The point is to find a pleasantly workable spot on that spectrum, and to realize that it's not just a straight line from usable, but insecure to secure, but unusable.
Since we've all seen poor usability with poor security, it must be possible to achieve pretty decent security with pretty decent usability.
Clearly security and usability are not orthogonal axes, but neither are they fully aligned. (or counter-aligned, I guess it would be.) There's a space, and it's worth exploring.
I'd like to have some sort of email capability in the jail - enough so I can mail a link to someone the E.Z. way.
Plus I'd like to click a link someone sent me, and have it come up in the browser in the jail. But I guess if the email is outside the jail it can be made to talk to the browser on the inside. OTOH, email programs can generally render html to, so maybe it should be inside the jail, and there should be some other mechanism for keeping email safe.
Many of the domestic Hondas are made in Marietta, Ohio by American workers. Similarly for many of the other imports. American workers are capable of making good cars on American soil.
Gee, I wonder where else we can look for the reasons...
(Personal preference, I'd rather not look to the engineers. Nearly every engineer I know *wants* to do a superior job, but is handed (sometimes absurd) constraints.)
The flip-side of "diversifying into new markets" is "the death of a thousand paper-cuts". Diversification can lead to newer and better sources of revenue and profit. Or it can give you new and exciting ways to lose money.
The job of good executive management is to know the difference, better yet, to make the difference go your company's way.
I'll disagree with the statement, but I will agree that layers are an important aspect of security.
As such, I'd really like to see a sandbox for firefox. I'll go a step further, and how about a "network sandbox environment" for Linux. In essence, I'd like a jail and into that jail put firefox, thunderbird, plugins, and various helpers. I want security without having to compromise usability, and I don't think it's an impossible goal. Sure, a compromise in the jail could lose everything in the jail, but nothing more. As an aside, the jail should be something like unionfs, with a RW ramdisk and RO hard drive. Some mechanism, possibly automatic, possibly manual, would be needed to copy downloaded files to the hard drive and/or get them out of the jail.
None of this sounds like rocket science, and jails are reasonably secure as long as you restrict what's inside them. (no setuid, etc)
About 2 decades ago a chip program I was working on was "sold" to a mainframe design, and I had the opportunity to sit in on some of the technical sessions. It was an eye-opening experience. Right up front, in their gate-count estimates, they plan on spending a certain amount on hardening reliability/accessibility/serviceability, and that amount was quite significant. Such considerations flow all through the design, at all levels.
Back around that time, maybe even up until 5-10 years ago, I kept an eye on mainframe virtualization, and the systematic enhancements of each new generation.
IMHO they've forgotten more about reliability and virtualization than the PC industry has ever learned. In many ways, that snapshot I saw 20 years ago is still ahead of today's PC.
OK, so you've just taken the flexing I've described, and made it much, much worse. Still, my point was that there's a fairly large body of knowledge about flexing small on-chip structures, in DLP TVs.
Sounds similar to a DLP TV, to me. On those things, the mirrors are flexing up to 60 times each second, the whole time the TV is on. I remember reading something about the wear issue, and they found that if they constrain the flexing (less than 17 degrees, IIRC) that wear was not an issue. Apparently wear rises rapidly with the degree of the flex.
You just might be right, it might be entirely possible to be a "professional marginal losing political candidate."
But if the rules are done right, while it would be possible, I'll bet it wouldn't be very lucrative. I also suspect it would be *cheaper* than what we have today, where there are fewer are involved, but their "take-home" is a heckuva lot higher.
But this becomes a good lead-in to point out the findings of the 9/11 Commission.
The "fault" was assigned as a "failure of imagination." Yet in the very center of the whole investigation was the NSA, the folks that are *supposed* to be, as you say, completely paranoid. These are the people who are supposed to see an array of dots and connect them all into a pattern - that's their job. They're supposed to think about the possibilities of a hijacked airplane loaded with fuel, and what you do to mitigate the risk. They're supposed to see briefings titled, "Bin Laden determined to attack inside US" and start thinking.
We had the wrong mindset in the job.
But that's OK, they've been promoted out of that position.
One example used was getting the car from the repair shop, with just a last name.
Where I get my car serviced, I know both guys who might be behind the desk, and they both know me, my wife, and son. They won't hand over the car keys on just a last name. Which brings it all back to a frequent point of Bruce's writings - all of the security razzle-dazzle in the world doesn't make a bit of difference compared to a knowledgeable person in the right spot.
We need an equivalent of the locked door test for this. IIRC, criminal responsibility for intrusion changes based on whether or not the door is closed, and whether or not it is locked.
In other words, if the door is open, it's reasonable to expect that perhaps the general public was invited in. If the door is closed, but not locked, it's still possible that the general public is invited in, they're just trying to keep the heat in or the flies out. If the door is closed and locked, clearly the general public is not invited in.
As for the "default router settings are open" argument, that's kind of like saying "newly installed doors are unlocked." As for the "flashing 12:00:00" argument, if you aren't competent to lock your front door, there's a problem. Manufacturers of wireless equipment need to do a better job of explaining this. They need a BIG RED PAGE when you open the box, explaining how to do the basic security, and how if you don't, you could have legal problems because you're responsible for ALL access through that wireless connection. As far as I can see, the directions are very little past, "insert the Windows driver disk."
By the way, so the instructions tell you as a minimum key to use your name, address, and phone number, and the street address for the SSID. Ain't much of a lock, is it? But it's is still most definitely a lock, and it takes deliberate action to open. No default-configured computer from anywhere will automatically crack even a trivial key and automatically make a connection.
> You're almost certainly paying a fixed rate for that internet and the > amount you pay will be the same regardless of whether I plug into it > or not.
But nearly all broadband ISPs have TOS provisions that say that you will not share the connection. Technically speaking, pretty much anyone with an open access point on a residential broadband account could have that account revoked - because it's available for sharing.
> The Internet has grown to become a vital infrastructure. > with respect to most utilities (roads, water, electricity, phone)
Aah, you used that word, "utility," that means many things to many people, but in this case there are specific legal and governmental meanings to it. So we have to clarify here...
Repeat after me... The Internet is NOT a utility.
Utilities are tightly regulated by some government agency, typically a Public Service Board. Oddly enough, the phone and cable that likely deliver your Internet access ARE regulated by the PSB, but Internet access itself is not. (AFAIK) As an aside, when talking about stuff like this, the phrase "common carrier" comes up, and though we think the Internet should be provided by a "common carrier" who is not responsible for the data that is being carried, just like phone conversations, it just ain't so. Legally, ISPs are "content providers" and their protection from responsibility of the data they carry is under various "safe harbor" provisions, not "common carrier."
Regardless of whether government or the private sector does a better job of keeping things running doesn't matter. At the moment all of the legal definitions keep the Internet squarely in the private sector, and AFAIK the only official gov't oversight is through bodies like ICANN, *not* through PSB-like entities.
About 20 years ago I watched them building a silane bunker where I worked. What a blast, figuratively speaking. Several layers deep of woven re-bars, zig-zag re-bar stitching between the layers. Concrete walls poured around them 1.5+ feet thick. Weak roof - any blast was supposed to be directed upward. A fun construction project to watch, whenever one had to walk past.
Incidentally, just how much magnetic field can this superconductor take. Temperature is only one Achilles heel of superconductors, the other is magnetic field.
There are things I'm jaded and cynical about, but OSS and Bruce Perens aren't among them. IMHO OSS is actually one of the more important things happening in the world right now. Far too many people measure their self-worth by how much money they can accumulate - to the point where their insane accumulations and ability to accumulate impairs others' ability to simply live. With OSS people (at least some, Linus Torvalds being a prime example) make *enough* money and measure their egos and self-worth in other ways. We could use more of that in the world.
Slashdot Mirror
Doctors have a term for something in the body that just keeps growing and growing, with no relation to function and needs.
Cancer.
The point is to find a pleasantly workable spot on that spectrum, and to realize that it's not just a straight line from usable, but insecure to secure, but unusable.
Since we've all seen poor usability with poor security, it must be possible to achieve pretty decent security with pretty decent usability.
Clearly security and usability are not orthogonal axes, but neither are they fully aligned. (or counter-aligned, I guess it would be.) There's a space, and it's worth exploring.
I'd like to have some sort of email capability in the jail - enough so I can mail a link to someone the E.Z. way.
Plus I'd like to click a link someone sent me, and have it come up in the browser in the jail. But I guess if the email is outside the jail it can be made to talk to the browser on the inside. OTOH, email programs can generally render html to, so maybe it should be inside the jail, and there should be some other mechanism for keeping email safe.
1. Take care of your customers.
2. Take care of your workers.
3. The profits will take care of themselves.
T.J.Watson, Jr.
Unless of course your company makes ICBMs. Then you *like* to see them go down with increasing velocity, after boost and glide, of course.
Now peel the next layer...
Many of the domestic Hondas are made in Marietta, Ohio by American workers. Similarly for many of the other imports. American workers are capable of making good cars on American soil.
Gee, I wonder where else we can look for the reasons...
(Personal preference, I'd rather not look to the engineers. Nearly every engineer I know *wants* to do a superior job, but is handed (sometimes absurd) constraints.)
The flip-side of "diversifying into new markets" is "the death of a thousand paper-cuts". Diversification can lead to newer and better sources of revenue and profit. Or it can give you new and exciting ways to lose money.
The job of good executive management is to know the difference, better yet, to make the difference go your company's way.
I'll disagree with the statement, but I will agree that layers are an important aspect of security.
As such, I'd really like to see a sandbox for firefox. I'll go a step further, and how about a "network sandbox environment" for Linux. In essence, I'd like a jail and into that jail put firefox, thunderbird, plugins, and various helpers. I want security without having to compromise usability, and I don't think it's an impossible goal. Sure, a compromise in the jail could lose everything in the jail, but nothing more. As an aside, the jail should be something like unionfs, with a RW ramdisk and RO hard drive. Some mechanism, possibly automatic, possibly manual, would be needed to copy downloaded files to the hard drive and/or get them out of the jail.
None of this sounds like rocket science, and jails are reasonably secure as long as you restrict what's inside them. (no setuid, etc)
I don't know, but I'm sure that somewhere in the contract for the mainframe and maintenance, it's spelled out exactly.
As Don Rumsfeld would say, it's a knowable unknown, not an unknowable unknown.
I know one person who runs a mainframe at home, and I'm sure there are more.
Emulated.
Hercules
http://en.wikipedia.org/wiki/Hercules_emulator
http://www.jaymoseley.com/hercules/
http://www.google.com/Top/Computers/Emulators/IBM_Mainframe/Hercules/
http://www.osnews.com/story/3015
About 2 decades ago a chip program I was working on was "sold" to a mainframe design, and I had the opportunity to sit in on some of the technical sessions. It was an eye-opening experience. Right up front, in their gate-count estimates, they plan on spending a certain amount on hardening reliability/accessibility/serviceability, and that amount was quite significant. Such considerations flow all through the design, at all levels.
Back around that time, maybe even up until 5-10 years ago, I kept an eye on mainframe virtualization, and the systematic enhancements of each new generation.
IMHO they've forgotten more about reliability and virtualization than the PC industry has ever learned. In many ways, that snapshot I saw 20 years ago is still ahead of today's PC.
Heck, I'll bet we could even come up with flying cars for mice, and it wouldn't take 40+ years!
OK, so you've just taken the flexing I've described, and made it much, much worse. Still, my point was that there's a fairly large body of knowledge about flexing small on-chip structures, in DLP TVs.
Sounds similar to a DLP TV, to me. On those things, the mirrors are flexing up to 60 times each second, the whole time the TV is on. I remember reading something about the wear issue, and they found that if they constrain the flexing (less than 17 degrees, IIRC) that wear was not an issue. Apparently wear rises rapidly with the degree of the flex.
You just might be right, it might be entirely possible to be a "professional marginal losing political candidate."
But if the rules are done right, while it would be possible, I'll bet it wouldn't be very lucrative. I also suspect it would be *cheaper* than what we have today, where there are fewer are involved, but their "take-home" is a heckuva lot higher.
But this becomes a good lead-in to point out the findings of the 9/11 Commission.
The "fault" was assigned as a "failure of imagination." Yet in the very center of the whole investigation was the NSA, the folks that are *supposed* to be, as you say, completely paranoid. These are the people who are supposed to see an array of dots and connect them all into a pattern - that's their job. They're supposed to think about the possibilities of a hijacked airplane loaded with fuel, and what you do to mitigate the risk. They're supposed to see briefings titled, "Bin Laden determined to attack inside US" and start thinking.
We had the wrong mindset in the job.
But that's OK, they've been promoted out of that position.
Even if it's as bad as you say, he's still more interesting to read/hear than Donald Trump, the *real* king of self-aggrandizing.
One example used was getting the car from the repair shop, with just a last name.
Where I get my car serviced, I know both guys who might be behind the desk, and they both know me, my wife, and son. They won't hand over the car keys on just a last name. Which brings it all back to a frequent point of Bruce's writings - all of the security razzle-dazzle in the world doesn't make a bit of difference compared to a knowledgeable person in the right spot.
You ALSO had to send the filing to the zoning office...
in a locked basement
with a sign on the door, "Beware of Alligators"
in a condemned building
on the third planet of Alpha Centauri
We need an equivalent of the locked door test for this. IIRC, criminal responsibility for intrusion changes based on whether or not the door is closed, and whether or not it is locked.
In other words, if the door is open, it's reasonable to expect that perhaps the general public was invited in.
If the door is closed, but not locked, it's still possible that the general public is invited in, they're just trying to keep the heat in or the flies out.
If the door is closed and locked, clearly the general public is not invited in.
As for the "default router settings are open" argument, that's kind of like saying "newly installed doors are unlocked." As for the "flashing 12:00:00" argument, if you aren't competent to lock your front door, there's a problem. Manufacturers of wireless equipment need to do a better job of explaining this. They need a BIG RED PAGE when you open the box, explaining how to do the basic security, and how if you don't, you could have legal problems because you're responsible for ALL access through that wireless connection. As far as I can see, the directions are very little past, "insert the Windows driver disk."
By the way, so the instructions tell you as a minimum key to use your name, address, and phone number, and the street address for the SSID. Ain't much of a lock, is it? But it's is still most definitely a lock, and it takes deliberate action to open. No default-configured computer from anywhere will automatically crack even a trivial key and automatically make a connection.
> You're almost certainly paying a fixed rate for that internet and the
> amount you pay will be the same regardless of whether I plug into it
> or not.
But nearly all broadband ISPs have TOS provisions that say that you will not share the connection. Technically speaking, pretty much anyone with an open access point on a residential broadband account could have that account revoked - because it's available for sharing.
On the other hand, if your employer is dependent on Internet service, it may well force him to cut back on his business.
THAT could put you out on the street, starving and homeless.
> The Internet has grown to become a vital infrastructure.
> with respect to most utilities (roads, water, electricity, phone)
Aah, you used that word, "utility," that means many things to many people, but in this case there are specific legal and governmental meanings to it. So we have to clarify here...
Repeat after me... The Internet is NOT a utility.
Utilities are tightly regulated by some government agency, typically a Public Service Board. Oddly enough, the phone and cable that likely deliver your Internet access ARE regulated by the PSB, but Internet access itself is not. (AFAIK) As an aside, when talking about stuff like this, the phrase "common carrier" comes up, and though we think the Internet should be provided by a "common carrier" who is not responsible for the data that is being carried, just like phone conversations, it just ain't so. Legally, ISPs are "content providers" and their protection from responsibility of the data they carry is under various "safe harbor" provisions, not "common carrier."
Regardless of whether government or the private sector does a better job of keeping things running doesn't matter. At the moment all of the legal definitions keep the Internet squarely in the private sector, and AFAIK the only official gov't oversight is through bodies like ICANN, *not* through PSB-like entities.
About 20 years ago I watched them building a silane bunker where I worked. What a blast, figuratively speaking. Several layers deep of woven re-bars, zig-zag re-bar stitching between the layers. Concrete walls poured around them 1.5+ feet thick. Weak roof - any blast was supposed to be directed upward. A fun construction project to watch, whenever one had to walk past.
Incidentally, just how much magnetic field can this superconductor take. Temperature is only one Achilles heel of superconductors, the other is magnetic field.
There are things I'm jaded and cynical about, but OSS and Bruce Perens aren't among them. IMHO OSS is actually one of the more important things happening in the world right now. Far too many people measure their self-worth by how much money they can accumulate - to the point where their insane accumulations and ability to accumulate impairs others' ability to simply live. With OSS people (at least some, Linus Torvalds being a prime example) make *enough* money and measure their egos and self-worth in other ways. We could use more of that in the world.