×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Rise of Feudal Computer Security

Soulskill posted about a year ago | from the fanboy-is-now-a-liegeman dept.

Security 147

Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'"An anonymous reader provides a contrary opinion:

"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.

Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.

The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

147 comments

let the fools who dont know history suffer (3, Interesting)

Anonymous Coward | about a year ago | (#42183861)

These people who fall into the vendor lock in do it on their own free will, what rights does the government have regulating their decisions?

Re:let the fools who dont know history suffer (2, Insightful)

logjon (1411219) | about a year ago | (#42183887)

No shit. People want government involved in literally fucking everything at this point.

Re:let the fools who dont know history suffer (5, Insightful)

spire3661 (1038968) | about a year ago | (#42183997)

The government is ALREADY involved in literally everything. Better ot realize that and shape it to our own ends, rather then pretend it doesnt exist.

Re:let the fools who dont know history suffer (0)

Anonymous Coward | about a year ago | (#42184123)

Pretend away - it's better than living in reality.

Re:let the fools who dont know history suffer (2, Insightful)

chispito (1870390) | about a year ago | (#42185415)

The government is ALREADY involved in literally everything. Better ot realize that and shape it to our own ends, rather then pretend it doesnt exist.

In what way is that better than advocating for a limited government?

But we need them to be involved! (2)

Roger W Moore (538166) | about a year ago | (#42184491)

No shit. People want government involved in literally fucking everything at this point.

But we need them to be involved in everything. Who else will protect us from people making wildly inaccurate historical comparisons online?

Re:let the fools who dont know history suffer (0)

Anonymous Coward | about a year ago | (#42183927)

The same could be said about signing away basic human rights in a contract.

Re:let the fools who dont know history suffer (5, Insightful)

Anonymous Coward | about a year ago | (#42184487)

The government is a collective implementation of society. It has the rights that the whole of society gives it to look out for the common good. Rather than having to have individual people make their own mistakes or get individually conned, the government is an institution granted the rights to protect *your* rights.

It isn't the government regulating your decision; it's the government providing an environment in which as many options as possible are safe for you to choose from, so that you can specialize in something else and still be protected without having to worry about being swindled or conned out of giving up your own rights that have already been recognized by the collective society.

You can certainly argue that it's an idealistic framework that often doesn't meet such a mark in practice, and you can argue that the government can wind up doing its own share of swindling, but it's wrong to implicitly suggest that the government needs "rights" to be valid about doing what it does.

Re:let the fools who dont know history suffer (0, Insightful)

Anonymous Coward | about a year ago | (#42185729)

Government is never the solution. Government is always the problem.

The problem is government has been out of control for almost a century, so no one alive has been exposed to true freedom and a true free market economy. If you don't like your vendor you can switch. If you don't like your government and try to do something about it, they will lock you in a cage, torture you, or kill you.

Re:let the fools who dont know history suffer (0)

Anonymous Coward | about a year ago | (#42185737)

You can certainly argue that it's an idealistic framework that often doesn't meet such a mark in practice, and you can argue that the government can wind up doing its own share of swindling, but it's wrong to implicitly suggest that the government needs "rights" to be valid about doing what it does.

http://en.wikipedia.org/wiki/Three-Fifths_Compromise
http://en.wikipedia.org/wiki/Japanese_American_internment
http://en.wikipedia.org/wiki/Tuskegee_syphilis_experiment

Where does that fit in your naive model how "government is an institution granted the rights to protect *your* rights."

Who gives a fuck (0)

Anonymous Coward | about a year ago | (#42183879)

It really makes no practical difference.

Excuse me? (0)

Anonymous Coward | about a year ago | (#42183891)

perhaps it's time for government to create the regulatory environments

Easy answer: No.

"We really are just serfs." (2)

Minwee (522556) | about a year ago | (#42183903)

Admit it, Bruce. This is all just an elaborate setup to excuse you for using the word "Microserfs".

Re:"We really are just serfs." (5, Funny)

Anne_Nonymous (313852) | about a year ago | (#42184087)

Bend over, Apple demands primae noctis.

Re:"We really are just serfs." (0)

Anonymous Coward | about a year ago | (#42184341)

Bend over, Apple demands primae noctis.

That's why I use Linux. I'm guaranteed not to ever get any.

What a load of crap! (1)

Anonymous Coward | about a year ago | (#42183905)

Choice is the ultimate power. Yes, we give up some control and say in the use of data about us to use these services but no one forces you to do so. If in fact you are concerned with such services (which abound), you can always create and run your own infrastructure and go back in time about 10 years ...

Good luck with that!

Re:What a load of crap! (1)

Anonymous Coward | about a year ago | (#42184535)

you kinda made his point for him. you admit that yes its your choice, but to chose *not* to go with the new system, you immediately fall back 10 years. for some people, that isn't an option (particularly businesses).

Re:What a load of crap! (5, Insightful)

DeepBlueDiver (166057) | about a year ago | (#42184591)

In fact anyone capable to run his own infrastructure already had most of this services more than 10 years ago.

Webmail, file storage accessible from anywhere, files synchronization between computers thru Internet, remote encrypted backups... all of this is quite trivial to setup and can be tailored to your needs in such a way that you won't even think of going back to "generic" services.

Don't get me wrong, all this "cloud" thing has been great to bring to the masses what we nerds always had. But I have yet to see one of this services successfully replacing what I already provide to myself with just an Internet connection, a router, a NAS, and tiny server.

Re:What a load of crap! (1)

peragrin (659227) | about a year ago | (#42185581)

That's is just it it isn't trivial to setup. for most it costs tens of thousands of dollars.

Take drop box. Show me two apps one server and one client that uses the same client app across multiple platforms that allows for easy, secure syncing to not just one server, but any server I choose?

Show me an FTP client that works as seemlessly, or as securely as drop box.

Sure the tech has been around for decades(I setup my first FTP server in 94. ) I got hacked more times than I can remember.

The problem is techies don't want to, and can't think of how to make their software easy and safe for non techies to use. That is why Apple dominated so badly with the iphone. It was literally so simple an idiot could figure it out and use ALL the features.

Because I run a multi OS house there isn't a decent NAS for me. One that makes things like backup seemless.

I hate to support apple but Time Machine is how backups should have been done 20 years ago. Why wasn't it? why all the hassle?

Re:What a load of crap! (3, Informative)

bananaquackmoo (1204116) | about a year ago | (#42186001)

Take drop box. Show me two apps one server and one client that uses the same client app across multiple platforms that allows for easy, secure syncing to not just one server, but any server I choose?

I'll take that open-source bet. http://owncloud.org/ [owncloud.org] I'm already running copies.

Say what you want. (2, Funny)

Anonymous Coward | about a year ago | (#42183913)

Say what you want about Apple, Microsoft, Google, etc .... It's not like they make you agree to some sort of user agreement to use their products - you know, the Take It or Leave it type of agreement where you have no leeway in protecting your interests.

God, the headline makes it sounds like we, the consumer, are powerless as to what those organizations do.

Geeze!

Re:Say what you want. (1)

TheSkepticalOptimist (898384) | about a year ago | (#42184241)

The problem is if you don't like any of their agreements, you just can't use technology. Yes we have a right to choose which product we want to use, but we are not offered the ability to use anything without handing over some fundamental right in the long run. The only option is to become a Luddite and live in a cave. There is no Gypsy option yet for technology and associated cloud services.

Re:Say what you want. (2)

DogDude (805747) | about a year ago | (#42184357)

Yes we have a right to choose which product we want to use, but we are not offered the ability to use anything without handing over some fundamental right in the long run.

Like what, exactly?

Re:Say what you want. (0)

Anonymous Coward | about a year ago | (#42185399)

Name one method of revealing email that does not require you to abide by a EULA?

Even if you run your own server, unless you've written all the software yourself you are bound by at least one licence agreement.

Re:Say what you want. (0)

Anonymous Coward | about a year ago | (#42185977)

Even if you run your own server, unless you've written all the software yourself you are bound by at least one licence agreement.

Perhaps you have misunderstood the GPL. An end-used does not have to agree to any part of the GPL to use the software, only to redistribute it.

So it is perfectly possible to run a Linux + Postfix e-mail server without agreeing to any licenses.

Re:Say what you want. (0)

Anonymous Coward | about a year ago | (#42184427)

Is that so? I call bull shit [owncloud.org]

Re:Say what you want. (2)

denvergeek (1184943) | about a year ago | (#42184729)

Come to think of it, I'd kind of like to try some sort of ownCloud Funambol Citadel setup. All the good stuff of ownCloud, plus mail and synced contacts/calendars.

Re:Say what you want. (2)

dickplaus (2461402) | about a year ago | (#42185681)

If you wanted to be lazy you can use something like iredmail, roundcube and owncloud (has carddav/caldav support). That'd pretty much give you what you're looking for.

Re:Say what you want. (4, Insightful)

Kjella (173770) | about a year ago | (#42185525)

The problem is if you don't like any of their agreements, you just can't use technology. Yes we have a right to choose which product we want to use, but we are not offered the ability to use anything without handing over some fundamental right in the long run. The only option is to become a Luddite and live in a cave. There is no Gypsy option yet for technology and associated cloud services.

Oh please, you can do pretty much everything if you either a) host it yourself or b) rent some space in a co-lo. I don't store my things "in the cloud", I store them on my HDDs with backups just like I did before the cloud and social media became the new hype. You don't have to blog on Facebook, you can easily get a free blog on your own terms. If you don't like Spotify then iTunes and Amazon didn't go anywhere. And if there's no free alternative to iEverywhere or gEverywhere it's because nobody's bothered to build it on top of Linux and Android - last I checked the source code to both was free and so was the SDKs so free free to start, rather than whine about it.

Most people just don't want to manage their own computers, least not in the sense you and I mean. They're perfectly happy with an Apple or Google "appliance" that runs 100000+ apps. Why point fingers at the corporations when 99% handed over control voluntarily? It's like saying democracy needs regulation because 99% make stupid decisions. You can't regulate people into caring about the things you care about, because you'd have to be blind and deaf to not have noticed the wailing every time Facebook changes their privacy policy. Yet people keep using it. Same way there's nothing preventing people from installing Linux, but 99% don't do it anyway. Most people simply don't care if their computer comes as a big binary blob.

Wrong analogy (0)

Anonymous Coward | about a year ago | (#42183915)

This is Slashdot, we don't care about historic allegories. Try a car analogy instead. I mean come on, there was no feudalism in American history, but quite a bit of cars.

Re:Wrong analogy (0)

Anonymous Coward | about a year ago | (#42184283)

So between Apple, Google, and Microsoft, who is Ford, who is Chevy, and who is Dodge?

Re:Wrong analogy (1)

vlm (69642) | about a year ago | (#42184419)

Probably better analogy of "you're setting up your shop, do you buy imperial or metric tools?". Well in my dad's generation if you worked on American cars you needed imperial. Of course just to screw that up, my 90s era mostly made in the USA seems to mostly need metric tools, I would imagine everything on modern cars is metric now (and no, it was not a shared platform or rebadge)

Re:Wrong analogy (0)

Anonymous Coward | about a year ago | (#42184489)

Chevy -> Google: Ubiquity like the small block Chevy
Dodge -> Apple: Sexy hardware like the 426 Hemi
Ford -> Microsoft: OK. I had a hard time with this. The blue oval matches the blue in the BSOD?

Re:Wrong analogy (1)

Damastus the WizLiz (935648) | about a year ago | (#42184859)

That would explain why the computers kept failing in all the Fords I had.

Re:Wrong analogy (0)

Anonymous Coward | about a year ago | (#42185641)

Occam's Car Razor: You don't need an external actor (Microsoft) to explain why a Ford fails.

Exaggerated (2, Insightful)

Extremus (1043274) | about a year ago | (#42183929)

I find the comparison a bit exaggerated, but I agree with the conclusions. We need legislation to cover the relation between social agents and information keepers. For example, any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure. The custumers should be also safeguarded against information companies going bust with their data. Etc.

Re:Exaggerated (3, Informative)

Redmancometh (2676319) | about a year ago | (#42183999)

Legislate away the right to proprietary technology? You're so far left you fell off...of the wing?

Re:Exaggerated (0)

Anonymous Coward | about a year ago | (#42184191)

His name says it all.

The problem isn't that there isn't enough government interference, it's because of them that Google, Apple, Microsoft and others feel that they can retain any amount of data they want. After all, if the government asks them for it, they should have it ready, right? Wrong. The best way, is to make them retain little or no data that could directly or indirectly help anyone track it's owners. It might make illegal activity harder to detect, but we're getting close to the point of no return, when you won't be able to take a dump without it being recorded in triplicate somewhere.

Btw, this guy is an american, right? Otherwise he'd know that feudalism with multiple lords is actually a better form of government than a dictatorship by a single power.

Oh, and if I hadn't actually seen how much worse communism was compared to democracy, I might have mourned that too. Just mentioning it, because I know, KNOW, not believe, that even 23 years ago, this was very much put in practice.

Re:Exaggerated (1)

Anonymous Coward | about a year ago | (#42184785)

Oh, and if I hadn't actually seen how much worse communism was compared to democracy

I hope you realize that you are comparing an economic system to a political system. I suppose what you meant to say was "how much worse authoritarianism was to democracy".

Nah, let's just standardize on them (3, Insightful)

denis-The-menace (471988) | about a year ago | (#42184219)

Like MS' Open Office XML (An I$O standard with patents)

Like the MP4 codec (An I$O standard with patents)

Etc.

That way the government can demand that all their products they buy follow the ISO standards and nobody is force to use it /s

Re:Exaggerated (1)

Anonymous Coward | about a year ago | (#42184099)

The openness of the data is the key point. I'm not sure how much regulation needs to be involved, but people need to be aware of how locked-in their data is if they choose to be a vassal of one of these cyber-lords. Of the three, I've only seen Google taking much action about giving you ways to export your data. (whether its easily usable afterwards is an open question... unless you want to build your own replacements for all of Google's services. I doubt it will happen that we have cross-compatible standards that these ecosystems all conform to.)

If it was my business data this would be a mandatory requirement.. I would require the ability to get my data back in a relatively usable way, if I want to switch service providers.

For my personal data, I finally have given in and become one of Google's serfs. I still have mixed feelings about it but life becomes hell of a lot easier once you use the same services for most of your daily tasks.

Re:Exaggerated (0)

Phrogman (80473) | about a year ago | (#42184113)

Agreed. Companies already have a lot of regulations that limit their activities, responsibilities etc in doing business. Its not unreasonable to assert that if a company is controlling my data, that I have a right to move that data to a different controller, and that the original data will not be retained by the first party.
After all, I am required to retain certain data for a certain period of time if I am doing business. Its just another area that needs to be covered by clear regulations.

Mind you, I don't plan on ever storing anything in the cloud. I don't trust the motivations of any of these companies. That said I do have a gmail account so perhaps I need to rethink my email solution :P

Re:Exaggerated (0)

Anonymous Coward | about a year ago | (#42184185)

any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure.

What if that structure is incompatible with the new service?
I don't want the law requiring everybody to be Facebook-compatible.

Re:Exaggerated (1)

Githaron (2462596) | about a year ago | (#42184431)

I think the idea is to use a open standard/specification in exports. It would be up to the competing services to import the export. For Facebook, an xml that links text, video, and pictures together would probably do fine.

Re:Exaggerated (1)

obarthelemy (160321) | about a year ago | (#42184227)

Indeed. Already, anything DRMed, and by extension, anything in a proprietary format, exists at the mercy of the supplier.
Now, anything "in the cloud", whetever its format and/or DRM, even open-format un-DRMed, too.

We need laws to protect our rights. Basic stuff, like DRMed stuff must be opened w/ opener in escrow in case of service discontinuation; proprietary formats must be documented too, in escrow if needs be, and cloud providers must provide one-click backup solutions.

Re:Exaggerated (3, Interesting)

vlm (69642) | about a year ago | (#42184327)

The custumers should be also safeguarded against information companies going bust with their data.

Talk to the construction trades about being "bonded and insured" (before or after talking about unionization, and talking about apprenticeship, of course)

Its a simplification, but if you contract out to a bonded and insured contractor who goes out of business (lawsuit, bankruptcy, death, whatever) the bonding company will pay to get "someone else" to do the work for you at no additional cost. Obviously the risk to the insurer depends on the scale of work and the health of the contractor and length of job... I would imagine the mighty GOOG would pay less for bonding than a dotcom.

Re:Exaggerated (1)

DogDude (805747) | about a year ago | (#42184343)

The custumers should be also safeguarded against information companies going bust with their data.

We already have an extensive legal system in place that covers contracts. We don't need more laws to cover the same thing.

For example, any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure.

That's just silly. "Loosing" its "original structure"? What does that even mean?

Re:Exaggerated (1)

vlm (69642) | about a year ago | (#42184451)

That's just silly. "Loosing" its "original structure"? What does that even mean?

He means data that was entered free form or possibly gathered without the customers knowledge has to be exported with a documented copy of the proprietary database schema. It'll never fly.

Now what might work would be a requirement for all data exports to be completely non-proprietary non-binary well formed XML. You might not get their DB table design but at least you'll get each row.

Re:Exaggerated (2)

DogDude (805747) | about a year ago | (#42184573)

Now what might work would be a requirement for all data exports to be completely non-proprietary non-binary well formed XML. You might not get their DB table design but at least you'll get each row.

Just putting in in XML doesn't accomplish anything. Besides, what kind of apps don't allow for exports of some kind? I hear people complaining about "lock in" all of the time, in terms of data, but I don't have a single business application that doesn't allow a data export of some kind. The format that it can be exported to really doesn't matter, since you'll always have to do significant work to get data moved from one application/platform to another.

Re:Exaggerated (2)

RogueLeaderX (845092) | about a year ago | (#42184441)

For example, any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure.

This goal is nearly impossible. Are you going to legislate the data structure for every SaaS out there? How on earth is congress going to keep up with the rapidly changing landscape that is silicon valley?

The U.S. congress was designed to move slowly. It's a bit like a qwerty keyboard. They've already bitten off more than can chew, as they've shown time and again recently.

Ask yourself (2)

DaveAtFraud (460127) | about a year ago | (#42184511)

Regulated services at best provide consistent, mediocre service at the highest rate the regulator will let them charge; usually they provide the minimum they can get away without getting fined too much. Ask yourself how happy are you with the other regulated services in your life like land-line phone carrier, cable television provider, electric company, natural gas company, etc.?

I thought not.

Cheers,
Dave

'Otherwise, we really are just serfs.' (1)

Anonymous Coward | about a year ago | (#42183951)

And I'm just.... serfing the web.

Just ask Vint (3, Funny)

Anonymous Coward | about a year ago | (#42183963)

I thing that we're all Cerfs.

Oh, the humanity! (1)

mariox19 (632969) | about a year ago | (#42183983)

But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore [...]

Does this mean that, having been born a serf under Apple's demesne, I will have to live my entire life as such—and my children, too! Oh my God, how did I not see this coming!

Re:Oh, the humanity! (0)

Anonymous Coward | about a year ago | (#42185497)

At least, if the national states took control over cyber space, you would be living your life in the land of the free and the land of the brave: Iraq.

Come now, Mr. Schneier (1)

A bsd fool (2667567) | about a year ago | (#42183985)

Yes, some of these data companies are getting a bit out of hand, but is it time for the government to step in? You, of all people, know better.

Where should regulation be focused? (5, Insightful)

characterZer0 (138196) | about a year ago | (#42184007)

I have chosen to avoid any trust in or allegiance to Google, Apple, Facebook, or Microsoft. I have to trust my hardware, but I can switch that easily enough. I chose to trust Debian, but could easily enough switch that too. Everybody is free to make these decisions. I can use end-to-end encryption to hide my data from anyone else.

I am at the mercy of my ISP. If they fail to route properly I have no recourse and no alternative faster than 56k dial-up. Network neutrality and fairness from recipients of government-granted monopolies is where the regulation is required.

Re:Where should regulation be focused? (1)

CannonballHead (842625) | about a year ago | (#42184811)

Fixing problems caused by regulation (government-granted monopolies) with more regulation. Something seems wrong with that.

Maybe coming up with a solution such that the whole government-granted monopoly thing is no longer "necessary" would be better?

I try and run my own IT Domain services (1)

Zombie Ryushu (803103) | about a year ago | (#42184051)

I try and run my own IT Domain services (for my own files,) I will NOT use Google Docs, or similar services. I have my own Apache servers, my own CMS, my own Domain Controllers, a Dumb Phone, my games are on my own hard drive, I run my own MySQL services, I do as much as I can myself, my connections to my friends use IPSec, if I get an (Android) tablet, it will be merely something that talks to my network, that I load my applications on from my network via 802.11.

Re:I try and run my own IT Domain services (1)

xaxa (988988) | about a year ago | (#42184183)

That's a significant investment in time.

I used to run my own email server, when I was 18. I ran it for a couple of years, but migrated to Google Apps as soon as the free version was launched. I no longer have to worry if my server goes offline, or if there are security updates, or updates to spam filters, or my email being marked as spam, or all the rest.

Since I'm using my own domain, if a better service comes along I can migrate.

Or *are* we? (2)

Narcocide (102829) | about a year ago | (#42184095)

I say, declare your independence [debian.org].

Yes, you are (1)

Anonymous Coward | about a year ago | (#42184313)

Yes let's all pledge allegiance to a hyper-political organization beholden to extremists [stallman.org]. Sounds fun!

Oh Hugh Pickens? (1, Informative)

Anonymous Coward | about a year ago | (#42184135)

Is that the same Just Say No to College [slashdot.org] Hugh Pickens? Telling us where to trust computer security now?

Who's this Hugh Pickens faggot? (-1)

Anonymous Coward | about a year ago | (#42184157)

Not only does he submit stories as "Hugh Pickens", he also does it as "Hugh Pickens writes", and it seems like he submits every fourth story.

My Lord! General Balmer is in GRAVE DANGER! (-1)

Anonymous Coward | about a year ago | (#42184167)

Our units are running! What a shameful dispray.....

Captcha: reinvent

The Big Players are following a Pattern... (0)

dryriver (1010635) | about a year ago | (#42184205)

I don't know if anybody else has noticed, but all sorts of things these days are moving to, ahem, "the Cloud", without anybody asking for such functionality. Many PC games won't work without a "Cloud Client" anymore. Steam. Origin. UPlay. Take your pick. The gaming Cloud Clients even warns you that "your save games are out of sync with the cloud" because, um, you played the last 2 sessions without, er, actually going online to do it. ---- Then there is the creative software from Adobe, Autodesk and others. DCC software is the official term for these. Digital Content Creation software. These gentlemen, too, are trying to nudge their tens of thousands strong userbase into "the Cloud", and none to subtly. It is even rumored that future releases of Adobe, Autodesk and similar DCC software won't work without "connecting to the Cloud" to run these apps at all. This is even though nobody asked for this kind of functionality. What does all that mean in English? Somebody rather powerful somewhere is pressuring Adobe, Autodesk and similar big players to create "digital backdoors" into their DCC software. So the next time you want to create a viral video that is maybe protesting political some injustice somewhere, the "Cloud" knows in advance what kind of video you are working on. ------ To cut the crap, this is all about Top-Down Control. The powers that be don't want you to work offline anymore, without them being able to check what you are doing. This may be harmless when gaming is concerned - who really cares what you are doing in game space, right? But when it comes to working with professional DCC tools - CAD tools, CG tools, Video, Print, Web design tools - the Cloud actually knows who is working on what where and for what reason with great granularity. Whatever confidentially working OFFLINE once gave you - the big players now want to take that confidentiality away. They want to know what you are "cooking" on a computer somewhere. Whether you are designing a Sports Car, or creating a website for a political pressure group, or creating a Youtube Video decrying certain injustices. ----- In all these activities, the Cloud is one step ahead of you, potentially beaming your most confidential data to a Mothership somewhere (a little bird told me that the "Mothership" may be a 2 Billion Dollar custom-built data center in the Cornbelt of the United States of A.). ------- All this stuff is about a small, self-anointed Elite of MBAs trying to bend the common man to their will. They want to know what you are doing with the software they supply - which you pay for - and they don't want you to have any say in how or when this happens. That's what the Cloud is all about. Trust us with your data. Trust us with your digital designs. Trust us with intimate things you maybe wouldn't even tell your best friend or spouse about. -------- The whole Cloud Computing paradigm reeks of EVIL. Probably because the people pushing it are, well, a wee bit evil and exploitative in character.

Re:The Big Players are following a Pattern... (1)

Anonymous Coward | about a year ago | (#42184619)

The gaming Cloud Clients even warns you that "your save games are out of sync with the cloud" because, um, you played the last 2 sessions without, er, actually going online to do it.

You mean it's warning you that if you reinstall your box, go over to your friends house, or buy a new computers, your progress will be out of date because you're paranoid?

Well, you've sold me. WE MUST STOP VALVE FROM PROVIDING USEFUL SERVICES IMMEDIATELY

Re:The Big Players are following a Pattern... (0)

Anonymous Coward | about a year ago | (#42184661)

The games are in the cloud to help train the next generation:

Never pirate: we'll ban you from the internet.
Never post something like political activism online: we'll ban you and maybe throw you in jail.
Never help leak sensitive info: we'll send the cops at 3AM to take all your computers.
Never donate, never share, never help, never say anything. Trust us.
-- Your friendly government

Re:The Big Players are following a Pattern... (2, Interesting)

Anonymous Coward | about a year ago | (#42185129)

The Pentagram: Google, Apple, Microsoft, Facebook, and Twitter.
To us (the serfs) it looks like they are in competition, but they are working together to control the entire world. The Pentagram's power and control knows no boundaries, it fears no military. They have centers of operation spread throughout the world, it will not harm them if some are taken out. Look how much change they have been a part of in the world during the last 5 years. Cheap cellphones and Twitter have overthrown governments. The world governments are afraid of the power of the Pentagram. They are making demands on them (such as data collection, warrantless wiretaps), but in the process have realized that the Pentagram is more powerful than each country's government. The Pentagram can shape and mold public opinion by the way they filter the news and control the flow of information. Unlike you, I am not afraid. I look forward to a world where countries become more like cultural districts rather than entities at war.

computer security (0)

k6mfw (1182893) | about a year ago | (#42184291)

About 10 years ago a post on /. began with, "If you are responsible for computer security, you can't be too secure. A shotgun will help." Article went on with more about guns, "if your server room is being approached by a band of swarmy thugs with boxcutters, you are to pull out the company manual saying 'firearms are not allowed.'?" Writer went on more of same theme, "If choosing a handgun, be sure your wimpy arm can handle it. A 22 slug in the gut is more effective than a 357 in the ceiling." Not sure what intent writer had unless promoting a reason for guns post 9-11. Not sure why I mentioned it here but title of this article envisions early years of "security" as practiced in ancient times with Feuds was The World. I saved article text but lost in my zillion files of saved files since the 20th century.

Regarding security, how does companies like Coca Cola been able to keep their formula secret? Obviously not stored in The Cloud. Any techniques that can be applied for other safeguards? Besides limiting it to just three people.

Re:computer security (2)

vlm (69642) | about a year ago | (#42184601)

Regarding security, how does companies like Coca Cola been able to keep their formula secret? Obviously not stored in The Cloud. Any techniques that can be applied for other safeguards? Besides limiting it to just three people.

I know how the coca cola formula secrecy works and you're not going to like the solution. Homeopathy. No I'm not kidding. Any wanna be chemist probably gets to analyze soda of their choice in quant chem analysis and I did just that about 20 years ago. The fact that its 99.9999% water, HFCS (back then, it was sugar), caffeine, salt, standard sanitation and preservation chems, and food coloring is no secret nor are the ratios. There is a strange cross between legal fiction and homeopathy that if you run thru a GCMS or HPLC setup you'll find like a nanogram of black pepper in each bottle or whatever.

The secrecy is more of a loyalty test... like if it ever came out in public that one black peppercorn (or white, or whatever) was smashed and fractionated into an entire years worth of a nations production of coca cola syrup, then they'd know who leaked, and fire the disloyal worker. In fact more likely the tell a different lie to each worker and see what gets leaked...

I have no idea how to implement this in "da cloud". My guess is a combo of OTP and steganography embedded in files or something like that. Make a million fake simulated users who simulate doing all kinds of cloudy stuff, but if you gather the 34256236th bit of the 13519th file from each user and assemble them all its the launch codes or whatever.

Dear Mr. Fox, I Have A Henhouse That Needs A Guard (1)

Anonymous Coward | about a year ago | (#42184303)

So... we want the government to regulate security and storage, when the government is, most likely, precisely whom we do NOT want reading our mail or combing through our files. Does no one remember the Clipper Chip?

The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.

Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.

The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. I could even see the possibility of requiring that companies which offer cloud storage have a certain cash reserve to cover operational costs in the event of bankruptcy, long enough for people to retrieve data. (Of course, when one of the biggest data losses in recent history is that suffered by customers of MegaUpload, and the organization responsible for that loss was not the "feudal lord" who owned the servers, but the same government people want to "regulate" security, the problem is rather clear.)

The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities. Again, does anyone remember "This T-Shirt Is A Munition"? We've been down this road before.

Maturity (1)

Anonymous Coward | about a year ago | (#42184363)

In new market, vendor lock-in is important to vendors because competition tends to crop up fast because the customer exceptions are low and therefore easier and cheaper to meet. The bar for entry is low. Later, as the market matures and the number of vendors stabilizes, the most valuable features tend to be across all vendors. Eventually, the only way to increase customers is to take them from someone else. Also, customers will start to wise up and want interoperability. Lock-in becomes less valuable to vendors and systems start to open up.

Stupid metaphor == poor thinking (3, Interesting)

mveloso (325617) | about a year ago | (#42184373)

You're responsible for your own security. You don't pledge allegiance to a vendor, you use their wares until it doesn't satisfy your personal requirements.

This sort of metaphor, while poetic, is counterproductive.

Re:Stupid metaphor == poor thinking (1)

Microlith (54737) | about a year ago | (#42184617)

You're responsible for your own security.

Even when the security of the platform works against you?

You don't pledge allegiance to a vendor, you use their wares until it doesn't satisfy your personal requirements.

Far too many people place convenience and flash above personal security and privacy. This has the nasty side effect of impacting those who do care and stripping their ability to demand (and get) the ability to assume that responsibility.

I can't begin to count the ways. . . (0)

Anonymous Coward | about a year ago | (#42184405)

Anyone who thinks 'government has largely abdicated its role in cyberspace',
is smoking some mighty strong stuff!

I can't begin to count the ways that this submission is detached from reality.

What is security traded for? (0)

Anonymous Coward | about a year ago | (#42184501)

In the feudal example the peasants get to not be killed, starved, driven off their lands by barbarians, etc.

What do we get for using Apple vs. Google or Microsoft, etc?

Convenience? Whiz bang? Access to their advertisements?

Be your OWN feudal lord.

you can scan your cards when we tell you to (1)

swschrad (312009) | about a year ago | (#42184627)

and don't forget to photograph the JCL stack in the proper order first, because if you mung that up, we won't tell you.

seems I've heard this before.

I don't quite trust Google, but... (1)

Maltheus (248271) | about a year ago | (#42184783)

...at the end of the day, I trust Google (and even Apple) far more than my government. My relationship with them is contractual, whereas my relationship with the government is through the barrel of a gun.

what about money? (1)

gadget junkie (618542) | about a year ago | (#42184953)

It looks to me that bunching all of those vendors in one bundle is a bit risquè. In effect, some of them are selling something that they do not own.

...mmmmm, where to begin? This is Slashdot, so let's start with Microsoft. I never saw, read of heard about a suicide that lasted longer, unless the Dynosaurs killed themselves using farts to start a climate change. XP is still dominating their cash cows, and lo and behold, the serfs have fought back: "yes, come back when you REALLY will cut support. Line up over there, if we really want to retrain the whole workforce, we might as well go for open source + service contracts.....unless you offer us upgrades to windows SEVEN for 4.99$ per seat.". Final Nail in the coffin: price raises [zdnet.com], obviously; why let a good opportunity to be LESS competitive go by?

Google, the smartest of them all: it's selling dearly to people things that they really do not own, mindspace. the gadgetry is very good, I do use calendar syncing, but I never entered via the browser since I set it up, and I use thunderbird + lightning as a client; anybody cares to bet on what will happen if all of a sudden the calendar utility ceases to be free and/or interoperable? I do think that at the Mozilla foundation they have a stock of Champagne bottles, in case it happens.

and now, the Apple of my eye. My teen daughter is quite taken by the Ipad, and it's the most expensive toy she has ever received. but "retina display"? "iphone 5"? "Siri"? it's becoming an organized religion: you have to believe, because if you approach with rationality, you get cold feet. Seriously, I know I am fifty, but looking at a puny display I cannot SEE the high definition.

But the biggest pun of all is "the government". Get serious, the only thing the governments are interested in is a." are there taxes to be had?" and b. " will these bozos provide us with private data, backdoors, snooping facilities if we ask?"

Stupid analogy and it draws the wrong conclusion (0)

Anonymous Coward | about a year ago | (#42184989)

Feudalism was a result of technology at the time. A wealthy man or tribal or clan leader needed warriors to provide security so he could manage his people and protect them from enemies. Forging and blacksmithing technology created armor and weapons, and advances in animal training meant that a decently trained and well equipped soldier was able to kill anyone who opposed him without those advantages, thus in order to provide security said wealthy individual/tribal/clan leader needed men who had those things. Those things were expensive, and no one could afford to spend their time training to kill and afford a good horse and armor without also having some way to eat. This problem was solved by feudalism: the trained soldier was given land to manage and people to run that land for him, so he could spend his time learning to fight and afford equipment.

This changed with technology once again. Guns meant that no matter how skilled or well armored a soldier was, an average peasant with no training was a direct threat to him. Eventually guns becamse so cheap that any peasant provided with a cheap gun was a threat to a very expensive, highly trained knight, making the knight obsolete, and suddenly feudalism was a solution to a problem that no longer existed. What guns did is it put everyone on the same playing field in terms of violence, making classes substantially more equal. Thus philosophies such as "all men are equal" and "the Rule of Law" came into effect to help discern how to manage society in light of the fact that anyone could now kill anybody. So in effect, the concepts of Law and regulation removing feudalism is not true; feudalism became obsolete in light of societal changes, and the Rule of Law and regulations and all that came into effect to replace feudalism once it was gone.

That being said, it's still a stupid analogy. I use my iPhone to check my personal email on Gmail and my work email that is managed through a Microsoft exchange server as well as Facebook, back up my iPhone through iTunes on my Lenovo Thinkpad, store all my personal files in Dropbox or Google Docs. And when a new thing comes along that has a better email system or cloud storage, I can easily transfer from one to the other. That's the feudal equivalent of owing allegiance to the kings of 4 different warring countries while dealing with a babarian chieftan, knowing full well I can abandon any or all of them when a new king comes along. Not exactly how feudalism works.

Re:Stupid analogy and it draws the wrong conclusio (1)

dwye (1127395) | about a year ago | (#42185521)

Um, guns lead to philosophies like the Divine Right Of Kings and longing for Benign Despots, because only kings and despots could afford their own armies, and nothing but armies could defend against other armies.

Equal Rights and Rule Of Law had to wait until the invention of the large limited-liability corporation (e.g., East India Company, various syndicates for privateering against the Spanish back in the days of No Peace Beyond The Line, etc.). When commerce mattered as much or more than royal ambitions, then the rules and mores of commerce had to spread to everyone.

Always WAS Feudalism (2)

dwye (1127395) | about a year ago | (#42185247)

Classical medieval feudalism depended on overlapping, complex, hierarchical relationships.

Wrong. It depended on simple relationships (lord {=} vassal); it started to fall apart when the relationships became complicated (look up The Hundred Years War for a nasty case of its collapse)(see the Thirty Years War for its final collapse).

Anyway, it always was feudalism. Who owned their own computers before the Altair? In the early days of the PC era, most computer users still were primarily attached to work machines. The Internet was run by personal relationships between the Great Lords (i.e., the administrators of the major Internet nodes), sealed with little more binding at the beginning than a handshake (which was how Jon Postel got stuck running the DNS root node for years). Given that users can still choose what Schneier thinks of as feudal lords, that makes users minor barons, rather than serfs (no serf could do anything except run away from their lord, or launch futile revolts once a century or so).

Would Bruce Schneier really prefer it run by men with guns and bayonets enforcing the wills of THEIR lords (swayed, no doubt by bribes or job offers for after they leave Federal service), launching wars against each other like 20th Century govenrments, etc? Please, give me benign neglect, any day.

Come On (0)

Anonymous Coward | about a year ago | (#42185481)

The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.

I think this pipe-dream Libertarian has forgotten, as they all do, that when and if they fail to deliver the goods, thousands or millions of people will be irreparably harmed before they have a chance to know that they will be harmed. That is what regulations are designed to address. Do you trade off some efficiency in the system? Of course. Is it worth it? Ask a serf.

Time to make our own dukedoms... (0)

Anonymous Coward | about a year ago | (#42185501)

With "just trust us" as a lot of provider's sole SLA assurances, one needs to consider packing their own parachute when it comes to services. This will take a lot of work even for a technical person.

Starting at the lowest level, it would be establishing a PGP/gpg web of trust with other people/entities. With that in place, everything else in between can be compromised, and the worst that happens is a denial of service attack.

Then comes the OS. On BSD or most Linux distros, you can replace almost anything on the OS without having the whole house of cards fall. If I wanted a custom init or wanted to go back to the old style /etc/rc where every daemon started from that, I could. With Windows, no real way.

Then there is the firewall. Ideally, you want this on a dedicated machine and separate from the router so if the router is backdoored or otherwise hacked, it won't allow access into the internal network. The wireless AP also hooks up to the firewall and even though it has a WPA2 passphrase, clients connecting still use a VPN to connect to the router for establishing a connection.

Not trusting someone means a lot of roll your own items, especially routers, but one can gain a lot of security this way. If one had access to a colocated ISP, that could be used for stashing one's E-mail servers and such, all behind a dedicated router PC [1]. Barring physical access, this would allow one reliable E-mail and such.

Of course, one has to tailor their solution to their security needs. For me, remote access attacks are my worst fear, as well as a crackhead breaking in (who will just grab stuff regardless). Others might fear police seizures and need to protect against physical loss.

For the tl;dr, one can have adequate security without depending on just promises... but it takes a lot of work. Next to doing this, the next best thing would be local UNIX user's groups making ISPs/email servers where people are known physically.

[1]: Preferably a UNIX that isn't x86 based, because of fear of another f0 0f bug, but allows code to run in ring 0.

There are many places one must trust a provider (1)

obstacleman (634020) | about a year ago | (#42185545)

An incomplete list of types of vendors and organizations I have to trust not to be stupid or evil with my information: 1) bank 2) credit card(s) 3) doctor 4) health insurance 5) state and federal governments 6) employer Yes, I am not necessarily locked into any of these but changing some are more of a burden than others. Microsoft, Google and Apple are only recent players in this game.

Be very afraid of asking the Govt to "help"... (1)

aklinux (1318095) | about a year ago | (#42185805)

While I do think there is a some truth to your basic argument, we become vassals by our own free choice. We can be with one today, and choose to walk away tomorrow.

Granted, it could be difficult. I still know people that can't give up AOL.

Subject line ... (1)

PPH (736903) | about a year ago | (#42185957)

... made me think this was going to be about putting spammers heads on pikes outside the castle gate.

Have to stay on top, I use all in some capacity. (3, Interesting)

VortexCortex (1117377) | about a year ago | (#42186037)

Kind of shitty article though. I thought Bruce was going to talk about how some security researchers won't release their findings to the world, keeping the security holes secret so they're less likely to be patched, esp. those cyber-"security" teams of governments themselves... I run my own servers for my email and services that really matter to me and my family. That, and there's no such thing as a client or server, really... My, logs show that grandma just synched more photos to our private distributed "freenet" cloud. She probably did that by plugging in her camera to her PC -- the sync automatically scans her albums folder.

Oh, I might be pledging alegence to Free Software! Oh no! Why, whatever will I do if Linux becomes a fiefdom? Why, I'll Fork it, or use BSD, both of which run the important shit just fine... Also, my VOIP system connects directly between my family's houses avoiding even using a 3rd party service for in-family calling. I

I thought it was supposed to be increasingly difficult not to pledge alegence to MS, Apple or Google. It's actually getting easier to NOT do so if you ask me and mine. Woops, I'm sorry. Didn't mean to actually prove anyone's article completely wrong. I would say to Bruce that he needs to clarify that it's only getting more difficult for ignorant people who don't care about what he's talking about to avoid...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...