Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
TRUST: Team for Research in Ubiquitous Secure Tech...
 
Bring us Your Metadata, Your Tired, Your Poor, You...
 
Building Blue Relationships and Partnerships
 
Secure Overlays on Insecure Internets: It Could Ha...
 
All Your BIOS Are Still Mine
 
CyLab's Angle on Sustainable Computing and Trustwo...
 
C# Moves Head in Statistical Leapfrog
 
Open Authentication: One-Time Passwords and Crypto...
 
Is Faith in Innovation Wearing Thin?
 
Repairing Aberrant Behavior: But Is That the Threa...

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

TRUST 2: Proliferation of COTS in Critical Infrastructure

ACM News Service: Diffie - Infrastructure a Disaster in the Making.  This summary features Diffie's perspective on the current distractions from attention to the infrastructure, the rapid introduction of software that is not designed for such reliability, and the inevitability of PKI adoption, like-it-or-not. Bill Brenner's 2005-04-12 SearchSecurity.com article is the second of two parts.  This Diffie interview has some valuable context.  For example, Diffie doesn't go for the monoculture theory, recognizing the practicalities that also figure into security approaches.  Known for insightful gems, Diffie drops this keeper: "... Diversity isn't the most critical question.  It's the proper attention to software coding that's critical.  Security differs from reliability because someone's looking for the part you didn't get right." [dh: My emphasis] The article is too short.  The sensibilities expressed here resonate for me and I want more!  It's great to see Diffie anticipating direction and that suggests where I can concentrate on simplified use in my own cryptographic applications.  And we get more Diffie humor:

How do you see the technology evolving over the next decade?
Diffie: I expect it to develop an opposable thumb and settle into a level of standards.  I think the most glaring example of success is the Advanced Encryption Standard (AES).  We now have a high-grade crypto algorithm. Standards like AES, SHA-384 [and] ECC digital signatures… will drive out their competition ...

I find that encouraging.  I will find it more encouraging if the shake-out doesn't leave us with protocols that require a business model that fore-closes cottage innovation. Martin Hellman's part of the interviews appeared on 2005-04-11, and the Diffie-Hellman key exchange algorithm is presented in a 2003-01-23 article by Mike Chapple. Brenner also has a 2004-07-01 article on differing views of the monoculture threat.  That one demonstrates to me that the metaphor is too pat.  Software platforms are clones, so it isn't even a monoculture in that regard.  One disease kills all.  But true diversity (in the Darwinian sense) is not possible for software, and it is also not useful.  Species survival doesn't matter if most of your copies die in the plague.  Get it?  And contrived-diversity forms being proposed raise their own trustworthiness concerns.  For one: How do you turn in a bug report against an operating system that has genetic variations in the copy you are running?  The medical profession seems to handle that well enough, but how do you give your computer two aspirin?  Digital failure of the software kind is not like having a few cells die while antibodies do their thing.  The monoculture idea is catchy and only a metaphor with the destiny of all metaphors when over-applied. I am delighted to learn of.  SearchSecurity.com.  I am also amused by how strongly the site puts my software firewall through its paces, and how they track my every move as I navigate around.  I love all the little boxes with [ad] in them.  Even more exciting are the rectangles on the page with browser warning pages scrunched into them, telling me that I am not authorized to browse a page and giving me a 403 response.  I have finally figured out this is provoked by in-line MIME types.  And of course my browser blocked the third-party cookie from bitpipe.com. I wonder how much more thrilling life will be if I register for the free membership?  Not today, thank you very much.  What's amusing about all of this is that this is exactly the way I find Microsoft to be at cross-purpose with itself.  The market-facing side, illustrated by MSN, is busily expecting us to drop all of our safeguards to enjoy the experience they and their advertisers have in store for us, while the security-facing side is ragging us to practice the 3 whatnots, protect ourselves, update as often as we brush, etc., etc.  The more I run into this, the dirtier I am beginning to feel.  We are making ourselves crazy with this sick combination of security righteousness and base mercantilism.  (Actually, I think I am giving mercantilism an undeserved bad name, but we are being taken a long way from dealing with the country storekeeper, and I don't have a better label.)

¶ posted by orcmid at 4/14/2005 12:48:00 PM

  <$BlogBacklinkTitle$>  

<$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> at <$BlogBacklinkDateTime$>