Firewall Wizards mailing list archives
Re: Personal Firewall Day?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 7 Oct 2003 13:33:10 -0400 (EDT)
On Tue, 7 Oct 2003, Marcus J. Ranum wrote:
Christopher Hicks wrote:Right on. But your concept of distributed computing seems to mean "let everybody do what they want with no limits". Effective distributing computing just doesn't happen that way.*Bingo* -- effective distributed computing relies on putting the right services in the right places. Locating services in an effective distributed environment depends on bandwith assumptions, reliability assumptions, computation assumptions, and assumptions about what parts of the system are relatively disposable. The folks at MIT's Athena project did a lot of thinking on this topic and I believe their work was a fabulous (ignored) gem of computing. Systems like AOL and some of the massively multiplayer games approach truly effective distribution. The designers of those systems have also discovered another property of such systems that probably would scare a lot of you, if you think it through: the provider of the backend "owns" the system - the software revenue model pushes toward a rental/service model rather than an outright purchase as we have under the current general purpose computing model. That means you'd never really "own" your software environment... If you didn't pay your bills your files would no longer be accessible, etc. That would doubtless make some people extremely uncomfortable but oddly they are comfortable with exactly that model with cable TV, cellular, etc. Anyplace where you have an expensive backend system that represents a large sunk cost, frontended by a commercial appliance that is relatively "disposable" you move toward the leased service model. I don't think we're ready to go there with computing but I think that's where we should be going.
Aren;t those corps that have gone the ASP outsourcing route already buying into the non-ownership model? I see nothing for them to fear, besides the catostrophic loss of the ASP provider, or their not being financially sound enough to pay their own bills. Still data the content in the application, key'ed in stuffs, is still 'ownable' and controlable as long as its not stored at the ASP providers systems... Not that I'm a proponent of outsourcing to ASP's, I'm kinda neutral at present. I would not go there, but, if my employer did, I'd deal with it...
Dictatorships are all bad, but they're the organizational structure with the lowest overhead.Minor historical note: NO THEY AREN'T ALL BAD. We've demonized the concept of "Dictatorship" but the ancient Greeks used the term to mean "government by dictate" - not representation. In theory you could have a dictator who really knew what *he was doing and just didn't put it to a vote or ask a central committee or whatever. Of course most dictatorships have really been unfortunate for those living under them, and thus the political system has achieved a bad reputation. Dictatorships are probably more successful as a political system than any other, as you say, because of the low overhead and lack of committees. ;)This whole monoculture versus operating system analogy continues to provide me lots of amusement. The big problem with monocultures as everyone "knows" by now is that having only one genetic strain makes you an easier target. Avoiding a monoculture only require a very little genetic variation. Do different passwords qualify?What bothers me is that it's an *ANALOGY* - we argue by analogy so much that we ignore the fact that analogies often conceal realities. Monocultures are "bad" in biology because your lack of diversity makes you vulnerable to unique new infections. But we're talking about computers, not animals!! Animals can't transfer immunity the way computers do! So the whole analogy folds. How do we
animals can, and indeed do, mother to fetus transfers of anti-bodies and such, so the analogy perhas holds better then first percieved. though admittedly, it;s far easier in the photon realm to do tranference.
transfer immunity between computers? Firewall rules, antivirus signatures, and firewall-wizards. Those are 3 totally different ways of rapidly conferring immunity without having to encounter the cyberpathogen that computers have which biotic organisms totally lack. So the whole "monoculture" concept is irrelevant to computer security unless we factor the concept into our designs and put that on a checkbox and say "solved that."
Hmm, I keep seeing and commenting on other lists, folks stating that the days of a perimiter are gone. Now, I will admit that the concept needs adapting, and our perceptioins of a perimiter have indeed changed, but, we are still in a perimiter posture, and need to retain that concet at least at present in defining security and the policies and all that security posturing entails. It's more that our perimiters are not as distinct and tightly controled as they once were...
Have these people taken a genetics course in the last twenty years? ;)Most of the guys who wrote the "monoculture" paper are friends of mine and some of them invited me to participate. I didn't because, honestly, I think they're not writing about computers and computer security - they're complaining about customers' purchasing habits, they're complaining about the "monopoly of mediocrity" and they're rooting for a non-existent underdog. In other words, that paper was a political document masquerading as a technical document.
Of course, perhaps the time has come that 'political postuering' is needed to clue the masses <mgt being in that masses group>. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Personal Firewall Day?, (continued)
- Re: Personal Firewall Day? Gary Flynn (Oct 07)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: Personal Firewall Day? David Lang (Oct 07)
- Re: Personal Firewall Day? Bill Royds (Oct 11)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 11)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 07)
- Re: Personal Firewall Day? Dragos Ruiu (Oct 07)
- Re: Personal Firewall Day? Christopher Hicks (Oct 07)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: Personal Firewall Day? Adam Shostack (Oct 07)
- Re: Personal Firewall Day? R. DuFresne (Oct 07)
- Re: Personal Firewall Day? Frank Knobbe (Oct 16)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: OfficeTV (was: Personal Firewall Day?) Dragos Ruiu (Oct 07)
- Re: Personal Firewall Day? David Lang (Oct 06)
- Re: Personal Firewall Day? Adam Shostack (Oct 07)
- Re: Personal Firewall Day? Crispin Cowan (Oct 07)
- Re: Personal Firewall Day? Achim Dreyer (Oct 07)
- Re: Personal Firewall Day? avraham shir-el (arthur sherman) (Oct 07)