Archive for the ‘Writing’ Category

Newer Entries »

A Response To Dave Piscitello

Tuesday, August 1st, 2006

Via Bruce Schneier’s blog. Read it first.

When you reduce “admissibility” to a more simple and general form, it becomes the question “What happens to the data after it changes hands from the provider to the user?”. At some point, the handoff must occur, and beyond that point the server can have no knowledge or influence on the data’s further disposition. A few technologies, such as end-to-end encryption (SSL, etc) can help move the handoff to the client endpoint’s network stack, but at some point the data is decrypted, and it becomes accessible to the user’s code and eyeballs. This is the intention of a good secure system — to give the right data to the right users.

With that, necessarily, is the risk that other code and eyeballs will steal that data from the intended recipient – and that is a completely separate security problem that can only be solved on the client side. The parameters of the problem are the same “Four As” (or “CIA”) we already know. The security of the entire system scales like a fractal, to smaller and smaller scopes, until at last we have CRT to eyeball and fingers to keyboard (which leaves the realm of computer security and becomes an old-fashioned physical security problem) ((I’m not trying to minimize the value of physical security; if anything, it’s a lot harder than computer security. It’s merely a different kind of problem, and a different set of people need to work on it once it reaches that level.))

The security of the client is a problem; but it is neither the server’s problem nor a problem the server can solve at all. A server can never have any assurance whatsoever that its client is not vulnerable to attack. There are two ways for the server to obtain an answer to that question: the server can invasively investigate the client, or the client can claim to the server that it is secure. If the server invasively investigates the client, it can be tricked into investigating a clean-looking virtual machine. If the client claims it is secure, or rather, that some sort of configuration-management software running on the client claims the client is secure, that response can be spoofed by an attacker, or the configuration-management software can be compromised.

If this whole server-trusting-the-client’s-configuration sounds vaguely familiar, it’s exactly the same problem that ruins identd: the trust isn’t placed in identd, the trust is placed on the sysadmin of the remote machine. But how do you know to trust them? How do you know their machine is not lying and has not been hijacked? You cannot, and that is why identd is not a usable authentication system. ((So why do most IRC networks still require it, or make you wait thirty seconds until the request times out?))

Ultimately, the admissibility question reduces to “What are you going to do with this data after I give it to you?” This is not a new question, nor is it an easy one to ask and answer. Some of its unhappier answers include users taking laptops home after work where they can be burgled, or users deliberately giving or selling data to third parties. These are all completely outside the design of the security system. ((This problem of “what are you going to do with the data, now that you have it?” applies at all levels, including within the server as requests are processed, an area I think may be overlooked too often. This is the level at which you ask questions like “Do I trust that this data will not be snooped out of the kernel’s networking stack, before it’s sent out the ethernet port?”—don’t laugh, it’s happened!))

Until the day when data itself grows teeth and can defend itself against misuse, we have to carefully limit who we authorize, do our best to teach how to secure their own environments, and finally, trust those authorized users and their environments. That’s the way we do things now, and it’s not always a very fun way (especially that second part), but it’s the only way.

I hope somebody’s working on that teeth thing, though.

A final word: One-time passwords and time-based credentials (Opie, SecurID…), properly implemented, can make all forms of sniffing a LOT less profitable. The first credit card company that uses rotating card numbers based on a SecurID-style token is going to get my business. Alternatively, I’ve heard some European banks give customers scratch-and-sniff cards with a few dozen one-transaction authorization codes. That’s a nice low-tech solution that’s just as good at the end of the day.

Posted in Thinking, Writing | 2 Comments »

Suppose that people live forever.

Friday, April 28th, 2006

On the SAT test, nigh on two years ago, I had to read and answer questions about a lovely little essay on the subject of immortality. It fascinated me, and when I got home after the test, I tracked it down. It was an op-ed piece in The New York Times, entitled “A Brief Version of Time” written by Alan Lightman in 1993.

Inspired by Jess’s latest blog entry, I dug it up again. The only clean copy I could find was in Google’s cache of an old mailing list archive that has been taken down. I <3 the internet. (There is, of course, a perfectly good copy in Nexis somewhere, and since I’m on campus I have access to it, but Nexis is scary and I don’t know how to use it. I know, I’m terrible. I should go to one of the “How to do research that doesn’t start at Google and end at Wikipedia” workshops at the Library.)

Here it is, for all the world to read again, until the Times finds me.

A Brief Version of Time, by Alan Lightman.

Posted in Reading, Writing | 1 Comment »

I frickin love this language

Thursday, March 2nd, 2006

The most sensible kanji ever

concave, hollowed out, sunken in: ?

convex, protruding: ?

The least sensible kanji ever

circle: ?

round: ?

Posted in Reading, Writing | Comments Off

On Procrastination

Monday, February 13th, 2006

Once again, I’ve procrastinated myself into a terrible place. I have a Japanese midterm at 10am this morning, with part two on Tuesday afternoon. I’ve put maybe five hours of study into Japanese this quarter, four of them tonight.

I have to learn four grammatical constructs. Two of them—honorific language and humble language—are similar in mode of operation: modifications to verbs based on the subject’s relation to the speaker. The other two are also similar—postfixes to verbs with only one character difference between them. Speaking as a cognitive scientist in training, their similarity means it’s easy to confuse them without extensive practice. That means I’m screwed.

I have to learn a few dozen vocabulary words. We’ve had three vocab quizzes on subsets of the list. I missed one quiz outright. For the other two, I “studied” by cramming the night before and morning of the quizzes. Without repeated practice, I have no actual retention of the words. So I’m starting from scratch again now. After the midterm, I still won’t remember them, which will burn me again on the final, and burn the worst someday in the future when I have to actually use the words in conversation.

I have to learn thirty kanji: their pronunciation, words containing them, and their English meanings. Thanks to StudyCard Studio at least I can drill these easily. But twelve hours is just not enough time to learn.

Oh, and I have to do listening. This is probably my worst area. Since I rarely watch anime (FMA at Scott’s is the first I’ve seen in quantity since… May?), the only listening practice I have is an hour a day in class. Even then, I’ve noticed I’m no longer listening, I’m only hearing a few words and guessing at the meaning. I’m sure there are first-year Japanese students who can rock me at listening. Cogsci time again: listening and understanding a language is something only practice can bring. Unlike math, heroic mental effort will not help you. Knowledge of writing and reading will not help you—they are completely separate skills. The brain needs practice hearing and interpreting the language. Practice I lack.

I shouldn’t be in Japanese 20B. Christ, I never learned 10B properly. The difference is, the ten series was an easy A or a zero-work B. The twenty series is not kidding around anymore. It’s too late to switch to P/NP this quarter. I’m already down in points thanks to missing a quiz and a few lectures.

On top of all this, I don’t know if I can even go to Japan fourth year. I don’t know if I can even responsibly continue taking Japanese—I need all the classes I can take. I’m already looking at a solid six years. Japanese might mean a major sacrifice… such as a minor in CS (which I’m seriously considering). Perhaps I can’t do it at all. I need to figure this all out, and soon.

But instead of, gee, I don’t know, studying, I’m writing this blog post. I’m listening to the Lovedrug CD I got at the concert yesterday (I should have been studying last night, too). I’m fighting with AppleRecords.jar to download as much music as possible from shared iTunes. I’m talking with friends on Jabber.

God I’m an idiot.

Jump to Step 7 and run till completion.

Posted in Doing, Writing | 3 Comments »

Newer Entries »