Tuesday, December 13, 2011
Thursday, November 24, 2011
The end of general purpose computing has been written about before, but with the trend towards devices like the iPad and tablets running "apps" of all shades, we're rapidly moving away from running code of our choosing, and moving toward a word of walled gardens of curated choices for software as a service.
The underlying problem pushing us towards this unpalatable end is security. We're giving up our freedom for security, and it seems like a good trade for many. As long as there is a heavy counterweight of machines which can run anything, it's likely to remain a good trade, as you can always move back. However, this option will be closed off, just like the Borders bookstores that were no longer profitable because people chose to actually make their purchases at Amazon while browsing in their stores.
The fact that it's pretty much impossible to keep a computer virus free, and the DLL hell that people aren't even aware of (it manifests itself when you install a program and everything else stops working, and you can never get back to normal), combine to make general purpose computing a very unpalatable choice. Unfortunately, the only way we can maintain our civil liberties is to keep ownership of our information, communications, and privacy. This is not possible in a world where were everything is a closed up "app".
It doesn't have to be this way... really. Computers can be secure, easy to use, and general purpose. The problem is the underlying design choices made a few decades ago that are baked into all of our operating system choices.
It's a more general problem that just our computers... we're in the middle of a long rush towards being a consumer of everything, with no effective means of production, which is like being a turkey on a farm. Lots of great food every day from the nice supplier, then a very unpleasant ending.
We need to be smarter than the turkey... really.
We need to be able to make everything we use, all the way up and down the supply chains, lets they become chains of bondage.
We need to be able to repair instead of replace for a larger percentage of cases.
It's looking to me like the "cold fusion" of the 1980s is actually close to fruition. If (90% odds) it works out to be true, there are some economies of scale which will fall apart, making new opportunities for their replacements.
If power can be supplied locally at a lower cost than the grid, there are lots of towers, cables, transformers, pipelines, generating stations, etc... that will need to be decommissioned. The amount of scrap metal will be immense. Of course, the supply requirements to build millions of generators may more than equal this...
If you had free electricity, by the megawatt, what could you do that is not currently feasible? Extracting metals from minerals comes to mind as one of the first things that would be far cheaper.
It's worth revisiting the natural abundance of elements to see what is really available if energy isn't an issue.
Facebook is another example of the trend towards a service, blogging used to be something done by those that had their own web sites, then blogger became popular, then RSS made it easier to keep up with many sources, and now Facebook is the biggest aggregator of them all, and blogging is fading away, a bit.
Wednesday, November 02, 2011
Google Apps for Business and Google | Postini Email Continuity.
This would give us Google Docs, Groups, etc... and syncing of Contacts and Calendar along with Email between our Exchange Server and Gmail.
Everything on the web shows this scenario... a nice picture of a good platform to run our business on top of...
Except, Google doesn't understand platforms, even a Google insider has said so
After being forced into a reseller channel, and fighting to get an actual human on the phone, it turns out that you CAN'T have Google Apps and Google | Postini Email Continuity together.
Why? Nobody knows why, the salesman thinks it's nuts, and so do I.
I'm pissed off, and very disappointed. Now I'm worried that I look like an idiot for even proposing what turned out to be vaporware to the two layers of management above me. Google just burned through a lot of goodwill with this clusterfuck.
So, here I sit looking for a better way to do IT for a small business, while tolerating crappy internet connectivity from two different providers, and no easy way to sync it all up into the cloud in a non-home brew manner.
Google and Postini have really screwed the pooch on this one. I wonder who will fill this need and eat their customer base for lunch?
Sunday, October 30, 2011
A while ago, I came up with the idea of a "tube" of stuff (at the time the internet was being described as a "set of tubes") and thus begat intertubes.org
Wednesday, October 26, 2011
I have some friendly advice, and I hope this helps you make sense of some things you might not have expected...You wrote a story... http://www.insidebayarea.com/opinion/ci_19190645It's now getting lots of inbound links from the internet, bypassing all of the navigational structure that your regular readers would use to find replies, updates, etc.If the opinion of your paper hasn't changed.... say so in an update, if not, you really need to add it to this story... at the same URL, not a new one.As it stands, everyone is going to assume you have no sympathy at all for those harmed last night.Like I said, I hope this helps.--Mike--
I'm tired of worrying about this stuff, and I've come to realize that we are going to win in the end, as this will just take a few more bricks out of what is left of the "consent of the governed" they still have left as a foundation in Washington DC.
We're nearing a tipping point, it's going to be long and ugly, and you can't count on winning.... just worry about your survival, and helping your friends and family make it through... just like during the first Depression.
Tuesday, October 25, 2011
St Vincent De Paul - Davenport California - October 15 2001, a photo by --Mike-- on Flickr.
This is one of the hundreds of cool things we saw on our Honeymoon in October, 2001.
Wednesday, October 19, 2011
So I did what any good hacker would do, I started experimenting with my single camera from multiple view points. At first the photos really sucked, but they've been getting better over the years.
You can see some my virtual focus images (which is the end result of all this) in this gallery at Flickr.
SO, The Lytro camera has finally been announced. I'm ordering one as soon as I can.
It's a consumer appliance version of a camera, far from what I expected, but also FAR cheaper than I expected, and much more user friendly.
The big feature of this camera is that it captures a "light field", which is to say that it takes multiple photographs of the same scene from slightly different angles, all at the same instant. The raw data is then stored for later processing (later being milliseconds or years)... to render it into a 2d image along a selected focal plane.
They chose a configuration which doesn't require any mechanical focus system, which means you can grab images as soon as the CPU in the camera is ready... no hunt and seek focus in the dark. This is a big time plus if you've been frustrated with the shortcomings of "contrast detect" focus used on almost every "point and shoot" compact digital camera.
There are a lot of design choices that I don't get, but I don't have one, and I haven't used one, so I'll have to wait and see how well it actually works.
It will be fun, even if we have to wait until version 2.0 of this technology.
Sunday, October 16, 2011
I think there is a much simpler explanation, that we're not supposed to figure out, because if we do, we can route around the damage, which would tip the scales towards justice, and we can't have that now, can we?
How about Carnivore?
How about the secret rooms at the Telephone Company offices?
The Onion (which is a satirical publication)... has the best illustration of this in their story about the CIA funding Facebook.
(Update) - I think they simply scan everyone's communication for keywords which indicate dissent, and then dig in closer... it's quicker and cheaper, and more effective than random human offers of information.
Total Information Awareness is what they used to call it...
If my thesis is correct, and this is the result of monitoring and not human factors, instead of just mis-trusting each other, we simply need to encrypt our communications, and prevent this system from working against us while maintaining its advantages of quicker communication.
It's a theory... and words are cheap... take this with a grain of salt....
Thursday, October 06, 2011
Here is the source, which I include a copy of below. I'm a big believer in linking to the source documents, which nobody in the media is apparently willing to spend the time to find.
Committee on Pedestrian and Traffic Safety
September 8, 2011 City Council
BE IT ORDAINED BY THE CITY COUNCIL OF THE CITY OF CHICAGO:
SECTION 1. Chapter 9-52 ofthe Municipal Code of Chicago is hereby amended by adding
a new Section 9-52-110, as follows:
9-52-110 Use of communication devices while operating a bicycle.
(a) For purposes of this section only, the following definitions apply:
"Communication device" means a device, including but not limited to a wireless telephone,
personal digital assistant, or a portable or mobile computer, which is designed to transmit and
receive electronic messages.
"Electronic message" means a self-contained piece of digital communication that is
designed or intended to be transmitted between communication devices. An "electronic message"
includes, but is not limited to electronic mail, a text message, an instant message, a command or
request to access an internet site, or talking or listening to another person on the telephone.
"Using" means composing, reading, sending or listening to an electronic message.
(b) Except as otherwise provided in subsection (c) of this section, no person shall operate
a bicycle while using a communication device. Except as otherwise provided in subsection (d) of
this section, any person who violates this subsection shall be subject to the fine range set forth in
(c) The provisions of this section shall not apply to a:
(1) law enforcement officer or other emergency responder, when on duty and acting
in his official capacity;
(2) person using a communication device with a "hands free" device or in a voice-
activated mode, which allows the person to talk into and listen to the other party
without the use of hands;
(3) person using a communication device for the sole purpose of reporting an
emergency situation and continued communication with emergency personnel
during the emergency situation; or
(4) person using a communication device while maintaining a bicycle in a stationary
(d) If a violation of subsection (b) of this section occurs at the time of a traffic accident, the
person operating the bicycle may be subject to a fine not to exceed $500.00 which shall be
assessed in addition to the fine provided by section 9-4-020.
SECTION 2. This ordinance shall take effect after its passage and publication.
Alderman, 39th Ward
Monday, September 12, 2011
However, the best on 9/11 I’ve read to date in terms of matching my feelings about what’s happened was this post on SlashDot (warning, lots of righteous use of profanity)
My version of things is based on that, with some reflection and a different perspective.
9/11 CAN’T HAPPEN AGAIN… it couldn’t have happened on 9/12/2001 even with no changes other that the knowledge now carried by every passenger as to the real threat posed by hijackers.
The only really good money spent since 9/11 was on better cockpit doors.
We should have responded to the Crimes of 9/11 using the International Police, and the Intelligence agencies of the world.
ALL of the warfare in response to 9/11 was wasted and wrong.
We faced down the USSR, and didn’t give up our rights, why did we let 19 guys do to us what decades of cold war couldn’t?
Wednesday, September 07, 2011
I've been criticized for not fully understanding the power of a Nikon D40 and a tripod for taking night photos... here is one example of the photos you can take with it.
I bought the D40 instead of the D40x because of it's lower "resolution" and thus much better night photos, I've never regretted the decision.
Saturday, September 03, 2011
The post with the most important idea I have to tell you today - told very poorly - verbose version #1
Wednesday, August 31, 2011
Friday, August 26, 2011
You CAN help... and it's easy... just use a better frame, every chance you get.
When you're about the write or say the phrase "free market", please say "fair market" instead. It's a simple and subtle substitution which puts the need for laws back into their proper place in the mindset when discussing such things.
Markets are a balancing act, they require rules in order to give the confidence required to trade without fear, but also the ability to set prices optimally, without unnecessary rules. A fair market maintains that balance, whereas a "free" market as defined by the right is one more like the wild west.
Notes only vaguely related to the above call to action...
1) As you might already know, any idea you have, is already on the internet, if you can conjure up the right search terms and cast the spell into Google. Such is the case with my idea for a new term, fair market capitalism.
2) There are many other frames which need to be addressed, especially "intellectual property", it would be nice if we had a place on the internet to discuss them get distribution, to counter the right-wing machinery put in place over the last 30 years. It should be fair and open discussion, with an emphasis on the desired result of getting a better framing around conversations to help us all in the long run.
Sunday, August 21, 2011
wakin' up in the moning
Gotta write now
Gotta save that idea....
ok... enough of the Friday spoof
Here's an idea for implementing a secure space for applications to run in an otherwise insecure host environment, leveraging VMware, Zen, Citrix, QEMM, or a separate physical box to run applications cut off from reality, and restricted to a strange little world, where the default answer to "can I have this?" is NO.
--- copied from my WikidPad page on my laptop ---
++ Secure Little Application Project
Slap, Slip, SL?P
Write the smallest possible operating system that fits inside a virtual machine. It would make requests across the net (or some other API) for everything, thus not able to infect the host system.
Like Secnurse, the application would be in its own address space, cut off from all the normal API calls, and thus couldn't break the host.
In it's own little world, applications would run, and request resources from a host program written in something like Delpi, C++, or whatever is convinient.
It would then be somewhat easy to provide file and folder services, not being bound to the normal rules of things, and all the hidden holes that go with undocumented "features" in the host environment.
Separating the app from the host environment is a good step
Having multiple versions of the service host to chose from helps make sure the code is clean.
Everyone can implement their own, and compete for better models of things.
Host - the PC running the VM
Guest - the application
Concierge - the program that gets everything for the guest
Thursday, August 18, 2011
You wish to purchase a bottle of coke at the 7/11.
So you get to the check out counter, with the bottle of coke you wish to purchase.
You put yourself into suspension so that the clerk can...
- Find your wallet, get money out, put all but $2.15 of it back in
- Prepare your receipt
- Wake you back up
- Hand you the receipt
Imagine that you grew up in a world where this was normal behavior. Sure there were some dishonest clerks, but those were few and far between. Enough people eventually complained that they started a list of bad clerks, so you could check to see if the clerk was on the list before you decided to make a purchase.
Problem solved, right? WRONG...
- What if someone tricks the clerk while you're in suspension?
- What if they make a mistake?
- What if they have an accident?
- What if they just decided to turn evil, and aren't in the bad clerk list yet?
This bizzarro world is almost precisely how we do things with computers. Instead of ourselves, it's our computer account, and instead of the clerk, it's a program we're about to run.
Now... look at how we do things in the real world...
When you buy a coke at the 7-11, you hand take your coke to the register then you
- Offer a form of payment, let's say $5.00
- Get change and a receipt
There is no possibility of bizarre side effects, like having your living room painted a Slurpee Blue because of 7/11 decided to offer a new feature.
Why not have the operating system do it's job and enforce a scenario like this...
You have a program you'd like to run
- Make a list of resources the program should be able to access
- Specify read, write, modify access to each those resources
- Present the list, along with the program, to the operating system, for execution
- Enjoy the results
Wednesday, August 10, 2011
If you trusted him, he had full access to every weapon and resource at our countries command, until he decided to leave.
If not, he wouldn't have access to anything.
Would it be possible to have an effective command and control system, when rank means nothing because there are no privileges that go with it?
Would it be possible to even have a country, if one loose cannon could launch Armageddon?
Friday, August 05, 2011
Somewhere in between various web servers going back and forth on every click, I must have crossed over the River Styx, and began a descent into HTML hell....
After my best shot at it, I bailed out and started looking for a phone number to a real person.
I eventually found someone to CALL, and got it all taken care of... whew...
At the end of the web experience, I answered a lengthy survey about the web site(s)... here's what I said to the "what do you suggest to make things better" question:
1. Unify all of the sites, eliminate artificial (sp?) separations between local and long distance, between DSL and Uverse, wired and wireless, etc.
2. Fix naviation so that the BACK button actuall works as intended.
3. Always have support links on the page, a number to call, an email address, and a place to chat.
4. Always show where in the naviation tree things are, and UNIFY that tree.
5. Make a nice grid for showing options on phone service, even if I have to scroll both directions, it's much better than trying to work around a broken back button...
This web site is like playing ZORK, except there's no place to type XYZZY to get back to a known location.
Friday, July 29, 2011
Social security is NOT an entitlement.... we've been paying into it for our whole working lives, it's the big hit after taxes called FICA. It's got a HUGE surplus, which won't run out for more than 20 years.
However... they've been "borrowing" this surplus by "investing" it in government bonds... to keep the cash flow going, since the 1960s... only now that it's about time to start pulling out of the "surplus" do they want to cut it as an "entitlement"...
In other words, we paid money in... they were supposed to set it aside for us, and now they don't want to admit that they've already STOLEN it, and it won't be there when we need it.
All of the spending to bail out banks, corporations, etc... was all out of our retirement funds... don't forget it.
Thursday, May 26, 2011
I ask that you consider introducing legislation similar to that of the recently pulled HB 1937 of the State of Texas.
Here's the link to their web site about the bill: http://www.legis.state.tx.us/BillLookup/Text.aspx?LegSess=82R&Bill=HB1937
It would criminalize the types of searches the TSA has been doing, which are in violation of the 4th Amendment of the US Constitution.
In introducing this, you would show that you stand for the rights of your fellow Hoosiers. We don't have as much air traffic to worry about, so their is less fallout. You would also show some distance between yourself and the DC beltway crowd, which will probably come in handy soon, as they keep debasing the dollar, leaving the States out to dry.
Thanks for your time and attention.
Wednesday, May 11, 2011
The feature matrix is confusing, to say the least... but if you look at the sales page, it makes it very clear that the difference between the Starter and Pro editions is in the licensing of applications. Check the link above, or read the description yourself (retrieved May 11, 2011):
Delphi XE Starter is a great way to get started building high-performance applications for Windows. Delphi Starter includes a streamlined IDE, code editor, ultra fast compiler, integrated debugger, two-way visual designers to speed development, hundreds of visual components, InterBase Express for connectivity with the InterBase database, and a limited commercial deployment license.
If you’re an individual you may use the Starter Edition to create apps for your own use and apps that you can sell until your revenues reach $1,000 per year. If you’re a small company or organization without revenue (or up to $1,000 per year in revenue), you can also use the Starter Edition. Once your company's total revenue reaches US $1,000, or your team expands to more than 5 developers, move up to the Professional edition with an unrestricted commercial license.
The REAL difference is in functionality, not licensing... the refactoring and other reasons for upgrading from Delphi 7 are MISSING in the "starter" edition. This is NOT mentioned here... and definitely should be. I suspect this omission is deliberate. Starter edition should instead be renamed "bait".
Oh well... can't get a refund... don't want to pay $500 to see if the next level up is more crap.
Delphi XE sucks.
Sunday, March 13, 2011
The Website kept pushing an offer to Live Chat sales in front of me, keeping me from reading what I wanted... eventually I gave in, and was then told that Live Chat isn't available now!
If you offer it, it MUST be available, otherwise turn it off!
Design fail - not as bad as throwing away 3 hours of work, but still pretty stupid.
Ok... I jumped the gun a bit... and got to chat.
I'm told that they don't delete Windows Servers until you tell them to.
I'll be testing that this week.
Thursday, March 10, 2011
However, unlike most rants, screeds, etc... I offer a reasonable and easy to implement solution which should work well for all concerned.
What EC2 is:
EC2 lets you create virtual servers based on their hardware and networks. It's fast, reliable, and pretty flexible when it comes to getting far more computing resources in short notice than would even be possible for a small company to arrange, let alone finance, because you can pay by the hour of computing time, and the megabyte of disk storage.
Amazon offers a wide variety of Linux and Microsoft operating systems to run within these virtual servers, and they make it easy to provision new machines, or "instances".
Yesterday, I was at work, and for whatever reason, I couldn't find the instance of Windows Media Streaming I had last used on Amazon EC2 about 6 months ago that I needed for a demo. With real servers, it's obvious when you have boxes to look at, hopefully all nicely labeled, but since virtual servers don't actually take up physical space in the office, they end up just like any other misplaced computer file.
I then proceeded to create a new one from scratch. The setup wasn't that long, but my work day because a long one while I got everything set. It got worse when I figured out that the Hardware Streaming Box we were going to use wasn't using the same protocol I had previously used. I got all that sorted out about midnight, but then found out something else was amiss. I thought it could be either the streaming box, or the virtual server that was mis-configured, so I created a virtual server in our own local network (using VMware) to divide the problem and more accurately place blame. At about 6 AM I had proof that it was the streaming box, and it had a virus. It needed to be reset to factory standards... I waited for our supplier to call back to get the proper procedure for doing so, and got everything working by 10 AM today. (Now a 26 hour work day).
I then proceeded to help everyone else test out their parts of the demo, and showed them how everything worked with the box, Amazon, Windows, etc... I was done after lunch at about 1:30PM. I was taking care of putting the hardware away, cleaning up my office, etc... when I shut down the Virtual Server. I was looking at the configuration of it, and it seemed to be stuck in the process of shutting down (terminating) far longer than expected.
Then I couldn't find it! (Deja vue)
It was about 15 minutes later that I found out what had happened.... Amazon threw my newly configured virtual machine away, assuming I no longer wanted it, merely because I turned it off (using the Windows Shutdown command) to save the compute costs while I wasn't using it. My reaction was one of surprise and sadness, and resignation to an even longer work shift that was now like to stretch from 8AM to 5 PM the next day.
I'm upset about this, I understand how someone on the product team might have justified using the word Terminate to signify deleting a server, and someone else defended the decision to delete them by default, but it's not the way people use computers.
How you can relate:
Imagine if the mere act of turning off your desktop machine resulted in its disappearance and the need to set up a new one, no matter how inexpensive. This is the problem I faced. I invested hours of time getting everything working just right, and testing it.... I had to spend another 3 hours to do it all over again.
How to fix it:
Now... here's my message to the folks who control the design of this system...
You have added a "termination prevention" system, which helps to alleveiate the problem, if the user has a clear understanding of the NON-STANDARD use of the word termination in this context. This kludge of a fix tells me that the product managers don't quite have a good enough grasp of how things work.
A far better fix, one that fits with far less ambiguity, and far less pain for all involved, is to use the standard word DELETE when describing the act of removing a virtual machine from existence.
Deletion of a virtual machine, or set of files should NEVER happen merely because a virtual machine powered itself down. It should ALWAYS and ONLY be the result of a positive direct action at the request of a user, who then gets a message warning them of the full implications of their actions before giving their final confirmation of the action.
Please take this in the spirit with which it is intended, as CONSTRUCTIVE criticism, and a possible fix.
You'll save all of your new users having to go through this painful experience, and have a better product to boot.
Update: As you can see in the comments, this design fail is making a hole for others to fill.
Saturday, February 19, 2011
The internet is just a big network, and while BGP seems to have it's issues, with some work they can be solved. The network itself is just a "series of tubes", as it's been described in the past, and you don't have to guard the tubes if the ends are secured.
There is a deep design flaw in the operating systems and applications we use on a regular basis. Historically it's been possible to tightly control the code we run, so it was reasonable to trust the code to do its job. This assumption no longer is valid.
- We can no longer afford the luxury of trusting our applications.
- We can't even afford to trust our drivers with kernel mode.
- We can't afford to trust the system processes to stick to their designated roles.
At a practical level, we have to trust some code, why not trust as little of it as possible? Micro-kernels present the smallest amount of code required to manage the operating system. There has been much research in this area, and recently there have been "proven" micro-kernels which theoretically have no flaws in their implementation of their specifications.
Now, the kernel needs device drivers and other system processes to make a usable operating environment for the user and programs. A kernel which doesn't trust its drivers must use a new strategy. One way forward is to use the concept of capabilities. A "capability" is a token / key (really, just a big number) which allows access to a resource. Each device driver, system process, etc... is given the appropriate set of keys to the resources that are required to do the job. If the key isn't present, the access is not allowed.
Thus a disk driver wouldn't get access to the internet. A clock driver wouldn't need to either. The system time demon would get access to a log file, a specific set of internet ports and addresses, and the clock. Any bug or vulnerability in one of these drivers would only affect it, and the capabilities it happened to have at the time.
Applications would have to be re-designed as well, for example, if you want to open a file in OpenOffice, the program opens a system dialog box to get the name and path to a file, it then opens the files as required. The new version would instead call a slightly different dialog box, which would them return the file handle (a capability) to only that file. The save dialog would also be modified in a similar fashion. If there are libraries required, etc... they can be included in the applications home folder. A capabilities based version of OpenOffice would thus work the same way, but be far more secure.
With this approach, we end up with secure systems that are still usable.
I think I've shown fairly well that we must re-design things from the ground, a decidedly non-trivial task, but it is the only way to avoid having government overlords telling us what code we can and can't use. If we wish to own our own systems as free men, we need to get our act together and fix things now, before it's too late and we loose the freedom to write our own code.
The path we are on ends with computers we merely have license to use, secured by the government, censored by the government, rented from big corporations, running applications we rent or buy from app stores. This is a future we need to avoid.
Thank you for your time, attention, and comments.
Friday, February 18, 2011
Soon he was making rules that worked, and after that he learned how to make them simple and elegant. He could make a rule that had very few side effects, and stopped the threat without much cost. The system was getting slower, but thanks to advances in technology, a new system would soon be installed which was more than twice as fast as the old one. The users were fairly happy with things, as it kept disruptions to a minimum.
Over time, he learned about the pros and cons of the other rule systems, and how they worked. He wasn't a big fan of his system, but felt the users of the others were a bit too smug in their claims that there systems were somehow much better. He knew the basics were the same, that it was just a matter of time before theirs had similar problems, and that they mistook temporary conditions as a permanent condition.
One day it occurred to him that there might be a better way to do things. A friend had joked that instead of making rules to stop threats, perhaps it would be better to have a list of things that were not threats. It stuck in the back of his mind, and the more he thought about it, the more sense it made. He tried to explain his new idea to his friends, but they thought it was silly, and it would make it way too difficult to manage things, and would make the users complain too much about things they couldn't do because they weren't in the list.
Eventually he convinced some friends to build a prototype system, it would watch what the user did, and build rules to allow those things, and had a new feature which denied everything else. The idea of denying everything was crazy, but it worked in this case. The prototype system was interesting, but he thought it should go further. He had an even bigger idea, the thought the prototype should become the standard way of doing things.
His friends and peers thought he was nuts! How could you possibly list all the things the user wanted to do? Why would the users, who were the source of profit, possibly allow his group do such an absurd thing. If the list of allowed things didn't have something they needed, they would have to stop work and tell his group and get it added to the list. Such a presumption of power was surely a foolish thing to do.
He was sure his idea was right, but it wouldn't work because of the politics of it. He then wondered what would happen if the users could add things to the list themselves? This would leave the users with a system that would allow them to do what they needed, but without the need to have his group always blocking threats. Such a system would leave his group with a lot more time to work on the other tasks they had to keep interrupting, he was sure it would be worth it, but how to convince his peers?
Well.... by writing this very story. The above is a description of an imaginary world in which firewalls lack the ability to include a default deny rule. This makes it necessary to enumerate every threat and create a rule to stop it, and to share the list of rules. In our world, firewalls do have this ability, and we (network administrators) make rules explicitly allowing each protocol and port connection from the internet to our servers.
The above is also a description of this world. This is the way we currently handle computer viruses. We subscribe to services which list rules to identify bad code fragments, and we have systems which block those fragments when they are found. The point of this story is to get you to consider the opposite... a system which trusts nothing, and lets the users explicitly choose what connections and resources a program should get.
It's called capability based security, CabSec for short.
Monday, February 14, 2011
Sunday, February 13, 2011
The doctor in question hit an arbitrarily sized text field for inputing the evaluation of a patient, and was arbitrarily stopped at 1000 characters. The help desk confirmed the limit, and was snarky about it.
I can see how this may have been an acceptable design decision when systems had a total of 5 megabytes of space in the 1960s, but it is clearly not acceptable by any means in our current era.
I found the article via Quora, and here's the comment I wrote there:
Wow... I can see how such things happen... and that is a truly stupid situation. Hours of lost medical care to save a few megabyte of disk space across a year.
A single photograph, let alone some MRI or CT scan data could wipe this savings out in an instant.
The savings in this case, assuming the doctor had 5000 characters of text, would be 4000 bytes... and at today's prices of about 10 Gigabytes / $US, that works out to 0.00004 cents. Let's say it took 2 minutes to do the edit.
Done 10,000 times per year, that's 13.8 days of medical staff time, to save a whopping 0.04 cents!
Now... I'm cross posting it here to reach a wider audience. If you're in IT, and considering the size limits of a text field, be very sure you don't just want a memo field instead.
Thanks for your time and attention.
Sunday, January 23, 2011
I found this (which is a crop to show detail) while reviewing things. I'm wondering what it is. It's a UFO, right in the middle of a panorama sequence. I'll clone it out in the final output, but I am curious to what could make this kind of image.
If it was summertime, I'd say some a finch or oriel happend into the frame... but it was well below freezing, in the middle of winter.
Thursday, January 20, 2011
Thank you, Noran!
Wednesday, January 19, 2011
It's possible to build an operating system which is both secure and usable, by changing one fundamental assumption underlying everything. It's one of the most frustrating aspects of computing, but most people don't understand the problem, and thus can't properly evaluate the quality of the solutions offered to date.
How we got here
Windows, Linux, Mac OS-X, all are based on a security model called "Default Permit". This means that unless something is blocked (by a virus scanner, for example), it is allowed to run.
Now, on the face of it, this is the obvious way that computers should work. Who would want to make it harder to run a program, after all it is our computer, and should do what we want, right?
It's when you consider what that program is allowed to do, that the situation starts to get interesting. A computer program can do anything you are allowed to do, on your behalf. If you can access your passwords, so can the program you just launched... if you can send an email, so can the program you just launched, etc.
Adding complexity to the situation further is the fact that there are a number of system services running at any given time which are supposed to have privileges beyond that normally allowed by the user, and these programs can be mislead into mischief.
Any running program runs unbelievably quickly, and it can try to do all sorts of things in the blink of the eye... so if there are any holes in security, it can exploit them without you noticing. This forces you to have to trust any program you run to do exactly what it says it will do.
In response for the past 25 years, we've grown accustomed to virus scanners, spyware scanners, firewalls, and any number of filters to try to stop bad programs, but they don't work perfectly, and in fact, they never will.
Now there are literally billions of computers all networked together, each with their own set of imperfectly protected exploitable resources, a vast ecosystem, if you will, waiting to be exploited, and it is being exploited. On the global level, there are entire socioeconomic systems which have grown to exploit the weaknesses in our computers for financial gain.
The fact that our filters and firewalls are imperfect leave us with a choice.... security or usability.
I strongly believe this is a false choice, and there is a better way.
CABsec - A better way
If the security model is flipped 180 degrees, to a default deny... security becomes a problem which can be solved. I call it CABsec (CApability Based SECurity), so Google can find it in the future.
The basis of CABsec is that at the time a program or process is to be run, a list of capabilities is supplied to the operating system with it. Just like we have icons on our desktops which are shortcuts to programs, this list could be similarly supplied and default to a reasonable range of actions. The typical user wouldn't even need to be aware of it, in most cases. Usability is not affected.
Every system process can be similarly equipped with a list of privileges. It's not necessary for a file-system to access the internet, for example... which means the there is no possibility of file system driver process being mislead into leaking information to the internet. In a similar manner, properly configured system processes can each be locked down to provide bulletproof security.
This leaves the user with a system which can actually enforce it's rules in a secure manner, without the possibility of being broken by a rogue application. The user is provided with a system which could then allow them to specify that their accounting program access one specific folder. The program would never be able to access anything else (like the internet for example)... so it would be self contained and secure.
Such a system would never need a virus scanner, because it would never trust a program, and thus a program couldn't go rogue.
A virus would find itself like the Greeks inside the Trojan horse finding that the horse had been sealed inside a layer of bulletproof glass... they could never escape to do their mischief.
It's a big project to get a cabsec system built... I thought it would have already happened, there have been hints of if with things like Midori at Microsoft, but they never pan out. I'm doing my own little bits of work promoting capabilities and least privilege. I'm hoping that this leaves you with a better understanding of what can be done, and a better way forward.
I believe that we should own our computers, and not have them subject to the whim of others. The only practical way of achieving this that I'm aware of is by using something I call CABsec, which is least privilege, CApability Based Security.
Our current systems are based on the opposite concept... which is to allow everything, and add roadblocks in the appropriate places to prevent mischief. It's this way for lots of reasons, including that it matches up with the way we view the world in general.
The cost of checking everything against a list of privileges is small, but non-zero, likely on the order of 1% of the computers time for a typical user, if that. Compare that to the at least 50% speed loss caused by our current crop of antivirus and anti-spyware... and that will seem like a bargain.
It's a matter of replacing a lot of things in order to build a CABsec based system... in computer programming circles its a "Boil the Ocean" type of solution, so it's not likely to arise unless someone gets out and pushes... and keeps pushing.
I'm pushing... will anyone else help?
Saturday, January 08, 2011
9/11 Changed everything, and yet changed nothing.
9/11 was an excuse to shove the American people towards a set of goals, most of which are still not clear to me.
The economy was in the tank before 9/11 happened. People who weren't yet affected by it will likely view 9/11 as the cause of everything after that point, it wasn't. 9/11 changed nothing.
Many people believe that 9/11 provided justification for starting the wars, but they were being planned before it, just waiting for an excuse. 9/11 changed nothing.
Many people forget that the World Trade Center was almost destroyed 8 years earlier, but that there was a mistake in the placement of the charges. 9/11 wasn't the first attack.
9/11 was used as leverage to get us to do something... it's not the first time something like this has happened in our history, it won't be the last. There is always an element in government making plans like this, for example here's one from 1962.
The point here is that government actions are consistent across time, and administrations. It doesn't matter who is elected, the direction is clear, one of growth and more control over the people.