f you must make an analogy, don't even use a house. It's a public train station, with no police, and the attacker is challenged to write his name on a piece of paper. But the challenge is that the piece of paper is in a locked viewing cabinet behind bullet proof glass.
Analogies are indeed a MUST. and M-U-S-T must must must. Sorry, but sometimes you do need to reduce things down to a simplified set.
I liked the "there's a guy you let in your basement, and he's getting into the main part of your house" as an analogy for priv-elevation, but the train station is a nice one, too.
Desktops are often shared among members of the family, and even friends that are visiting.
Good point. My only counter is that Most people don't protect against the people they invite into their home/computer. Or if they do, they limit what websites their kids can see, but not often what programs they run.
Or at least, that is my understanding. Remember, I grew up with clueless Parents. I wonder if these days parents of youngsters are more savvy on internal security?
So I'm stating that when most people think of computer security, its protecting from against the outside. Only the security-savvy/a.k.a. real admins are concerned with the total package, inside and out.
I don't think that analogy is quite apt. It's more like locking someone in your basement and they figure out how to gain access to your whole house.
Okay- I like that analogy better. I've got deep deadbolts on my outside doors; the door between my basement and house has a cheap handle lock that can be popped with a long, thin screw driver.
Not to get lost in the analogy details, but I think you'll find most security skews the same way.
When I run a third party program I am essentially letting them inside, but as a non-priviledged user I'm confining them to a specific area. But if this ability to elevate privileges turn out to be a fact, then any program I run can have full access.
I think this ability to elevate privs should be analyzed on a case by case basis for all programs; as such if you are concerned about what applications a user can and can't run, remove the ability to run those applications from the machine.
However with most desktop machines your biggest worry isn't normally* an attack from within; its usually from without.
*)people on slashdot aren't normal and typically have needs that extended beyond normal users. Feel free to contribute some examples that counter this assertion.
The two things are different. Very different. Quit trying to make analogies with them. Some attempts at home security/compute security analogies are better than others (and this one wasn't one of them), but they're almost always flawed in one way or another.
Thanks for making an assertion without even providing any evidence to support it!;)
I this case, I think the analogy holds VERY well. Its much easier to defend a single point of entry (or a limited number of entry points) than it is to defend each and every thing that is precious and valuable. In this case, the TCP/IP stack and the the network services that ride on top of them are your "limited entry points"; vs. tying down absolutely every application.
The original test was equivalent to saying "I'll let a thief into my house. Let's see if he can steal anything!" Most houses don't have everything bolted down to the floor.
But how often do you allow someone into your machine? For A desktop, not often, perhaps never.
The biggest risk to most computers is a network based attack; this is the real meat and potatoes and a better test of the security of a machine.
FYI: saying "not" went out in 1995. Welcome to the future!;)
Even WITH the conference server and a VOIP or similar way of making intra-corporate calls insanely cheap, there's still a per-office broadband cost to shuttling a gig per day of voice data around, especially when you're talking about something as lightweight as a few fields changing in spreadsheet data.
Okay, perhaps I wasn't clear enough on our usage. The conference call is going to happen anyway. Wiki or Excel, it doesn't matter. These are mission critical issues that need to be addressed on a daily basis because they involve integrating different groups. Perhaps its a bit micromanaging, but there is no room in the schedule. So this is a Business Process issue, not really a spreadsheet technology choice.
As for the spreadsheet, how it works is this: you make your changes to the rows that concern you. If you're good, you do it before the meeting even happens; no extra network overhead. If you miss a few things, you update the rows of interest to you; be it 2, or be it 20. You push out your changes (less than a megabyte for the sheet) the central people reload the changes (Meanwhile, a wiki server runs on old crap hardware from anywhere You sure about that? I mean, a server is a server; and a crappy server will buckle under load. WE're talking about networking now; not about "Layer 7" applications (to use the OSI model).
But don't mock a wiki for being useless just because other tools exist. Besides, hitting 'refresh' on a browser is faster and easier than any shared-Excel paradigm you can possibly contrive. It just IS.
I'm not mocking a wiki for being useless, I'm mocking Mr. VisiCalc for ignoring the current world around him. And I dunno, hitting refresh on Excel is pretty damn easy. YMMV.
We have conference calls sitting around an excel sheet populated by other data, and we make our updates, save 'em, and let the main conference holders know, they reload, and its all populated and shared. In near-real time. And we use net meeting, too.
The venerable Obscurestore got comments when Romenesko moved to typepad.
And very shortly afterwards comments were suspended due to unruly users (as we say, the comments were RomeneskOWNED!!!@#1!)
To see this happen to the WaPo is completely predictable. Michelle Singletary had a lot of hateful posts to her moderated online chat after she criticized Bill Cosby. Since it was moderated, the offensive posts weren't shown, but she was obviously ticked off by the whole deal.
And after a while you hit a global truth about the Tragedy of the Commons; If there is no barrier for entry, then any immature, overzealous crackpot can spoil the resources for everyone. Which leads to either having moderators (who will have to be compensated) or a paid admission.
Having a masters in computer science and having worked at a low "down to the metal (well, poly)" level with VLSI, I think I'm qualified to say that the first lesson every disciplined user needs to understand is that the magic smoke needs to stay on the inside. If it gets out, you need a new one. Feel free to try to collect up all that smoke in a jar and try to cram it back in later. It won't do you any good.
Next week class, we will go over adjusting your computers Johnson Bar, and adequate Frambus parameters. And bring in $5 and I will oil your computers muffler bearings.
I bought a macmini and I got a mac.com account free for 30 or 60 days. Saw what it was about. Got some "you should pay $100 to keep this" spam, and let my account lapse.
It was very cool that they gave me a free shot at it so I could see what I was getting into.
These chats allow you to talk with the writer and typically an expert to further flesh out the story.
Additionally, these chats can lead to follow up articles. One example is the "housing real-estate bubble" around the DC suburbs; there were follow on articles about the aftermath of adjustable, interest-only mortgages.
These chats really give you a feeling of connection with the paper and even the community. Before going to a concert in DC I asked the Going Out Gurus wether I should drive into the District or take a Metro (the verdict: Drive, but watch out for parking).
This interactive approach to a newspaper is what keeps it current, hip, and helps the end-user feel connected. A local slashdot buddy said "If the chats went to a Pay-to-play scheme, I'd probably pay. They are worth it."
What surprises me is that the very same people who post "Glass Parking lot!!~!@#" to any Mid-East based thread (even on the ones about tall buildings in Dubai!) are able to form semi-coherent statements in other threads.
Perhaps the Web 2.0 will have an IQ requirement...
Slashdot Mirror
I've been waiting for this allusion...
Mod Parent up; that was hysterical!
which is a bear of a drive. :)
some of the ARTS machines run lynx.
Those RS6000's are getting upgraded to pSeries AIX boxen (at least in the ARTCCs). The D-positions already have.
It's me. We'll always have the first Nano...
-Apple
Krakow! Krakow! Two direct Hits!!
/goodnight, funny-man
sigh.
Fine. I'll use Searle's Chinese Room as an analogy. It depends on where you draw the line between inside and outside. And that was my point.
Feel free to disagree.
as the first person to try to draw an analogy between computers and houses or cars, you have automatically lost.
Oh damn! This is probably some godwin-like rule with computer analogies!
I appreciate your analysis, thanks.
f you must make an analogy, don't even use a house. It's a public train station, with no police, and the attacker is challenged to write his name on a piece of paper. But the challenge is that the piece of paper is in a locked viewing cabinet behind bullet proof glass.
Analogies are indeed a MUST. and M-U-S-T must must must. Sorry, but sometimes you do need to reduce things down to a simplified set.
I liked the "there's a guy you let in your basement, and he's getting into the main part of your house" as an analogy for priv-elevation, but the train station is a nice one, too.
Good point. I would lump e-mail and also user-downloaded website exploits with network security, too.
I'm not feeling especially witt today, so insert some sendmail bug joke here.
Desktops are often shared among members of the family, and even friends that are visiting.
/a.k.a. real admins are concerned with the total package, inside and out.
Good point. My only counter is that Most people don't protect against the people they invite into their home/computer. Or if they do, they limit what websites their kids can see, but not often what programs they run.
Or at least, that is my understanding. Remember, I grew up with clueless Parents. I wonder if these days parents of youngsters are more savvy on internal security?
So I'm stating that when most people think of computer security, its protecting from against the outside. Only the security-savvy
I don't think that analogy is quite apt. It's more like locking someone in your basement and they figure out how to gain access to your whole house.
Okay- I like that analogy better. I've got deep deadbolts on my outside doors; the door between my basement and house has a cheap handle lock that can be popped with a long, thin screw driver.
Not to get lost in the analogy details, but I think you'll find most security skews the same way.
When I run a third party program I am essentially letting them inside, but as a non-priviledged user I'm confining them to a specific area. But if this ability to elevate privileges turn out to be a fact, then any program I run can have full access.
I think this ability to elevate privs should be analyzed on a case by case basis for all programs; as such if you are concerned about what applications a user can and can't run, remove the ability to run those applications from the machine.
However with most desktop machines your biggest worry isn't normally* an attack from within; its usually from without.
*)people on slashdot aren't normal and typically have needs that extended beyond normal users. Feel free to contribute some examples that counter this assertion.
The two things are different. Very different. Quit trying to make analogies with them. Some attempts at home security/compute security analogies are better than others (and this one wasn't one of them), but they're almost always flawed in one way or another.
;)
Thanks for making an assertion without even providing any evidence to support it!
I this case, I think the analogy holds VERY well. Its much easier to defend a single point of entry (or a limited number of entry points) than it is to defend each and every thing that is precious and valuable. In this case, the TCP/IP stack and the the network services that ride on top of them are your "limited entry points"; vs. tying down absolutely every application.
I think you can't "see the forest for the trees."
The original test was equivalent to saying "I'll let a thief into my house. Let's see if he can steal anything!" Most houses don't have everything bolted down to the floor.
But how often do you allow someone into your machine? For A desktop, not often, perhaps never.
The biggest risk to most computers is a network based attack; this is the real meat and potatoes and a better test of the security of a machine.
Yeah, that's as good as a wiki.
;)
Not.
FYI: saying "not" went out in 1995. Welcome to the future!
Even WITH the conference server and a VOIP or similar way of making intra-corporate calls insanely cheap, there's still a per-office broadband cost to shuttling a gig per day of voice data around, especially when you're talking about something as lightweight as a few fields changing in spreadsheet data.
Okay, perhaps I wasn't clear enough on our usage. The conference call is going to happen anyway. Wiki or Excel, it doesn't matter. These are mission critical issues that need to be addressed on a daily basis because they involve integrating different groups. Perhaps its a bit micromanaging, but there is no room in the schedule. So this is a Business Process issue, not really a spreadsheet technology choice.
As for the spreadsheet, how it works is this: you make your changes to the rows that concern you. If you're good, you do it before the meeting even happens; no extra network overhead. If you miss a few things, you update the rows of interest to you; be it 2, or be it 20. You push out your changes (less than a megabyte for the sheet) the central people reload the changes (Meanwhile, a wiki server runs on old crap hardware from anywhere
You sure about that? I mean, a server is a server; and a crappy server will buckle under load. WE're talking about networking now; not about "Layer 7" applications (to use the OSI model).
But don't mock a wiki for being useless just because other tools exist. Besides, hitting 'refresh' on a browser is faster and easier than any shared-Excel paradigm you can possibly contrive. It just IS.
I'm not mocking a wiki for being useless, I'm mocking Mr. VisiCalc for ignoring the current world around him.
And I dunno, hitting refresh on Excel is pretty damn easy. YMMV.
We have conference calls sitting around an excel sheet populated by other data, and we make our updates, save 'em, and let the main conference holders know, they reload, and its all populated and shared. In near-real time. And we use net meeting, too.
The venerable Obscurestore got comments when Romenesko moved to typepad.
And very shortly afterwards comments were suspended due to unruly users (as we say, the comments were RomeneskOWNED!!!@#1!)
To see this happen to the WaPo is completely predictable. Michelle Singletary had a lot of hateful posts to her moderated online chat after she criticized Bill Cosby. Since it was moderated, the offensive posts weren't shown, but she was obviously ticked off by the whole deal.
And after a while you hit a global truth about the Tragedy of the Commons; If there is no barrier for entry, then any immature, overzealous crackpot can spoil the resources for everyone.
Which leads to either having moderators (who will have to be compensated) or a paid admission.
Money; seperating me from the riff raff.
Having a masters in computer science and having worked at a low "down to the metal (well, poly)" level with VLSI, I think I'm qualified to say that the first lesson every disciplined user needs to understand is that the magic smoke needs to stay on the inside. If it gets out, you need a new one. Feel free to try to collect up all that smoke in a jar and try to cram it back in later. It won't do you any good.
Next week class, we will go over adjusting your computers Johnson Bar, and adequate Frambus parameters. And bring in $5 and I will oil your computers muffler bearings.
I bought a macmini and I got a mac.com account free for 30 or 60 days. Saw what it was about. Got some "you should pay $100 to keep this" spam, and let my account lapse.
It was very cool that they gave me a free shot at it so I could see what I was getting into.
well, to get technical, it ISN'T CACM (Communications of the ACM), but its a decent Queue article (as opposed to that lame-o Kode Vicious).
My preferred publication is the sigcomm Computer Communication Review. But thats not really bed-time reading.
/And yes, I'm an ACM member
Not only are the questions well picked
The interviewer is ACM Queue editorial baord member Ben Fried, who is the managing director of Morgan Stanley's worldwide IT deptartment.
These chats allow you to talk with the writer and typically an expert to further flesh out the story.
Additionally, these chats can lead to follow up articles. One example is the "housing real-estate bubble" around the DC suburbs; there were follow on articles about the aftermath of adjustable, interest-only mortgages.
These chats really give you a feeling of connection with the paper and even the community. Before going to a concert in DC I asked the Going Out Gurus wether I should drive into the District or take a Metro (the verdict: Drive, but watch out for parking).
This interactive approach to a newspaper is what keeps it current, hip, and helps the end-user feel connected. A local slashdot buddy said "If the chats went to a Pay-to-play scheme, I'd probably pay. They are worth it."
What surprises me is that the very same people who post "Glass Parking lot!!~!@#" to any Mid-East based thread (even on the ones about tall buildings in Dubai!) are able to form semi-coherent statements in other threads.
Perhaps the Web 2.0 will have an IQ requirement...
/Whaddya mean *I* can't get on?!!
thats not even real engineering!@
/B.S. in E.E.
//M.S. in Comp Sci
///yep, I'm a S.W. Eng, baby!