement this!". There are many instances where the anwer isn't clear (win 10 anyone?). When it comes to the ISP we end up in the national security quagmire. As long as leaders are benevolent angels there will be no issues. But what if a totalitarian president is elected in one of the key countries where mist data flows, (the US)? Suddenly its not so clear any more.
secure and reliable transport of data packets is what the internet should be doing.
classifying what's INSIDE the packets is not.
Thus it is this writers opinion that internet should just be a "dumb pipe".
However, certain parts of the packets themselves need to be processed by the network hardware to figure out the destination etc.
0f course this part needs to be filtered, monitored and secured but only for the reason that the
packets get routed reliably!
because, once the CONTENTS of packets get categorized, WHO then holds the power (and logic) to define bad from good?
this "logic" can start at one point by some small part of the network and then drop packets and then so-called complaint
packets (from other parts of the interconnected networks) get dropped because they are classified "bad" and thus the "outage" spreads to end with
isolated local networks that cannot route anything in between anymore?
Your ads are dangerous. Why you may ask? Because you're worse than a regular advertising company! You keep a dossier on people, tracking all their posts, trying to find out their Internet history and keep records, you've been known since the 90s on the Internet as someone who contacts people's ISPs if you have sufficient details, you contact their hosting providers, people's companies where they work to make a scene because they dared to disagree with you on the Internet.
You ironically are the antithesis of safety online, you harass, provoke, stalk and it often starts with one of your advertisements. You have people tell you to go away and leave them alone, but you continue to pursue them, make legal threats etc. until you are satisfied. You are one of he few advertisers out there that I can actually point at and show that you are using information gathered against other people!
In summary, the most dangerous advertisements people need to be weary of is yours, APK. Your adblocking solution does nothing to stop them either.
The public internet is unsecure by intention and design. Remember the origins of the internet, DARPANET etc? Independent of being literal truth the old story that "The first crime on the internet, was to use the internet for anything other than military reasons." speaks volumes and is grounded in reality.
A main motivator for the U.S. military opening up the internet to outsiders was to spy on them. Given that background there is fundamentally going to be no-way to securely access the internet. Trying to, is like trying to hold back the tide. You will not win.
What you CAN do is temporarily secure small little fiefdoms. This is to me akin to reclaiming land from the sea, yes it can be done by nation-states but individuals are best advised to be aware of the line is and respect it.
Yes, the internet should be secure by default. However, that's a different question from "should ISPs be doing it?"
ISPs are not trustworthy, so any "security" imposed by them is meaningless. The internet should be secure by default through the protocol definitions, and enforced the same way that all internet protocols are enforced: if you don't conform, then you can't really talk with anybody.
When ISPs are literally snooping on everything you do because they can then all the encryption in the world means NOTHING. We need an Internet where the ISPs keep their little brown noses to themselves and out of everyones business; their role in a publicly-accessible Internet should be to provide connectivity to the public, not act as an 'advertising platform' in the interests of companies. Now, if ISPs want to provide broadband services for FREE to everyone then I can see where they'd have a right to snoop and insert ads and all the shit they do right now. But I'm PAYING for it? And they're DATAMINING me and selling that to other companies, so they can try to sell me shit I don't even WANT? Screw them.
https://en.wikipedia.org/wiki/Betteridge%27s_law_of_headlines
Why don't you do some investigative journalism so that you can right an affirmative piece rather than leaving it up to your readers to prove your premise for you, you lazy fuck?
Sure, and modern C++ prevents certain types of bugs, while allowing raw speed when needed. We also know that C++ isn't a passing fad.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
It is that retard APK showing the world how much of a fucking retard he is. He is spamming his little retarded hosts file engine again. Too bad any retard could work around it and it only stops people more retarded than APK. APK is just too retarded to even properly write which is why he always includes the retarded "See Subject". He will also, like a retard, continue to spam shit over and over again and will probably post some retarded out of context quotes too. APK is just an all around retard. Now for APK to continue showing the world how much of a retard he is.
I'm not sure why people are trying to frame this in such a weird way, but agreed with the sentiment overall.
It's not like ISPs should be against security, or that they shouldn't adopt secure practices... it's more like that they should not interfere with Internet traffic at all because it's not their right to do so.
That's what the neutral argument stands for.
The minute you make ISPs responsible for all sorts of things regarding the Internet is the moment they appropriate it, and then you are gonna get nick and dimed for everything, have your access interefered in all sorts of way to profit from your access, and you'll end up paying one way or another for having ISPs responsible for things they shouldn't.
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
* It's recommended/hosted by Malwarebytes' hpHosts!
APK
P.S.=> China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ - See subject... apk
Mere talk vs. WFP/ACL & my app protecting hosts above those protection mechanisms in Windows you unidentifiable anonymous troll...
APK
P.S.=> Respected SECURITY & WEB PROS agree hosts = GOOD SECURITY, proof right here so EAT YOUR WORDS https://news.slashdot.org/comments.pl?sid=10953959&cid=54948109/ ... apk
I identify myself - "your kind" won't - you HAVE to hide while you troll me unidentifiably anonymously - who are you attempting to fool other than yourself?
APK
P.S.=> There is a HUGE DIFFERENCE between myself & skulking WORMS like you & yours... apk