Firewall Wizards mailing list archives
Re: Personal Firewall Day?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 07 Oct 2003 11:39:00 -0400
Christopher Hicks wrote:
Right on. But your concept of distributed computing seems to mean "let everybody do what they want with no limits". Effective distributing computing just doesn't happen that way.
*Bingo* -- effective distributed computing relies on putting the right services in the right places. Locating services in an effective distributed environment depends on bandwith assumptions, reliability assumptions, computation assumptions, and assumptions about what parts of the system are relatively disposable. The folks at MIT's Athena project did a lot of thinking on this topic and I believe their work was a fabulous (ignored) gem of computing. Systems like AOL and some of the massively multiplayer games approach truly effective distribution. The designers of those systems have also discovered another property of such systems that probably would scare a lot of you, if you think it through: the provider of the backend "owns" the system - the software revenue model pushes toward a rental/service model rather than an outright purchase as we have under the current general purpose computing model. That means you'd never really "own" your software environment... If you didn't pay your bills your files would no longer be accessible, etc. That would doubtless make some people extremely uncomfortable but oddly they are comfortable with exactly that model with cable TV, cellular, etc. Anyplace where you have an expensive backend system that represents a large sunk cost, frontended by a commercial appliance that is relatively "disposable" you move toward the leased service model. I don't think we're ready to go there with computing but I think that's where we should be going.
Dictatorships are all bad, but they're the organizational structure with the lowest overhead.
Minor historical note: NO THEY AREN'T ALL BAD. We've demonized the concept of "Dictatorship" but the ancient Greeks used the term to mean "government by dictate" - not representation. In theory you could have a dictator who really knew what *he was doing and just didn't put it to a vote or ask a central committee or whatever. Of course most dictatorships have really been unfortunate for those living under them, and thus the political system has achieved a bad reputation. Dictatorships are probably more successful as a political system than any other, as you say, because of the low overhead and lack of committees. ;)
This whole monoculture versus operating system analogy continues to provide me lots of amusement. The big problem with monocultures as everyone "knows" by now is that having only one genetic strain makes you an easier target. Avoiding a monoculture only require a very little genetic variation. Do different passwords qualify?
What bothers me is that it's an *ANALOGY* - we argue by analogy so much that we ignore the fact that analogies often conceal realities. Monocultures are "bad" in biology because your lack of diversity makes you vulnerable to unique new infections. But we're talking about computers, not animals!! Animals can't transfer immunity the way computers do! So the whole analogy folds. How do we transfer immunity between computers? Firewall rules, antivirus signatures, and firewall-wizards. Those are 3 totally different ways of rapidly conferring immunity without having to encounter the cyberpathogen that computers have which biotic organisms totally lack. So the whole "monoculture" concept is irrelevant to computer security unless we factor the concept into our designs and put that on a checkbox and say "solved that."
Have these people taken a genetics course in the last twenty years? ;)
Most of the guys who wrote the "monoculture" paper are friends of mine and some of them invited me to participate. I didn't because, honestly, I think they're not writing about computers and computer security - they're complaining about customers' purchasing habits, they're complaining about the "monopoly of mediocrity" and they're rooting for a non-existent underdog. In other words, that paper was a political document masquerading as a technical document. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Personal Firewall Day?, (continued)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 06)
- Re: Personal Firewall Day? Crispin Cowan (Oct 07)
- Re: Personal Firewall Day? Gary Flynn (Oct 07)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: Personal Firewall Day? David Lang (Oct 07)
- Re: Personal Firewall Day? Bill Royds (Oct 11)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 11)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 07)
- Re: Personal Firewall Day? Dragos Ruiu (Oct 07)
- Re: Personal Firewall Day? Christopher Hicks (Oct 07)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: Personal Firewall Day? Adam Shostack (Oct 07)
- Re: Personal Firewall Day? R. DuFresne (Oct 07)
- Re: Personal Firewall Day? Frank Knobbe (Oct 16)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: OfficeTV (was: Personal Firewall Day?) Dragos Ruiu (Oct 07)
- Re: Personal Firewall Day? David Lang (Oct 06)
- Re: Personal Firewall Day? Adam Shostack (Oct 07)
- Re: Personal Firewall Day? Crispin Cowan (Oct 07)
- Re: Personal Firewall Day? Achim Dreyer (Oct 07)
- Re: Personal Firewall Day? avraham shir-el (arthur sherman) (Oct 07)