Re: [fw-wiz] Personal Firewall Day?

From: R. DuFresne (
Date: 10/07/03

  • Next message: Dragos Ruiu: "Re: OfficeTV (was: [fw-wiz] Personal Firewall Day?)"
    To: "Marcus J. Ranum" <>
    Date: Tue, 7 Oct 2003 13:33:10 -0400 (EDT)

    On Tue, 7 Oct 2003, Marcus J. Ranum wrote:

    > Christopher Hicks wrote:
    > >Right on. But your concept of distributed computing seems to mean "let
    > >everybody do what they want with no limits". Effective distributing
    > >computing just doesn't happen that way.
    > *Bingo* -- effective distributed computing relies on putting the right
    > services in the right places. Locating services in an effective
    > distributed environment depends on bandwith assumptions,
    > reliability assumptions, computation assumptions, and assumptions
    > about what parts of the system are relatively disposable. The folks
    > at MIT's Athena project did a lot of thinking on this topic and I
    > believe their work was a fabulous (ignored) gem of computing.
    > Systems like AOL and some of the massively multiplayer games
    > approach truly effective distribution. The designers of those systems
    > have also discovered another property of such systems that
    > probably would scare a lot of you, if you think it through: the
    > provider of the backend "owns" the system - the software
    > revenue model pushes toward a rental/service model rather
    > than an outright purchase as we have under the current
    > general purpose computing model. That means you'd never really
    > "own" your software environment... If you didn't pay your
    > bills your files would no longer be accessible, etc. That would
    > doubtless make some people extremely uncomfortable but
    > oddly they are comfortable with exactly that model with cable
    > TV, cellular, etc. Anyplace where you have an expensive
    > backend system that represents a large sunk cost, frontended
    > by a commercial appliance that is relatively "disposable" you
    > move toward the leased service model.
    > I don't think we're ready to go there with computing but I
    > think that's where we should be going.

    Aren;t those corps that have gone the ASP outsourcing route already buying
    into the non-ownership model? I see nothing for them to fear, besides the
    catostrophic loss of the ASP provider, or their not being financially
    sound enough to pay their own bills. Still data the content in the
    application, key'ed in stuffs, is still 'ownable' and controlable as long
    as its not stored at the ASP providers systems...

    Not that I'm a proponent of outsourcing to ASP's, I'm kinda neutral at
    present. I would not go there, but, if my employer did, I'd deal with

    > >Dictatorships are all bad, but they're the organizational structure with
    > >the lowest overhead.
    > Minor historical note: NO THEY AREN'T ALL BAD. We've demonized
    > the concept of "Dictatorship" but the ancient Greeks used the term
    > to mean "government by dictate" - not representation. In theory you
    > could have a dictator who really knew what *he was doing and just
    > didn't put it to a vote or ask a central committee or whatever. Of
    > course most dictatorships have really been unfortunate for those
    > living under them, and thus the political system has achieved a
    > bad reputation. Dictatorships are probably more successful as a
    > political system than any other, as you say, because of the low
    > overhead and lack of committees. ;)
    > >This whole monoculture versus operating system analogy continues to
    > >provide me lots of amusement. The big problem with monocultures as
    > >everyone "knows" by now is that having only one genetic strain makes you
    > >an easier target. Avoiding a monoculture only require a very little
    > >genetic variation. Do different passwords qualify?
    > What bothers me is that it's an *ANALOGY* - we argue by
    > analogy so much that we ignore the fact that analogies
    > often conceal realities. Monocultures are "bad" in biology
    > because your lack of diversity makes you vulnerable to
    > unique new infections. But we're talking about computers,
    > not animals!! Animals can't transfer immunity the way
    > computers do! So the whole analogy folds. How do we

    animals can, and indeed do, mother to fetus transfers of anti-bodies and
    such, so the analogy perhas holds better then first percieved. though
    admittedly, it;s far easier in the photon realm to do tranference.

    > transfer immunity between computers? Firewall rules,
    > antivirus signatures, and firewall-wizards. Those are 3 totally
    > different ways of rapidly conferring immunity without
    > having to encounter the cyberpathogen that computers
    > have which biotic organisms totally lack. So the whole
    > "monoculture" concept is irrelevant to computer security
    > unless we factor the concept into our designs and put
    > that on a checkbox and say "solved that."

    Hmm, I keep seeing and commenting on other lists, folks stating that the
    days of a perimiter are gone. Now, I will admit that the concept needs
    adapting, and our perceptioins of a perimiter have indeed changed, but, we
    are still in a perimiter posture, and need to retain that concet at least
    at present in defining security and the policies and all that security
    posturing entails. It's more that our perimiters are not as distinct and
    tightly controled as they once were...

    > > Have these people taken a genetics course in the last twenty
    > >years? ;)
    > Most of the guys who wrote the "monoculture" paper are
    > friends of mine and some of them invited me to participate.
    > I didn't because, honestly, I think they're not writing about
    > computers and computer security - they're complaining
    > about customers' purchasing habits, they're complaining
    > about the "monopoly of mediocrity" and they're rooting for
    > a non-existent underdog. In other words, that paper was
    > a political document masquerading as a technical document.

    Of course, perhaps the time has come that 'political postuering' is needed
    to clue the masses <mgt being in that masses group>.


    Ron DuFresne

            admin & senior security consultant:
    "Cutting the space budget really restores my faith in humanity.  It
    eliminates dreams, goals, and ideals and lets us get straight to the
    business of hate, debauchery, and self-annihilation."
                    -- Johnny Hart
    testing, only testing, and damn good at it too!
    firewall-wizards mailing list

  • Next message: Dragos Ruiu: "Re: OfficeTV (was: [fw-wiz] Personal Firewall Day?)"

    Relevant Pages

    • Re: [fw-wiz] Personal Firewall Day?
      ... But your concept of distributed computing seems to mean "let ... Effective distributing ... Avoiding a monoculture only require a very little ... What bothers me is that it's an *ANALOGY* - we argue by ...
    • Re: Wireless plug-and-play
      ... Computing is riddled with things that are named by analogy. ... Sometimes these metaphors interact in strange ways...who, pre-Windows, would ... have put wallpaper on a desktop?...r ...
    • Re: The negative case
      ... Turing it is natural for us to draw an analogy with computing, ... doubt we can make in biology the neat distinction between hardware ...
    • Re: Certified C compilers for safety-critical embedded systems
      ... > analogy with functions in mathematics. ... This is the worst mistake in computing that is made by people who are really ... that programming is not the analogous object. ... programming debates, not just in Ada with respect to functions with in/out ...
    • IJCSIS 2009-2010 Publications
      ... International Journal of Computer Science and Information Security ... Ubiquitous Computing Security, Virtualization security, VoIP security, ... in E-Commerce, Security and Privacy in Wireless Networks, Secure ... applications of computer communications, networks and services. ...