Loading ...
Sorry, an error occurred while loading the content.

The wheel reinvention mystery

Expand Messages
  • Omer Zak
    A recent argument in Hamakor prompted me to consider the general question why would people sometimes prefer not to reinvent the wheel, and why would they be
    Message 1 of 5 , Sep 21 12:52 PM
    • 0 Attachment
      A recent argument in Hamakor prompted me to consider the general
      question why would people sometimes prefer not to reinvent the wheel,
      and why would they be enthusiastic about reinventing the wheel.

      http://tddpirate.livejournal.com/63135.html

      --- Omer (aka The Captions Troll)
      --
      You haven't made an impact on the world before you caused a Debian
      release to be named after Snufkin.
      My own blog is at http://tddpirate.livejournal.com/

      My opinions, as expressed in this E-mail message, are mine alone.
      They do not represent the official policy of any organization with which
      I may be affiliated in any way.
      WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
    • Nadav Har'El
      ... I posted my opinion on your post in your blog (under the heading you re a bit confused :-) ). Unlike you, the same Hamakor thread prompted me to ponder
      Message 2 of 5 , Sep 21 4:06 PM
      • 0 Attachment
        On Thu, Sep 21, 2006, Omer Zak wrote about "[hackers-il] The wheel reinvention mystery":
        > A recent argument in Hamakor prompted me to consider the general
        > question why would people sometimes prefer not to reinvent the wheel,
        > and why would they be enthusiastic about reinventing the wheel.
        >
        > http://tddpirate.livejournal.com/63135.html

        I posted my opinion on your post in your blog (under the heading "you're
        a bit confused" :-) ).

        Unlike you, the same Hamakor thread prompted me to ponder on a different
        topic - one that I raised on this list a few months ago. This is the question
        of how come every time that somebody uses "security" as a reason for some
        action (or inaction), people immediately take this as an acceptable
        explanation, even if it completely unfounded.

        Also, people also tend about security as a binary thing, either there is
        "security" or there is "no security", and obviously "security" is better
        than "no security". In reality security is a broad spectrum, and there is
        *always* a tradeoff betwen more security at the cost of more money / less
        functionality / less convenience.

        In my previous post on the subject I gave a few real-world examples of
        people's awe and blind acceptance at the face of "security excuses".
        Your post is unfortunately another example - where you blindly accept
        from the "security" as a good excuse from the "first volunteer", for why we
        should accept the system he designed, even if it doesn't do what we need
        it to do.

        Recently, I saw two more real-world examples of this phenomenon:

        1. The interview system for the US visas. (only people who've been through
        this ordeal will understand what I mean).

        They tell you they are doing this because of "9/11". Really? Then why
        are all the questions aimed at catching people planning to illegally
        *work* (not bomb) in the US? Why do people in countries (e.g., Europe)
        from where illegal immigrants do not often come, but bombers *do* and
        *have* come, are exempt from these visa requirements?
        Does the excuse of "security" really explain why the US embassy treats
        in such an inexcusable inhumane manner all applicants, sending them on
        wild goose chases of Internet sites, filling forms, collecting documents,
        post office branches, payments of various kinds (some you can ONLY do in
        cash, some you can ONLY do in credit cards), standing in lines for
        hours upon hours?

        2. A certain office building in Tel-Aviv requires everyone entering to pass
        through two metal detectors *and* give their driver license at the
        reception. They *say* this promotes security. But does it? Would a
        terrorist (or lowly thief) have a really hard time giving the busy
        receptionist a fake or stolen id? In a building where you can park your
        car bomb below, would a terrorist really try to bring metal with him
        to the lobby?

        Instead, what happens is that getting into this building is a real
        nuicence, often taking many minutes. Not to mention that giving some
        unknown receptionist my driver license is a *security risk* for me -
        who know what this receptionist can do with it, or what kind of
        simple "social engineering" can be used to get him to give over my id
        to a thief?


        --
        Nadav Har'El | Friday, Sep 22 2006, 29 Elul 5766
        nyh@... |-----------------------------------------
        Phone +972-523-790466, ICQ 13349191 |Someone offered you a cute little quote
        http://nadav.harel.org.il |for your signature? JUST SAY NO!
      • Arik Baratz
        ... I d say that some of the time it s used as an excuse, some of the time to create the allusion of security, and the rest of the time it s just because most
        Message 3 of 5 , Sep 21 5:21 PM
        • 0 Attachment
          On 9/21/06, Nadav Har'El <nyh@...> wrote:

          > In my previous post on the subject I gave a few real-world examples of
          > people's awe and blind acceptance at the face of "security excuses".
          > Your post is unfortunately another example - where you blindly accept
          > from the "security" as a good excuse from the "first volunteer", for why we
          > should accept the system he designed, even if it doesn't do what we need
          > it to do.

          I'd say that some of the time it's used as an excuse, some of the time
          to create the allusion of security, and the rest of the time it's just
          because most people don't really understand security.

          An example for the first is airliners requiring an ID to board a
          plane. The airliners want to prevent the ticket resale market so they
          jumped on the Sept. 11th bandwagon and enforce security checks.

          An example for the second is the TSA, which checks are so useless a
          researcher managed to get all the components of a bomb aboard an
          airplane and assemble it in 15 minutes in the toilets. Twice. They
          just search for the wrong things. A few days after Sept. 11th I flew
          back from the US to Israel. The guy was going through my luggage and I
          asked him, what are you looking for? He told me that they just told
          him to browse through people's bag, and he got zero instructions on
          what to look for. It does look very elaborate, though.

          And an example of the 3rd is the check in to buildings where you have
          to sign your name. Absolutely no incentive for me to sign my real
          name. Sometime they check your ID and then allow you to sign in...
          yourself... and they don't verify that the name you signed in with is
          the actual name on your ID.

          Yet in the right context you can claim that X is more secure than Y.
          There are many assumptions involved, and all in all, there are things
          that, all else being equal, are more secure.

          -- Arik
        • Omer Zak
          Apparently passions about the story are still hot around the nonprofit in question. Anyway, I duly notice the diversion (change of topic) in the discussion -
          Message 4 of 5 , Sep 21 9:51 PM
          • 0 Attachment
            Apparently passions about the story are still hot around the nonprofit
            in question. Anyway, I duly notice the diversion (change of topic) in
            the discussion - from discussion of wheel reinvention vs. NIH to
            management of security.

            I am cross-posting this also to discussions@..., because the
            altered topic is more appropriate to Hamakor discussions than to the
            general philosophical atmosphere of Hackers-IL.

            On Fri, 2006-09-22 at 02:06 +0300, Nadav Har'El wrote:
            > On Thu, Sep 21, 2006, Omer Zak wrote about "[hackers-il] The wheel reinvention mystery":
            > > A recent argument in Hamakor prompted me to consider the general
            > > question why would people sometimes prefer not to reinvent the wheel,
            > > and why would they be enthusiastic about reinventing the wheel.
            > >
            > > http://tddpirate.livejournal.com/63135.html
            >
            > I posted my opinion on your post in your blog (under the heading "you're
            > a bit confused" :-) ).
            >
            > Unlike you, the same Hamakor thread prompted me to ponder on a different
            > topic - one that I raised on this list a few months ago. This is the question
            > of how come every time that somebody uses "security" as a reason for some
            > action (or inaction), people immediately take this as an acceptable
            > explanation, even if it completely unfounded.

            While I agree that the "S" word is frequently abused. We have been
            experiencing it a lot in Israel, where political censorship, corruption
            and environmental damage (TAASH in Hod Hasharon area, for example) were
            hidden behind the veil of "Security".

            However, in this specific case, I believe that nonstandard configuration
            by knowledgeable people does promote security. The problem seems to be
            the failure to take the complementary step of documenting the changes in
            the system and ensuring that it is easy for someone else to pick up the
            reins. (Think of what would happen if the first sysadmin were hit by a
            bus.)

            > Also, people also tend about security as a binary thing, either there is
            > "security" or there is "no security", and obviously "security" is better
            > than "no security". In reality security is a broad spectrum, and there is
            > *always* a tradeoff betwen more security at the cost of more money / less
            > functionality / less convenience.

            Yes. Please tell us what is your threat model and how (in your opinion)
            should Hamakor deal with each threat.
            A quick and dirty threat model is as follows:

            1. Membership information - should be guarded (even if a single person's
            ID can be easily obtained by other means, we do not want to release the
            IDs of 100 people, about 50% of them are successful).
            2. Financial accounting - can be viewed, must not be tampered with.
            3. Web site - not to be defaced.
            4. Wiki - occassional defacing is acceptable (everyone knows that wikis
            are not as protected) but must be easy to detect and recover from
            defacing.
            5. Mailing lists - must not be a vector for spam.
            6. Worms and trojan horses - must at least be easy to detect and
            disinfect.
            --- The Captions Troll
            --
            In civilized societies, captions are as important in movies as
            soundtracks, professional photography and expert editing.
            My own blog is at http://tddpirate.livejournal.com/

            My opinions, as expressed in this E-mail message, are mine alone.
            They do not represent the official policy of any organization with which
            I may be affiliated in any way.
            WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
          • Nadav Har'El
            ... Are you looking for abuse? Posting on a heated subject, and in English, on the Hamakor list? I m not joining your game, and returning this to hackers-il.
            Message 5 of 5 , Sep 22 12:09 AM
            • 0 Attachment
              On Fri, Sep 22, 2006, Omer Zak wrote about "Philosophical discussion of security (was: Re: [hackers-il] The wheel reinvention mystery)":
              > I am cross-posting this also to discussions@..., because the
              > altered topic is more appropriate to Hamakor discussions than to the
              > general philosophical atmosphere of Hackers-IL.

              Are you looking for abuse? Posting on a heated subject, and in English, on
              the Hamakor list? I'm not joining your game, and returning this to hackers-il.

              > > Also, people also tend about security as a binary thing, either there is
              > > "security" or there is "no security", and obviously "security" is better
              > > than "no security". In reality security is a broad spectrum, and there is
              > > *always* a tradeoff betwen more security at the cost of more money / less
              > > functionality / less convenience.
              >
              > Yes. Please tell us what is your threat model and how (in your opinion)
              > should Hamakor deal with each threat.

              You (and the "first sysadmin" in question) is acting like Hamakor's site
              is some sort of unique site that needs unique protection. In fact, it and
              your "threat list" is hardly unique. The threats you list are the same for
              *every* web site: almost every web site wants not to be defaced, contains a
              bit of personal data, does not want to be taken over by spammers, and so on.
              So every "linux distribution", which already cater to web site builders,
              already take these threats seriously. They already have timely and automatic
              security updates, firewall, secure defaults, system-call firewall (i.e,
              "selinux"), rootkit and change detection, stack-smashing-protection and many
              other things.

              Indeed, you may argue that these measures protect against the "typical"
              threats, and may not protect against extremely dedicated and clever attackers
              with zero-day attacks up their sleeve. So what - are you expecting any of
              those to target Hamakor's site? If these attacks come on Hamakor ever, say,
              10 years, what kind of functionality/cost/convenience cost are you agreeing
              to incur in order to reduce their frequency to once every 20 years? (yes,
              this is what the security/functionality tradeoff looks like).

              Anyway, it appears you completely missed my most important point: perhaps
              *some* of this sysadmin's actions are (somehow) justified by security.
              But he hung *every* one of his actions on security, and you believe him
              implicitly just because of the word "security".
              For example, he refused to install Perl on the machine, stating that one
              interpreter (PHP) is enough, and having another one will open more holes.
              Really - do you seriously believe that? Perhaps one specific worm that depends
              on Perl will fail on a machine without Perl, but do you seriously believe
              that this will hinder a serious attacker for more than 5 minutes? How hard
              is it for an attacker to install Perl himself, if he wants Perl *that* much?

              And this "Perl" thing is just an example. It just goes to show you how easy
              it is for people (like you) do defend bizarre actions just because they were
              done in the name of "security" or have a weak smell of "security" in them.

              > A quick and dirty threat model is as follows:
              >
              > 1. Membership information - should be guarded (even if a single person's
              > ID can be easily obtained by other means, we do not want to release the
              > IDs of 100 people, about 50% of them are successful).

              Most web sites in fact contain MUCH MORE sensitive data than Hamakor's
              membership list (which only lists 200 people and does not contain any
              financial information, credit card numbers, or anything even a bit interesting
              to crackers). The fact you're getting overworked by a "list of ids" is very
              strange, considering how you can find these ids everywhere: go to any
              university and see id lists hanging on the wall or used as computer user ids,
              for example. Lists (originally created for use in elections) of millions of
              Israeli citizens, their personal details and ids, are floating around with
              every criminal being able to get them.. Office buildings (like the one I
              mentioned) already take the physical id cards of thousands of "successful"
              (as you call them) people who come to the building, and can do with them
              much more than just copying the id numbers.

              > 2. Financial accounting - can be viewed, must not be tampered with.

              These have no business being on the Internet site, and never were on the site.

              --
              Nadav Har'El | Friday, Sep 22 2006, 29 Elul 5766
              nyh@... |-----------------------------------------
              Phone +972-523-790466, ICQ 13349191 |Seen on the back of a dump truck:
              http://nadav.harel.org.il |<---PASSING SIDE . . . . . SUICIDE--->
            Your message has been successfully submitted and would be delivered to recipients shortly.