Category: Uncategorized

“με μηδενικό κόστος”

Διαβάζω αυτό:

“Τα στοιχεία θα καταχωρισθούν σε ειδική ηλεκτρονική βάση δεδομένων που κατασκεύασαν τα στελέχη Πληροφορικής του υπουργείου Διοικητικής Μεταρρύθμισης, η οποία δημιουργήθηκε με μηδενικό κόστος «πάνω» στην πλατφόρμα της Google.”

και αυτό (Security Problems with U.S. Cloud Providers):

“I think these are legitimate concerns. I don’t trust the U.S. government, law or no law, not to spy on my data if it thought it was a good idea. The more interesting question is: which government should I trust instead?”

Υπάρχει ΠΑΝΤΑ κόστος.-

Report: Patriot Act Fears Squash UK Defense Company’s Microsoft Cloud Plan.

Revisiting “Reflections on trusting trust revisited”

In 2003, Diomidis Spinellis in “Reflections on trusting trust revisited” concluded:

“Those of us who distrust the centralized control over our data and programs that TC platforms and operating systems may enforce can rest assured that the war for total control of computing devices cannot be won.”

Well it is the end of 2011 now and I think we are losing. The computer is being substituted by the tablet and the tablets are dominated by markets (Kindle, iTunes, Android, webstore, Opera, …). Yes you can jailbreak, but really how many do? Since almost every computer related trend seems to be a periodic phenomenon (just think of how many times you’ve seen the thin client vs fat client fashion come and go), we are now reliving the walled garden times. Centralized control is all over the commodity tablets and smartphones (is it really a phone or just a computer who by the way dials too?) “for our good”. The market owners do it “for the customer’s benefit”, not for the money. The developers like it for they push their products through a single channel. And most of the consumers like it for they cannot be bothered to search for applications elsewhere than the store.

Variety kills variety and we’re at the killing stage. We like having options, but we do not like many options and therefore we willfully assigned central control to the industry. It is a periodic phenomenon. We’ll reboot when the industry’s grip gets too tight. In the mean time we who distrust the centralized control over our data and programs are vastly outnumbered by the rest of the consumers.

Bureaucracies and information flow (take 2)

Actually just a few observations others have made, but observations I live within everyday:

The Iron Law of Bureaucracy states that:

In any bureaucracy, the people devoted to the benefit of the bureaucracy itself always get in control and those dedicated to the goals the bureaucracy is supposed to accomplish have less and less influence, and sometimes are eliminated entirely.

With the first group exibiting oligarchic behavior, dysergy follows. I will add an exception to Pournelle’s Law: IT people are devoted to the benefit of the bureaucracy itself, yet as a perceived “cost center” they get eliminated too. Interestingly, this happens because as observed by the Shirky Principle:

Institutions will try to preserve the problem to which they are the solution.

IT people do not easily accept the fact that part of their work is to make themselves redundant and by objecting to that (and therefore by maintaining their own internal bureaucracy) they get eliminated while fighting interdepartmental wars that have nothing to do with the organization’s mission. The rest of the departments understand the lesson IT took only after their time comes too.

I had heard Shirky’s Principle years ago (pre 2000) stated by me supervisor at the time in a different way:

A bureaucracy’s first objective is to maintain itself. Then to fulfill the reason it was created for.

Lost in translation. I think I’m going to find myself a Permit A 38 now.

Update 2011/12/21: Peter Drucker writes:

People are so convinced they are doing the right things and so committed to their cause that they come to see the institution as an end in itself. But that’s a bureaucracy

(part 1)

It has already begun

Not a post, but my response to “How Would We Know if a Cyber War Started?“:

Well one way to answer the title’s question is this: One can view Cyber War as a highly computerized evolved form of the Cold War. It has begun years ago, it is being conducted right now by various players (state and non-state actors) and will continue in the future. So it has already begun.

Other than that, I’m with @JeffreyCarr on the article’s relevance.

“died of states’ rights”

I am reading the first paragraph of “Local Defense and the Overthrow of the Confederacy“†:

“In recent years it is becoming more apparent to students of Confederate history that the Confederacy collapsed more from internal than from external causes and the most disastrous of these internal ailments was the attempt of the southern people to practice their theory of state rights during the war. This destroyed the possibility of cooperation, embittered and demoralized the people, and pitted the state governments against the Confederate government like hostile powers. This struggle between the states and the Confederate government extended into many fields, mostly related to the conduct of the war. One of the most important of these fields was the matter of local defense. It is the object of this paper to present a careful study of the policy of local defense in the Confederacy, and show how it contributed to the downfall of that government.”

How’s that any different from the EU (the Confederacy) and the financial crisis (the conduct of war) it is in right now?

[†] – Interesting paper for Game Theory newbies by the way

Embracing the Kobayashi Maru

It seems that I am not the only one who has thought† that the Kobayashi Maru can be used in a cyber security context. “Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat” describes the tricks employed by the students when they were given a very short notice to memorize the first 100 digits of π and then write them down. The students were allowed to cheat, but if they were caught they would fail the exercise. This as part of a class that aims to help students build adversarial thinking.

While the discussed solutions were indeed innovative, I strongly believe that the average Greek University student would come up easily with a few working plans :) Next time, if the authors want to make the exercise harder, they should use the previous students as proctors and grade them too. That would develop adversarial thinking even further and could become the Prison Experiment for cyber security.

Hat tip to GK for showing me the article!


[†] – Cyberdefense and the Kobayashi Maru.

on cyber attack attribution

Whenever an attack is traced back to Russia (like this one) or China, the attribution decay is very fast. One cannot be very sure of whether this is an attack that was initiated from “within” these countries, or whether they were used as hops conveniently pointing to the usual suspect. Another interesting observation is that although

“states that deny involvement in a cyberattack, but refuse to open their investigative records to the victim-state, end up casting doubt on their willingness to stop cyberattacks and cannot expect to be treated as a state living up to its international duties. In effect, host-states that refuse to cooperate with victim-states are unwilling to prevent cyberattacks and have declared themselves a sanctuary state“†

this does not seem to (openly) apply to super-powers.

Update: It seems that this specific incident of critical infrastructure failure was not a cyber attack:

The failure was due to a faulty command inputted by a contractor several months ago who accessed the system remotely while travelling through Russia on personal business. Over time, his mistake caused greater and greater errors until, several months later, the pump failed.”

We should never attribute to malice what can be attributed to a mistake.

[†] – Solving the Dilemma of State Responses to Cyberattacks