Interesting People mailing list archives
NY Times: Time to build a new Internet?
From: David Farber <dave () farber net>
Date: Sun, 15 Feb 2009 09:51:05 -0500
Begin forwarded message: From: David Akin <jdakin () gmail com> Date: February 14, 2009 10:43:44 PM EST To: dave () farber net Subject: NY Times: Time to build a new Internet? Hi Dave --I think John Markoff is such a tremendous reporter that in at least one job interview, but probably more, when asked what reporters I admire, Markoff is one of two I list. But when you write a story about how dangerous the Internet has become ["Do We Need a New Internet? - http://www.nytimes.com/2009/02/15/weekinreview/15markoff.html?pagewanted=1&_r=1&partner=rssnyt&emc=rss ] and cite as your sources for that observation people who will sell you software to protect you against that danger, well, I begin to wonder. Markoff also cites some researchers at Stanford, which is certainly a school that's produced a lot of computer and telecom innovations but it's also the school Markoff teaches at. (That point is not disclosed in the piece.)
Now, to be fair, Markoff interviews Purdue's Gene Spafford for the piece and he should -- I would if I was writing about the state of Internet security -- but Markoff -- for whatever reason (the piece is in the Times' Review section -- maybe the editors there forced him to take all the geek-speak out. Lord knows it's happened to me before ...) we don't learn much about Spafford's diagnosis of the problem, a diagnosis which, it seems to me, doesn't require a completely new Internet where I have to give up my anonymity for safety and which Gene laid out right here on your list on Dec. 11:
----------"OSes, overly-permissive email, firewalls, anti-virus that is unable to keep up with the threat, and on and on. Not only are most of these poorly thought out from a security point of view, they are all designed to provide too many generic, permissive services to the widest possible client base. That may be good business but poor security planning. And much of the security solution space is limited responses to specific threats that continue to prop up the rest of the poorly-designed base.
..."The number 1 change we need to make is to understand that issues of security, safety and reliability are not easily measured and deploying the cheapest upfront solution is not consistent with trusted systems. The impact of that would go deep, including into the design of the software we run on our systems. Note that this is true of any security -- airport, computer, home or national security. There is a cost involved, and always residual risk.
"We have chosen to standardize on a small set of very complex items because some people think they are cheaper to acquire and maintain....based on experiences gained 15-20 years ago with different platforms. Those estimates also don't bear in mind the costs of security, reliability, and other important factors. But until we change the mindset about up-front cost trumping all else, we can't win.
"We have to change the way we educate software designers, and the way we hold companies accountable for flaws in code.
"We must do a better job investigating and prosecuting computer crime."These are not fundamentally big shifts in technology -- we have the technology for many of these issues now. We simply lack the will to apply it.
------------I'm almost certain Markoff's a subscriber here which makes it a shame he didn't explore some of Gene's ideas a bit further and question the assumptions the Stanford researchers (and others) make that we're going to have to give up privacy and anonymity in exchange for stability and safety.
FWIW: I'm no computer scientist. I'm a plain vanilla Internet user who had his first e-mail account in (I think) 1987 or 1988. Since then, I have been running around the Internet using machines running DOS, Windows, and Mac operating systems. My home machines have never -- never! - been infected with a virus and, so far as I know, no one's stolen my credit card number or my identity. I'm pretty sure I've done to enjoy such good fortune is exercise a little common sense.
On the corporate networks I've been forced to use, I've seen precisely one security problem that affected the company's users. A virus knocked out the network for a company I once worked for for a few weeks. (That company, incidentally, was running Microsoft server products and a Microsoft operating system on its desktops. If you're running a server, why wouldn't you run OpenBSD?) My point here is: Time and time again, we've heard, mostly from companies who sell computer security products, that the world is ending, that there is a monster virus out there that's about to pull the whole thing down. I'm not convinced. Exercise a little common sense when you compute and I'm sure we'll all be fine.
In any event: If you build a new Internet and you want me to get a license to drive on it, sorry. I'm hanging out here in version 1.
-- David Akin ------------------- http://www.davidakin.com ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- NY Times: Time to build a new Internet? David Farber (Feb 15)
- <Possible follow-ups>
- Re: NY Times: Time to build a new Internet? David Farber (Feb 15)
- Re: NY Times: Time to build a new Internet? David Farber (Feb 15)
- Re: NY Times: Time to build a new Internet? David Farber (Feb 17)
- Re: NY Times: Time to build a new Internet? David Farber (Feb 17)
- Re: NY Times: Time to build a new Internet? David Farber (Feb 17)
- Re: NY Times: Time to build a new Internet? David Farber (Feb 20)