Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
Republishing before Silence
 
Command Line Utilities: What Would Purr Do?
 
Retiring InfoNuovo.com
 
Confirmable Experience: What a Wideness Gains
 
Confirmable Experience: Consider the Real World
 
Cybersmith: IE 8.0 Mitigation #1: Site-wide Compat...
 
DMware: OK, What's CMIS Exactly?
 
Document Interoperability: The Web Lesson
 
Cybersmith: The IE 8.0 Disruption
 
Cybersmith: The Confirmability of Confirmable Expe...

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

Sorting the Mail: Agile Databases, Vulnerable Applications, and Optimized Code

ACM News Service: Quick Picks.  I don’t have time to dig into these deeper, but I don’t want to lose them, either:

• “Join the Evolution” — Scott Ambler’s invitation to “Agile Database Techniques.” I’m interested in the modeling, refactoring, and coupling issues.  I’m also curious how much business entities are able to adhere to the problem space rather than be solution-space artifacts.
• “Developers’ Growing Challenge” — Peter Coffee’s eWeek article on the problems of vulnerabilities in line-of-business applications and how developers are ill-equipped to deal with it and soon tools will make it harder.  Now there’s a challenge for simplifying rather than covering over fragile complexity.
• “Researchers Speed, Optimize Code With New Open Source Tools” — This is about optimization of computer codes for certain large-scale computations.  It would be interesting to see how generic this is and what its domain of application could turn out to be.  (This goes deep in my files, but filed it is.)

¶ posted by orcmid at 5/19/2005 09:26:00 PM

from:

 

SSH and Known_Hosts Vulnerabilities Threaten Grid

ACM News Service: Researchers Reveal Holes in Grid.  SSH is not new technology, and apparently that is no assurance of confirmed security.  MIT CSAIL researcher Will Stockwell refers to a critical and widespread SSH flaw along with visibility of known_hosts files (demonstrated by probing 92 systems to obtain 8,000 unique addresses) that is enough to permit attack by a simple worm that disrupts a grid or supercomputer system.  Compromised versions of SSH have already been exploited in attacking TeraGrid and National Supercomputing Center machines.

Well, it just keeps getting better, doesn’t it.  This blurb had me looking around for a handy Bruce Schneier quote in my blog clippings, but I didn’t have to go that far.

The Paul Roberts 2005-05-13 eWeek article has this great quote from Schneier on the holes in SSH and the prospects for a cascade attack:

“Nobody realized they were there. Security involves someone saying, 'You can do this,'” said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc., of Cupertino, Calif., and a widely respected cryptographer.

This strikes me as an ugly consequence of Dijstra’s assurance that it is only possible to demonstrate flaws, not the absence of flaws [my paraphrasing].  Although Dijkstra had great hopes for provably-correct programs, we know that the gap between theory and practice is immense in this case. It takes a different kind of mind to seek weaknesses rather than completed work, and how do we keep that sort of skill from wandering over to the dark side where the juice seems to be?

This and other discussions were held at the International Workshop on Cluster Security held as part of IEEE CCGrid in Cardiff, Wales, earlier in May.

¶ posted by orcmid at 5/17/2005 03:38:00 PM

from: