At 02:14 PM 22/08/2006, Patrick M. Hausen wrote:

>Hi, all!
>On Tue, Aug 22, 2006 at 01:28:13PM -0400, Chris Blask wrote:
>> o "You don't know what you don't know."

>Which leads directly to Marcus' well known rant about positive
>security models.

Indeed. Problem is, I don't believe in positive security models in the real world (with the theoretical exceptions of some military or SCADA networks that actually don't connect to the PSTN [still waiting to see one]). If we start now we can build a ground-up secure network just in time for it to be completely obsolete and we all retire in frustration..

>> You cannot make even any *one* Thing in security "perfect"

>You can. You can code an HTTP server that does nothing but
>serve static documents in (my guess) less than 1000 lines of
>C and you can prove a program of this size to be correct.

We can split hairs on this, but if you load your perfect web server code on an operating system, then the integrity of the application evaporates.

>Customers tend to favour "off the shelf solutions", though.

Customers tend to favor building networks out of components as opposed to mining the iron ore, shaving crystals of silica into wafers and carving transistors with razor blades.

I tend to favor buying cars with the wave-front topology of the combustion chamber already engineered to my satisfaction.

Practical solutions apply beyond the purists' and hobbiests' worlds

>IIRC this once led to another one of Marcus' rants ;-)

Just Say No to Dittoheading!!





If you want to live in a world in which the computer is a panacea rather than a plague, there are a few crucial things that must be done. Do not leave the responsibility for the social impact of computer applications in the hands of technicians. Insist on individual, government, and corporate responsibility and liability for the computer's effect on people. Recognize the computer as an inanimate tool with enormous potential for either good or evil, the choice of which is in the hands of men and women, not inanimate systems.

Our government is designed so that you are neither dependent on the excellence of your leaders nor vulnerable to their failings; so too should you be free of the men and women who make and run your computers.

- Stanley Rothman & Charles Mosmann Computers and Society, 1976

Chris Blask

+1 416 358 9885

firewall-wizards mailing list