Re: OfficeTV (was: Personal Firewall Day?)

[Dragos Ruiu <dr () kyx net>]

On October 7, 2003 09:58 am, Marcus J. Ranum wrote:
> Sure. Let's solve the problem for 99.99% of the world and let the
> power users take a competence exam and give 'em the right
> to use UNIX if they pass. I'm fine with that. But it's stupid to
> continue to have 99.99% of the computers on earth being managed
> using primitive tools by people whose primary mission is NOT to
> manage computers. And, on top of it, let's expect them to keep
> their systems secure and patched. You've got your agenda
> backwards because your perspective is as one of the .01% of
> the computer users in the world who know what they are
> doing.


One might argue that you are loooking at the problem backwards,
and the right solution would be to raise the percentage of users
who know what they are doing through education.

You are also looking at this as a person who has to administer 
them rather than someone who has to use them to get something 
useful done.

But that said, I agree to disagree. My experiences with the HP 
variant of your WebTV box (officeTV?) which was far less radical
than what you suggest, left me convinced the concept has many 
inherent, critical, flaws. Sure administering 2 terminal services 
boxes is easier than 200 desktops, but that's the administrator 
talking. The key question is using 200 desktops easier to get more 
productive work done?  Natural selection seems to indicate
so far that the latter is the winner. Also this easier to administer
concept holds for a few hundred, but it too faces its own scaling 
issues as you go bigger, in the forms of bureaucracy, latency, 
inflexibility, and others. When you try to apply it to hundreds of
sites and tens of thousands of users, imho, it doesn't hold up.

I'll easily stand behind your assertions that our current crop of OSes
are TOO difficult to manage (as well as being ridiculously limited in
their variation - we are down to what a few dozen OSes, with the
majority on a handful of strains down from hundreds a few decades 
ago). Alas, the first non-toy worm with a _real_ malicious payload 
that the designers lose control of will convince us of the value of 
reliablity, redundancy and the inherent dangers of monocultrue 
I foresee. Though I hope for our sake that day is a long way off.
And whether the issue is technical, economic, political, or 
metaphoric - it is still a real issue, and our increasing computing
monocultureness is a problem waiting to bite us.

I will also agree that our current software development pays ridiculously 
nee... dangerously little heed to concepts surrounding security,
manageability, scalability and reliability. But the more drastic
variant of the solution I saw become such an impediment 
that you propose doesn't sound like a good direction or an 
appropriate solution for today's computer security dillemas.

I'm not even gonna touch "the dictatorships are good" thing with a
ten foot pole. This discussion has wandered too far off anyway.

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp
pgpkey http://dragos.com/ kyxpgp
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards