The Orphan Wilde: The Argument Against Security

Friday, April 1, 2011

The Argument Against Security

There are a whole host of reasons why you -should-. But sometimes, implementing security can in fact be counterproductive. The issue is, as in all issues security, thus: Users.

I am involved in the creation of server software. In a meeting a few years back, when we were brainstorming in regards to a new product which was meant to run in the same system as an existing product and connect to it, one of our architects got caught up in the idea that we should provide security for the connection.

We argued with him. At length. Everybody else in the room was vehemently opposed to securing the connection.

Okay, you say, that makes no sense! But it did. These two systems were intended to sit on the same box - while technically possible to connect these systems on different boxes, you'd have to have access to the server box (that is, the original product) to do so.

Even so, you might be thinking, why on earth wouldn't we want to secure the connection? So it's on the same box, so what?

Because any security credentials we used would be, by definition, accessible to anybody who could access both the client and server application to begin with.

We have a longstanding policy regarding security: It's the client's job. We don't encrypt database usernames or passwords, we don't password protect server certificates (although the client can do so), we, quite simply, don't do security. (That's not in fact true, we have -lots- of security, but only on outward-facing components.)

If your file system is secure, so is our software. If your file system is compromised, so is our software.

Because there's no way around this. We can encrypt your username and password - but if our file system isn't secure, you can open up our code, decompile it, reverse-engineer our algorithm, and decrypt that username and password. It would take me a couple of hours to do exactly that. Obscurity of encryption algorithm doesn't help here, and where obscurity doesn't help, nothing does. (Yes, we could encrypt it with a key, but where is the key going to live?)

Any security we implement would be a bandaid, and would only hide real security issues from our users: Namely, that these boxes can only be as secure as their filesystems. Not only that, by providing security, security becomes a part of our product; if it fails, and somebody does Something Bad, we're (more) liable, because a part of our product was in defect; our security could have Been Better.

So we just don't do security, not in that way. We -could-, and it could arguably make the product better [Normally I despise the word "arguably" but here I think it's appropriate, as there are other reasons I disagree which aren't relevant to this post], but to do so makes us more liable without adding anything to the table we can sell. Even if it were free to develop we wouldn't do it.

So this architect lost that argument. And progress marches on. Without redundant security measures.

No comments:

Diversions

Dwarf Fortress: This is what Minecraft utterly fails to be. You run a fortress full of sociopathic alcoholics - run in the loosest sense of the word, as they do pretty much whatever they feel like, rather than what you tell them to do. Never has water been so terrifying.

Terraria: A game available for purchase, but relatively cheaply. This is the kind of game I adore; old-fashioned graphics, modern sensibilities about content.

Kingdom of Loathing: A browser-based RPG game with more puns than is good for your health. Surprisingly deep and well designed, although I am rather irritated by the ponderous quantities of limited-time content. (The game is practically defined by limited-time content.)

Schlock Mercenary: If this link is new to you, seriously, spend an hour going through this very accessible sci-fi webcomic. No, you don't need to be a sci-fi nerd to appreciate it.

Saturday Morning Breakfast Cereal: A webcomic which has yet to stop getting better, and it started off pretty damn good.

Khan University: The cure for common education.

Comment Policy

I don't delete comments, except spam. (Except for an ancient comment I just accidentally deleted thinking I was deleting the message telling me about the comment, rather than the comment itself, an irreversible mistake I won't be repeating, and which caused me to write this. My apologies, random internet dood criticizing my approach to education.)

Vitriol is expected. If it's amusing it's encouraged, in fact. If it's directed at me, however, fair warning: I can not only sink to your level, I can kick your ass at it.

I approach blogs as forums for discussion, rather than personal journals. I do not expect anything in particular from my commentators, and everything, including off-topic rants, is perfectly fine by me.

Blogs I'm Reading Right Now

The core list I visit daily.

Coyote Blog is almost always an interesting (and usually an informative) read, and only infrequently blogs about his hobbies.

Borepatch is a no-longer-so-recent addition to my frequent reading list on account of the "I am TJIC" campaign; he's a gunblogger, primarily, but also writes interesting libertarian things. He doesn't call himself a libertarian, apparently. I'd sometimes hesitate as well.

View From The Porch you have seen before. What need I say? Libertarian gunblogger. Bit too much "gun porn" for my tastes - there are a couple of blogs with more, but Tam is near the top - but the non-gun topics are quite good of their own right.

The Volokh Conspiracy is Eugene Volokh. You've seen him before as well. Actually, there are lots of other writers there as well, but his name's on the thing. Lots of legal writing; with major cases, such as the healthcare thing, you'll get five or six different perspectives on the matter. Which can be tedious.

Aretae is one I've followed on and off via Borepatch, but have started following more closely lately; he's some flavor of libertarian/anarchist, I haven't figured out which yet. (Anarchocapitalist, possibly? I suppose I could ask him, but that'd defeat the fun of writing these descriptions.) He seems to be a longtime follower of Overcoming Bias, and I suspect I may have seen him comment there way back when, but my memory is not nearly that good. He has a most excellent description of the various lines of reasoning behind libertarianism here.

Ataraxia and the Mental Effluence is a philosophy blog on mind, meditation, and religion. Among atheists, he is, as I count such things, one of the good guys. He presents a strong case for the rather unusual notion that atheism and agnosticism are not conflicting ideologies, to give you some notion of what his blog is about.

Blogs I Sometimes Visit

Some blogs I catch up on from time to time:

Two Four is a hardcore libertarian/Objectivist - I wish he allowed comments, as I think I'd visit more often for the debates, but his blog, his rules

Captain Capitalism saved me around a hundred thousand dollars when I opted -not- to buy a new house on his advice, and whose advice on the stock market could have doubled any investment; I'm inclined to keep up with him now, even if he says ridiculous things about gender sometimes.

Abstinent Sex Blog is not work safe. (Well, his blog says so, anyways. I'm not sure I've ever seen anything on his page that warrants that, but then, I'm pretty liberal in my attitudes on sex.) He discusses life as a divorcee and an abstinent (and/but kinky) Christian.

Quizzical Pussy is not work safe. She discusses sex and gender, primarily, and I agree with her on 99% of everything in regards to this topic. Discussions are generally significantly more civil than most other places, and QP fosters an environment in which dissenters are treated with respect, which is important for some of the issues she discusses, and a refreshing change from most other gender-focused blogs.

Popehat is a semi-legal blog about, first and foremost, first amendment rights. The positions held in it are diverse, but it is a blog that has the intellectual honesty to declare somebody to be scum while defending their right to scummy free speech. The importance of this position cannot be overstated.

Munchkin Wrangler has the best gun rights post ever written, among other things. His was one of the first blogs I ever read (possibly THE first), and that post single-handedly converted me to the gun rights side of the debate. (I had been on the fence before, seeing it as a non-issue) I don't really read his blog any more - his interests have largely diverged from mine - but I feel I would be remiss in omitting an individual who had such an influence on my worldview.

Overcoming Bias - Once a community blog, I believe Hansen is the only poster now. A strongly libertarian blog on logical processes

Less Wrong - previously of Overcoming Bias - is a community blog discussing a wide range of topics. Its emphasis used to be cognitive bias, but it's become more of a speaking platform for those espousing the Singularity anymore, which sparked my own interest - and skepticism. The posts vary considerably in quality, from brilliant and insightful to petty and pretentious, but it's worth an occasional read. I visit anymore about once a month.

Random Acts of Patriotism is a self-described little-L libertarian (and gunblogger) who I recently discovered through Borepatch. (Which, for those unfamiliar with the small-l libertarian term, is a -more extreme- version of libertarianism, rather the reverse of what you'd expect, holding that the current system is likely not rehabilitatable.)

Smallest Minority is a great place for arguments; the author is on the unprincipled/pragmatic side of the libertarian token, unfortunately (and doesn't know what Objectivism actually is, if his posts on it are any indication), but he generally does great research and his posts are terrific places to find information

The Ultimate Answer to Kings is a libertarian(ish?) guy who went Galt. He writes a lot about the difficulties in homesteading, which is always interesting, to me at least. He also wrote a post on living as a libertarian which I think a lot of us libertarians are in dire need of reading, even if we are kinda-sorta winning right now, for a given value of winning.

Friday, April 1, 2011

The Argument Against Security

No comments:

Post a Comment