Bush, Socrates, and Information Security

“Wherin links between a number of disparate ideas are put forth for the amusement of our readers”

Orcinus talks about one of Bush’s answers to a question in last night’s debate.* (I thought Bush did surprisingly well, but think that Kerry still came out slightly ahead. Both, depressingly, still want to spend my money on their own pet projects, and fail to offer bold responses to the challenges we face.)

The questioner — seemingly a middle-class homemaker — simply wanted to know if Bush could admit to having made mistakes. After all, most of us ordinary humans make them too, but we also tend to be acutely aware of them. That Bush was incapable of giving her a straight answer was incredibly revealing.

Socrates used to go around in search of a wise man, questioning everyone he met. Bush’s answer (read the whole answer at Orciunus) was “historians will look back and say.” That’s not the answer of a man who looks back and evaluates what he’s done. Looking back and evaluating your choices is a key part of making better decisions in the future. The ability and willingness to doubt and question as you’re making a decision is a good one. You need to know when to stop and make a decision, but you also need to know how and when to analyze.

On the other hand, I’ve gone through media training, and that’s one of those questions that nearly requires either a dodge or a facile answer. Clinton might have been able to word-smith his way through it.

Information security has a number of long-standing camps. One is the mathematicians who want to prove theorems about systems, and thus state their security. Another is the empiricists, who try to set up experiments which can invalidate a system’s security claims. It should come as no shock that I think the work of the empiricists is more useful. Cryptography is a sometimes exception to this, where it would be nice to have some proofs, but we can’t even show P=NP, so, its a ways away.

I don’t think that the math camp has stepped back enough to self-analyze. The empiricist camp does so regularly. I’ll use as examples two papers by Eric Rescorla: “Is Finding Security Holes a Good Idea?” and “Time to Patch, Revisited.” The latter is an examination of work (not yet online) that I did in collaboration with the team at Immunix, including Crispin Cowan and Steve Beattie. Eric points up that we needed more data to arrive at the conclusions we did, which is fair enough. (The main point of the paper, which is that patch management is a risk management game, stands, and I stand by it.) The Finding Holes paper questions one of the underlying claims of the full disclosure camp: That finding and fixing holes will eventually result in more secure software.

*UPDATE: I wrote this mostly on Saturday, but was searching for links to Rescorla’s papers.
Update 2: Rescorla kindly put his TTP work online, now linked above.

Secondary Screening

Ryan Singel has a couple of good posts up: Why Privacy Laws and Advocates Matter and Trusty Logo Not Worth The Pixels It Is Printed On. The later explains in detail what economics predicts: Trusty won’t shaft its paying customers to make them actually enforce privacy policies, when people who rely on the trusty seal complain. This makes the Trusty seal worthless, which will eventually come back to bite them, but they get to ride the gravy train for a while.

Afghan Elections

The elections in Afghanistan have apparently gone off with fewer problems than expected, which is outstanding. (And hey, the ink I mentioned to Sama makes an appearance!)

I am slightly worried by a line in The New York Times article, ” International organizations, which spent $200 million to finance the election, indicated that they had little patience for would-be spoilers challenging the vote’s validity” but that seems to perhaps be a reporter’s opinion.

It is, at the end of the day, a very exciting day for Afghanistan if they can have elections, and have the resulting candidate be considered by their people to be the legitimate leader of the country. Strong-arming by outsiders doesn’t add to that, although it may give the process time to sink in. The courage of Afghans who registered to vote, and went to the polls despite threats of violence, what gives it legitimacy. And as Winston Churchill pointed out, democracy is the worst form of government we have, save all those others tried from time to time.


I listen to a lot of music. When I visit friends, I often invite them to drop random discs they think I’d like into iTunes for a rip. Combine that with my cd habit (“I can quit anytime!”), and I have a fair bit of music that I don’t recognize quickly. So I just found Quicktunes, a menu-bar controller for iTunes. It’s not as elegant looking as X-Tunes, which I’m keeping around because I like it. But it puts the current song in the menu bar, where I can glance at it effort-free.

Want to Save American Lives?

Do you want to save American lives? Stop senseless deaths? Here’s some ideas:

  • Require real driver training, and enforce traffic laws.
  • Ration the sale of alcohol to prevent the nasty diseases over-indulgence causes.
  • Ban tobacco.
  • Ban firearms.
  • Require calisthenics in the morning, by neighborhood, and in the afternoon, at work.
  • Ban the use of corn syrup as a sweetener, leading to slimmer, healthier Americans.
  • Impose a national ID card, creating a slim possibility that you’ll catch a terrorist sometime in the next year.

Guess which one Congress is on top of?

Incidentally, I’m not in favor of any of these, except maybe enforcing the traffic laws. Most Americans would look at every item there, and say, that’s an infringement on people’s right to decide how to live their lives. And they’d be right.

Can Prayers Heal?

There’s an article in today’s The New York Times asking, Can Prayer’s Heal? (Critics Say Studies Go Past Science’s Reach). The article talks about a number of studies that apparently show a correlation between being prayed for and better medical results. The article also talks about how flawed some of the studies are, once you have a statistician examine them in depth.

Unlike many of the scientists quoted in the article, I’m not opposed to small funding for these efforts. If you believe that being prayed for means that a very small stab wound will heal better, fine, lets test that theory. Any supreme being I’m willing to credit will be ignoring the experiment, but the nice thing about experiments is that they can prove people wrong. (The Rev. Raymond J. Lawrence Jr, whose title is too long to quote in full, says that it cheapens god, which seems like a fine stance to take. Faith isn’t supposed to be proven, that’s why it’s faith.)

On the other hand, if patients being prayed for do better, or patients thinking they’re being prayed for do better, then great! Let’s pray for them. The most interesting studies are the fully-blinded ones, where the patients don’t know they’re being prayed for. That sometimes raises concerns for the human research boards, since people are supposed to be given a chance for informed consent. It may even be offensive to some folks to be being prayed for, or to be prayed for by heathens of one stripe or another. On the other hand, it would seem to be needed to really prove the effect of prayer, absent a placebo effect. The final line of the article mentions that alcoholics “who knew they were being prayed for actually did worse.”

So, the studies, even without a theory for how they work or what they’re testing, show interesting behaviors. Other scientists will step in to explain those, and we may well end up learning something, if we’re not careful.

Apple Security UI

I just got a fascinating email. No, not really. It was a simple little email, from someone who’s being very helpful on a project that I’ll speak of in excrutiating detail later. What was fascinating about it was that it was PKCS 7 signed, and Apple’s Mail.app told me so. It told me so with a little “signed” line in the header. Pretty cool. But I was wondering what it meant?

Signed by whom? How? With what key? Why am I “trusting” it? And I’m unable to find the answers. Anyone know?

I’m also experimenting a bit with MarsEdit, which I like a lot, except I’m having trouble with trackbacks. We’ll see how it inserts the image.

ACLU vs. Ashcroft

The ACLU has made the TSA explain to the American people some subset of the faulty reasoning, faulty processes, and broken systems behind the so-called “No fly” lists, which have now snared, along with Johnnie Thomas and David Nelson (all of them), 3 members of Congress.

Read the articles,
Faulty ‘No-Fly’ System Detailed (Washington Post) and Papers Show Confusion (New York Times), having taken a minute to visit Bugmenot first.

You can read the original documents, or just become a card carrying member.

The FBI and Library Subpoenas

Orin Kerr discusses (deep breath!)

Michael Froomkin links (via Proof Through the Night) to this story from a Seattle TV station about a local library that has fought off an FBI subpoena for a list of names and addresses of who took out a book on Osama bin Laden.

Kerr does a good job of looking at both sides of the story, and says that we don’t know enough to say why the FBI issued, and then dropped, the subpoena. While we don’t know, we can make some guesses. The FBI has been raked over the coals for not following up on leads, like the people training to fly jets, and not interested in learning to land them. Oops! So now, they follow up on every lead, however silly. (As Kerr pointed out last week, the FBI has opened 11,617 fewer violent fugitive cases were opened in 2003 than in 2000— those agents have been moved to counter-terror.) The agent in this case was probably well aware that he was chasing smoke, and that it was perfectly likely that the person who wrote in the book did so without checking it out of the library. But a form of bureaucratic CYA has been engaged in–by issuing a subpoena and then not fighting for it, should this turn out to be connected with an actual future terrorist, the FBI is perfectly positioned to say that they tried and were blocked by the courts. If its nothing, then we of the bloggosphere have just wasted a lot of electrons on it.

Virginia Misses Point, Over-reacts

In response to 9 hijackers getting fraudulently issued ID cards from the state DMV, Virginia is considering issuing harder-to-fake ID cards that will broadcast your identity.

As long as the value of an id card keeps going up, the reward for breaking the system will go up as well. If you want to rely on a card for something important, make it single use to prevent the alternate uses from driving fraud.

Newer, smarter, id cards that are checked in more places will simply lead to more issuance fraud, which is what Virginia is trying to address in the first place.