| [14:25:23] | <Elin> | SESSION 3 |
| [14:26:55] | <kamman> | what scares me is a world where no-one maintains the the analog back-up systems anymore (David, did you bring the red yellow & green cards?)back-up |
| [14:27:12] | <Shirky> | appliance functionality means gutting the general purpose nature of computers |
| [14:27:33] | <Forster> | Crocker passed over pretty quickly Denial of Service but as a network guy its a pretty big problem to me |
| [14:27:38] | <Isenberg> | my watch is a gutted computer |
| [14:28:05] | <Shirky> | when was the last time anyone wrote new functionality for your watch? |
| [14:28:22] | <kamman> | he just bought a new watch |
| [14:29:01] | <Shirky> | changing bits is a better upgrade path than changing atoms |
| [14:29:05] | <Beckemeyer> | expections are going the other way |
| [14:29:17] | <Shirky> | beckmeyer: ??? |
| [14:29:33] | <Beckemeyer> | The new gen that grew up with "that vendor" now expect the applicances to need to be rebooted |
| [14:29:38] | <Freeburg> | What does security on the public highway mean? |
| [14:29:43] | <Isenberg> | the red yellow green cards (the physical ones) are unhackable too |
| [14:29:49] | <Robles> |  Kammans point. |
| [14:29:55] | <Shapiro> | radar and police |
| [14:29:56] | <kaminski> | changing bits makes more innovation possible, but also increases the system administration overhead |
| [14:30:10] | <Shirky> | but they tolerate rebooting because they expect to be able to add functionality |
| [14:30:12] | <Forster> | And what if the endpoints are not friends? |
| [14:30:20] | <Shirky> | to make it bighookish, they perfer degredation to denial |
| [14:30:26] | <Forster> | Or if the possible endpoints are basically the whole US? |
| [14:30:46] | <Shirky> | peter, yes, and the traditional answer is to consistently move more of those functions to the edges |
| [14:31:07] | <Shirky> | mnapster has 70 million unpaid sysadmins, each operating a tiny, unreliable server |
| [14:31:11] | <kamman> | hey, this whisper thing is cool |
| [14:31:22] | <Shirky> | has == had :( |
| [14:31:54] | <Isenberg> | terrorism & the constitution -- book by David Cole and ? |
| [14:32:04] | <Shapiro> | clay, napster is dead. how about kaZaa? |
| [14:32:08] | <kaminski> | http://www.cdt.org/policy/terrorism/terrorismbook.html |
| [14:32:31] | <Stansberry> | Clay...how many folks are using Kazaa, al etc. |
| [14:32:32] | <Shirky> | right, got the tense wrong. thats true of kazaa too, and gnutella, groove, etc. |
| [14:32:46] | <Robles> | You just found that.  |
| [14:32:57] | <kaminski> | subhead: sacrificing civil liberties in the name of national security |
| [14:33:07] | <Shirky> | dunno on audience size, but its back in the top five non-sex search terms on yahoo, so the growth is up |
| [14:33:14] | <Shirky> | will look for some absolute numbers |
| [14:33:16] | <Isenberg> | secure the US by shutting down the net!  |
| [14:33:43] | <Shapiro> | the net keeps us connected which gaurantees our security |
| [14:33:54] | <Forster> | David: He said these intelligence agencies want to listen. They would not shut down the net... |
| [14:34:30] | <thatcher> | Don´t bad guys have access to encryption anyway? |
| [14:35:05] | <Robles> | Yep |
| [14:35:22] | <Shapiro> | redundancy restricts dos attack vulnerability |
| [14:35:23] | <Lucky> | Sure, but it´s surprising how seldom they actually use it. Moreover, |
| [14:35:35] | <Lucky> | just the use of encryption gives a red flag. |
| [14:35:55] | <Forster> | Distributed Denial of service uses redundancy as amplification to increase the attack |
| [14:36:04] | <Robles> | So as we all start using it we will all look red. |
| [14:36:42] | <thatcher> |  |
| [14:42:59] | <kaminski> | reed: the only way to do security these days is edge-based |
| [14:43:00] | <Elin> | We are up |
| [14:43:24] | <Elin> | NETWORK IS UP |
| [14:43:27] | <Elin> | I will. |
| [14:44:39] | <Elin> | |
| [14:45:06] | <Elin> | PLEASE CLICK ´LEAVE´ AND LOG BACK IN. |
| [14:45:44] | <bradner> | again? |
| [14:46:47] | <kaminski> | fine-grained security means you can form connections the way you want to |
| [14:46:52] | <Aizu> | there is a photo album of our fighing boat trip at: http://www.ofoto.com/I.jsp?m=19081201103.14065917503&n=1736755571 you have to sing in... |
| [14:46:56] | <kaminski> | (crocker) |
| [14:47:41] | <kamman> | for crocker |
| [14:48:44] | <Shapiro> | consumer contracts that are unconscionable are unenforcable |
| [14:49:14] | <Shirky> | alt.syntax.tactical rides again... |
| [14:49:39] | <Robles> | Can you send me that link again. |
| [14:50:00] | <Thatcher> |  In EFM, there is a active discussion about need to have security at (below) layer 2 to protect MAC addresses; eliminate piracy; protect L2 commands; etc. If this is really important, it can´t be accomplished at the ends. |
| [14:50:16] | <kamman> | distributed denial of service attacks use a lot of infected hosts to launch the virus program. if you have good end to end security then you have no infected hosts and then there is no denial of serviceattack |
| [14:50:39] | <Shirky> | re "greifers": richard bartle wrote a good essay called "Players who Suit MUDS", aobut patterns of user behavior |
| [14:50:57] | <Shapiro> | test |
| [14:50:58] | <kaminski> | people play games with different goals: see "Hearts, Clubs, Diamonds, Spades: Players Who Suit MUDs" http://www.brandeis.edu/pubs/jove/HTML/v1/bartle.html |
| [14:51:06] | <Robles> | They somtime use the CISCO routers at the core as the launching pad. |
| [14:51:12] | <Shirky> | subtitled Hearts, Diamonds, Clubs, Spades, for his four top-level types |
| [14:51:14] | <Shirky> | http://www.mud.co.uk/richard/hcds.htm |
| [14:51:41] | <Shirky> | peter and i have the same article, jsut different urls |
| [14:52:03] | <Campbell> | ? |
| [14:52:14] | <Shapiro> | Carnegie Mellon and George Mason University are doing a lot in the IT security area |
| [14:52:29] | <Shirky> | |
| [14:52:44] | <kamman> | test |
| [14:53:00] | <Thatcher> | In EFM, there is a intense discussion about the need for Layer 1 and Layer 2 security. |
| [14:53:23] | <Shapiro> | also, there is the internet security alliance http://www.isa.org |
| [14:53:49] | <kamman> | test |
| [14:54:02] | <Clark> | krustworthy computing? |
| [14:54:57] | <kamman> | distributed denial of service attacks work by infecting hosts (ie. end points) on the network |
| [14:55:06] | <Robles> | I still lock and put passwords on all of my edge equipment. |
| [14:55:10] | <kamman> | so if you keep the hosts from getting infected |
| [14:55:20] | <kamman> | there are no denial of service attacks |
| [14:55:23] | <Thatcher> | EFM has intense ongoing discussion about Layer 1 and Layer 2 security |
| [14:55:28] | <Elin> | ... |
| [14:55:29] | <kamman> | in other words, it still depends on end to end |
| [14:55:35] | <Shapiro> | correction: http://www.isalliance.org |
| [14:55:41] | <Robles> | |
| [14:55:43] | <Elin> | ...... |
| [14:56:16] | <Elin> | .... |
| [14:56:25] | <Thatcher> | It is argued that MAC addresses; and protocol contol; and piracy can only be manged below layer 3. |
| [14:56:50] | <Thatcher> | This would clearly have nothing to do with end to end. |
| [14:57:06] | <Elin> | ... |
| [14:57:55] | <Shapiro> |  |
| [14:58:11] | <Shapiro> | |
| [14:58:41] | <Berry> | What´s the equivalent of an internet |
| [14:58:46] | <Berry> | speed trap. |
| [14:59:07] | <Elin> | etherpeg |
| [14:59:17] | <Shapiro> | filtersw, censoring, restrictions, rules, regulation....danger! |
| [14:59:20] | <kamman> | digital hygiene - the onlyway you get good end point security is if its easy enough for an idiot to use (haveI said that before?) |
| [15:00:24] | <kamman> | imagine directions to use a water tap and soap as written by microsoft |
| [15:00:24] | <Berry> | to "Robot" |
| [15:00:57] | <Clark> | buy Microsoft soap, register your copy online... |
| [15:01:06] | <bradner> | richard clarke (cybersecurity czar) wants to replace tcp/ip because senders can not be traced |
| [15:01:10] | <Shapiro> | the highway metaphor (with the bumps and on ramps ,and now a suggestion for cops, is old, overplayed and not really relevant. |
| [15:01:13] | <kamman> | ummmmm... they have no speed limits on the autobahn and it works OK |
| [15:03:02] | <nanda> | So it will be MicroSOAP now? |
| [15:08:42] | <Weinberger> | (test) |
| [15:09:42] | <Michalski> | http://www.amazon.com/exec/obidos/ASIN/0674872339/jerrymichalskisr |
| [15:09:48] | <Michalski> | pardon the affiliate link |
| [15:09:54] | <Michalski> | that´s for Technologies of Freedom |
| [15:10:00] | <Michalski> | from Ithiel de Solla Pool |
| [15:10:14] | <Michalski> | (btw, de Solla Pool and de Solla Price are common Sephardic names) |
| [15:11:05] | <kaminski> | Ithiel de Solla Poole, Technologies of Freedom. Cambridge: Harvard UP, 1983. |
| [15:11:12] | <Shirky> | "By using this soap, you agree that Steve Ballmer may enter your bathroom at any moment" |
| [15:11:16] | <Clark> | used books: http://abe.com and http://powells.com |
| [15:11:38] | <Clark> | ah, a Winer SOAP rant to come... |
| [15:12:27] | <Shapiro> | build a better mousetrap and you get smarter mice |
| [15:13:36] | <Robles> | Yes but fewer of them at the begining. |
| [15:13:37] | <Shapiro> | I think we face bigger threats from germ warfare. |
| [15:13:41] | <Weinberger> | A single mouse constitutes a DoS attack on a mouse trap. |
| [15:14:06] | <Robles> | There have been lots of attacks on the US networks. |
| [15:14:13] | <Shirky> | yes, on the better immune system |
| [15:14:19] | <Robles> | I have seen some of them |
| [15:14:23] | <Shirky> | klez is the e.coli of the net |
| [15:14:59] | <Shapiro> | we are in a national state of paranoia where we shake down old ladies at airports...maybe we should ask everyone to unplug their computer at night |
| [15:15:20] | <Robles> | Black holes ;-] |
| [15:15:28] | <kaminski> | another book: I. de Sola Pool, ed., The Social Impact of the Telephone, MIT Press, 1977. |
| [15:15:30] | <Elin> | The problem with evolution is everybody does it. |
| [15:15:40] | <Shirky> | unplugging at night wouldn´t help. the worst viruses are store-and-forward |
| [15:16:03] | <Michalski> | he also wrote Forecasting the Telephone |
| [15:16:05] | <bradner> | privacy issue with "knowing who is talking to me" |
| [15:16:18] | <Michalski> | and Technologies Without Boundaries |
| [15:16:28] | <bradner> | great tracking feature for the marketing people |
| [15:16:54] | <bradner> | great tracking feature for the cops in a repressive society |
| [15:17:06] | <Clark> | virus and security problems are not always ones starting with trust: spam comes (accidentally) from friends too |
| [15:17:08] | <Shirky> | diversity at the edges would also be a good policy |
| [15:17:21] | <Beckemeyer> | security is not cheap. There is no economic incentive now. That needs to change to change security policy. |
| [15:17:37] | <Weinberger> | Clay, what type of diversity? |
| [15:18:01] | <Shapiro> | which are the bigger threats: nuclear boms, germ warfare, phydical attacks on utilities, or an attack on the Internet???? |
| [15:18:38] | <Shirky> | operating systems and applications. if everyone is a cow, mad cow is a big problem. if everyone runs outlook on windows... |
| [15:18:42] | <bradner> | re bigger threats - depends on value system - $ or people |
| [15:18:53] | <Shapiro> | either |
| [15:19:08] | <Campbell> | LogNote: DAT tape change |
| [15:19:19] | <Shirky> | nuclear |
| [15:19:31] | <Beckemeyer> | right. which is more expensive, security or lack thereof. That´s the trade-off. |
| [15:20:31] | <Shirky> | moving from hw to sw |
| [15:20:32] | <Robles> | Paul Vixie´s Email Black Hole http://mail-abuse.org/ |
| [15:20:34] | <Clark> | define the crime (problem) |
| [15:21:12] | <Robles> | Paul Vixie´s Black Hole http://mail-abuse.org/ |
| [15:21:46] | <bradner> | and then the person gets pissed at their boss and sells out |
| [15:22:23] | <clark> | define problems before solving |
| [15:22:51] | <Aizu> | so are you scared about Microsoft´s Paladium, or that will not be a major issue? |
| [15:22:53] | <Campbell> | LogNote: cas T12 (B) |
| [15:23:12] | <Elin> | ... |
| [15:23:17] | <Aizu> | So are you concerned about Microsoft new strategy, Paladium, or that is not a big issue? |
| [15:23:37] | <Elin> | ... |
| [15:23:56] | <clark> | Paladium and .NET needs to be widespread to be effective and there are several countries abandoning ship |
| [15:24:28] | <Isenberg> | this is a test |
| [15:25:59] | <Elin> | ... |
| [15:26:45] | <clark> | newsflash: hackers prepare America for disaster (story at 10) |
| [15:27:45] | <bradner> | we have already had a case of an airport control computer being hacked into |
| [15:28:14] | <clark> | 21st century technology, 20th century policies? |
| [15:30:19] | <Shapiro> | what about automobile security? |
| [15:30:46] | <clark> | or personal security (a la constitution)? |
| [15:31:20] | <Petrovic> | http://www.amazon.com/exec/obidos/tg/detail/-/052138673X/qid=1031253723/sr=1-1/ref=sr_1_1/104-8589410-1955935?v=glance&s=books |
| [15:31:30] | <kaminski> | The Collapse of Complex Societies 052138673X http://books.cambridge.org/052138673X.htm |
| [15:32:02] | <clark> | managing known risks |
| [15:32:34] | <Turner> | How many people were in the Northeast US during the power blackout of October 1965? |
| [15:32:42] | <clark> | managing unknown risks? (as in anarchy)  |
| [15:33:54] | <kaminski> | adi shamir (via kamman): security is acceptable losses at acceptable cost |
| [15:34:01] | <Stansberry> | why is it that authors who offer apocolyptic warnings always tell us that by the time there´s empirical evidence of their theory it´s too late to stop the problem |
| [15:34:17] | <Stansberry> | think about it |
| [15:34:37] | <Stansberry> | Paul Erhlic -- we´re all going to starve (1971) |
| [15:34:44] | <Stansberry> | Y2K |
| [15:34:49] | <Weinberger> | In the real world, "security" has gotten redefined as "invulnerability" |
| [15:34:57] | <Berry> | By the time we realize their theory is not good, it´s too late for a refund |
| [15:35:00] | <Stansberry> | And, my personal favorite |
| [15:35:08] | <Stansberry> | the guy who comes around every 20 years |
| [15:35:16] | <Stansberry> | and swears we´re running out of oil |
| [15:35:26] | <Stansberry> | Isenberg even recommended the latest one´s book |
| [15:35:33] | <Stansberry> | What´s so funny to me about it |
| [15:35:41] | <Stansberry> | is that, as everyone knows from their own life |
| [15:35:48] | <kaminski> | "On November 9, 1965, the Great Northeast Blackout left 30 million people in eight U.S. states and the Canadian provinces of Ontario and Quebec without electricity. " |
| [15:35:50] | <Stansberry> | if there´s no solution, then there´s really no problem |
| [15:35:58] | <Stansberry> | And yet |
| [15:36:06] | <Stansberry> | if you want to be a best selling author, |
| [15:36:19] | <Stansberry> | predict a catastrophe that can´t be verified with any actual evidence |
| [15:36:23] | <Stansberry> | because... |
| [15:36:33] | <Stansberry> | when there´s finally any evidence...it´ll be too late to save us |
| [15:36:45] | <Stansberry> | I haven´t read tainter´s book |
| [15:36:51] | <Stansberry> | but think about his premise |
| [15:36:53] | <Weinberger> | govnet: http://www.wired.com/news/politics/0,1283,49858,00.html |
| [15:37:03] | <Stansberry> | that GDP doesn´t grow fast enough to support infrastructure |
| [15:37:07] | <Stansberry> | if that were true |
| [15:37:27] | <Stansberry> | how would you explain any modern society? |
| [15:37:30] | <Stansberry> | okay? |
| [15:38:48] | <Campbell> | LogNote 4b start: DAT 19:58, cas 14.58 |
