Six Dumb Ideas

[swestrup]

I just finished reading The Six Dumbest Ideas in Computer Security. I went to read them with the expectation of them being nonsense, but I was wrong. In this case, I agreed with 99.44% of what the author had to say.

Comments

[http://users.livejournal.com/_grey_knight/]

The only thing I could possible think of to defend the current industry position is that it ensures a steady income, and raises the profile of the computer community at large.
Meh, on the other hand, his idea #4 is so right as to make me sick at the mere mention of it. That, and F34R teh 733t speak crap points to a very juvenile mentality in the industry, which I believe is closer than any conspiracy theory.

[taxlady.livejournal.com]

These two cracked me up:

...of course if you're a reporter for CNN, anyone who can install Linux probably does qualify as a "brilliant technologist" to you.

and

"turd polishing"

Nope, only 66.67% right.

[sps.livejournal.com]

IMNSHO this guy is a dangerous idiot. Why? Implicit in #1 and #5 is the hypothesis that programmers are the enemy. How is item #3 to be addressed if computer systems are locked down against developers and researchers? Not only do I use many more than 15 applications in a day (and so does the author of the piece, if he works in the field at all, he's just too ignorant of his operating system and those of the servers he contacts to know it), I not uncommonly make more than 15 binaries in a day.

The entire value of computers is that they are programmable, and of the net, that it provides communication. To remove programmability and restrict communication is to perform a controlled explosion on the baby along with the bathwater.

Let's get the engineering right and stop curtailing liberties and concentrating control in the hands of power-hungry fools. I don't care if it's done in the name of suppressing terrorism, it's wrong.

Specifically, in this most technical case, firewalling is wrong. It's a technique intended to make unacceptably insecure software seem viable. Instead, engineer the right protocols, and then use them.