Modern Pensées

Reconsidering theology, philosophy, culture, economics, and politics

Best Links of the Week

with 2 comments

YMCA Re-Brands Themselves as Merely "The Y"

The YMCA is re-branding themselves as “The Y.”  First Things chimes in here.  Your thoughts?

Free Year of Amazon Prime for College Students

Apparently, some birds can see magnetic fields.

The Economist has an interesting piece on where the blogosphere is going.

How several athletes went broke:  No financial education + addiction(s) = tons of blown cash.

Some interesting chicanery going on in the Gold Market.

A new assessment of oil reserves estimates that Venezuala’s reserves may be double that of Saudi Arabia.

The fastest growing STD population are “Viagra-popping Senior [Citizens].”  Gross.

Microsoft gives the successor to the KGB the source code to Windows 7.  Can someone explain why they would do this?

Obamacare starting to dole out federal dollars for abortion.

Pretty incredible wall-mation (HT: Cardiphonia):

Advertisements

2 Responses

Subscribe to comments with RSS.

  1. Re: Windows 7 and the Russians

    This is a massively complicated set of questions. Let’s ignore political questions like: Does the Russian government want to keep state secrets in a proprietary digital format on a proprietary operating system owned by an American company? Let’s also ignore economic questions like: Does a listless multi-billion dollar company want to potentially lose a huge customer such as the entire Russian government and deal with the PR fallout of such an embarrassing snub?

    Instead, let’s focus on computer security. We still end up with some fundamentally challenging conceptual problems. Perhaps the biggest of these is: What level of security is gained by keeping source code private and simply selling binaries? To a non-technical layperson, this question may seem stupid. If it’s secret, why wouldn’t it be more secure? In reality, there are strong arguments against keeping source code secret for security sensitive systems. (In fact, vanishingly few computer security experts would recommend using a cryptography product that hasn’t released its source code publicly…) For an excellent, readable introduction to this topic I recommend reading the Wikipedia page on Security through Obscurity.

    One of the comments on the original article touches on additional challenging computer security problems presented in this scenario. Look for the comment by ‘maddoghall,’ who may well be the very well known Linux advocate Jon “maddog” Hall. He’s probably right that fundamentally the real reason this would happen is to appease some random bureaucrat, but he raises some good technical points too. In particular, his second point is incredibly important. The UNIX exploit he’s referring to is called “Reflections on Trusting Trust,” which also has a good Wikipedia entry.

    Basically, the exploit here is that source code is written in a computer language that has to be interpreted (i.e. compiled into a binary that can be executed on a particular machine). This interpretation itself is a potential source for introducing computer security threats. It’s not really any different than using a pre-determined codeword over the phone to communicate to a friend whether or not your date is going well. To your date, the word is innocuous. To your friend it means, “get me out of here!” How could the Russians know that the source code really means what it says on the surface?

    I suppose my comment is really just a long way of saying that your question, while reasonable and seemingly answerable, is actually an extremely difficult, rich area (or areas, depending on how academic you want to be about it…) of research in computer security. Also, don’t forget the the political and economic questions we started out ignoring… :-)

    Aaron Massey

    July 15, 2010 at 5:40 pm

  2. Something else to consider: Microsoft Employee Linked to Russian Spy Ring

    This is a generality and there are many important exceptions, but in general employees of proprietary software companies are trusted by their employers. In open source software development, it’s easier to distrust a code contribution by someone unknown to the community.

    Aaron Massey

    July 16, 2010 at 3:13 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: