swestrup | Six Dumb Ideas

You're viewing

swestrup's journal
Create a Dreamwidth Account Learn More

Reload page in style: site light

I just finished reading The Six Dumbest Ideas in Computer Security. I went to read them with the expectation of them being nonsense, but I was wrong. In this case, I agreed with 99.44% of what the author had to say.

Flat | Top-Level Comments Only

From:

sps.livejournal.com

IMNSHO this guy is a dangerous idiot. Why? Implicit in #1 and #5 is the hypothesis that programmers are the enemy. How is item #3 to be addressed if computer systems are locked down against developers and researchers? Not only do I use many more than 15 applications in a day (and so does the author of the piece, if he works in the field at all, he's just too ignorant of his operating system and those of the servers he contacts to know it), I not uncommonly make more than 15 binaries in a day.

The entire value of computers is that they are programmable, and of the net, that it provides communication. To remove programmability and restrict communication is to perform a controlled explosion on the baby along with the bathwater.

Let's get the engineering right and stop curtailing liberties and concentrating control in the hands of power-hungry fools. I don't care if it's done in the name of suppressing terrorism, it's wrong.

Specifically, in this most technical case, firewalling is wrong. It's a technique intended to make unacceptably insecure software seem viable. Instead, engineer the right protocols, and then use them.