If you read the wrong books or the wrong articles, some will claim that IPv6 has improved security over IPv4. While this may be true in an extremely limited sense, for practical purposes there is no difference. The only way in which IPv6 is really more secure that IPv4 is that one cannot easily port scan a subnet. In some other ways, IPv4 might be more secure than certain implementations of IPv6, where the EUI-64 address is used as the lower 64 bits of the IP address, and thus enabling violation of privacy (e.g., tracking). The most absurd statement I just recently read was that NAT causes Spam. Where do these people get this stuff???
Let’s Get Simple
In the summer of 2004 I gave an invited talk at the USENIX Technical Symposium entitled “How Do I Manage All Of This?” It was a plea to the academics that they ease off of new features and figure out how to manage old ones. Just about anything can be managed if you spend enough time. But if you have enough of those things you won’t have enough time. It’s a simple care and feeding argument. When you have enough pets you need to be efficient about both. Computers, applications, and people all require care and feeding. The more care and feeding, the more chance for a mistake. And that mistake can be costly. According to one Yankee Group study in 2003, between thirty and fifty percent of all outages are due to configuration errors. When asked by a reporter what I believed the answer was to dealing with complexity in the network, I replyed simply, “Don’t introduce complexity in the first place.”
It’s always fun to play with new toys. New toys sometimes require new network features. And sometimes those features are worth it. For instance, the ability to consolidate voice over data has brought a reduction in the amount of required physical infrastructure. The introduction of wireless has meant an even more drastic reduction. In those two cases, additional configuration complexity was likely warranted. In particular you’d want to have some limited amount of quality-of-service capability in your network.
Franciscan friar William of Ockham first articulated a principle in the 14th century that all other things being equal, the simplest solution is the best. We balance that principle with a quote from Einstein who said, “Everything should be made as simple as possible, but not simpler.” Over the next year I will attempt to highlight examples of where we have violated both of these statements, because they become visible in the public press.
Until then, ask yourself this: what functionality is running on your computer right now that you neither need nor want? That very same functionality is a potential vulnerability. And what tools reduce complexity? For instance, here is some netstat output:
% netstat -an|more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:2544 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:817 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:32768 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp 0 0 0.0.0.0:69 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:631 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 :::32769 :::* udp 0 0 fe80::219:dbff:fe31:123 :::* udp 0 0 ::1:123 :::* udp 0 0 :::123 :::*
It’s difficult for an expert all of this stuff. Heaven help all of us who aren’t experts. So what do we do? We end up running more programs to identify what we were running. In other words? That’s right. Additional complexity. What would have happened if we simply had the name of the program output with that line? This is what lsof does, and why it is an example of reducing complexity through innovation. Here’s a sample:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 3837 root 5u IPv4 10622 TCP *:pop3 (LISTEN) xinetd 3837 root 8u IPv4 10623 TCP *:pop3s (LISTEN) xinetd 3837 root 9u IPv4 10624 UDP *:tftp named 3943 named 20u IPv4 10695 UDP localhost:domain named 3943 named 21u IPv4 10696 TCP localhost:domain (LISTEN) named 3943 named 24u IPv4 10699 UDP *:filenet-tms named 3943 named 25u IPv6 10700 UDP *:filenet-rpc named 3943 named 26u IPv4 10701 TCP localhost:953 (LISTEN) named 3943 named 27u IPv6 10702 TCP localhost:953 (LISTEN) ntpd 4026 ntp 16u IPv4 10928 UDP *:ntp ntpd 4026 ntp 17u IPv6 10929 UDP *:ntp ntpd 4026 ntp 18u IPv6 10930 UDP localhost:ntp
Voting Machines: Thank Heavens for Academia
Often times it is said that the purpose of academic research is to seek the truth, no matter where it leads. The purpose of industry representatives is often to obscure the truths they do not like. Such apparently was the case at a recent hearing of the Texas House of Representatives’ Committee on Elections. These are the guys who are nominally supposed to ensure that each citizen of Texas gets an opportunity to vote, and that his or her vote is counted. The committee provides oversight and legislation for electronic voting.
How secure is your electronic vote, compared to a paper ballet? Can you have an electronic hanging chad? A group of researchers have spent a fair amount of time answering that very question. Drs Ed Felton & Dan Wallach, as well as others, have looked at numerous different voting systems, and found all sorts of little problems. For instance, some voting machines are susceptible to virii, and if they get it they can give it to their peers. That’s not a problem, according to the manufacturers’ spokesmen. But who are we to believe? An academician whose purpose is to advance the state of the art and find truths, or a spokesman, whose purpose is to obscure them?
There are mistakes made in many, if not all elections and surveys. Here are just a few questions:
- What is an acceptable rate of error? As 2000 demonstrated, even a hand count of paper ballots can have problem.
- Rather than prevaricate, why shouldn’t the vendors of these voting machines fix the problems that have been reported?
- What sort of regulations are appropriate? The spokesmen all but demanded a common standard in as much as they complained that there was none.
Conveniently Dr. Wallach has an answer to that last question. His testimony recommends just that.
For what it’s worth, as an expatriate I do not expect to use a voting machine for quite some time, but rather a paper ballot.
Bon Voyage and Happy Hunting
There are those who think, “Oh cool, Eclipse. Let’s all party and watch the {sun|moon} disappear for a few minutes.” And then there are those who are serious about it. While we all were celebrating the 4th of July (wherever we were), several friends of mine were busy getting themselves and a lot of provisions onto a plane to China in order to observe the upcoming solar eclipse in the eastern part of that country. This is not the first eclipse for which they’ve traveled far and wide. Two years ago March there was another solar eclipse in Southern Libya. Do you what is in Southern Libya? Sand. Not much else. That wasn’t the craziest place to travel. In 2003, there was an eclipse over Antarctica. Now the thing about Antarctica is that it’s not an easy place to stay. And so what they did was charter a Boeing 747-400 from Quantas and flew it through the path of totality as fast as they could without the equipment being disturbed.
Why all the fuss? What is so special about a lack of sun for a few minutes? In the case of one of my friends, the answer lies in what’s near the sun. He has devoted considerable effort to attempting to prove that volcanoid asteroids exist. These little things come so close to the sun that on any normal day state of the art optics are unable to see them because of the sun’s rays. And so, with the light turned off for a few minutes, one can scan the surrounds.
But if you thought this would be a purely scientific or humorous article, tough. My friend brought with him a considerable amount of equipment with which to visualize the astroids, and some of it isn’t cheap, and some of it is custom made metal. Knowing this, he went to the Department of Homeland Security to find out how to go about getting the equipment from here to China. It took a Congresswoman to get DHS to meet with him in the first place, and then they provided him absolutely no guidance, saying that if the screener on duty (someone who is probably paid only a bit above minimum wage) decides an object doesn’t get on a plane, it doesn’t get on a plane. There is no way to pre-clear anything. And so he was told to ship the object through a known shipper.
The U.S. does recognize a distinction between known shippers and just the average Joe. This is one of many circumstances where a positive reputation is required to get something done. Now unless you’re going to buy your own airplane or cargo ship, you are going to use a shipper fo some sort, so why not use a known one? Well, the story doesn’t end there. In the passing the buck, each shipper is looking to limit their liability and hence want to know exactly who and what they are dealing with. If you are an published astronomer as my friend is, you must put an extraordinary amount of effort into seeing that your goods arrive intact.
Personally, as someone who has had belongings stolen due to DHS policies I find all of this a bit rich. If a baggage handler can rip off my stuff out of my bag and get it out of the airport, what’s to stop them from putting stuff in?
Think about it.
Anyway, I wish my friends on their trip happy hunting for objects that are extremely elusive, to the point where they might not actually exist.
The CIA’s torture teachers: Communist China
Continuing our theme from Independence Day, let’s talk about freedoms and rights. For those such as Alan Dershowitz who advocate such things as torture warrants, or for simple apologists for the Bush administration’s shameful behavior, now comes this little ditty from the New York Times about how the CIA took a crash course in rough interregation techniques for Guantanamo Bay just after the Towers came down. What they probably didn’t know was that the material was derived from a 1957 Chinese training manual that an airforce psychologist discredited as generating false confessions. Of course, even if the method did work, we now know who this administration turns to for guidance: a discredited regime used by a form of government we despised. This brings me to a point that I’ve always believed: fasism, communism, whatever: each can be used to subjugate citizens in just the same manner. It’s just a slightly different rationale. Yes, that says that it can and has happened in the United States, and it goes back to what Benjamin Franklin said: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. We’ve already seen that U.S. Senator Kit Bond was a perfect example. Of course, Franklin was defending against a different King George.
With our King George and in this case, we have to worry about what moral authority we have lost. Those Americans who happen to be abroad and in the wrong place and the wrong time will be the sorry beneficiaries of this president’s legacy.