Re: [Hackmeeting] seminari

このメッセージを削除

このメッセージに返信
著者: Jaromil
日付:  
To: hackmeeting
題目: Re: [Hackmeeting] seminari

re all,

a Cosenza sto arrivando assieme ad un hackerone interessante e da
conoscere di nome Anatole, non e' di quelli famosi ed appunto per quello
e' uno che ne sa di piu' :^)

Anatole propone due seminari uno piu' geek e l'altro piu' fisico, tutti
e due in inglese dato che lui viene dagli IU ES EI

qui sotto pasto la descrizione di quello geek, se vogliamo proprio ne
posso fare un sunto in italiano, ma dato che il talk e' lo stesso in
inglese, chissene (?).... quello fisico e' su "Body awareness for
information operators" e richiede una stanza dove buttarsi in terra in
stile yoga, dato che si fanno esercizi per correggere posture e difetti
dati dallo stare al computer... poi non so se ci sono persone che magari
se ne intendono anche e vogliamo combinarlo assieme. oppure decidiamo
che non ci interessa.

in seguito a questa mail propongo anch'io un seminario magari su
JAROMAIL che se ce la faccio a mettere il supporto per mixmaster diventa
interessante ;^) cmq ora di sotto la desc di Anatole



Embracing the invisible: Observability and the end of computer security


It has long been said that computer security is a game of perpetual
catch-up to the natural advantage of the attacker. Analogies are often
drawn to other attacker-defender paradigms, in which the attacker has a
virtually infinite number of free attempts to make, while the defender
cannot fail once. But these analogies fail to take into account one of
the particulars of computing — namely that computers are not directly
observable.

The monitor of early computers narrated the literal state of the system
to the human eye. It was not an output medium controlled by some
subsystem of the total, but a tap directly into the nervous system of
the processor. Qualitatively, the display was more esoteric than what we
appreciate today on a so-called monitor, and it appealed less to our
human instincts and adaptations — but it could nonetheless be
comprehended, and more importantly it was unmediated. Now complexity has
exploded, and we can no longer monitor in this way. The gap between the
digital state of a computer system, and what we as humans can observe of
it, has become a chasm.

When we begin to connect computers with networks, this non-observability
moves from a theoretical curiosity to a practical conundrum. A network
of computers is now one in which they reprogram one another constantly.
A network spanning individuals of all stripes is one in which computers
carry out the instructions of unknown people. This is now an inherent
part of the meaning of our Internet.

We can no longer state with confidence what our computers contain, what
they have done, are doing, or will do. We still think of computers as
deterministic machines that only follow instructions, but if they cannot
be directly observed, we cannot know what instructions those are. We can
thus redefine the computer-security "attacker" as the party which
embraces the very nature of the system, while the "defender" seeks to
limit the behavior of the system in order to carry out "jobs" as defined
in the pre-network era. The current defender strategy is failing
dramatically to resolve this duality.

A new paradigm for information systems is needed. Today's functional
demands must be made satisfiable under the network-anarchy which is
coming suddenly into full bloom. But a cyber-utopia will not emerge from
perfecting our control over computers — as we can never observe the
quality of our results, and the development of control technologies is
bolstering an oppressive security state. The new paradigm must not
merely transcend uncertainty, but embrace and support the whole domain
of unbridled information-interaction, so that we might discover its
actual value.

We will consider the differences between computer and biological
programs, draw parallels between our personal electronic devices and our
physical bodies, consider the nature of experience and the observability
of the human body itself, and attempt to paint a picture of a less
certain, more observable future in information systems.