Saturday, May 21, 2016

Trump sucks, but Hillary sucks more.

I don't understand what the deal is with whistling for dogs... as I'm a cat person. ;-) I'm sick and tired of being told I'm racist... I know I'm racist, sexist, and all sorts of other stupid, especially when angry... but that doesn't mean my decision is motivated by it.... I try REALLY hard to avoid that type of stupid thinking.

Trump is by no means a person I want to vote for, but faced with Hillary as an alternative, I'll do it. She's a known war hawk, and liar, and in the pocket of wall street. She's the increasingly unacceptable status quo, incarnate.

The continued push for an American Empire, run by megacorps, for megacorps, means that in short order we're going to have to take on Russia or China in WWIII, and I'm sure Hillary would be willing to give that order, if the polls said it was the thing to do, and Wall Street approved.

Hillary also represents (this week, unless the polls or her sponsors have changed her mind), the interests of the Salary class, and not those of working class people. We're going to need a ton of support as automation kills off the jobs we used to have to pay the bills.

Eventually, some sort of Universal income needs to happen, or the result is more than 1/2 of the population will be "useless", and un-employable at any living wage. Hillary won't care about that.

Of course, if by some miracle, Bernie manages to make it passed the outright favoritism of the DNC, and get the nomination, I'll be a much, MUCH happier camper.

Thursday, March 17, 2016

So you think you know how to secure IT systems...

A comment I posted to /.

You've got a lot of hard won experience, I'll give you that... but the problem is a whole new layer, deeper than you're used to thinking about. Imagine if you built a old style fort, moved your troops in, and generally felt secure.... only to find out the bricks it was built out of were actually blocks of C4, and any one of them could send the whole place up in a flash.
If you can imagine that scenario... you know what computer security is really like, no matter how careful you are. Because Windows, Mac-OS, Linux, and pretty much every non-mainframe OS out there runs every line of code with the full privileges of a user account at all times, there's no way for a user to limit the scope of what a program does at run time.
The solution is to use an operating system that is designed from the ground up to simply ask which files the user wishes to operate on, instead of blindly trusting the program to do the right thing. This makes it possible for the user to limit side effects by design, which then makes it possible to have end nodes that are reasonably secure... which makes it possible to have real security.
I still don't see the change to things like Genode happening for at least 10 more years.

Tuesday, February 23, 2016

The Internet of Garbage

As an old white guy, I keep having my worldview shifted by people who tell me things that I hadn't noticed because my world was primarily engineered by old white guys... this is yet another example of some wisdom from a non-old, non-white, non-guy

Here's Sarah Jeong on The Internet of Garbage. She's smart, and has several good points to make.

Tuesday, November 10, 2015

Dreaming of a new social network

I've got an idea that I'll try to make coherent enough for someone else to get the gist of...

I want to be able to post photos, messages, and other personal stuff to a site that I pay for the hosting of, which can only be read by certain people. I'd like to offer them the ability to have their own accounts and do likewise. Bonus points for making it possible for them to download and move their stuff later if they so desire.

Facebook does most of these things, if you are willing to ignore all the downsides of being a resource for advertisers to mine, and governments to spy on, and hackers to breach, instead of being their customer.

I'm thinking of coding up something based on a bedrock of capability based security, with layers of filtering restricting authority on each layer to the user.

A private version of facebook, which can be shared... it shouldn't cost much... unless someone goes wild posting video and sucking up server space.  I'd guess $5/month or less.

What do you folks think?

The Medium is the Message...

cross-posted from a comment at facebook...

It used to be that people had their own published streams, and you could directly choose who to read (for example using RSS to keep tabs on what Scoble had to say).... but then the network effects of things like this got the better of us, and we're all here in a place where we have to either pay facebook for attention, or say something so outrageous that it goes viral to get around their paywall.

We need to go back to blogs to get the middlemen out, and tune our filters to the bigger, slower, and vastly more important real stories we need to pay attention to.

The medium (facebook) is the message...

Friday, October 30, 2015

I don't git it

Why y'all continue to trust applications to do anything is beyond me.
You don't hand your wallet to the clerk at the gas station, but you'll hand your whole machine over to any random bit of code, and get upset when it goes awry.
Your OS should ask which files to let your application access... until that changes, you're going to keep getting skunked.

Friday, October 02, 2015

CapabilityPipes v0.001 - A very rough draft of an incredibly powerful idea

This is a raw dump of an idea that came to me at 4AM... I hope it's coherent enough to catch on... I will of course keep refining it.

This is v0.001 of the idea

++ Capability Pipes  

Unix/Linux is a set of tools which work together to allow you to pipe output from one program into another, and the resulting plumbing lets you do very powerful things. We need a similar set of tools for the capability security model. This would allow you to have complete and total control over your applications, your network useage, and everything your computer does on your behalf, in a rational and expandable manner.

Instead of trusting applications to do everything, why not use the pipe/api model to limit their connections to the world, so that you can tightly restrict the side effects of everything, as needed?

Give the user a traditional view of the world, just like the linux they have now, but instead of trusting applications blindly, force them all to use capability pipes (like file handles) to do all their I/O.

Of course, you could always default things to the current look/feel of a typical linux desktop, to make transitioning easy for users.

It is impossible to overstate the amount of power this would put back into the hands of users.
 
Examples, use cases:

  A mute filter to allow control over the audio output of a web browser.
  Filtering of which URLs a web browser is allowed to access
  A batch file which could do more than chroot ever could, with all the limits hard enforced by the operating system
  All file pipes would be chosen / supplied from outside the application.

iptables allows a linux system administrator to do very powerful things with the network stack of a machine... this would be a much more fine grained approach as you could control I/O of everything down to the bit level, or not... as you see fit, in the unix way.

You could count the bytes a web browser sends or recieves on each and every page. You could log things.

Digital Rights Management would be killed stone dead as a nice side effect.

Ad blocking could be scripts that users could tweak themselves.

Blog Archive