Re: Personal Firewall Day?

["Marcus J. Ranum" <mjr () ranum com>]

Christopher Hicks wrote:
> Right on.  But your concept of distributed computing seems to mean "let
> everybody do what they want with no limits".  Effective distributing
> computing just doesn't happen that way.

*Bingo* -- effective distributed computing relies on putting the right
services in the right places. Locating services in an effective
distributed environment depends on bandwith assumptions,
reliability assumptions, computation assumptions, and assumptions
about what parts of the system are relatively disposable. The folks
at MIT's Athena project did a lot of thinking on this topic and I
believe their work was a fabulous (ignored) gem of computing.
Systems like AOL and some of the massively multiplayer games
approach truly effective distribution. The designers of those systems
have also discovered another property of such systems that
probably would scare a lot of you, if you think it through: the
provider of the backend "owns" the system - the software
revenue model pushes toward a rental/service model rather
than an outright purchase as we have under the current
general purpose computing model. That means you'd never really
"own" your software environment... If you didn't pay your
bills your files would no longer be accessible, etc. That would
doubtless make some people extremely uncomfortable but
oddly they are comfortable with exactly that model with cable
TV, cellular, etc. Anyplace where you have an expensive
backend system that represents a large sunk cost, frontended
by a commercial appliance that is relatively "disposable" you
move toward the leased service model.

I don't think we're ready to go there with computing but I
think that's where we should be going.

> Dictatorships are all bad, but they're the organizational structure with 
> the lowest overhead.

Minor historical note: NO THEY AREN'T ALL BAD. We've demonized
the concept of "Dictatorship" but the ancient Greeks used the term
to mean "government by dictate" - not representation. In theory you
could have a dictator who really knew what *he was doing and just
didn't put it to a vote or ask a central committee or whatever. Of
course most dictatorships have really been unfortunate for those
living under them, and thus the political system has achieved a
bad reputation. Dictatorships are probably more successful as a
political system than any other, as you say, because of the low
overhead and lack of committees. ;)

> This whole monoculture versus operating system analogy continues to
> provide me lots of amusement.  The big problem with monocultures as
> everyone "knows" by now is that having only one genetic strain makes you
> an easier target.  Avoiding a monoculture only require a very little
> genetic variation.  Do different passwords qualify?

What bothers me is that it's an *ANALOGY* - we argue by
analogy so much that we ignore the fact that analogies
often conceal realities. Monocultures are "bad" in biology
because your lack of diversity makes you vulnerable to
unique new infections. But we're talking about computers,
not animals!! Animals can't transfer immunity the way
computers do! So the whole analogy folds. How do we
transfer immunity between computers? Firewall rules,
antivirus signatures, and firewall-wizards. Those are 3 totally
different ways of rapidly conferring immunity without
having to encounter the cyberpathogen that computers
have which biotic organisms totally lack. So the whole
"monoculture" concept is irrelevant to computer security
unless we factor the concept into our designs and put
that on a checkbox and say "solved that."

> Have these people taken a genetics course in the last twenty
> years?  ;)

Most of the guys who wrote the "monoculture" paper are
friends of mine and some of them invited me to participate.
I didn't because, honestly, I think they're not writing about
computers and computer security - they're complaining
about customers' purchasing habits, they're complaining
about the "monopoly of mediocrity" and they're rooting for
a non-existent underdog. In other words, that paper was
a political document masquerading as a technical document.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards