Difference between revisions of "Publicly Accessible Data and Code"
From MgmtWiki
(→The Reality) |
(→The Solution) |
||
Line 29: | Line 29: | ||
==The Solution== | ==The Solution== | ||
* Only trained professionals can validate the security of software and that process is time-consuming and expensive. | * Only trained professionals can validate the security of software and that process is time-consuming and expensive. | ||
+ | * Encryption of data in motion as well as data at rest is essential for privacy. Public levers will never solve privacy concerns. | ||
* Attitudes like Zuckerburg's "Move fast and break things" in Facebook or dev-ops shrinkage of the release process make security of code running on the web increasingly fragile. | * Attitudes like Zuckerburg's "Move fast and break things" in Facebook or dev-ops shrinkage of the release process make security of code running on the web increasingly fragile. | ||
* Sometimes a little friction in the pipeline is needed to prevent damage to the system. This has been know in control theory for a century now. | * Sometimes a little friction in the pipeline is needed to prevent damage to the system. This has been know in control theory for a century now. |
Revision as of 18:50, 13 June 2021
Contents
Full Title or Meme
The very idea that Publicly Accessible Data and Code can be trusted to keep data private is utterly ludicrous, but that hasn't stopped the true believers.
Context
- The rise of bitcoin has brought a new zeal to the world of public ledgers and "herd privacy" as though these ideas are new or even useful.
The True Believers
- Every since John Perry Barlow declared that "Data wants to be free" there has been a mythology built up around the idea that anarchy is good for freedom.
- Phil Zimmerman followed up with PGP - pretty good privacy, which introduced the concept of a web of trust to replace the existing pillars of trust in authority.
- Richard Stallman led the battle for free software by which he means that the software's users have freedom. These are his four freedoms.
- to run te program
- to study the program
- to redistribute exact copies
- to distribute modified versions (aka derived works)
- Like Stallman, most of the practitioners of open sources software are geeks that really want everyone to become like them.
- The Linux Foundation and been created by industry leaders to prove that decentralized innovation, built on trust, can deliver real value to real users.
- The LF has created an Open source Supply Chan Security group to prove that this is not only desirable, but possible.
The Reality
- The biggest issue is that a majority of the people on the planet have no desire to become anarchists nor geeks. The anarchists and geeks just don't understand this at all.
- There is no evidence that anarchy will ever be private and secure given human nature.
- As expected criminals of all stripes have, as they always will, profited from the effect of lawless places in the world.
- But as "Deep Throat explained to Woodward and Berstein, the key is to "follow the money". That has always been what the tax man and the prosecutors do.
- In June of 2021 the reality hit the myth with a double whammy.[1] in the constant cat-and-mouse games played by the bad guys against the good guys.
- The F.B.I. recovered most of the $4 million ransom paid in the Colonial Pipeline ransomware attack. So much for privacy of public ledgers.
- The F.B.I. created their own secret message app called Anom which was adopted by over 12,000 users, many of them criminals. so much for security of public freeware.
- The mantra of the Open Source Community is that many eyes on the code will ensure vulnerabilities are caught early. The Heart Bleed bug in OpenSSL since version 1.0.1 prove that wrong.
The Solution
- Only trained professionals can validate the security of software and that process is time-consuming and expensive.
- Encryption of data in motion as well as data at rest is essential for privacy. Public levers will never solve privacy concerns.
- Attitudes like Zuckerburg's "Move fast and break things" in Facebook or dev-ops shrinkage of the release process make security of code running on the web increasingly fragile.
- Sometimes a little friction in the pipeline is needed to prevent damage to the system. This has been know in control theory for a century now.
Revfrences
- ↑ Jack Nicas and Michael s. Schmidt, Bitcoin and Encryption: A Race Between Criminals and the F.B.I. New York Times (2021-06-13) https://www.nytimes.com/2021/06/12/technology/fbi-bitcoin-ransom-encryption.html?searchResultPosition=1