Security

Thursday, August 22, 2002

GNU Terrorists

This is a political operation. Whether or not the source is available has nothing to do with making a computer usable by The Enemy.

Now, only a year after the release of SE Linux, the NSA has dropped its support for any future cyber security products based on the open source method. NSA officials say their cyber security enhancements made for SE Linux have not only benefited the NSA, but because of the terms of the GPL have also strengthened the security architecture of computers used by malicious cyber terrorists around the world.
"We didn’t fully understand the consequences of releasing software under the GPL," said Dick Schafer, deputy director of the NSA. "We received a lot of loud complaints regarding our efforts with SE Linux."
— WorldTech Tribune

It may be hard for the three-letter acronyms to admit, but whether or not the source is available and may help the terrorists is irrelevant. See Bruce Schneier for elaboration, or Ray Ozzie, or even the Broadcast Protection Discussion Group: the FBI captured passwords using a keystroke logger. Instead, this decision by the NSA harms us law-abiding citizens.

2:18:00 PM # Google It!
categories: Politics, Security

My Own Personal Infrastructure for Discovery

Jonathan Peterson commented on Eric Norlin's post on ComputerWorld's article on the Information Sharing and Homeland Security Conference at the same time David Fletcher's posts on national technology R&D and data-sharing for homeland security flew over my aggregated transom.

Of interest: Terascale Infrastructure for Discovery and other High End Computing Capabilities

From ComputerWorld:

"Take AOL, Yahoo and MSN and link them to a bunch of classified data, and that's Intelink," said [John] Brantley, [director of the Intelink management office,] calling the intranet the "basis for how people share information" in the intelligence community. And while he acknowledged that searching Intelink can be like shooting craps, Brantley maintains that despite the intranet's size, analysts shoot craps "with loaded dice."

I've long wondered why it's so much trouble to find out what the government knows about you.

1:51:11 PM # Google It!
categories: Law, Politics, Security

Psst, Mac, wanna buy a vowel?

Ray Ozzie wrote an excellent essay on non-discretionary access controls, a/k/a mandatory access controls. These are requirements, "controls that can involuntarily release you of your control." In the analog world, the command "Thou Shalt Not Kill" is a non-discretionary access control, as is "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."

In the essay he examines the difficulty of implementing them in Notes and Groove.

But more than once, I've been shocked by a user who has been using Groove for months and months, and then points out "Do you mean that one of the other members of the Shared Space can copy & paste the shared data to a different shared space, sharing it with someone else, without my permission???"

I've run into that. There's a great lack of understanding of how computers work, aggravated by Marketing's misinformation in advertisements. For some reason, if you use a computer, you can get everything done faster. It's not like you have to wait for the computer. This directly affects customer expectations, so I spent a good deal of time lowering expectations when I worked at AlphaGraphics.

But what I don't understand is the lack of understanding of the computer as a communications device. Do you not gossip over the back fence? Did you think the secret you told would stay secret?

9:16:46 AM # Google It!
categories: Law, Media, Security

August 2002
Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31
Jul Sep