nanog mailing list archives
Re: WW: Bruce Schneier on why security can't work
From: David Walker <davidianwalker () gmail com>
Date: Tue, 19 Mar 2013 11:07:39 +1030
In history, people get taken unawares, by their neighbours. We don't implement systems to protect against that - no matter how much betrayal stares us in the face. The price of peace is eternal diligence and no-one writes that cheque.
From Troy to Chamberlain - it's not an issue of finding new regimes of trust.
We look to trust whether or not it's warranted. That's a failure point. Therefore somebody's going to get screwed at some point. Anything less and we're already dead - only the dead have seen the end of war ... The difference here is the battleground and maybe the scale. Otherwise there's nothing special about information systems. Some time later the black plague/spanish flu comes along and teaches us about fragility and brittleness. I'm a fan of Bruce but looking to trust is not a prophylactic. Yes we trust ... and scheme about destroying our neighbours or defending ourselves or whatever. Engineering against nature/mathematics is a much loftier pursuit. Turn off the internet tomorrow for a day ... or a week or a year and carry on. That's the only kind of resilience worth worrying about. Everything else is a side show. Crazy talk sure, the internet's JAM - Just Another Machine - but worrying about bad people as the only stressor is setting the bar pretty low. We're much better off asking our hospitals "what will you do when the network is broken for a year" than asking our network people how they'll cope with bad guys and bad packets. That's the difference between a real scenario and a faux pas and there's a big mix of the two in the linked article ...
Current thread:
- Re: WW: Bruce Schneier on why security can't work, (continued)
- Re: WW: Bruce Schneier on why security can't work Darius Jahandarie (Mar 14)
- Re: WW: Bruce Schneier on why security can't work Suresh Ramasubramanian (Mar 14)
- Re: WW: Bruce Schneier on why security can't work Patrick (Mar 14)
- Re: WW: Bruce Schneier on why security can't work . (Mar 15)
- Re: WW: Bruce Schneier on why security can't work Patrick (Mar 15)
- Re: WW: Bruce Schneier on why security can't work Owen DeLong (Mar 15)
- Re: WW: Bruce Schneier on why security can't work Reply-To: Patrick (Mar 15)
- Re: WW: Bruce Schneier on why security can't work Patrick (Mar 15)
- Re: WW: Bruce Schneier on why security can't work Jay Ashworth (Mar 18)
- Re: WW: Bruce Schneier on why security can't work Jimmy Hess (Mar 18)
- Re: WW: Bruce Schneier on why security can't work Jay Ashworth (Mar 18)
- Re: WW: Bruce Schneier on why security can't work David Walker (Mar 18)
- Re: WW: Bruce Schneier on why security can't work Eugen Leitl (Mar 19)
- Re: WW: Bruce Schneier on why security can't work Dobbins, Roland (Mar 19)
- Re: WW: Bruce Schneier on why security can't work Darius Jahandarie (Mar 14)
- Re: WW: Bruce Schneier on why security can't work Owen DeLong (Mar 15)
- Re: WW: Bruce Schneier on why security can't work Eugeniu Patrascu (Mar 17)