[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dist-obj] B-A-I-T :) (was: Re: [dist-obj] [Longish] ... )
Mark R. Thomsen wrote: [ snip ]
> He posited that the security approach he would hate trying to defeat
> is the one that made complex, messy, and ever-changing systems. Where
> to start? What to expect? How can yesterday's progress apply when
> things change dramatically? It was an intuition. But one I think my
> experiences have born out to be pretty true.
> Complex systems have their own form of protections from those who want
> to apply rules, from those who want to control them, and from those
> who want to police them. [ snip ]
That was a really good anecdote. Complexity as security is on target,
and this is what has been bothering me about the old world before the
cluetrain started. But markets are conversations. Take a look at this.
[Pull down projection screen the size of the moon. Laser pointer on.]
Over here we see AcmeOS written by MegaCorp LTD, which is gargantuan
and ever changing, as part of the byzantine security scheme designed to
stop anyone else from entering the market in desktop apps or new OSes.
But over here we see a variety of open source initiatives, which try to
route around complexity as security using open standards and protocols.
Except, what's this? An open source project which is huge and complex
and (dare we say?) utterly byzantine in both architecture and coding.
How did that get in there? Must have mixed up my slides or something.
A lot of us inherit our infrastructures from a day when complexity was
part and parcel of keeping competitors at arm's length. Now it doesn't
seem like such a good idea any more, but there's a lot of momentum and
not everybody can stop on a dime. The bazaar approach to development
is not so good at removing complexity, and so far a cathedral approach
has been given very little opportunity to try.
Changing things is hard because anyone can put up a roadblock, and even
individuals can play the game at very little cost. In fact most things
are held back by specific individuals who don't want to see the empires
they built change, especially if their roles become less grand. A mere
handful of such brigands can hold a fort over a highway a long time.
What to do about it? I don't know for sure, but it seems to require a
rerouting. But this is harder when folks steadfastly clamor for the
One True Way constantly. Except it's weird to hear open source folks
keep repeating the mantra for the complexity as security camp. If we
had more than one highway, we'd just ignore any jerks holding a fort.
p.s. I've never been able to determine the author and title of a story
I read long ago in some collection of science fiction stories, which I
can't locate again for the life of me. The gist of the story seems a
bit relevant to Mark's anecdote.
It's an everyday world in space story, where a couple burglars want to
break the security of an asteroid's treasure trove guarded by a robot,
who seems to verify ownership authority by asking questions. One false
answer and ... (finger across throat) the robot does you in. So far no
burglar has answered the questions right. So these two guys bring the
most update-to-date wearable supercomputer ever seen. (Very pricey.)
The first burglar takes his shot while the other observes remotely.
The robot asks three hard, very technical questions, each answered by
the burglar with the help of his computer. Then ... the robot kills
the first burglar with your basic laser beam. Game over.
The second burglar is very puzzled because he knows all three answers
were correct. So why did the robot respond that way? So he infers a
very interesting possibility (the second burglar is very smart). He
goes up to the robot, and is asked three hard questions, to which he
responds each time with the most silly gibberish he can dream up.
The robot grants him access the treasure! The second burglar figured
out the test was whether you responded earnestly or with nonsense. But
there's too much treasure to carry by hand, so he heads back to the ship
to get some tools. In passing the robot asks, "Where are you going?"
Unfortunately, the burglar wasn't expecting this and starts to explain
about how he needs to get something from the ship... laser beam time.
To manage your subscription, mailto:firstname.lastname@example.org
Archives, FAQ, etc. http://www.distributedcoalition.org/mailing_lists/