It should be obvious that certifying software as being secure must include certifying that that software does not contain any bugs. For anyone who thinks that this is easy, remember that Donald Knuth once said... ``Beware of bugs in the above code; I have only proved it correct, not tried it.'' It may be possible to assure oneself that small sections of code do one thing only, but for complete systems it is impossible.
Then, of course, there's the whole question of certifying that the way in which the software (or hardware, for that matter) is used is certifiably secure. Again, nobody can guarantee that lapses aren't possible.
Bruce Schneier has been saying recently that he's come to the conclusion that (paraphrasing) certification isn't the answer to computer security; if you want to feel secure (and protect your business in the case that there are lapses), then get insurance instead. Manage your risks, in other words, rather than placing blind trust in a particular technology or a paper certificate.
I believe people have already covered many questions relating to the Judge's (and cousels') understanding of the technical issues. I have one point to add...
Encryption and decryption is difficult to explain to a non-technical person in general. Not all encryption is hard to explain: rot13 being a beautiful example. Now, if you are trying to make an analogy which cannot be misinterpreted, just replace CSS with rot13 (ok, maybe it simplifies a little too much, since in this analogy deCSS would also be replaced with rot13). If the DMCA is interpreted in the way that Judge Kaplan has done, to make it an offence to circumvent protection mechanisms, then a supplier who "protects" their product with rot13 suddenly can sue (and win) against users who perform the trivial decryption.
In fact, the DMCA has a provision for remote disabling of the software. So, suppliers can go further: by using ludicrously weak encryption, and scanning the user's hard disk for decrypted versions (say, a list of URLs to block from children's eyes), the software can automatically shut itself down and the user has no recompense for the (newly) non-functional software.
Note also that if rot13 is actually used, then decrypting the message must have been done with rot13, so the victim can't claim that they used some other method. Sweet victory for the dishonest and unethical commercial software vendor.
These are not the sorts of "rights" that copyright (or any other law) ought to uphold
--argumentum reductio ad absurdum (sp? I don't speak latin)
BTW, you should definitely try to get Bruce Schneier to give an overview of the technical problems in the case. No doubt he could say something about the security of the particular encryption scheme in use, and the process which was designed to keep it secret, and why neither provided any real security.
I think that the free speech/anti-DMCA avenue is more worthwhile than debating technical details, so throw all your weight into that. But I think given its simplicity, rot13 should be explained and entered in as part of the trial's vocabulary.
>> One more thing... what use can be made of the >> carbon byproduct? > > Pencils. Lots and lots of pencils.
so we get back to needing trees after all!
Getting back to another topic that people are discussing, I recently read an article about the possibility of using algae directly to produce hydrogen and/or oxygen. Something to do with depriving it of certain nutrients.
For maximum effect, you'd need to combine the algae (the factories) with some sort of lung-like fractal surface area/transport mechanism (maximise growing area, control flow of nutrients and some of the byproducts). Damn, but it sounds like we need a tree (again!).
And on yet another topic, what about the idea of building under the martian surface? Build deep enough (how deep, I don't know) and you don't have to worry so much about the atmosphere boiling off. I remember some sci-fi novel I read as a kid that used this as a premise... the hero was led underground and was able to take off his spacesuit at the end of the trip, despite not (remembering) having gone through any airlocks.
dec
P.S. idea for a slash feature... when writing comments in html, wouldn't it be good to be able to write <G> literally and have it pass through the html scanner unchanged. Since there is no <G> tag allowed in slash-html (or regular html for that matter), a moron (or more accurately, a computer program) can always distinguish whether a HTML tag or a smiley is intended.
As an extension, users might be able to define a translation to use for the glyph for the day. Feeling happy and it translates to a:-) or maybe a graphical form. Feeling sad (G is for Grimace) and you get a:-(. The user info page could show the current setting for all to see. Sort of like a digital mood ring, I guess.
(insanely rambling off here... insert appropriately deranged smiley)
disagree, because you talk so much speculation and not much more.
You seem to know a lot about the demographics of Linux use. You should probably go out and exploit this straight away (selling Pokemon Linux maybe?)
Professional programmers make lots of mistakes too: look at Microsoft or Apple (or any other software company). Buggy code doesn't usually get people fired... they just get moved around. If you're that poor a programmer, and you don't get out voluntarily, you're making your own hell.
-T is highly commendable, but -w is better (but of course, that *is* what you meant).
And to bring it back to the topic, security rests in the processes you use, rather than in the software [Shneier]; an open peer review process may not catch everything, but it's better than the alternatives, imo. Agreed that there is a risk in *assuming* that oss is safe simply because it's open.
isn't there something in trademark law to the effect that you must prevent the mark from becoming confused with a part of language? Like the Hoover vacuum cleaner losing its claim over the mark since it became a general noun/verb-type thing without them trying to stop it. ie, "to hoover" moved into the English language as a general term for vacuum-cleaning (at least that's what it means in my part of the world).
Anyway, point is, what happens when you try to noun "Microsoft?" Is that some kind of borg-entity with Bill 'Napolean' Gates as its Alien-like queen? Or does 'the Microsoft' eq 'the matrix'?
I shudder to think what sort of verb it would make... I certainly wouldn't wish microsofting on my worst enemy.
I don't think the technique will work very well. It did get me thinking about what an attacker might try next, once (or if) this form of defence became common.
There's a long-standing problem with the way the DNS service operates, which lends itself scarily well to a DDoS-style attack. The problem is that it should be possible (especially with a congested network) to masquerade as a site's DNS server and effectively own the DNS info (and change it to point to a compromised host) from that point on.
Worse, the attack can be continued up to site responsible for top level domain information.
The best defences seem to be, in order:
* protect yourself from IP spoofing by configuring your firewall
* hold off on honouring changes to DNS info (so you can check whether they're legit "manually").
* and of course: keep installing those security patches!
I strongly agree that the source for this program should be made available. I won't be running it until I know I have the option (even if I don't exercise it) of knowing what the program is doing.
It doesn't have to be fully free/open source, but at the very least it should be distributed as source.
When you say:
> A RECOMPILED BINARY ON YOUR MACHINE IS A > VARIABLE. They don't know what tweaks you put > in it. Therefore, they can't use your results.
You're making assumptions about the client-server model works. In fact you're making assumptions about the source. If *I* was building something like this, I'd make damn sure that there was some form of checking so that *any* data that comes into the server site claiming to have something to say about my data chunk can be quickly spot-checked first, then subjected to more rigourous checking later if it turns out to be needed.
FWIW, I asked the project co-ordinators why they didn't distribute source. I received no reply.
Besides the paranoia angle (NASA=NSA) which I'm not going to discount (because I can't see the code), I would distrust the code on "mere" quality grounds. If it's true that they're not releasing the source because they believe (as this anon coward does) that people will start feeding in erroneous data, then they don't know how to program to handle data, full stop.
No stupid comment is enough to halt the mighty march to open source nirvana
Nitwit comments like what, exactly? I strongly agree that the source for this program should be made available. I won't be running it until I know I have the option (even if I don't exercise it) of knowing what the program is doing. It doesn't have to be fully free/open source, but at the very least it should be distributed as source. When you say: > A RECOMPILED BINARY ON YOUR MACHINE IS A > VARIABLE. They don't know what tweaks you put > in it. Therefore, they can't use your results. You're making assumptions about the client-server model works. In fact you're making assumptions about the source. If *I* was building something like this, I'd make damn sure that there was some form of checking so that *any* data that comes into the server site claiming to have something to say about my data chunk can be quickly spot-checked first, then subjected to more rigourous checking later if it turns out to be needed. FWIW, I asked the project co-ordinators why they didn't distribute source. I received no reply. Besides the paranoia angle (NASA=NSA) which I'm not going to discount (because I can't see the code), I would distrust the code on "mere" quality grounds. If it's true that they're not releasing the source because they believe (as this anon coward does) that people will start feeding in erroneous data, then they don't know how to program to handle data, full stop. No stupid comment is enough to halt the mighty march to open source nirvana
I'm a bit rusty at Japanese, but here's what I can make out from the articles:
There are two personal pages linked. The Japanese sections are just translations of the other sections that are in English.
On the announcement page, there's not really much information. I picked out the following details:
licence is for a single user (458000 yen) requires X and Mesa 3D drivers: no native graphics support Redhat 4.2 won't work. You need to upgrade to 5.0 or higher.
Measures of defect density are meaningless, for the most part. I should know, because I have worked as a Software Metrics dude as a full time job. Now, I must admit that I haven't read the article, but if he says that Linux has a higher defect density than other Unices, then this can be accounted for quite easily.
Consider one difference between Linux and other unices, namely the definition of a "standard" distribution. There isn't really any such thing in Linux. As a result, we pretty much have an infinite number of systems, since any two programs that interoperate within the system can be classed as a sub-system. Ergo, we have a lot more problems with interoperability. If you want to bump up the defect density for propaganda reasons, you just count as many individual incompatibilities as you want, but treat the "area" as being fixed. So you can basically prove anything in terms of your numbers.
There's another difference here between Linux and other unices. Namely, users are expected to have a bit more common sense when it comes to ironing out the kinks. If there's a problem with one bit of software, they can often leave it aside and work out how to fix it later. They can *still* have a system that works well, and still has a lot more features than the equivalent "other" unices.
Also, compare this with Microsoft's method of producing software. They don't give a damn about defect density. They realise too that it doesn't tell you anything. Instead, what they do is classify bugs according to their impact. Then they trade off testing/bug-fixing so that they only fix the major, high-impact stuff. Then they release what are effectively beta versions and let the customers find out the niggling errors that aren't too serious.
This seems to be a new form of FUD tactic from a pro-microsoft head. Since linux is the enemy, simply pit linux heads against unix heads. It doesn't matter if the issue is irrelevant. It diverts attention from the real issues.
Beware of statisticians: numbers are an easy source of divisiveness.
Slashdot Mirror
Then, of course, there's the whole question of certifying that the way in which the software (or hardware, for that matter) is used is certifiably secure. Again, nobody can guarantee that lapses aren't possible.
Bruce Schneier has been saying recently that he's come to the conclusion that (paraphrasing) certification isn't the answer to computer security; if you want to feel secure (and protect your business in the case that there are lapses), then get insurance instead. Manage your risks, in other words, rather than placing blind trust in a particular technology or a paper certificate.
Encryption and decryption is difficult to explain to a non-technical person in general. Not all encryption is hard to explain: rot13 being a beautiful example. Now, if you are trying to make an analogy which cannot be misinterpreted, just replace CSS with rot13 (ok, maybe it simplifies a little too much, since in this analogy deCSS would also be replaced with rot13). If the DMCA is interpreted in the way that Judge Kaplan has done, to make it an offence to circumvent protection mechanisms, then a supplier who "protects" their product with rot13 suddenly can sue (and win) against users who perform the trivial decryption.
In fact, the DMCA has a provision for remote disabling of the software. So, suppliers can go further: by using ludicrously weak encryption, and scanning the user's hard disk for decrypted versions (say, a list of URLs to block from children's eyes), the software can automatically shut itself down and the user has no recompense for the (newly) non-functional software.
Note also that if rot13 is actually used, then decrypting the message must have been done with rot13, so the victim can't claim that they used some other method. Sweet victory for the dishonest and unethical commercial software vendor.
These are not the sorts of "rights" that copyright (or any other law) ought to uphold
--argumentum reductio ad absurdum (sp? I don't speak latin)
BTW, you should definitely try to get Bruce Schneier to give an overview of the technical problems in the case. No doubt he could say something about the security of the particular encryption scheme in use, and the process which was designed to keep it secret, and why neither provided any real security.
I think that the free speech/anti-DMCA avenue is more worthwhile than debating technical details, so throw all your weight into that. But I think given its simplicity, rot13 should be explained and entered in as part of the trial's vocabulary.
>> carbon byproduct?
>
> Pencils. Lots and lots of pencils.
so we get back to needing trees after all!
Getting back to another topic that people are discussing, I recently read an article about the possibility of using algae directly to produce hydrogen and/or oxygen. Something to do with depriving it of certain nutrients.
Ahh, the story was slash-linked at the time.
For maximum effect, you'd need to combine the algae (the factories) with some sort of lung-like fractal surface area/transport mechanism (maximise growing area, control flow of nutrients and some of the byproducts). Damn, but it sounds like we need a tree (again!).
And on yet another topic, what about the idea of building under the martian surface? Build deep enough (how deep, I don't know) and you don't have to worry so much about the atmosphere boiling off. I remember some sci-fi novel I read as a kid that used this as a premise... the hero was led underground and was able to take off his spacesuit at the end of the trip, despite not (remembering) having gone through any airlocks.
dec
P.S. idea for a slash feature... when writing comments in html, wouldn't it be good to be able to write <G> literally and have it pass through the html scanner unchanged. Since there is no <G> tag allowed in slash-html (or regular html for that matter), a moron (or more accurately, a computer program) can always distinguish whether a HTML tag or a smiley is intended.
As an extension, users might be able to define a translation to use for the glyph for the day. Feeling happy and it translates to a :-) or maybe a graphical form. Feeling sad (G is for Grimace) and you get a :-(. The user info page could show the current setting for all to see. Sort of like a digital mood ring, I guess.
(insanely rambling off here... insert appropriately deranged smiley)
disagree, because you talk so much speculation and not much more.
You seem to know a lot about the demographics of Linux use. You should probably go out and exploit this straight away (selling Pokemon Linux maybe?)
Professional programmers make lots of mistakes too: look at Microsoft or Apple (or any other software company). Buggy code doesn't usually get people fired... they just get moved around. If you're that poor a programmer, and you don't get out voluntarily, you're making your own hell.
-T is highly commendable, but -w is better (but of course, that *is* what you meant).
And to bring it back to the topic, security rests in the processes you use, rather than in the software [Shneier]; an open peer review process may not catch everything, but it's better than the alternatives, imo. Agreed that there is a risk in *assuming* that oss is safe simply because it's open.
do you code, troll?
dec
Hehe,
isn't there something in trademark law to the effect that you must prevent the mark from becoming confused with a part of language? Like the Hoover vacuum cleaner losing its claim over the mark since it became a general noun/verb-type thing without them trying to stop it. ie, "to hoover" moved into the English language as a general term for vacuum-cleaning (at least that's what it means in my part of the world).
Anyway, point is, what happens when you try to noun "Microsoft?" Is that some kind of borg-entity with Bill 'Napolean' Gates as its Alien-like queen? Or does 'the Microsoft' eq 'the matrix'?
I shudder to think what sort of verb it would make... I certainly wouldn't wish microsofting on my worst enemy.
ianal, and totally off-topic to boot
I don't think the technique will work very well. It did get me thinking about what an attacker might try next, once (or if) this form of defence became common.
There's a long-standing problem with the way the DNS service operates, which lends itself scarily well to a DDoS-style attack. The problem is that it should be possible (especially with a congested network) to masquerade as a site's DNS server and effectively own the DNS info (and change it to point to a compromised host) from that point on.
Worse, the attack can be continued up to site responsible for top level domain information.
The best defences seem to be, in order:
* protect yourself from IP spoofing by
configuring your firewall
* hold off on honouring changes to DNS info
(so you can check whether they're legit
"manually").
* and of course: keep installing those
security patches!
dec
re: creating slashdot username...
cypherpunks is quite commonly used, and would appear to appropriate in this case.
that if I set up a site to point the finger at copyright abusers and link to their sites, that I'm assisting in the crime?
To congratulate you guys for getting a great break. I'm delighted to hear that you're retaining creative control. I've never heard of the like before.
Here's to the next few years. Keep up the good work!
dec
Nitwit comments like what, exactly?
I strongly agree that the source for this program should be made available. I won't be running it until I know I have the option (even if I don't exercise it) of knowing what the program is doing.
It doesn't have to be fully free/open source, but at the very least it should be distributed as source.
When you say:
> A RECOMPILED BINARY ON YOUR MACHINE IS A
> VARIABLE. They don't know what tweaks you put
> in it. Therefore, they can't use your results.
You're making assumptions about the client-server model works. In fact you're making assumptions about the source. If *I* was building something like this, I'd make damn sure that there was some form of checking so that *any* data that comes into the server site claiming to have something to say about my data chunk can be quickly spot-checked first, then subjected to more rigourous checking later if it turns out to be needed.
FWIW, I asked the project co-ordinators why they didn't distribute source. I received no reply.
Besides the paranoia angle (NASA=NSA) which I'm not going to discount (because I can't see the code), I would distrust the code on "mere" quality grounds. If it's true that they're not releasing the source because they believe (as this anon coward does) that people will start feeding in erroneous data, then they don't know how to program to handle data, full stop.
No stupid comment is enough to halt the mighty march to open source nirvana
Nitwit comments like what, exactly? I strongly agree that the source for this program should be made available. I won't be running it until I know I have the option (even if I don't exercise it) of knowing what the program is doing. It doesn't have to be fully free/open source, but at the very least it should be distributed as source. When you say: > A RECOMPILED BINARY ON YOUR MACHINE IS A > VARIABLE. They don't know what tweaks you put > in it. Therefore, they can't use your results. You're making assumptions about the client-server model works. In fact you're making assumptions about the source. If *I* was building something like this, I'd make damn sure that there was some form of checking so that *any* data that comes into the server site claiming to have something to say about my data chunk can be quickly spot-checked first, then subjected to more rigourous checking later if it turns out to be needed. FWIW, I asked the project co-ordinators why they didn't distribute source. I received no reply. Besides the paranoia angle (NASA=NSA) which I'm not going to discount (because I can't see the code), I would distrust the code on "mere" quality grounds. If it's true that they're not releasing the source because they believe (as this anon coward does) that people will start feeding in erroneous data, then they don't know how to program to handle data, full stop. No stupid comment is enough to halt the mighty march to open source nirvana
I was considering doing just that, since I complained the first time. The email address suggested by one person on the initial story was:
csdwebmaster@tais.toshiba.com
This gives me a very warm and fuzzy satisfied feeling. I like linux.
dec
I'm a bit rusty at Japanese, but here's what I can make out from the articles:
There are two personal pages linked. The Japanese sections are just translations of the other sections that are in English.
On the announcement page, there's not really much information. I picked out the following details:
licence is for a single user (458000 yen)
requires X and Mesa 3D drivers: no native
graphics support
Redhat 4.2 won't work. You need to upgrade
to 5.0 or higher.
Hope this helps,
dec
Measures of defect density are meaningless, for the most part. I should know, because I have worked as a Software Metrics dude as a full time job. Now, I must admit that I haven't read the article, but if he says that Linux has a higher defect density than other Unices, then this can be accounted for quite easily.
Consider one difference between Linux and other unices, namely the definition of a "standard" distribution. There isn't really any such thing in Linux. As a result, we pretty much have an infinite number of systems, since any two programs that interoperate within the system can be classed as a sub-system. Ergo, we have a lot more problems with interoperability. If you want to bump up the defect density for propaganda reasons, you just count as many individual incompatibilities as you want, but treat the "area" as being fixed. So you can basically prove anything in terms of your numbers.
There's another difference here between Linux and other unices. Namely, users are expected to have a bit more common sense when it comes to ironing out the kinks. If there's a problem with one bit of software, they can often leave it aside and work out how to fix it later. They can *still* have a system that works well, and still has a lot more features than the equivalent "other" unices.
Also, compare this with Microsoft's method of producing software. They don't give a damn about defect density. They realise too that it doesn't tell you anything. Instead, what they do is classify bugs according to their impact. Then they trade off testing/bug-fixing so that they only fix the major, high-impact stuff. Then they release what are effectively beta versions and let the customers find out the niggling errors that aren't too serious.
This seems to be a new form of FUD tactic from a pro-microsoft head. Since linux is the enemy, simply pit linux heads against unix heads. It doesn't matter if the issue is irrelevant. It diverts attention from the real issues.
Beware of statisticians: numbers are an easy source of divisiveness.