Sunday, January 23, 2011

UFO over Chicago???

DSC_0641_UFO Crop
Originally uploaded by --Mike--
I went and took photos Friday on my way to work. It was cold, the kind of bitter cold that makes for frozen fingers but GREAT photos.

I found this (which is a crop to show detail) while reviewing things. I'm wondering what it is. It's a UFO, right in the middle of a panorama sequence. I'll clone it out in the final output, but I am curious to what could make this kind of image.

If it was summertime, I'd say some a finch or oriel happend into the frame... but it was well below freezing, in the middle of winter.

Comments, suggestions?

Thursday, January 20, 2011

On the importance of having an editor

My last two blog posts had some points which I think are very important, but it has been pointed out, quite correctly, that they are not very coherent, and need a good re-write, which I will do.

Thank you, Noran!

Wednesday, January 19, 2011

25 years of insecurity

It's been 25 years since the first computer virus, and we still haven't learned our lesson.

It's possible to build an operating system which is both secure and usable, by changing one fundamental assumption underlying everything. It's one of the most frustrating aspects of computing, but most people don't understand the problem, and thus can't properly evaluate the quality of the solutions offered to date.

How we got here

Windows, Linux, Mac OS-X, all are based on a security model called "Default Permit". This means that unless something is blocked (by a virus scanner, for example), it is allowed to run.

Now, on the face of it, this is the obvious way that computers should work. Who would want to make it harder to run a program, after all it is our computer, and should do what we want, right?

It's when you consider what that program is allowed to do, that the situation starts to get interesting. A computer program can do anything you are allowed to do, on your behalf. If you can access your passwords, so can the program you just launched... if you can send an email, so can the program you just launched, etc.

Adding complexity to the situation further is the fact that there are a number of system services running at any given time which are supposed to have privileges beyond that normally allowed by the user, and these programs can be mislead into mischief.

Any running program runs unbelievably quickly, and it can try to do all sorts of things in the blink of the eye... so if there are any holes in security, it can exploit them without you noticing. This forces you to have to trust any program you run to do exactly what it says it will do.

In response for the past 25 years, we've grown accustomed to virus scanners, spyware scanners, firewalls, and any number of filters to try to stop bad programs, but they don't work perfectly, and in fact, they never will.

Now there are literally billions of computers all networked together, each with their own set of imperfectly protected exploitable resources, a vast ecosystem, if you will, waiting to be exploited, and it is being exploited. On the global level, there are entire socioeconomic systems which have grown to exploit the weaknesses in our computers for financial gain.

The fact that our filters and firewalls are imperfect leave us with a choice.... security or usability.

I strongly believe this is a false choice, and there is a better way.

CABsec - A better way

If the security model is flipped 180 degrees, to a default deny... security becomes a problem which can be solved. I call it CABsec (CApability Based SECurity), so Google can find it in the future.

The basis of CABsec is that at the time a program or process is to be run, a list of capabilities is supplied to the operating system with it. Just like we have icons on our desktops which are shortcuts to programs, this list could be similarly supplied and default to a reasonable range of actions. The typical user wouldn't even need to be aware of it, in most cases. Usability is not affected.

Every system process can be similarly equipped with a list of privileges. It's not necessary for a file-system to access the internet, for example... which means the there is no possibility of file system driver process being mislead into leaking information to the internet. In a similar manner, properly configured system processes can each be locked down to provide bulletproof security.

This leaves the user with a system which can actually enforce it's rules in a secure manner, without the possibility of being broken by a rogue application. The user is provided with a system which could then allow them to specify that their accounting program access one specific folder. The program would never be able to access anything else (like the internet for example)... so it would be self contained and secure.

Such a system would never need a virus scanner, because it would never trust a program, and thus a program couldn't go rogue.

A virus would find itself like the Greeks inside the Trojan horse finding that the horse had been sealed inside a layer of bulletproof glass... they could never escape to do their mischief.

It's a big project to get a cabsec system built... I thought it would have already happened, there have been hints of if with things like Midori at Microsoft, but they never pan out. I'm doing my own little bits of work promoting capabilities and least privilege. I'm hoping that this leaves you with a better understanding of what can be done, and a better way forward.

Taking back our computers.

Apparently the US and Israel hired some hackers and managed to set back the Iranian nuclear program a few years. I'm pissed that it's even possible for this type of subversion to take place, but not because I believe in the freedom to enrich uranium.

I believe that we should own our computers, and not have them subject to the whim of others. The only practical way of achieving this that I'm aware of is by using something I call CABsec,  which is least privilege, CApability Based Security.

Our current systems are based on the opposite concept... which is to allow everything, and add roadblocks in the appropriate places to prevent mischief.  It's this way for lots of reasons, including that it matches up with the way we view the world in general.

The cost of checking everything against a list of privileges is small, but non-zero, likely on the order of 1% of the computers time for a typical user, if that.  Compare that to the at least 50% speed loss caused by our current crop of antivirus and anti-spyware... and that will seem like a bargain.

It's a matter of replacing a lot of things in order to build a CABsec based system... in computer programming circles its a "Boil the Ocean" type of solution, so it's not likely to arise unless someone gets out and pushes... and keeps pushing.

I'm pushing... will anyone else help?


You can read up on the concepts, starting with the Principle of least privilege.

Saturday, January 08, 2011

Why I'm worried, and you should be too, part 1... 9/11/2001 changed nothing

A few years ago, you might have called the author of a post like this paranoid... but now you're not so sure.

9/11 Changed everything, and yet changed nothing.

9/11 was an excuse to shove the American people towards a set of goals, most of which are still not clear to me.

The economy was in the tank before 9/11 happened. People who weren't yet affected by it will likely view 9/11 as the cause of everything after that point, it wasn't.  9/11 changed nothing.

Many people believe that 9/11 provided justification for starting the wars, but they were being planned before it, just waiting for an excuse.  9/11 changed nothing.

Many people forget that the World Trade Center was almost destroyed 8 years earlier, but that there was a mistake in the placement of the charges.  9/11 wasn't the first attack.

9/11 was used as leverage to get us to do something... it's not the first time something like this has happened in our history, it won't be the last.   There is always an element in government making plans like this, for example here's one from 1962.

The point here is that government actions are consistent across time, and administrations. It doesn't matter who is elected, the direction is clear, one of growth and more control over the people.