I have a few notebooks (well, OK, 6. Five of them are Pentium III class).
For power conservation, I would consider your needs. Can you get by with a Pentium III class machine? You might have power / money savings right away. Perhaps you want more than one machine? One for e-mail and word processing (lower power and processing requirements), and another - for your more intense needs, and that can run less often. If you do this, having compabible families of notebooks would allow you to share batteries and other accessories. Also, you have desktop devices on desktop machines. With notebooks, the drives can automatically turn off after a (specified) amount of inactivity. You may be able to load mobile software drivers for your OS for a desktop. You could then get some of the notebook power management features on a desktop.
Another big issue is not just LCD Versus conventional tube monitors. I see the size being a critical issue.
My Fujitsu B-series notebooks have a small screen (perhaps around 11" diagonal). 15" screens (like my HP - I forget the model number) will draw much more power - keep in mind that the power consumption; my guess is that in keeping with the number of pixels, that energy will climb proportionately to the square of the diagonal dimension - 17" portable should draw some big juice off of your power supply.
You can get a small form-factor notebook, with a small screen. You can also get external keyboard, mouse, and LCD for when you want that experience and won't mind the extra power draw.
Consider an external drive with a USB (or firewire) enclosure. Do all your work locally, and use (and power up) the drive when needed.
I am interested in putting together a panel on the subject of electronic voting, and bringing into it some elements of how technology affects [democratic] societies. I personally believe that these sytems should be made very stringintly, with exacting specifications, the strictest of controls, and great efforts made to ensure their reliability, integrity, and veracity.
I am planning to submit this as a panel topic for a conference in Manhattan, New York City (USA) for July 2004.
I am preparing a list of a few people that I have an interest in inviting for the panel, but would be interested in hearing from anyone who would be interested in appearing on such a panel. I am interested in hearing from (or about) anyone who has worked on such systems (in the US or abroad), has been involved in the policy of such systems (legislative or other branches of government, or as consultants), or has strong feelings about these systems, along with expert knowledge in voting systems and / or other "mission critical" systems and their development.
If you are interested, or know of someone, please get in touch. Note that I can not promise any transportation or funding.
However, unless computers will do a job better than previous methods, they shouldn't be used.
Voting systems are what I would have to call mission-critical systems. They should have all the rigor, analysis, and verifiability that can be brought-to-bear towards making systems accurate and robust. They should be very formally designed and tested, and placed under the most rigorous configuration management and control.
Why these sytems aren't being built (or required) to undergo what would have even been considered best-practices in the 1970s or 1980s eludes me. I consider the lure of the technology, coupled with a general apathy towards the genuine intracacies and consequences of failure, to be a big part of the problem.
There should be damned strong requirements on how any system used in any governmental election are designed, proven, built, etc... I would actually want to start with proven security/OS kernels in any such designs. This machine does not even have to be based on a commercially available OS platform - it has to perform a specific type of task very reliably.
My favorite pen for technical work is the Namiki (retractable) fountain pen.
For technical work or signatures, I recommend any ink other than black. I prefer blue (royal blue is great); I dislike "weak" blues, e.g. Schaeffer's lighter blue fountain pen ink. The reason I would say to avoid black is that it is obvious at a glance when you are looking at originals versus copies. Might not be a general issue, but when you've got lots of docs, it helps.
The Namiki has a very fine tip (I understand that other tips are available), but the tip is really, really fine. That's what you want for sketches and drawings and diagrams.
It's the only retracting fountain pen I know of. It has a pocket clip, and a press-button at the opposite end of the pen's tip ("nib"). Push it, and the nib retracts into the pen at the other end. Now, you can put it into your dress-shirt pocket. All the convenience of a ball-pen in a fountain.
Also, this pen will take both cartridges, and also comes with a mechanism to draw-in bottle fed inks.
Link for the Namiki "Vanishing Point" Collection: http://www.namiki.com/vanish.htm http://www.na miki.com
The Xerox 820-I ran CP/M, i.e. CP/M-80 and had a big, klunky keyboard.
My favorite keyboard was with the Xerox 820-II - it was reasonably sized (very much a "full-sized" keyboard), but had a great key layout, and great tactile feedback. The xerox 802-II had two processors, and could run CP/M-80,CP/M-86, and MS-DOS.
I tried to post in more with.s and -s. No dice. system wouldn't let me. Then, i convert it to implement the words as replacements. Didn't even use the old-school "dits" and "dahs", but new-school (for morse, anyway), "dot" and "dash". That didn't even do it... Darn ! Now I violated the postercomment compression filter. You can't make this stuff up. How hard is it to just enter a nice, simple, morse message? That's it, next time, I'm entering everything using a hamming-code.
Don't believe me, try to enter a morse-message yourself.
It's here already. I have one. HP5450 / HP5455. Just load up "Familiar Linux" on it. Do a google search on IPKG FIND to get some free software for it, too:-)
It has built-in wireless - 802.11b. You can use a 512 MB SD Ram chip on it. An expansion sleeve can provide 1 or two slots, plus additional battery. Good enough for a Toshiba 5GIG PCMCIA drive card.
If you want to save a few bucks, get a more basic Ipaq, and use one of the two expansion slots for a wireless card.
I generally see less and less interest in formal methods, formal design, disciplined approaches to software construction (by which I am referring to the use and adherence to serious models, not just fodder for coffeehouse discussions). Small, proven O/S kernels, supertight code, and emphasis on requirements analysis as the sorts of things that make for well-built and defined systems are costly, and just don't sell well in a commercial market which demands and receives revenue and, increasingly, waivers from liability for bad software products. Increasing "offshoring" of software development projects won't help keeping the gap between systems-as-intended and systems-as-developed issues from arising.
Organizations will lean on, and people will continue to accept descriptions of software quality where software testing is emphasized, before software development methodology or rigor. Many more large and complex systems will be developed. Their sizes (and complexity of interactions) will outpace the ability of the implementation of their development models to support final code products that meet the required security needs of the public, or of customers. Security problems will get worse before they get better.
And in the small... The good news? Consumer appliances. You will be able to carry on a thumbnail chip (or, probably, through a more convenient mechanism, access to your personal material of interest. Wifi-type-access back through VPNs to your data should be readily available. This isn't too far from available now...within some limits...) all the music, photos, and items of personal interest that you would collect and store. I would like to have some confidence that this won't be ruined by digital rights management implementation and supporting legislation, but time will tell. I suspect workarounds will exist to circumvent most DRM systems that will come along. Oh yea, store any of that on a server owned by someone else, and you may end up giving up copyrights and more...Privacy rights and related issues over information you store on anyone else's system will get worse before it gets better.
I used to bring in just enough milk to work for my own needs for the week. I'd bring in my milk on Monday, knowing that, no matter what my usage, there would be enough for the manner in which I drink milk for the duration of the week. I also would let one coworker (an old friend of mine) use small amounts of milk for his coffee.
I might have some left over, but I would always have enough. One of my coworkers, who felt that we should all share and be nice, was helping himself to my milk. He was consuming my milk, and producing shortages. He offered to give me money to bring in larger amounts, or cover his share, but I wanted MY milk, and under my control. I spoke to him about the usurption of authority over the milk in my domain, but to little or no effect. His using my milk for tea, coffee, cereal, etc... was going to have to stop.
I came up with two solutions: (1) chain my milk within my lunchbox. That's the defensive approach.
I went with (2) I put on the side of my milk container an access control list / authorized user list. The names of myself and my friend appeared under the title, "Authorized access list."
This worked.
Every employee accessing the fridge saw the message, and it was received as being pretty funny. It generated much chatter about the milk bandit, and his identity became increasingly widespread, where he had saught anonymity. But, it put the "bad guy" on notice, and noone, except those appearing on the list dared to be seen handling the milk containers.
These days, adding photo IDs would be a nice touch.
In general, I don't like the idea of making a concession that malware will have to be operating in a given computing environment (as stated above), and to think otherwise would simply be incorrect. OK, Windows environments may be an obvious exception;-)
I would prefer to consider that (at least from my own philosophical viewpoint), that you can construct systems with defined patterns of behavior, even when "malware" is introduced.
From one of the links referenced above:
Successive levels in the hierarchy are linked by refinement mappings that can be shown to preserve properties of interest. This project will apply this technology to intrusion tolerance properties.
This harkens back to enforcement mechanisms (Biba Integrity Model, No Read Up, No Write down policies, Models for descriptions of multi-level secure behavior, etc...). (Aside: Amoroso's book is an excellent reference)
What this alone tells me (I didn't read all the blurbs, articles, and briefings), is that we are discussing mappings (mathematical functions), and properties (which can be mathematically tested for by use of a logic or algebraic system).
At a glance, I am thinking of some of the issues in formal methods, proven-secure-O/S kernels, and other high-reliability software engineering methods for [secure] systems.
I like the idea that mathematical theorem provers can be applied to any system so defined.
Some basic issues do arise for practical application:
- Theorem - proving aspects mean very precise use of functional requirements and mathematical specification for system behaviors. (Also, special talent and additional manpower is necessary. Also, mis-applications of the tools used, or introduced human error in the test process can subvert the efforts)
- This should be applied (I believe) to systems-of-systems and their behaviors. The systems that your system interacts with would have to had similiarly rigorous analysis and design.
- There is (I believe) a trend in military computing towards commercial, and less custom, software development. Long-term, where will the actual development of such systems be funded (beyond the initial R&D stage).
- The use of analysis of pre and post conditions in the executing environment (to ensure that violations of the underlying security policy are not permitted) is not a new concept. While I am not saying that this is an intrinsically ecessary mechanism for these methods, most current system lack such an approach, and there may be fundamental computer security issues present by the nature of the software development environment. If these methods are used, it is still highly desirable to design systems with security in mind regarding their handling of all data, traffic, and O/S vulnerability issues.
I only took a brief look at the material, but these are some thoughts. I also think that the effort itself is very worthwhile, and potentially of value. Also, looking at Dr. Lulu's credentials, there is no naivite in his software background; the basic tenents can't just be shrugged off.
Several years ago, IEEE Spectrum magazine had an excellent, several-page article on the subject of passenger electronics and interference to aircraft systems. I think that this was the best article on the subject that I have seen, and I don't recall of any aspects of the article that have been rendered moot by any new products or technological advances...
Major points of the article included were that there are many sensors in the aircraft, not just the cabin - for example, in the wings. Even if sensors or systems have RF-interference protection, this may be undermined through routine maintenance, and opening and closing and wear of their protective covers, and the replacement of its components.
I don't recall the discussion of RF Harmonics, but I believe that this is a very major potential issue. Just because a device is ostensibly a "receiver" doesn't mean that it can't interfere with other devices. In reality, there can be interference not just on its primary frequency, but on divisions of that frequency (harmonics), or on harmonics related to the operation of its processor or other chips. That is why RF interference can be a much more involved issue.
You have to protect sensors and circuits not from just the primary frequencies, but from harmonics, as well, throughout the life-cycle of the aircraft.
Sam Nitzberg http://www.iamsam.com http://www.Nitzbe rgSecurityAssociates.com
Many privacy activists are anything but Luddites. Many see cryptography, PKI systems, strong-hash algorithms, and potentially well-designed systems as vehicles not just for ensuring privacy, but restricting improper data flows, and limiting intrusion into digital records. These are not what I would consider the precepts of Luddites. Cypherpunks, for example, want to use technology to ensure free speech, and certainly can't be placed unter the "luddite" label.
It seems to me that most privacy activists do not fear (perhaps have strong reprehensions about might be a metter phrase)technology, but it's either uncontrolled, or, intrusive use by gov't.
Also, privacy covers many things. If -my- doctor feels a treatment is medically necessary, I don't think that my insurance co. should need much more information. I certainly don't think that doctor-information should be shared. Is legislation that would severely restrict the sharing of any patient-data, or asserting that medical systems have certain integrated security features , for example, threatening to national security?
I think that most people have a reasonable expectation of privacy for most records: phones, credit card bills, etc... Most of these are generally boring and routine. On the other hand, if you try to buy a large amount of material from a place such as really_nasty_biotoxins.com with a fictitious credit card being used to pay for an anonymous cell phone to make the order, I'd have a reasonable expectation that this transaction should be placed under some scrutiny.
I would like to mention something that became prevalent, and I don't know if it's becoming more or less so, but there's a heck of a lot of Title Inflation for job titles out there. If a firm doesn't have the cash or benefits, it can try to dream up impressive titles, and "engineer" is one of the favorite buzzwords to add.
Before considering the programmer vs. Software Engineer aspect of this discussion, I would like to shoehorn-in another title for comparison purposes: Computer Scientist. Who should earn or gets to use this title? From my experience, someone (typically Ph.D. or similar back ground), who knows the math behind the CS, has expertise in one or more fields, and can either provide rigorous proofs of the mathematical relationships in computer problems or representations, or analyze or provide original insights into difficult or complex CS problems). I have met some who don't rise to this level with "scientist" in the computing position titles.
Software Engineers: My understanding of this term relates to people who understand the interrelationships that occur in large "complex" software systems (500k or 1M Lines of code and up), and the tasking and scheduling issues that are related to the completion of such projects on time, and on budget. Additionally, SEs have a strong familiarity with related CS issues, including, formal methods, discrete math / set theory / methods of formal proof, and a familiarity with contemporary software development issues.
Very, very few of the firms and individuals using the SE title have truly rigorous backgrounds in the mathematics or substance behind the relationships of aspects of computing models, or complex software systems. The term is perhaps more of a misnomer in the majority of cases, and only in fewer cases might it be mistaken for a software-based equivalent of EE or PE. The MCSE case is an excellent one where no such likening should be performed.
Programmers: Program, with the equivalent background and experience and depth-of-knowlege, of a hobbyist, B.S. C.S. graduate, or M.S. graduate, as well as knowledge in multiple technical, CS-related areas. Typically Ph.D.s are not hired to program, per se, but may be involved in aspects that demonstrate new techniques or innovations.
Ken Thompson, of Unix fame, and Reflections on Trusting Trust (http://www.acm.org/classics/sep95/ ), also indicated that he listed himself as "programmer" on his tax returns. Here is an example of an individual who could describe himself as he wished : programmer, SE, or computer scientist, without being subject to challenge.
Some of my papers (web address below), address some issues of ethics in sofware development, as well as licensing in software fields. Barbers and hairdressers have licensing requirements and standards to which they are held. So do those in many fields. In Computer Science and related areas, the standard seems to be how much liability any firm in willing to accept or mitigate, based on the quality of the people they can hire, their processes that are in place, and the salaries that they offer. This has substituted (for better or worse) for any rigorous standard.
I won't get into it here, and many of you know that the more pressures you put on local employers when it comes to programmers / coders / SEs, the more they may try to hire outside the US, or get around such enforcement mechanisms. This leads us right into the whole issues of licensing of software professionals and that can - of - worms.
I think that a few trends have led to the situation of title inflation and loose utilization of the term "engineer." One is that software development sloppiness, code size, market forces, and relatively loose software liability laws have created an environment where companies are relatively comfortable producing larger and more complex bodies of software with lower reliability than should often be produced. To do this, larger sets of people are required than to produce smaller, well-designed, more limit
Function Drink (Bottles):
Print_or_verbalize (Bottles);//generic output - print or speak number of bottles remaining
if (Bottles !=Done)
Drink (Bottles-1)// Recurse with one less bottle exit
At the last hacker conference in New York (http://www.h2k2.net), I did a presentation on "Logic-Regulated Firearms Systems."
I focused on where I saw firearms development heading if additional regulatory pressures (either civilian or within the military) influenced firearms design, and where the designs would lead, as well as some of the implications, if logic-control systems were integrated into firearms.
The presentation is available from:
http://www.iamsam.com (It is the third item down under presentations)
Some comments on this thread question the usefulness of the camera feature. A camera could be used with circuitry distinct / detached from the firing systems. Such a camera could providede logging, without affecting operational behavior of the arm. There are actually some clever tricks that would allow imagery before a shot to be recorded, as well, as audio. This could be of excellent evidentiary value. Again, I would want the gun to have well-thought-out access mechanisms to restrict tampering. The army is working on rifles with integrated video, radio, and other capabilities. This could be of benefit to soldiers in relaying situational information.
I will mention that any such arms should have secure timestamps and formal-methods applied to their computing integrity. When was the picture taken, and can you prove it?
I also see computers with transmitters and receivers coming into play. When someone who responds to emergent situations (ex/ a cop, marine, etc...) fires, a network message could be broadcast for support, also relaying position, visual, or other critical information. This could be from the gun itself, or an accessory worn by the individual. Such messages would have to be performed securely, and with integrity. Otherwise, message injection attacks (into the network) could cause numerous false-alerts to be responded to, or real alerts could be tampered with.
There could be significant value also in reconstructing shooting events involving multiple officers at different locations, with cameras recording information relevant to the firings.
Some of this may flow-down from the military. If greater accountability is desired, many of these features may come into play, and eventually flow-down into the commercial markets.
I am not personally in favor of fingerprint sensors on firearms, nor transponder-rings. There are a number of situations under which I see them as being problematic. However, if you want to ensure that one person on a patrol does not have his arm fired by an assailant grabbing it, such methods can be of value.
True, you could set the drum with which columns to always punch, but just look at the price that we have paid for that little trade-off of convenience.
A comment earlier implied that opening up the s/w architecture for this box (by unlocking the signature mechanism) would ultimately end the console model for gaming systems.
I remember (vaguely) many years ago, a game console (Colecovision?) that also had an expansion unit (keyboard, cassette tape perhaps, printer capability), so you were (if I remember right - someone feel free to add detail) buying a game system that expanded to be a basic computing system. Yes, we are talking in the pre-Windows days...
MS Seems to be doing almost the opposite. They are selling a PC as a game, but restricting its operation as a freely working PC.
A number of people questioned why anyone would actually want to use one of these boxes, especially in comparison to the Walmart PCs. I actually like the form-factor (especially to use in home entertainment centers, along with TVs and stereo gear), and am seriously considering purchasing one or more X-boxes specifically for running Linux. I think its a neat little box, and if I don't really want the walmart box, this is a nice alternative.
Also, there are people who will already have an Xbox (especially kids), who may not have the money to spend on a PC immediately, who might like to load up Linux. I read about the X-box linux project on a number of sites, and the most recent 2600 magazine edition had an article on it. One article that I saw also indicated that with some care, you can Install Linux, and still play X-box games. What's more, if you are constrained for space, you have a small-platform PC, and can still use your TV. No need for a more costly (small-footprint) PC, plus a monitor ($$), plus the space lost for the new monitor.
Now, if you get a new xbox for $200, and the mod-chip for maybe $50, you are paying a 25% toll to defeat that signature scheme. Plus the extra few steps required (cutting and soldering cable wires for the mouse and keyboard), for example, are pretty basic, but just enough to deter many who might otherwise use this project.
I am curious about how far memory or disk storage can be expanced.
I think that X-box linux is a very nice hack, and I would like to see it seen not just as a novelty, but as a means towards PC appliances, and towards low-cost computing).
Slashdot Mirror
All you need is ...
Infinitely long piece of paper (infinitely thin would be nice, to control weight-related issues)
Read/Write head / mechanism (erasable pen)
Good imagination and sense for interpreting TM states.
Sam
I have a few notebooks (well, OK, 6. Five of them are Pentium III class).
For power conservation, I would consider your needs. Can you get by with a Pentium III class machine? You might have power / money savings right away. Perhaps you want more than one machine? One for e-mail and word processing (lower power and processing requirements), and another - for your more intense needs, and that can run less often. If you do this, having compabible families of notebooks would allow you to share batteries and other accessories. Also, you have desktop devices on desktop machines. With notebooks, the drives can automatically turn off after a (specified) amount of inactivity. You may be able to load mobile software drivers for your OS for a desktop. You could then get some of the notebook power management features on a desktop.
Another big issue is not just LCD Versus conventional tube monitors. I see the size being a critical issue.
My Fujitsu B-series notebooks have a small screen (perhaps around 11" diagonal). 15" screens (like my HP - I forget the model number) will draw much more power - keep in mind that the power consumption; my guess is that in keeping with the number of pixels, that energy will climb proportionately to the square of the diagonal dimension - 17" portable should draw some big juice off of your power supply.
You can get a small form-factor notebook, with a small screen. You can also get external keyboard, mouse, and LCD for when you want that experience and won't mind the extra power draw.
Consider an external drive with a USB (or firewire) enclosure. Do all your work locally, and use (and power up) the drive when needed.
Let slashdot know how your experience plays out.
Sam
I am interested in putting together a panel on the subject of electronic voting, and bringing into it some elements of how technology affects [democratic] societies. I personally believe that these sytems should be made very stringintly, with exacting specifications, the strictest of controls, and great efforts made to ensure their reliability, integrity, and veracity.
I am planning to submit this as a panel topic for a conference in Manhattan, New York City (USA) for July 2004.
I am preparing a list of a few people that I have an interest in inviting for the panel, but would be interested in hearing from anyone who would be interested in appearing on such a panel. I am interested in hearing from (or about) anyone who has worked on such systems (in the US or abroad), has been involved in the policy of such systems (legislative or other branches of government, or as consultants), or has strong feelings about these systems, along with expert knowledge in voting systems and / or other "mission critical" systems and their development.
If you are interested, or know of someone, please get in touch. Note that I can not promise any transportation or funding.
Thank you,
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
I like computers and technology - I really do.
However, unless computers will do a job better than previous methods, they shouldn't be used.
Voting systems are what I would have to call mission-critical systems. They should have all the rigor, analysis, and verifiability that can be brought-to-bear towards making systems accurate and robust. They should be very formally designed and tested, and placed under the most rigorous configuration management and control.
Why these sytems aren't being built (or required) to undergo what would have even been considered best-practices in the 1970s or 1980s eludes me. I consider the lure of the technology, coupled with a general apathy towards the genuine intracacies and consequences of failure, to be a big part of the problem.
There should be damned strong requirements on how any system used in any governmental election are designed, proven, built, etc... I would actually want to start with proven security/OS kernels in any such designs. This machine does not even have to be based on a commercially available OS platform - it has to perform a specific type of task very reliably.
Sam Nitzberg
http://www.iamsam.com
My favorite pen for technical work is the Namiki (retractable) fountain pen.
:a miki.com
For technical work or signatures, I recommend any ink other than black. I prefer blue (royal blue is great); I dislike "weak" blues, e.g. Schaeffer's lighter blue fountain pen ink. The reason I would say to avoid black is that it is obvious at a glance when you are looking at originals versus copies. Might not be a general issue, but when you've got lots of docs, it helps.
The Namiki has a very fine tip (I understand that other tips are available), but the tip is really, really fine. That's what you want for sketches and drawings and diagrams.
It's the only retracting fountain pen I know of. It has a pocket clip, and a press-button at the opposite end of the pen's tip ("nib"). Push it, and the nib retracts into the pen at the other end. Now, you can put it into your dress-shirt pocket. All the convenience of a ball-pen in a fountain.
Also, this pen will take both cartridges, and also comes with a mechanism to draw-in bottle fed inks.
Link for the Namiki "Vanishing Point" Collection
http://www.namiki.com/vanish.htm
http://www.n
Sam
http://www.iamsam.com
I like the irony of having a computer-controlled or initiated detonation do the destruction of the target system.
Ping of death, indeed !
Sam
Was with the Xerox 820-II "Information Processor"
The Xerox 820-I ran CP/M, i.e. CP/M-80 and had a big, klunky keyboard.
My favorite keyboard was with the Xerox 820-II - it was reasonably sized (very much a "full-sized" keyboard), but had a great key layout, and great tactile feedback. The xerox 802-II had two processors, and could run CP/M-80,CP/M-86, and MS-DOS.
Sam Nitzberg
Give everybody a MS Passport account and let them log in.
qed
Hmmmmmmmmm.
I tried to post in more with
No dice. system wouldn't let me.
Then, i convert it to implement the words as replacements. Didn't even use the old-school "dits" and "dahs", but new-school (for morse, anyway), "dot" and "dash". That didn't even do it... Darn ! Now I violated the postercomment compression filter. You can't make this stuff up. How hard is it to just enter a nice, simple, morse message?
That's it, next time, I'm entering everything using a hamming-code.
Don't believe me, try to enter a morse-message yourself.
Sam
It's here already. I have one. :-)
HP5450 / HP5455.
Just load up "Familiar Linux" on it. Do a google search on IPKG FIND to get some free software for it, too
It has built-in wireless - 802.11b.
You can use a 512 MB SD Ram chip on it.
An expansion sleeve can provide 1 or two slots, plus additional battery. Good enough for a Toshiba 5GIG PCMCIA drive card.
If you want to save a few bucks, get a more basic Ipaq, and use one of the two expansion slots for a wireless card.
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
First, the bad news... computing in the large...
I generally see less and less interest in formal methods, formal design, disciplined approaches to software construction (by which I am referring to the use and adherence to serious models, not just fodder for coffeehouse discussions). Small, proven O/S kernels, supertight code, and emphasis on requirements analysis as the sorts of things that make for well-built and defined systems are costly, and just don't sell well in a commercial market which demands and receives revenue and, increasingly, waivers from liability for bad software products. Increasing "offshoring" of software development projects won't help keeping the gap between systems-as-intended and systems-as-developed issues from arising.
Organizations will lean on, and people will continue to accept descriptions of software quality where software testing is emphasized, before software development methodology or rigor.
Many more large and complex systems will be developed. Their sizes (and complexity of interactions) will outpace the ability of the implementation of their development models to support final code products that meet the required security needs of the public, or of customers. Security problems will get worse before they get better.
And in the small...
The good news? Consumer appliances.
You will be able to carry on a thumbnail chip (or, probably, through a more convenient mechanism, access to your personal material of interest. Wifi-type-access back through VPNs to your data should be readily available. This isn't too far from available now...within some limits...) all the music, photos, and items of personal interest that you would collect and store. I would like to have some confidence that this won't be ruined by digital rights management implementation and supporting legislation, but time will tell. I suspect workarounds will exist to circumvent most DRM systems that will come along. Oh yea, store any of that on a server owned by someone else, and you may end up giving up copyrights and more...Privacy rights and related issues over information you store on anyone else's system will get worse before it gets better.
Anyway, some thoughts...
Sam Nitzberg
http://www.iamsam.com
Nope, a $350 "Professional Expenses Tax Deduction" !
Then again, if they say not to consult Slashdot for legal advice, this probably isn't the best forum for creative suggestions on federal tax forms.
I used to bring in just enough milk to work for my own needs for the week. I'd bring in my milk on Monday, knowing that, no matter what my usage, there would be enough for the manner in which I drink milk for the duration of the week. I also would let one coworker (an old friend of mine) use small amounts of milk for his coffee.
:
I might have some left over, but I would always have enough. One of my coworkers, who felt that we should all share and be nice, was helping himself to my milk. He was consuming my milk, and producing shortages. He offered to give me money to bring in larger amounts, or cover his share, but I wanted MY milk, and under my control. I spoke to him about the usurption of authority over the milk in my domain, but to little or no effect. His using my milk for tea, coffee, cereal, etc... was going to have to stop.
I came up with two solutions
(1) chain my milk within my lunchbox. That's the defensive approach.
I went with (2)
I put on the side of my milk container an access control list / authorized user list. The names of myself and my friend appeared under the title, "Authorized access list."
This worked.
Every employee accessing the fridge saw the message, and it was received as being pretty funny. It generated much chatter about the milk bandit, and his identity became increasingly widespread, where he had saught anonymity. But, it put the "bad guy" on notice, and noone, except those appearing on the list dared to be seen handling the milk containers.
These days, adding photo IDs would be a nice touch.
Anyway, I didn't have a problem again...
Sam Nitzberg
http://www.iamsam.com
In general, I don't like the idea of making a concession that malware will have to be operating in a given computing environment (as stated above), and to think otherwise would simply be incorrect. OK, Windows environments may be an obvious exception ;-)
:
:
I would prefer to consider that (at least from my own philosophical viewpoint), that you can construct systems with defined patterns of behavior, even when "malware" is introduced.
From one of the links referenced above
Successive levels in the hierarchy are linked by refinement mappings that can be shown to preserve properties of interest. This project will apply this technology to intrusion tolerance properties.
This harkens back to enforcement mechanisms (Biba Integrity Model, No Read Up, No Write down policies, Models for descriptions of multi-level secure behavior, etc...). (Aside: Amoroso's book is an excellent reference)
What this alone tells me (I didn't read all the blurbs, articles, and briefings), is that we are discussing mappings (mathematical functions), and properties (which can be mathematically tested for by use of a logic or algebraic system).
At a glance, I am thinking of some of the issues in formal methods, proven-secure-O/S kernels, and other high-reliability software engineering methods for [secure] systems.
I like the idea that mathematical theorem provers can be applied to any system so defined.
Some basic issues do arise for practical application
- Theorem - proving aspects mean very precise use of functional requirements and mathematical specification for system behaviors. (Also, special talent and additional manpower is necessary. Also, mis-applications of the tools used, or introduced human error in the test process can subvert the efforts)
- This should be applied (I believe) to systems-of-systems and their behaviors. The systems that your system interacts with would have to had similiarly rigorous analysis and design.
- There is (I believe) a trend in military computing towards commercial, and less custom, software development. Long-term, where will the actual development of such systems be funded (beyond the initial R&D stage).
- The use of analysis of pre and post conditions in the executing environment (to ensure that violations of the underlying security policy are not permitted) is not a new concept. While I am not saying that this is an intrinsically ecessary mechanism for these methods, most current system lack such an approach, and there may be fundamental computer security issues present by the nature of the software development environment. If these methods are used, it is still highly desirable to design systems with security in mind regarding their handling of all data, traffic, and O/S vulnerability issues.
I only took a brief look at the material, but these are some thoughts. I also think that the effort itself is very worthwhile, and potentially of value. Also, looking at Dr. Lulu's credentials, there is no naivite in his software background; the basic tenents can't just be shrugged off.
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
The President of India supports the precursor organization to the CIA ? :-)
http://www.iamsam.com
Several years ago, IEEE Spectrum magazine had an excellent, several-page article on the subject of passenger electronics and interference to aircraft systems. I think that this was the best article on the subject that I have seen, and I don't recall of any aspects of the article that have been rendered moot by any new products or technological advances...
e rgSecurityAssociates.com
Major points of the article included were that there are many sensors in the aircraft, not just the cabin - for example, in the wings. Even if sensors or systems have RF-interference protection, this may be undermined through routine maintenance, and opening and closing and wear of their protective covers, and the replacement of its components.
I don't recall the discussion of RF Harmonics, but I believe that this is a very major potential issue. Just because a device is ostensibly a "receiver" doesn't mean that it can't interfere with other devices. In reality, there can be interference not just on its primary frequency, but on divisions of that frequency (harmonics), or on harmonics related to the operation of its processor or other chips. That is why RF interference can be a much more involved issue.
You have to protect sensors and circuits not from just the primary frequencies, but from harmonics, as well, throughout the life-cycle of the aircraft.
Sam Nitzberg
http://www.iamsam.com
http://www.Nitzb
Many privacy activists are anything but Luddites. Many see cryptography, PKI systems, strong-hash algorithms, and potentially well-designed systems as vehicles not just for ensuring privacy, but restricting improper data flows, and limiting intrusion into digital records. These are not what I would consider the precepts of Luddites. Cypherpunks, for example, want to use technology to ensure free speech, and certainly can't be placed unter the "luddite" label.
It seems to me that most privacy activists do not fear (perhaps have strong reprehensions about might be a metter phrase)technology, but it's either uncontrolled, or, intrusive use by gov't.
Also, privacy covers many things. If -my- doctor feels a treatment is medically necessary, I don't think that my insurance co. should need much more information. I certainly don't think that doctor-information should be shared. Is legislation that would severely restrict the sharing of any patient-data, or asserting that medical systems have certain integrated security features , for example, threatening to national security?
I think that most people have a reasonable expectation of privacy for most records: phones, credit card bills, etc... Most of these are generally boring and routine. On the other hand, if you try to buy a large amount of material from a place such as really_nasty_biotoxins.com with a fictitious credit card being used to pay for an anonymous cell phone to make the order, I'd have a reasonable expectation that this transaction should be placed under some scrutiny.
Sam Nitzberg
http://www.iamsam.com
I would like to mention something that became prevalent, and I don't know if it's becoming more or less so, but there's a heck of a lot of Title Inflation for job titles out there. If a firm doesn't have the cash or benefits, it can try to dream up impressive titles, and "engineer" is one of the favorite buzzwords to add.
Before considering the programmer vs. Software Engineer aspect of this discussion, I would like to shoehorn-in another title for comparison purposes: Computer Scientist. Who should earn or gets to use this title? From my experience, someone (typically Ph.D. or similar back
ground), who knows the math behind the CS, has expertise in one or more fields, and can either provide rigorous proofs of the mathematical relationships in computer problems or representations, or analyze or provide original insights into difficult or complex CS problems). I have met some who don't rise to this level with "scientist" in the computing position titles.
Software Engineers: My understanding of this term relates to people who understand the interrelationships that occur in large "complex" software systems (500k or 1M Lines of code and up), and the tasking and scheduling issues that are related to the completion of such projects on time, and on budget. Additionally, SEs have a strong familiarity with related CS issues, including, formal methods, discrete math / set theory / methods of formal proof, and a familiarity with contemporary software development issues.
Very, very few of the firms and individuals using the SE title have truly rigorous backgrounds in the mathematics or substance behind the relationships of aspects of computing models, or complex software systems. The term is perhaps more of a misnomer in the majority of cases, and only in fewer cases might it be mistaken for a software-based equivalent of EE or PE. The MCSE case is an excellent one where no such likening should be performed.
Programmers: Program, with the equivalent background and experience and depth-of-knowlege, of a hobbyist, B.S. C.S. graduate, or M.S. graduate, as well as knowledge in multiple technical, CS-related areas. Typically Ph.D.s are not hired to program, per se, but may be involved in aspects that demonstrate new techniques or innovations.
Ken Thompson, of Unix fame, and Reflections on Trusting Trust (http://www.acm.org/classics/sep95/
), also indicated that he listed himself as "programmer" on his tax returns. Here is an example of an individual who could describe himself as he wished : programmer, SE, or computer scientist, without being subject to challenge.
Some of my papers (web address below), address some issues of ethics in sofware development, as well as licensing in software fields. Barbers and hairdressers have licensing requirements and standards to which they are held. So do those in many fields. In Computer Science and related areas, the standard seems to be how much liability any firm in willing to accept or mitigate, based on the quality of the people they can hire, their processes that are in place, and the salaries that they offer. This has substituted (for better or worse) for any rigorous standard.
I won't get into it here, and many of you know that the more pressures you put on local employers when it comes to programmers / coders / SEs, the more they may try to hire outside the US, or get around such enforcement mechanisms. This leads us right into the whole issues of licensing of software professionals and that can - of - worms.
I think that a few trends have led to the situation of title inflation and loose utilization of the term "engineer." One is that software development sloppiness, code size, market forces, and relatively loose software liability laws have created an environment where companies are relatively comfortable producing larger and more complex bodies of software with lower reliability than should often be produced. To do this, larger sets of people are required than to produce smaller, well-designed, more limit
Some rugged / military notebooks or other systems subject to shock have dampening systems for their hard drive mountings.
e rgSecurityAssociates.com
But, you probably don't want to shell out the $$$ for most civilian uses.
Sam Nitzberg
http://www.iamsam.com
http://www.Nitzb
Done =0 ; Drink until no bottles left
//generic output - print or speak number of bottles remaining // Recurse with one less bottle
:= 1E02 - 1 // cheap excuse for scientific notation
Function Drink (Bottles):
Print_or_verbalize (Bottles);
if (Bottles !=Done)
Drink (Bottles-1)
exit
Program:
Bottles
Drink (Bottles)
Done
At the last hacker conference in New York (http://www.h2k2.net), I did a presentation on "Logic-Regulated Firearms Systems."
g _w eb_viewable/h2k2_arms_nitzberg_files/v3_document.h tm
I focused on where I saw firearms development heading if additional regulatory pressures (either civilian or within the military) influenced firearms design, and where the designs would lead, as well as some of the implications, if logic-control systems were integrated into firearms.
The presentation is available from:
http://www.iamsam.com (It is the third item down under presentations)
http://iamsam.com/papers/H2K2/h2k2_arms_nitzber
Some comments on this thread question the usefulness of the camera feature. A camera could be used with circuitry distinct / detached from the firing systems. Such a camera could providede logging, without affecting operational behavior of the arm. There are actually some clever tricks that would allow imagery before a shot to be recorded, as well, as audio. This could be of excellent evidentiary value. Again, I would want the gun to have well-thought-out access mechanisms to restrict tampering. The army is working on rifles with integrated video, radio, and other capabilities. This could be of benefit to soldiers in relaying situational information.
I will mention that any such arms should have secure timestamps and formal-methods applied to their computing integrity. When was the picture taken, and can you prove it?
I also see computers with transmitters and receivers coming into play. When someone who responds to emergent situations (ex/ a cop, marine, etc...) fires, a network message could be broadcast for support, also relaying position, visual, or other critical information. This could be from the gun itself, or an accessory worn by the individual. Such messages would have to be performed securely, and with integrity. Otherwise, message injection attacks (into the network) could cause numerous false-alerts to be responded to, or real alerts could be tampered with.
There could be significant value also in reconstructing shooting events involving multiple officers at different locations, with cameras recording information relevant to the firings.
Some of this may flow-down from the military. If greater accountability is desired, many of these features may come into play, and eventually flow-down into the commercial markets.
I am not personally in favor of fingerprint sensors on firearms, nor transponder-rings. There are a number of situations under which I see them as being problematic. However, if you want to ensure that one person on a patrol does not have his arm fired by an assailant grabbing it, such methods can be of value.
Sam Nitzberg
sam@iamsam.com
I'm reading this on my Babbage analysis engine right now !
Pakcake Flips You !
the latter generations of key punch machines.
True, you could set the drum with which columns to always punch, but just look at the price that we have paid for that little trade-off of convenience.
It's time we got back to basics.
Sam Nitzberg
A comment earlier implied that opening up the s/w architecture for this box (by unlocking the signature mechanism) would ultimately end the console model for gaming systems.
I remember (vaguely) many years ago, a game console (Colecovision?) that also had an expansion unit (keyboard, cassette tape perhaps, printer capability), so you were (if I remember right - someone feel free to add detail) buying a game system that expanded to be a basic computing system. Yes, we are talking in the pre-Windows days...
MS Seems to be doing almost the opposite. They are selling a PC as a game, but restricting its operation as a freely working PC.
A number of people questioned why anyone would actually want to use one of these boxes, especially in comparison to the Walmart PCs. I actually like the form-factor (especially to use in home entertainment centers, along with TVs and stereo gear), and am seriously considering purchasing one or more X-boxes specifically for running Linux. I think its a neat little box, and if I don't really want the walmart box, this is a nice alternative.
Also, there are people who will already have an Xbox (especially kids), who may not have the money to spend on a PC immediately, who might like to load up Linux. I read about the X-box linux project on a number of sites, and the most recent 2600 magazine edition had an article on it. One article that I saw also indicated that with some care, you can Install Linux, and still play X-box games. What's more, if you are constrained for space, you have a small-platform PC, and can still use your TV. No need for a more costly (small-footprint) PC, plus a monitor ($$), plus the space lost for the new monitor.
Now, if you get a new xbox for $200, and the mod-chip for maybe $50, you are paying a 25% toll to defeat that signature scheme. Plus the extra few steps required (cutting and soldering cable wires for the mouse and keyboard), for example, are pretty basic, but just enough to deter many who might otherwise use this project.
I am curious about how far memory or disk storage can be expanced.
I think that X-box linux is a very nice hack, and I would like to see it seen not just as a novelty, but as a means towards PC appliances, and towards low-cost computing).
Sam Nitzberg
http://www.iamsam.com