Misunderstanding Computers

Why do we insist on seeing the computer as a magic box for controlling other people?
Why do we want so much to control others when we won't control ourselves?

Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
コンピュータの記憶というものはただ改良した紙ですし、CPU 何て特長ある筆に特殊の消しゴムがついたものにすぎないし、ネットワークそのものは裏庭の塀が少し拡大されたものぐらいです。

(original post/元の投稿 -- defining computers site/コンピュータを定義しようのサイト)

Friday, December 2, 2016

What Is Computer Security? (Short Version)

The detailed version of this, where I plan to talk about different kinds of complexity and intransigent (NP-complete) problems and such has gotten side-tracked and mired in details.

There's a bit of irony there.

But "cybersecurity" and similar nonsense is getting bandied about in the information stream again, so I'm thinking I should try writing the short version anyway.

That means I make a bunch of assertions and fail to back them up. And leave out a bunch of references to automata and algebrae and ideal machines, etc. And, at the end, I really can't make certain of the strong arguments here.

But things need to be said, even if only ten or twenty people out of the billions in the world will ever read this rant.

First, something I use as a siggie when I post from my tablet:

(I've done the first part of this rant before.)

A CPU is just a fancy pen.

Computer memory is just fancy paper.

The network is just a fancy backyard fence.

What's fancy about the paper? 

It can be erased and written over and over, very quickly.

It has a built-in structure, so that the pen can (must) specify where it reads and writes.

It has a regular granularity, too, but I'll skip talking about that here. It isn't unimportant, but I don't have simple ways to talk about that today. And there is plenty to talk about without it.

Now, when we talk about computer memory in this way, we include the high-speed RAM, hard disks, flash and other non-volatile semiconductor storage (USB drives, SD, etc.), and such.

In the extreme, a printer that can scan what it printed can be used as a kind of memory.

And here's another hard-to-understand bit -- the network is, in a sense, a storage device. But it is different enough that we need to treat it someone somewhat separately.

What's fancy about the pen?

It can read as well as write.

It can't understand much about what it reads and writes, but it can read.

It can perform simple arithmetic between reading and writing.

Some people don't understand that the logic that CPUs perform is actually a simpler kind of arithmetic than even addition, subtraction, multiplication, division, and copying, but it is. Reading an address and using that address to access a specific part of memory is also not, I repeat, not hard math.

Everything a computer does is built on simple arithmetic.

Which leads to one more thing. A computer can read a list of pre-defined simple mathematical operations off of that fancy paper and perform that list. It can follow a list of simple instructions.

Haven't you always, secretly, wished you could find someone who would do exactly what you told them and nothing more, nothing less, and not complain?

Heh. When we start programming computers, there's a certain thrill in finding that computers follow the instructions we give them blindly and exactly. And then we discover that we often (usually?) don't really understand the instructions we are giving them until the computer has complained at us at length.

And until we and the computer have wasted a lot of time and other resources doing what we said instead of what we meant. And then we get our backs up. "Who gave this stupid computer permission to talk back?" And we get stubborn. And proud.

Hubris was once considered a necessary attribute in computer programmers.

Bill Gates demonstrates quite a bit of hubris.

Steve Jobs sometimes demonstrated hubris, but he moderated his megalomania with a sense of what the limits of technology were, and with a sense of the limits of general human ability to make good use of the technology at the time.

What's fancy about the backyard fence?

Somebody used to say that the Internet was just a fancy telephone directory. I think I even said that a few times.

There is part of the Internet that is, in fact, very similar to a telephone directory, and web sites can look very much like extended function advertisements in telephone directories, but there's more to the Internet than just that.

It's fun to talk to our neighbor across the backyard fence. It can also be useful. And sometimes several of your neighbors can gather at the fence.

Networks can be big. The Internet is really big. Lots of people can get together and talk.

And you can use things like "social networking" to select just a part of the big neighborhood to talk to.

(The telephone directories, yes, they are the basis of the social networking organizations. I'm giving a lot of control to my life to Google by using their products. LinkedIn is a little more up front about this and a lot less reaching, but then they let Google do a lot of the reaching for them.)

In addition to the directory, the Internet is composed of billions of host machines. The concept that each computing device attached to the Internet is actually a host has been watered down and swept under the rug by a whole host of interested parties who think they can't profit if they can't pipe everyone through their application. But without those hosts, there is nothing to put in the directories.

The Internet is often described as a highway. More accurately, it would be a large system of interconnected highways and byways and sometimes the local roads. (Oh, you take the highroad and I'll take the low road. ...) More correctly, the Internet is the set of rules by which traffic on the highways and the byways and the local roads gets routed. That includes a stripped-down directory service called the domain name system (DNS), which most users of the Internet only work with indirectly.

Access to the various hosts is at best only as reliable as the directory.

When we humans want to go somewhere, we use a higher-level directory for a variety of reasons. Mostly, we don't want to remain remember details like those complicated-looking URLs and URIs and IP addresses that the domain name system deals with.

Even the name of the DNS causes us to block. What is a domain and why should we be worried? (I should expand on that in this rant, (but I evidently didn't).)

So we rely on Google and Bing and Yahoo and (if you are a certain type of geek) Duck Duck Go, and so forth.

Bing. You do understand that Microsoft wants to get you to use Bing for everything without realizing you are using their search engine, exactly as Bill Gates and Co. wanted to get you to use Internet Explorer for everything without realizing you were using their universal browser?

And Google's end-play becomes more understandable, right?

The high-level web is at best only as reliable as the search engine we let guide us around it.

All of this talk about the "semantic web" is little more than a ruse to get us to let other people do the work we should be doing for ourselves (in finding meaning in things). Search engines are good, but we should not turn all our maps over to one or two or even just a few institutions, even if those institutions are privately held companies rather than government or para-governmental entities.

We have to take a certain amount of responsibility for what we do, or why even bother doing it? -- much less bother doing it right?

Security --

Computers are just fancy pens and paper and a fancy backyard fence ...

From here, lets use a different metaphor for the backyard fence.

Computers are just fancy pens and paper and a fancy bulletin board ...

Well, that metaphor is not quite complete, either. Highway system? Getting closer, but the metaphor gets more mixed than it was originally. Let's imagine a very large backyard fence with cats walking along the top, taking messages up and down the fence, and fancy bulletin board that can be copied from and to any particular place on the fence.

Getting closer, if your mind hasn't imploded.

Anybody who can get access to your pen can write anything on your paper. And read what has been written. Anyone who can get direct access to your paper doesn't need your pen.

And anyone who can get access to your piece of fence can write whatever they want on your phone book -- uhm -- directory.

That fence is a highway. Are you going to put your company safe out on the highway? Are you going to put your internal-use-only phone book out on the highway?

There are precisely two ways to protect your paper, including your directory.

One is to keep your computer away from the backyard fence, but then it can't access the neighborhood.

The other is to use encryption, but you have to use that correctly.

How does encryption help us stay somewhat secure?

If your paper is encrypted, and only you know the key to the encryption, what happens when someone else writes something on your paper?

It's not encrypted with your key.

If it's written on your paper and it's not encrypted with your key, you can guess you didn't write it. (Well, maybe you wrote it when you were too sleepy to use your key and encryption system.)

Now you know why the OS companies lately seem to be encouraging you to use encrypted file systems, whatever those are. This is what they are trying to help you deal with. Otherwise, you will rightly blame them for telling you the OS is secure when it isn't.

But someone sneaky could guess your key. Or they could find some way to watch you using it and copy it. (Think of the guy behind you at the ATM, watching you punch in your PIN out of the corner of his eye, as one example. Good thing your bank shuffles the keypad around, isn't it? Or did you not realize that was why they were doing that?)

This is why everyone has been telling you to make up "hard" passwords. Don't use easy-to-guess or easy-to-read-over-your-shoulder passwords, PINs, and so forth.

 Oh, wait. You don't encrypt that stuff. Encryption is hard work. You let your computer do all the work.

But if you computer does all the encryption for you, nothing is gained. It will also do the encryption for the neighbor who sneaks up to the fence while you aren't watching.

Even if you do it right, access with knowledge of the password you use allows the unauthorized neighbor the ability to write what he or she wants and read what he or she wants. (That's why you protect your password, right?)

There is also an implication about knowing where to read and write, but that is not as hard as we would wish. The CPU can help the nosy neighbor with that pretty much as easily as it can help us, the rightful owners of the data. (I'll have to rant about that in more detail sometime, too.)

Okay, now you are beginning to see how important passwords and PINs are. (PINs are short passwords that can't be made hard to guess. I've tried to discuss their use elsewhere in this blog, but the simple but incomplete explanation is this:
A PIN is what the bank has you use when it's okay for the bank to shut down access to your bank account on the third bad try.
So PINs are really just another kind of password, going the other direction from pass-phrases and cryptographic keys.

How can you avoid the problems of people guessing your password?

As I explained in the rant about PINs and passwords that I linked above, you make the passwords long and avoid memes and other things everyone (including you) talks about all day long. Or you let the computer generate long streams of nonsense.

How do you remember those?

You let the computer keep them in one of its notebooks -- your "wallet" or "database of tokens" or whatever. And, so that the sneaky guy can't use your database of tokens, you encrypt it and protect it with a master password, and your master pass phrase is long and something that you think about a lot but don't talk about much.

(Please don't write your master password on a sticky note and leave it in your physical wallet or somewhere on or in your desk. At least, not unencrypted, but that's back to the encryption problem.)

Have you heard about one-time-pads (OTP)?

These are kind of cool. A one-time-pad is a list of passwords or other such tokens for a specific use. Only you and the bank (or whoever the other guy is) have the list. (You don't keep it where people can read it, okay?)

And each time you use a password, you throw it away. The next time will be the next password. So even if the sneaky guys take a movie of you using one of the passwords, that password doesn't do them any good. You can't use it again and neither can they.

You can see that you want a computer to handle OTPs, right? That's computer is the that little device that looks like a calculator, that the bank wants you to start using.

The only problem is that the bank lets a third party build those. So it's not just the bank and you. That is a problem with the way things are done now.

What the banks should do instead is basically build the devices in-house and have your local branch program yours when you go to the branch to pick it up, but that is the subject for another rant.

Actually, one of the devices I want to build is a personal OTP/password manager. That is, I want to make a design that you could look at, and then you could build it yourself. It would look something like a calculator. In fact, it might include calculator functions. But it does not hook up to the Internet.

(Or, at least, the connections is physical-wire-only, and it reminds you to take it off-line after a minute on-line. But this option really isn't good, and I only mention it to help the non-tech salescrew who will want, oh, so very much, to have that "feature" to sell theirs with.)

It could generate a list of one-time-passwords that you encrypt and take to the bank. It could copy the list to a SD card, and the bank could provide a terminal for you to plug that SD card into, to make the bank's copy. Then you and the bank can be pretty sure that only you and the bank have a copy.

And, just to be sure, the bank erases the card for you after it makes the copy, and you plug the card back into your token manager and write noise where the list used to be. (Some SD cards won't let you really erase files permanently, so the device has to use special-purpose SD cards. Forget USB flash for this.)

The idea still has problems, but it separates your passcode management from the devices that are constantly on the Internet.

Uhmm, No.

You really can't make things perfectly secure. You can just try to make getting in harder than it's worth.

Real Security

This kind of security is hard. It's doubly hard to keep in it meaningful.

Constantly checking who is looking over your shoulder is not real security, so you really should not want to be doing this kind of thing too much.

Here is the basic key to real security:

Don't be valuable.

If you have to do or be something that other people think is valuable enough to steal or kill you for, give that value away as fast as you can.

Maybe you can find time to choose worthy recipients of the value. That is commendable. But, even when you can't find worthy recipients, don't wait. Give it away.

How can this be a good thing?


Oh!!! Horrors!!!

If you give away the value you create, others see you doing it and some of them decide to do the same thing, too. This eventually results in a world where the things people need are available. Who is going to be motivated to kill or steal when they don't have to?

It also changes your attitude, and that is the most important protection you can get. Real security is when you know that your most valuable asset is you, yourself, and you are busy putting that asset to good use for other people.

(I rant a little about this in my freedom is not free blog (for instance, here and there, too.), but I'm not the only one who can tell you about it. Look around. It may be where you least expect it.)

[JMR201612200823: Fixed a bunch of typos and added just a little to clarify a few points.]

No comments:

Post a Comment