*smooch* (ldy) wrote,

  • Mood:
  • Music:

Episode 47: In which Ldy babbles incoherently about ubiquitous computing & critical command systems

Ubiquitous computing is a subject that's interested me since the mid 90s. Is the third paradigm finally here?


Many might argue that it already is-- but the changes they're hinting at stand to take UC to another level entirely.

It's kinda funny-- the same issues that Mark Weiser brought up in his presentation at Nomadic in 1996 are the same ones we struggle with now-- namely, the availability of secure reliable public access points (complete with secure servers and packet encryption). It seems that the majority of people who really "get" the concept of nomadic security are the nomads, and the systems themselves are increasingly found in the hands of people who don't know how to secure them.

Once you initiate contact with another computer, there ain't no such thing as foolproof security. And there ain't no such thing as a virus-proof system, either. Like physical viruses, computer viruses proliferate more quickly in those areas in which there is a lot of intimate contact. I can't wait to see what happens with this. If Intel jumps the gun (as they very well may-- see "P4"), we could be in for spectacular trainwreck of epic proportion, or we could discover some illuminating things about systems and architecture in a very short time. Perhaps both. This type of ubiquitous computing is almost viral in its very nature, and Bluetooth, especially, seems to have security issues that reach right down through its architecture into its foundation; issues that go wellbeyond the those that are inherent to all wireless systems.

On a semi-related topic, did you know that major security and automation systems for everything from nuclear reactors to cheese manufacturing are becoming increasingly windows-based? I got to talking with a relative of mine who works in the industry, and he assures me it's true. "Nobody talks about alternate plaforms or open source," he says. Now, if cash machines can get worms, so can these things. Heck, a nuke plant in Ohio, on a supposedly-isolated network, got hit with the Slammer worm last August.

Why Windows? And XP of all things? In my opinion, the drop in cost alone is not enough to warrant the decline in security. Somebody's getting some bucks from this, mark my words. Once upon a time, these large critical systems were run off of proprietary operating systems. My concern is not so much running control systems off windows per se-- but more the homogenisation of these critical systems. Diversity is what makes systems healthy and vibrant. Homogenisation leads to weakness and vulnerability. This seems to hold true for all macro systems, whether related to technology, to finance, or to life itself.

XP is the ultimate representation of homogenisation. Not only is it becoming the most ubiquitous platform, but it is also, in some ways, one of the most vulnerable, in many ways because of its popularity. It was Windows XP's RPC DCOM vulnerability that allowed the Nachi worm to infect those Diebold ATMs, and a windows SQL database vulnerability that allowed for the existence of Slammer in a nuke control center. The fact that systems had the same infrastructure as popular computers made them vulnerable to exploits that were not developed for them, specifically.

The other issue is control of these systems. It's possible to ensure that data streams traveling to critical control systems (or other systems, really) are read-only and well-encrypted. But do the people in charge of these systems actually ensure that this happens? Do they even keep their operating systems patched and hotfixed daily? Weekly? Monthly? At all? Security systems are only as strong as their weakest point, and it bothers me that many of these weakest points sit on their MCSE certifications instead of proactively keeping abreast of things. Of course, there are a lot of talented, knowledgeable people out there, and many of the issues relate neither to the knowledge level or competency of the people running the systems-- but it'd be nice if competency weren't an issue at all. Since the people hiring the technical experts are increasingly of non-technical backgrounds themselves, suggesting that they will have to rely on certifications and may ignore the hidden costs of saving money on knowledge workers, I grow a little wary.

Mind you, I'm no expert-- more certifiable than certified. So take what I say with a grain or ten of salt. Hell, take the whole damned shaker!

Blah, blah, blah. I'm guessing about 2% of you read this far. Someday, someone will pay me to complain about these things. Until that day, I'll just be content with making my friends eyes glaze over :)

In other news, ze Poet gets his divorce today (hooray!), boys are dumb (boo!), and seafarers often have the best memories about the worst weather (yarr.).

Just for a moment I was back at school and felt that old familiar pain. And as I turned to make my way back home the snow turned into rain.

And now, for something competely different.


  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment