For all it's worth, I've found that once you've done your best job brainstorming an attack tree for a given problem, a good way to improve it is to review past attacks on similar (and dissimilar!) systems, asking yourself, "is this sort of attack represented in my tree?". More often than not you find an approach that you missed.
While this is true, it doesn't really help anyone. It's impossible to defend against attacks you know nothing about, so the best a designer or engineer can do is use as many heads as possible to model what is known.
You can even make educated guesses about classes of attacks that aren't known to exist but might. E.g., you could always add a "read the victim's mind telepathically" node into Bruce's PGP attack tree, and assign it your best guess of difficulty.
But the bottom line is, if it isn't known yet -- and can't be reasonably speculated about -- you're screwed. So don't sweat it.
-Peter
Re:alt.linux, MCC release, other old-timer memorie
on
Linux Turns 8
·
· Score: 1
Wow -- welcome back! What a pleasant suprise.
Your contributions are certainly remembered -- as much for providing some of the earliest wow-we-really-are-building-something-useful realizations as for their technical content.
(I'm impressed with the diversity of your skills, BTW -- backhoe operator and all. I wish I had something like that to fall back on for when the e-economy collapses and we're all holding "Will code Python for food" signs...)
-Peter
Re:alt.linux, MCC release, other old-timer memorie
on
Linux Turns 8
·
· Score: 1
Don't be so cocky, son. The first MCC release, in fact, pre-dates SLS by a year or more.
It was a two-disk boot/root combo that put all the/bin/etc/lib basics together for the first time so you didn't have to bootstrap them all yourself.
SLS, when it arrived, looked more like today's mega-distros with every package under the sun. Until recently, I always preferred to know what exactly what was on my system because I had put it there myself, so I avoided them.
-Peter
Re:alt.linux, MCC release, other old-timer memorie
on
Linux Turns 8
·
· Score: 1
Is this just a troll, or is it actually true?
Given his enthusiasm for Linux (which was similar to mine: a gift from God), I find it hard to believe...
-Peter
alt.linux, MCC release, other old-timer memories..
on
Linux Turns 8
·
· Score: 3
Anyone else remember alt.linux?
When I started using Linux in Jan 1992 it was like a gift from God. No more begging root accounts from stressed Unix admins at school; and I had a system I could use to get work done on at night when the lab was closed. On a lowly 386sx/16 w/4MB of RAM, no less!
How about the MCC release (the first distro ever)?
How about that doctor (Dr. W-something) from a cancer center who deployed Linux in production (in a hospital, no less!) as early as late '92? He would write these great, long, detailed big reports to the kernel list.
I'd love to find some of the other early users (pre-1992) and swap memories...
Slashdot Mirror
^ This is an excellent point. Moderate this man up.
-Peter
For all it's worth, I've found that once you've done your best job brainstorming an attack tree for a given problem, a good way to improve it is to review past attacks on similar (and dissimilar!) systems, asking yourself, "is this sort of attack represented in my tree?". More often than not you find an approach that you missed.
-Peter
While this is true, it doesn't really help anyone. It's impossible to defend against attacks you know nothing about, so the best a designer or engineer can do is use as many heads as possible to model what is known.
You can even make educated guesses about classes of attacks that aren't known to exist but might. E.g., you could always add a "read the victim's mind telepathically" node into Bruce's PGP attack tree, and assign it your best guess of difficulty.
But the bottom line is, if it isn't known yet -- and can't be reasonably speculated about -- you're screwed. So don't sweat it.
-Peter
Wow -- welcome back! What a pleasant suprise.
Your contributions are certainly remembered -- as much for providing some of the earliest wow-we-really-are-building-something-useful realizations as for their technical content.
(I'm impressed with the diversity of your skills, BTW -- backhoe operator and all. I wish I had something like that to fall back on for when the e-economy collapses and we're all holding "Will code Python for food" signs...)
-Peter
Don't be so cocky, son. The first MCC release, in fact, pre-dates SLS by a year or more.
/bin /etc /lib basics together for the first time so you didn't have to bootstrap them all yourself.
It was a two-disk boot/root combo that put all the
SLS, when it arrived, looked more like today's mega-distros with every package under the sun. Until recently, I always preferred to know what exactly what was on my system because I had put it there myself, so I avoided them.
-Peter
Is this just a troll, or is it actually true?
Given his enthusiasm for Linux (which was similar to mine: a gift from God), I find it hard to believe...
-Peter
Anyone else remember alt.linux?
When I started using Linux in Jan 1992 it was like a gift from God. No more begging root accounts from stressed Unix admins at school; and I had a system I could use to get work done on at night when the lab was closed. On a lowly 386sx/16 w/4MB of RAM, no less!
How about the MCC release (the first distro ever)?
How about that doctor (Dr. W-something) from a cancer center who deployed Linux in production (in a hospital, no less!) as early as late '92? He would write these great, long, detailed big reports to the kernel list.
I'd love to find some of the other early users (pre-1992) and swap memories...