Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
User Journal

Journal Journal: Every so often, I consider giving up on Slashdot entirely 4

Sometimes I love Slashdot.

And sometimes, I read some horrible festival of unrepentant sexism, in which I can count on my fingers the comments that aren't offensive and blind to history.

I'm reminded of a critic's comment about Nietzche's frequent sexist rants in his books, that just when he seemed to believe he was bravely challenging the orthodoxy of the day, was when he was most emphatically affirming the orthodox notions of gender.

User Journal

Journal Journal: I worry about the principle of least privilege and default-deny 4

I'm currently taking a course on network security; the class is, in itself, inane, but it does contribute to my continuing to think about information security over a period of time. It seems to me that issues in information security bring to a head issues that concern me about the social impact of computer and network technology in general.

It's hard to miss that there is a conservative bias in thinking about security -- conservative in more than one sense. There's the obvious political bias, with the prevailing law-and-order rhetoric and exaggerated concern about "terrorists". And there's the approach to computers and networking as problems to bring under control, not as opportunities; creativity is regarded as a threat, sharing as a vulnerability. That both these senses are in play is, I think, no coincidence, but I've been trying to find a succinct way to describe the link.

I was reading a discussion of auditing, which went into checking whether users have appropriate privileges, and reminded us of the principle of least privilege, in which a user or process should be granted no more than the absolute minimum level of privilege needed to perform their assigned tasks. And I thought of the concept of "default-deny", as in one should close all ports by default and only open them as needed.

Here it clicked. The principle of political liberty is "default-accept" -- you don't need permission to do as you will, except in specifically enumerated circumstances. An egalitarian society is a societ of equality of privileges. The model of secure computing is completely at odds with the model of a liberated, egalitarian society.

This should give you pause if you think of Lawrence Lessig's argument in Code 2.0, that software code becomes a form of social legislation, and we need to consider who is writing the code and what its effects will be. And consider the inverse of Conway's Law: if the structure of a computer system reflects the structure of the organization that created it, couldn't the structure of a society shift to reflect the structure of a computer system used throughout that society?

It's seemed to me for some time that much of the structure of Linux and Unix is intrinsically hierarchical and authoritarian: all filesystems are mounted to the root filesystem; all users are subordinate to the root user, with their limited privileges a subset of root's privileges, assigned by root. It's like the Great Chain of Being.

My sense is that the assumption of much of the free software community is that the implicit contradiction between the liberatory project of free software and the authoritarian model of Linux and Unix is that each person gets to be the system administrator of their own computer. But that runs into the classic mistake of hyper-individualist libertarianism, in ignoring the fundamental social character of human existence. Not everyone has the time, energy, or inclination to master their own machines, and even if they did, those machines are bound together in a global computer network. And I forgot to mention: there's the root of the DNS hierarchy, modelled on the Unix file system model.

Obviously, there are real reasons to limit what users can do on a system. If I run a Web server on my desktop computer, I still don't want other people to have access to my bank account. I would rather my nine-year-old talked to me before installing new applications. And so on.

I wonder if we could find a new and better paradigm for operating systems, which matched egalatarian ideals and the project of human liberation implicit in the free software project.

Slashdot Top Deals

"We Americans, we're a simple people... but piss us off, and we'll bomb your cities." -- Robin Williams, _Good Morning Vietnam_