Computer security misses the point

And while I’m on a bit of a rant rampage, Joanna Rutkowska is hitting the news again with her BlackHat Federal talk. Without going into details, I’m unconvinced of the efficacy of Blue Pill, I read her slides for her Chaos Computer Congress talk and was unimpressed at the actual New Stuff there (although her classifications for malware are interesting), and basically I wonder at the raving hordes of fanbois she seems to attract. All that being said, a recent Slashdot posting caught my eye and got me thinking. She said “[m]aybe we should rethink the design of our computer systems so they they are somehow verifiable.”
I’ll go her one further: maybe we should instead be rethinking the design of our infrastructure and how much trust we put into computers (and the people who operate them) instead of worrying about the computers themselves.
This is not to say that computer and network security is not important. It is. However, many of the issues surrounding computer security are not technical at heart; they’re social. I assert that it is impossible to solve a social problem with technology, and any attempt to do so is not only doomed to abject failure, such failure may result in conditions worse than those they were trying to ameliorate.
At this point it would be fair to ask what remedy I suggest. I don’t. Not now, maybe not ever: this may not be a solvable problem, it could just be that we will have to accept the fact that computers are ruling our lives, and attempt to make it as difficult as possible for people to cause that to happen to us as individuals. (Keep your money in a sock and only spend cash, I don’t know. Don’t make or comment on blog postings.)
Sure, all that computer stuff is important, but I don’t care that TJ Maxx or whoever gets compromised and my credit card info is sold to Russian Mafia types. I care that it’s there in the first place.

The future

This one gets multiple categories because I thought of this just after giving up in disgust with reading Smyth posts, but it applies generally. It is somewhat of an aphorism which probably is not entirely original to me. Somebody I read may have said this flat-out, maybe Robert Pirsig or Richard Bach or somebody of their ilk.

When you say you’ll do something in the future, or something will happen in the future, what you really mean is that it is not happening now.

Partially inspired by the following passage from All Families Are Psychotic, Douglas Coupland: “The biggest change is that I stopped believing in the future . . . as being a place, like Paris or Australia – a place you can go to.” Neither my pseudo-aphorism nor the Coupland segment should require further explanation in this context.
And while I’m quoting authors in a probably vain attempt to seem well-read, another brief passage which seems relevant, from Cryptonomicon by Neal Stephenson:

Arguing with anonymous strangers on the Internet is a sucker’s game because they almost always turn out to be – or to be indistinguishable from – self-righteous sixteen year olds possessing infinite amounts of free time.

This itself seems inspired by “Never argue with an idiot, somebody watching may not be able to tell the difference between him and you.” (And I’m sure Robert Heinlein said something more quotable along those lines, probably in The Moon is a Harsh Mistress or The Notebooks of Lazarus Long.)

Last on Smytty

At least til he’s a UFA.
Two things strike me about this.
#1 is I’m sure the circle of people that *really* know what happened is actually pretty small. And they aren’t talking; when they are it’s all careful stuff. Smyth thanked everybody and their dogs on his way out; Lowe called Smytty “not elite” and that’s about as far as he went in criticizing.
We’re getting a lot of hearsay on this though, which should mean something to a lawyer like Tyler, but apparently doesn’t, and if it doesn’t to him I can’t see how it means anything to anybody else either.
#2 is the deal is done. Over. Yes yes, “Oilogosphere”, we know that most of you think Lowe and the EIG are lying bastards. We got it, yes we did. The reason why some regular news outlets aren’t writing as much about this any more isn’t because Lowe told them not to or he’d take away their press creds, it’s because this is getting pretty goddamn boring. Lowe’s a hero, no he’s an idiot, Smyth’s the best player to ever lace up Oilers skates, no he’s useless.
I realize that there’s not really much else to write about. I watched the game last night and the best you could say is that they looked dangerous on the first power play but sucked out loud on the 5 on 3. As usual against Calgary, the mistakes Edmonton made wound up in the net; the mistakes Calgary made, Kipper mostly bailed them out. (Is Sykora always that predictable on a breakaway?) I said last night that if the Oilers gassed this one I’m officially giving up on them for the rest of the season – well, they didn’t gas it, but they played same old same old, that’s for sure.
So yeah, not much else to write about, but that doesn’t mean we should keep saying the same goddamn things over and over again. Not only is that dead horse beaten, its corpse has gotten up again and is playing shinny with Petr Nedved, Adam Oates, and Jiri Dopita.
Wake me up when it’s over, I’m not even bothering to read posts any more (never mind comments). For both “sides” in this “debate” (big old air quotes there, it’s hard to debate when the most pertinent facts are missing or are coming from parties with axes to grind): did nobody ever tell you better to keep your mouth closed and be thought a fool, than to open it and remove all doubt?

First they took away…

OK, it has to be said. This is probably not original to me, although I haven’t yet seen it elsewhere (I was camping last week and so was pretty out of touch).
What happens when The Evil Terrorists come up with a plot to destroy an airplane with stuff stashed in a prosthetic limb, using a pacemaker as a trigger? For extra laughs, they can use a wheelchair too. And let’s play a race card or two – find some cleancut fellow with black or yellow or white skin to carry it.
Why not just cut to the chase now, and force everybody to fly stark-naked after a two week cleansing in a monitored clinic? Crazy? So is dumping gallons of liquid into big barrels *surrounded by hundreds of people*. The terrorists with explosives in their bottles don’t have to make it past security – they just have to make it *to* security.
And my first source of news on this whole sports drink bottle foofarah was Kitchener’s own The Record, which had a front page article (continued to the second page for about 12 column inches) on how The New Rules aren’t all that bad, really.
My new rules are about this || close to “if I can’t walk, drive, bus, or train there, I’m not going”. Add that to my refusal to travel to the US now – nothing against you Yanks, I just hate the idea of requiring passports for me and my family at $75 a pop – and it looks like I’m going to be pretty static for a good long time to come.
Remember all those people crying about how we can’t let the events of September 11, 2001 change our lives, “or the terrorists will have already won”?
They’re winning.

UI suckiness: Quest, part 1

As a few people may know already, I’ve been having difficulty getting enrolled in classes this term. I’m a fulltime staff member with 5+ years of service; free tuition has been a perk of mine for 4.5 years now. (I’ve even taken a few courses.) I’ve broken this into an extended entry. I suspect this post may break RSS readers due to the screenshots included. Hopefully it won’t. (Edit: img tags badly break my default layout. I’ll use href instead, so you have to click but at least the archive pages don’t look like utter shit and the full screenshot is there.)

Continue reading