“(…) scientific and technical work routinely implicates politics. (…) Technological ideas and technological things are not politically neutral: routinely, they have strong, built-in tendencies.”
Isn’t it fascinating that even when we think we’ve escaped things like “politics”, “power struggles”, we haven’t really? The reason I liked science for so long, the reason I wanted to bury my face and head in it, was so I didn’t have to deal with the very imperfect human world that is shaped and pushed back and forth by human vice: pride, greed, envy to pure destructive desires. Imagine my surprise when I discovered, heck, these bad things are everywhere. Even in the idealist and vice-fighter myself!
Not only are these found in all humans, they can also permeate everything we do, be it science, technology or philosophy. That was a sad realization for me, really.
From my earliest days I had a passion for science. But science, the exercise of the supreme power of the human intellect, was always linked in my mind with benefit to people. I saw science as being in harmony with humanity. I did not imagine that the second half of my life would be spent on efforts to avert a mortal danger to humanity created by science. (Rotblat, Nobel Peace Prize speech)
As I conclude with this argument, I want to get back to the first quote of “strong, built-in tendencies”. It is theses tendencies we have, that we transmit to our inventions, our ideologies, our thoughts, our actions. Even our science and technology. It convinces me more and more. We have a great affect on the things we do as broken people.
It convinces me in a way, though this might be somewhat of a leap, of the nature of science and technological advances: a nature that is not objective, but highly subjective and with dubious intentions behind it.
Anyways, the main reason I started even talking about this is because of a paper I had to read. Funny story about my encounter with this paper: I saved it in my to-read list during IAP/winter holiday (it was sent out to my school’s CS lab mailing list). As life got busy I did not manage to read it. Then as I take two classes this semester, they both require me to read this paper. Of course, it was a win-win moment for me 😀
The paper I’m quoting is this fascinating one from Phillip Rogaway: The Moral Character of Cryptographic Work. You can find the link for it here.
More about the paper: It has some great advice on how as a cryptographer one should view his work. Less of being only interested in the technical work and more awareness in the ethics and effects your work has. Which is a great lessor for all of us.
In my Systems Class we’re currently discussing security in relation to system design. When we build reliable systems, we build them in the face of “more-or-less random”, “more-or-less independent” failures and sometimes-unpredictable targeted attacks from adversaries. Adversaries can do many things:
- phishin attacks
- worms, viruses
- personal stolen information
Computer security is different from general security mostly because of the Internet. The rise of the Internet has also brought with itself challenges regarding security. The Internet is cheap, fast and widely-available (relatively speaking), which makes for fast, cheap, scalable attacks on our system. The number of adversaries in the Internet is also huge: almost anyone can be an adversary. The fact that in the Internet you can’t tell a dog apart from a person, also doesn’t help: anonymity of adversaries gives them more leeway to challenge and attack computer systems. Attacks toward computers can also be automated. Another difference in computer security is the potential of an adversary’s resources (botnets). Finally, users have generally poor intuition about protecting themselves, which makes them easy targets of phishing and other forms of attacks, that in the end put an entire system in danger.
Aside from the difficulties as mentioned above – as if they weren’t enough, – it’s just difficult to think about every possible attack scenario, or possible threats facing computers. Achieving that is considered “negative goal”. A negative goal is for example when you say “x can not do something y.” in contrast to a positive goal where you would say “x can do y.” In the positive goal case you can easily check is the goal is met. Not so in the second one.
Another fatality when it comes to securing your system, is well the fact that even one small failure due to an attack can be enough to corrupt the system. However, even knowing failures does not say much about the nature of the attack at times. As a result, a complete security solution does not exist. What we do instead is model systems in the context of security, and assess common risks/attacks.
To create a security model we basically need two things: the goals (or policy) and the assumptions (or threat model). The goals may include privacy (limitation to who can read data), integrity (limitations on who can write data) and availability (ensuring that the service keeps operating). Assumptions, or threat model include plausible assumptions of what we’re protecting against: adversary with unlimited computing power, or adversary with limited computing power. Compromising happens when systems do not have a complete threat model or unrealistic threat model (like assuming the attack comes from an outsider only — it’s not true, sometimes the attack can come from an insider too).
We now consider an example of a security model called the guard model. We think back to client/server models. In client/server model the client makes a request to access some resource on the server. However, there is reason to worry about the security of the server. We would like to secure the resource that is being stored in the server. To attempt to do this, the server needs to check all accesses to the resource (this is called complete mediation). The server, thus puts a guard in place to mediate every request for access.
The guard provides:
- authentication: verifies the identity of the principal, for example checks the client’s username and password
- authorization: verifies whether the principle has access to perform its request on the resource, for example by consulting an access control list for a particular resource.
The guard model applies to lots of places, not just client/server.
Examples (copyright to lecture notes from 6.033):
- UNIX file system:
- client: a process
- server: OS kernel
- resource: file, directories
- client’s requests: read(), write() system calls
- mediation: U/K bit and the system call implementation
- principal: user ID
- authentication: kernel keeps track of a user ID for each process
- authorization: permission bits & owener UID in each file’s inode
- Web server running on UNIX:
- client: HTTP-speaking computer
- server: web application
- resource: wiki pages (?)
- requests: read/write wiki pages
- mediation: server stores data on local dist, accepts only HTTP requests
- principal: username
- authorization: list of usernames that can read/write each wiki
- Firewall = a system that acts as a barrier between a presumbly secure, internal network and the outsde world. It keeps untrusted computers from accessing the network.
- client: any computer sending packets
- server: the entire internal network
- resource: internal servers
- requests: packets
- internal network must not be connected to Internet in other ways
- no open wifi access point on internal network for adversary to use
- no internal computers that might be under control of adversary
- principal: none
- authentication: none
- authorization: check for IP address & port in table of allowed connections
What can possibly go wrong?
- Complete mediation can be bypassed due to software bugs or an adversary
- how to prevent this? can reduce complexity (the area to cover with the guard)
- The principle of least-privilege which limits the privileged or trusted components
- Policy vs. mechanism: high level policy is ideal, clear and concise. Security mechanisms (like for example, guards) provide lower-level guarantees.
- Users make mistakes!!!
- Users may be unwilling to pay cost of security mechanism.
The video on empathy and sympathy: https://www.youtube.com/watch?v=1Evwgu369Jw
A post intended to be changed with time:
- Time of White Horses – Ibrahim Nasrullah
- This is how you lose her – Junot Diaz
- Master and Margerita – Mikhail Bulgakov
- The Scarlet Letter – Nathaniel Hawthorne
- How to kill a mockingbird
- Mein Kampf – Adolf Hitler
- The Name of the Rose – Umberto Ecco
- The Garlic Ballads – Mo Yan (China)
- Almost transparent Blue – Ryu Mukarami
- A doll’s house – Henrik Ibsen
- My name is Red – Orhan Pamuk
- Children of Gebelawi
- The House of the Spirits – Isabel Allende
- Fahrenheit 451
- The Last Lecture – Randy Pausch
- A fine balance
- Four Loves – C.S. Lewis
- Brothers Karamazov – Dostoevsky
- Siddharta – Herman Hesse
- The Prophet – Khalil Gibran
- Don Quixote – Cervantes
- The Great Divorce – C.S.Lewis
- The problem of Pain – C.S.Lewis
Foreign language reading
It’s been about 4 years since I last wrote in this blog. I’ve been very busy for the duration of those 4 years: doing life, doing school, sometimes, even doing nothing. I’m sort of back now though, a very changed Erjona. So much has happened, dear friend. So much has changed.
However, I’m happy and the change is not something I see as bad at all! I’ve found new meanings, new thrills, new loves. Most importantly, my whole world-view has changed. Now the sun under which I see the world, is very different and very unexpected. I’ll keep talking cryptic for a while unfortunately, but hopefully the coming posts should give a good idea about what’s been happening so far 🙂
Spoiler alert: I’ve found something that makes me more excited than anything else. Something that has stolen my heart and has shifted my perspective in an amazing, thorough way. My heart has been stolen by the one I’ve been looking for my entire life. The one I loved long time ago as a child, the one I trust and believe in again now.
This is my first time taking a stab at writing a poetry in Spanish, so here it goes (it’s an assignment for a class):
Vienes en mi pecho, como un traicionero
Sé que no eres bueno para mí
Pero quizás es mi maldito destino ser junto a ti
País, país, país, país ridículo
No, ridículo es el amor que siento por ti
Ridículo es que no puedo olvidar
Ridículo es que no puedes alcanzar
Mentiras, ya te he olvidado tantas veces
Mentiras, son lo que me enseñaron de ti
No, no todo fue mentira, no
pero aun así
Ya no sé qué hacer por ti
Ya no sé cómo debería amar-a-ti
Ya no sé si debería preocuparme de ti
Pero, qué hay de mí?
Si no hay amor
Si no hay amor siquiera por ti?
Y si entregase mi cuerpo para ser quemado,
Que hay de mi si no hay amor por ti?
Y que hay de ti, si matas el amor de tus colibrís
Que hay de ti, si niegas el amor del unico salvador,
Que hay de ti?
“Dichosos son los que lloran
Porque serán consolados”