[LINK] Schneier on Storm Worm

Craig Sanders cas at taz.net.au
Mon Oct 8 09:38:55 AEST 2007 

On Mon, Oct 08, 2007 at 12:43:38AM +0200, Kim Holburn wrote:
>
> On 2007/Oct/07, at 10:49 PM, Craig Sanders wrote:
>
>> On Sun, Oct 07, 2007 at 07:57:37PM +0200, Kim Holburn wrote:
>>> I don't think we really disagree on much.  I just think that a lot
>>> of work needs to be done so that computers do all the really hard
>>> part of the work on security.
>>
>> i think we disagree on a pretty fundamental point from which all the
>> rest follows. you think that a complicated, infinitely tool like a
>                                              (infinitely tool?)

infinitely flexible tool. hyperbole, but a lot shorter than "very
flexible tool adaptable to a huge variety of uses".


>> computer CAN be made as simple as a toaster or a car.  I don't.
>
> I know it can.

no, you only think it can. and you're wrong.

> I have a dedicated computer that solves NP complete problems on the
> fly and is so incredibly simple to use that virtually anyone can use
> it, it is the size of 2 cigarette packets, can easily fit in my pocket
> and can work for 5 hours.  I never thought such a thing would be
> possible.  Did I mention it runs linux, although I didn't find this
> out for several months?

1. it's not a general purpose computer, it's a single/limited-function
device. i.e. the simplicity is achieved by greatly limiting the utility.
one of the trade-offs i mentioned.


2. you're forgetting that this is not an ideal world and users are far
from ideal.

> Making distributed networks of general purpose computers as simple as a 
> toaster is a bit harder of course, but not by any means impossible.

it's not a "bit harder", it's several orders of magnitude harder.

>> in fact, i think that that ideal of simplification is a big part of the
>> problem.
>
> Sorry, computers and networks are only going to get orders of magnitude 
> faster and more complex from here on in.  Unless part of that power is 
> given over to helping us use them they won't be possible to use and 
> definitely won't be used well.

until/if we get AI, then technology IS NOT and CAN NOT BE a substitute
for human intelligence. and even then it would be dangerous for us as
a species to rely entirely on machines to do our thinking for us if we
dont want to die in the millions every time there's a power failure or
network outage.

complex tasks require complex thinking.

and the best "AI" that we're likely to get for the next few decades
is on the order of decision support software like expert systems that
assist highly trained and experienced people. computer assistants for
experts, not substitutes for them. these are going to get better and
better over the years, but they're still not going to replace human
thinking. i expect that one of the primary uses for them will be to
double-check a design made by a human to see if it complies with all
legal, regulatory, health & safety, best engineering practice, energy
efficiency, and other requirements.


> To connect to the interweb I used to have to program modems in hayes
> talk.  It used to really annoy me when given the right environment I
> could simply plug a computer into a network (without a modem) and I
> would be connected and also that fax machines which effectively used
> the same modem technology could just be plugged in and they would just
> work.  We make this stuff hard to use.

sure, straight-forward and simple tasks can be easily automated. many
have. more are being automated all the time.

the same does not apply to complex tasks that require significant knowledge
and understanding.  computers do not substitute for brainpower.

the best graphic or CAD software in the world is NOT going to make me
a graphic artist or architect, and the best & easiest-to-use security
software is not going to make th average muser agically secure if they
dont understand what it's doing, why, and how. some things just require
skill/talent/knowledge/experience. and there are NO substitutes for
them.

> I think MS software is insecure for at least 4 main reasons:
>
> 1) bad defaults - the defaults are designed to be easy to setup and to use 
> rather than for security.  Still.  After all this time.  This can on 
> occasions make it very easy to do very dangerous things.  (This could be 
> relatively easily fixed.)
>
> 2) bad underlying design
>
> 3) a large percentage of the innovation is spent on sneaky ways to lock 
> people into MS systems.

yes, they ARE a large part of the reason.  far from all of it.


> 4) you can never get under the hood, you never have any real control over 
> your system.

and that's *EXACTLY* where your desire for over-simplification leads.


craig

-- 
craig sanders <cas at taz.net.au>

"The so-called religious right of the Republican Party- the Christian
 right, they call themselves, although in my view they are neither
 Christian nor right- is after a totalitarian state."
     [Edward Albee, interview in Progressive August 1996 issue]

More information about the Link mailing list