1. A word is not the same as the thing it describes.

There is an old dictum in mysticism: Ipsum Nomen Res Ipsa -- "the name itself [is] the thing itself." This is a rule for hypnotizing oneself or others to change our perceptions of the universe to fit our ideas. This rule is the opposite of the rule of science, which is to change our ideas (theories) to fit our perceptions of the universe (observations).

Corollary 1a -- Lincoln's Law: Calling a tail a leg doesn't make it one.

The practical conclusion of the above rule is that we cannot alter reality simply by changing the names by which we refer to things. There are good reasons for changing names sometimes, specifically when we find that the old names do not accurately reflect observations. However, when we change names out of wishful thinking (calling a dog's tail a leg) we set ourselves up for delusion and disappointment.

Worse, when we assent to others' redefinition of the words that describe the world, we are effectively under their spell. Who is doing Black Magick upon you? (What does the word "waffle" make you think of?) Reality is ultimately reality-based, not faith-based, and the credibility gap is a tension between the two. When it snaps, people do get killed.

2. There's always the chance the guy is lying to you.

This insight is famously ascribed to David Hume, but outside of credulous Christendom it may simply never have been needed: Whenever someone tells you that a miracle (or other unlikely event) has occurred, consider the following. There is a probability M that a miracle actually has occurred. There is also a probability L that the person who is telling the tale is lying or simply mistaken. As long as L > M, we have no reason to believe in miracles, wild advertising claims, or other unlikely stories.

3. Popularity and correctness are not strongly correlated.

Corollary 3a: Ten million people could be wrong.

Sometimes ideas are useful, but unpopular -- either because few people have heard of them or been convinced of them yet, or because they have gone out of fashion.

Corollary 3b: They laughed at Gandhi, but they also laughed at Bozo the Clown.

Being original is not, in itself, any guarantee of being right. Likewise, the fact of being rejected is no assurance that you're on the right track. Sometimes, first they ignore you, then they laugh at you, then you figure out you're being a dork and quit it.

4. People who sound totally sure might just be trying to convince themselves.

If a person is absolutely insistent on some point, it may well be that he (or she) is working under the rule of mysticism rather than that of science: rather than trying to come up with statements that accurately describe the world, he is trying to convince himself that the world is how he wants it to be.

It's not always the case, though. Sometimes we find that in order to prevent harm, we need to do some magic or politics -- same thing -- even for ideas that we have discovered by science. Otherwise we end up with creationism in the public schools and pi being declared equal to 3 by legislative fiat. Sometimes we do have to insist that we're right and the other guy is wrong. But we have to offer evidence, not just assertion -- and we have to be careful (not certain, but careful) that we aren't letting our ideas run away with us.

I don't think apologies to Billy Ray Cyrus are really necessary, but ...

Achy Breaky DOCs

You can send me spam
Or just fill up my RAM
With ancient cheesy forwards in my box
But if you give a screw
'Bout what I read from you
You'd damn well never send me DOCs!

Just don't send me DOCs
Those Microsoft .DOCs
I just don't want 'em in my mail
And if you send me DOCs
Those goddamn Word file DOCs
I'll have to send my answer back in Braille.

Just send me text/plain
It really is a pain
To see eight megs of binary to say:
"Good morning, how are you?
I'm doing lovely too,
I really must be going now -- good day!"

Or send HTML
I think it's really swell
And I can read it up in Firefox
But, sir or madam, please
I'm beggin' on my knees
Just lay off the Microsoft .DOCs!

Yeah, don't send me DOCs
Pro-pri-e-tar-y DOCs
Not everyone sucks Billy Gates's wang
And if you send me DOCs
Those freakin' Word file DOCs
Ya better know I'll just delete the thang.

Look, send me EXEs
Sure, give me Sobig -- please!
It won't even faze my Unix box
But if what you need
Is to send me stuff I'll read
Then don't bother sending it with DOCs.

I live with a philosophy graduate student. It's contagious. Note, none of these are particularly meant to be offensive, except possibly the Peter Singer one. Sorry, Pete, I just couldn't resist a zoophilia joke.

The moral realist doesn't sleep with other people's wives because it would be wrong.

The Kantian doesn't do it because if everyone did that, someone would be sleeping with his wife.

The natural law theorist doesn't do it because it would be a violation of the marriage contract.

The emotivist doesn't because -- ew, yuck, sleeping with other people's wives!

The consequentialist doesn't because he doesn't want to sleep with a woman who would cheat on her husband.

The cultural relativist doesn't do it because the culture he lives in rather arbitrarily happens to value sanctity of matrimony.

The utilitarian doesn't because he figures that extramarital affairs cause more bad than good.

The moral skeptic doesn't for no particular reason.

The hedonist doesn't because he doesn't feel like it.

Peter Singer doesn't do it because there's nothing that makes other people's wives ethically preferable over, say, goats.

The virtue ethicist doesn't do it because what kind of a person would he be if he did?

The feminist doesn't because other people's wives are usually straight.

You might be a closed-source twerp if ...

• You've chosen a piece of software not for its features or benefits but because it is not open source.
• Despite the numerous copyright- and patent-violation lawsuits that have been filed, adjudicated, and settled against Microsoft, you think it's more likely that Linux contains "stolen intellectual property" than that Windows does.
• When someone in your organization proposes use of an open-source product, you've retorted, "Not everything has to be open source!"
• You refer to a reasoned preference for open source software as a "bias" or "religion".
• Despite the existence of Red Hat, Digium, MySQL AB, Zope Inc., and other open-source companies, you believe that open source software is "non-commercial" or "anti-corporate".
• You have referred to open source software as "communist".
• You have referred to Eric S. Raymond as a "socialist".
• You have conflated open-source licenses with "the public domain", or claimed that open-source software is "not copyrighted".
• You take Laura DiDio or Rob Enderle seriously.
• You crack BSD/LSD jokes to imply that Unix or open-source programmers are insane or unreliable.
• You believe that Linux or Unix cannot be used "on the desktop", but you have never tried it or asked anyone who does it about their experience.
• When someone points out that Mac OS X is a desktop Unix system, you retort that it isn't "really" Unix -- despite the C shell, POSIX compliance, BSD kernel, X11 ....
• You think that software users should bear liability for copyright infringement committed by software publishers, thus necessitating "indemnification" -- even though you would never claim that readers of the New York Times would be liable for a plagiarism committed by a Times reporter.
• You think that Linux, in its present form, was cooked up by some college student in a basement.
• You think that Linux, since it is based on the design of Unix, is "30-year-old technology" and therefore inferior -- as if software designs were to be judged on their novelty rather than their reliability.
• Despite the number of Linux systems that Dell, HP, IBM, and other major vendors ship to large corporations and other institutions, you believe that "Linux is not ready for the enterprise".
• You note that only a small fraction of the computers in the world run Linux or BSD, and conclude that open-source software is of little consequence -- selectively ignoring the fact that 60+% of all Web servers in the world run the open-source Apache software.
• You think that open-source software is likely to contain Trojan horses, because anyone can modify it.
• Although you know that The SCO Group's legal arguments are unfounded and that they have presented no evidence of their claims, you hope that they will win anyhow, to show those irritating open-source upstarts that business should be about power rather than mutual benefit.
• You think that Sun Java Desktop is a Java-based product, not a Linux distribution.
• You think that the GNU General Public License (GPL) is an end-user license agreement, or that using GPLed software involves giving up rights you would otherwise have.
• You think that open-source projects are each the work of an individual volunteer programmer, so that when the one programmer responsible for Linux or PostgreSQL or Apache gets bored with it, there will be no more support available.
• A security vulnerability in mySQL is a "Linux security hole", but a security vulnerability in Microsoft SQL Server is not a "Windows security hole". That is, the fact that Linux distributors ship more third-party software should be considered a problem, not a virtue.

From time to time in our nation, religion and religious faith have become contentious political issues. While we may prefer (as I certainly do) that religion remain a private matter and outside of politics, this is not always possible. Important political movements such as Abolitionism, Martin Luther King Jr.'s Civil Rights movement, and more recently the Religious Right have all sprung from the nexus of religion and politics. We cannot, therefore, ignore or set aside candidates' religious views and practices when considering them for the Presidency.

My question is this: What religious view were you and President Bush expressing -- what religion were you practicing -- when, as undergraduates at Yale University you both bowed down to an idol of the Prince of Darkness? As members of the Brotherhood of Death, or Order of Skull and Bones, you both participated in rituals explicitly Satanic in tenor and content. Does this fact leave you prepared to govern a nation whose populace is majority Christian, most of whom believe that the Devil is quite real and active in the world?

We can all see from every day's headlines the result of electing one member of the Brotherhood of Death to the presidency. Why in the world -- or in the underworld, perchance? -- should we suffer another to ascend to that seat?

Well, they'll sue you just to pump and dump their stocks
And they'll sue you when you're hackin' on your box
And they'll sue you for a secret they don't got
And their filings all were written high on pot
                But I would not feel so all alone
                Everybody must get SCOed.

They'll sue you when you claim your copyrights
And they'll sue you 'cause they just like startin' fights
And they'll sue you when you're recompilin' code
And they'll sue you when you tell 'em all to FOAD
                And I would not feel so all alone
                Everybody must get SCOed.

They'll sue you with their lawyer David Boise [1]
And they'll sue you in Utah and in New Joisey
And they'll sue you just for picking up the phone
And they'll sue you over stuff that they don't own
                And so I would not feel so all alone
                Everybody must get SCOed.

They'll sue you over standard header files
And their CEO's got sixteen smarmy smiles
They'll sue you for a contract with Novell
And they'll sue you when you tell 'em "go to hell"
                But I would not feel so all alone
                Everybody must get SCOed.

They'll sue you over errno and ls
They'll sue you for just anything, I guess!
And they'll sue you 'cause their business plan's no good
And they'd sue us all together if they could!
                So I would not feel so all alone
                Everybody must get SCOed.

[1] If the urinalists can't spell "Boies" right, why should I?

Warning: This is really extremely silly. I wrote it some years ago while punchy from a nasty spate of break-ins. The tune is, of course, the obvious song from "The Music Man".

76 port scans at the firewall
With 110 h4x0rz close behind
There were more than a thousand d00dz
With their black hat 'tudes
There was pr0n of every shape and kind!

76 FIN scans through the firewall
Whacked 110 (POP3 -- that's your mail)
They were Snorted by rows and rows
Of the finest sysadmofos
And all the cr4x0rz went to jail.

There were shellscript hacking lamers in the DMZ
Thundering, blundering, flaming on the IRC
There were triple-breasted porno sites
And spammers selling Vegemite
And mailbombing like a random jerk!

76 script kids whacked the firewall
And 110 bytes smashed through the stack
They were followed by piles and piles
Of rootkits out for miles
Trying Windows exploits on my Mac!

There were fifty mounted DDoS spewing UDPs
Someone told them we were the WTO
There was Hipcrime hosing USENET groups
And Sendmail bouncing email loops
And spam from a Russian teenaged 'ho!

76 SYN floods hit the firewall
And 110 seg faults dumped the core
I was doing an fs check
On a brand-new punch card deck
And they spilled it all over the floor!

Update: I made a set of predictions New Year's Day 2004. It's now the end of the year. Some of them have come to pass. Others have been disproven. Here's how it goes:

1. SCO will lose, or drop its case and go out of business. However, no SCO principals will be brought to justice for abuse of legal process. Microsoft will pretend never to have been involved.
   • The trial shows no sign of going away soon. Sigh.
2. The U.S. dollar will continue to sink versus the euro and versus gold. Lack of confidence in the U.S. economy will be largely due to failures of corporate accountability and the continuing costs of the Iraq occupation.
   • Gold has risen from $415 in January to $438 as of December. The euro has risen from $1.15 to $1.36 in the same time frame. Not bad.
3. Microsoft and its allies will release increasingly tightly controlled end-user systems. They will be increasingly inappropriate for enterprise reliability and control needs.
   • Microsoft has been pretty quiet on the technical-control front, instead continuing legal "licensing" threats and FUD.
4. During the first quarter of 2004, a European nation will demand extradition of a ROKSO-level spammer from the United States.
   • Didn't happen. We did see the prosecution, conviction, and sentencing in the U.S. of Jeremy Jaynes, aka Gaven Stubberfield. Jaynes was the ROKSO-level spammer responsible for the "horse porn" zoophilia spam that my users are so glad to be rid of.
5. Red Hat's market share in the United States will decline somewhat as Novell's SuSE takeover yields a manageable enterprise Linux. As with the old SuSE, this will not be 100% Open Source. Red Hat will remain profitable.
   • Red Hat is still profitable. Novell has made SuSE more, not less, open source; and has released instead a desktop Linux system.
6. Armed conflict will continue in Iraq throughout 2004. A major new front will emerge between Turkey and the Kurds of northern Iraq, possibly including violence targeting civilians on either side.
   • Turkey and the Kurds seem to be a non-issue. The word "quagmire" came and went -- right now, it seems ''worse'' than just a quagmire. Perhaps a fireswamp.
7. The current Debian testing will be released as Debian GNU/Linux 4.0 by mid-year.
   • Didn't happen, and they're calling it 3.1 anyhow. Instead, more and more people seem to be treating testing as stable right now, including using it on servers.
8. At least two worm outbreaks of similar scale to Code Red, Slammer, and Welchia will attack Windows systems worldwide. The Linux, BSD, and Mac OS X platforms will remain free of widespread viruses and worms, despite rising popularity.
   • Not so far. Spammer viruses spread by email continue to be a big pest on Windows -- using social engineering and Microsoft vulnerabilities to propagate. Alternative platforms have gained in popularity but still not seen a widespread virus or worm.
9. A majority of the captives held at Guantànamo Bay will be released without charges.
   • Many have been released. Not most.
10. European and other non-United-States government agencies will increasingly migrate IT operations to Linux and other Free Software systems.
    • Several have, yes.
11. Electronic voting will be a debacle, and its current advocates in government will distance themselves from it.
    • It has been a debacle this year, although not as much as the general lack of transparency and accountability, with "national security" frauds kicking media observers out of vote counts in Ohio. The discrepancy between exit polls and reported election results remains unexplained.
12. John Ashcroft will leave office.
    • And there was much rejoicing. (Yaay.)

My last essay here was rather insulting towards the nontechnical user. This one will, therefore, be more sympathetic, taking the user's lack of understanding and turning it to an opportunity.

Many end-users seem to lack a systematic grasp of the concept that programs are something that people write: that every piece of software and every function of that software is something that someone designed and wrote out.

People understand far better the idea that software has owners than that it has authors. They readily accept the idea that some aspect of their Windows computer is owned by Microsoft, but have (understandably!) more difficulty with the idea that the component Microsoft owns is a writing, in its nature more akin to the text of an encyclopedia than to a kitchen gadget -- that it's the product of hundreds of people typing in things that look like math.

The metaphors of software as ordinary property (belonging to its owner, like a lawnmower or a house) and software as writing (created systematically and expressively by its author, like a book) lead one to different sorts of thoughts.

When something belongs to someone else, the everyday law-abiding person sees it as out-of-bounds. We don't mess around with other people's things without their permission! If something about your computer belongs to Microsoft, but you're not sure what that something is, then the computer itself becomes a doubtful and border territory.

This has ill effects for personal computing. A borderland, where the line of demarcation is unclear, is a space from which the meeker and more certainty-seeking neighbor shies back, and into which the more powerful and aggressive neighbor advances. Thus, Microsoft has in many ways taken greater control over the user's computer and left less ownership and control to the user and to other stakeholders such as third-party developers.

At the same time, a borderland is a space where the respective neighbors can foist off assertions of fault onto the other. Flaws in Windows, which Microsoft created, are treated as the user's responsibility to patch rather than as Microsoft's liability for making in the first place. Again, the user, being the less powerful neighbor in the "software as property" metaphor, loses.

In contrast, when we recognize something as a writing, we understand many facts which apply usefully to personal computing:

• The writing could have been written differently. The way it is, is not the only way it could have been. The wording of the text is the author's choice. It is the reader's responsibility to understand the text; but this does not absolve the author of responsibility for what the text says.
• The writing could contain mistakes. The author is not the final authority on its disposition or correctness; the real world is. If the writing presents itself as practical, but contains errors which lead to those who depend upon it coming to harm, the author and publisher are liable (at least in part) for that harm.
• The text before us is not the same as its subject matter. We could read some other author's words on the same subject, and learn many of the same things. Another writing might be more accurate, more accessible, and more worthwhile. Many authors can write on the same subject without wronging one another in so doing.
• Some texts are collaborative; they belong jointly to all of their authors.
• Some texts are written clearly, so it is evident what the author means and whether his claims are correct. Others are written obscurely, in a way which is hard to understand, much harder to to verify. For practical purposes such as the conduct of business, clear and verifiable writing is often more valuable than elaborate or pretty writing.
• It isn't right to take someone else's writing and claim it's our own. That would be plagiarism -- not the same thing as theft of ordinary property, but still wrong. Plagiarism is chiefly a problem that concerns other authors, not readers; reading or referring to an article that was plagiarized is not itself plagiarism.

Software as property; software as writing -- these are two different metaphors. Software itself is neither property in the same sense that a lawn mower is property, nor is it writing in the same sense that Homer's Odyssey is writing. It is something different from either of these.

However, we may ask: Which of these metaphors gives us a better grip on the subject? Which leads to greater practical understanding? Moreover, society's view of software is still nebulous, since the ordinary person has no good idea of what it is. As a result, we may ask further: Which is the way we want software to be?

The Luser, on the FS/OSS Community:
"Since I got this program for free, I should demand that I be personally trained on it for free, too. My predecessors who taught themselves have an unnatural advantage over me; therefore, they owe me. Rather than being inspired by their example to enter into the struggle of learning, I should instead demand that they cater to me."

The Luser, on Intuitive Design:
"If I do not understand something, this proves that it is either: (a) useless, (b) made deliberately complex so that nerds can lord it over non-nerds like myself, or (c) made deliberately incompatible with my Windows preconceptions out of malice towards Microsoft.

"There is no legitimate reason that anyone would create anything beyond my present ability or willingness to understand; therefore everything not obvious to me is the product of hostile action."

The Luser, on Design Goals:
"Every program aspires towards being a sleek, shrink-wrapped product feeaturing a holographic license card, an obtrusive pseudo-AI 'office assistant', and a user interface that carefully hides from me any setting which would require that I know any fact about my computer or network.

"Any deviation from this goal is a failure on the part of the programmer -- probably due to a character flaw on his part -- and it is my place to point out this failure."

The Luser, on Documentation and User Interface:
"The ultimate form of program documentation, and of user interface, is the 'wizard', which leads me through my entire use of a program with a minimum of explanation on its part or choices on mine. Though once I typed in commands, and after that I clicked on pictographic icons and widgets, today the only direction my computer should require of me is as follows: 'Okay', 'I Accept', 'Okay', 'Okay', 'Finish'.

"Any interface which demands that I read for comprehension, or that I make choices which (a) depend upon specific knowledge or (b) have real consequences, is incomplete and inadequate."

The Luser, on Scripting:
"God forbid that I ever have to write a script for any purpose. However, should that onerous task befall me, there is no reason for me to understand anything before I begin stringing software components together. I do not need to know the format of my input, the nature of components available to me, nor the desired format of my output.

"My goal is to transform ill-understood input into text which, to a cursory glance, resembles the desired output. Complaints from my coworkers -- including complaints about delimiters, spacing, dropped or shifted columns, folded or mangled Unicode, or the inability of other (and thus lesser) software to read my script's output -- are signs that my coworkers have unresolved personal problems."

(The first three sections above were written in response to a Usenet poster who whined particularly indignantly about being expected to read the manual to a piece of complex Unix software before deploying it. I didn't post it there, out of concern that another reader might misinterpret it as being about them.)

In the past few weeks, we have seen two high-profile cases where distributed denial-of-service (DDoS) has been used to obstruct controversial speech and punish the speakers. This is a growing threat to the freedom of the Internet, as people cannot feel free to speak their minds online when the threat of network destruction hangs over them.

In the first case, the litigious SCO has apparently been targeted for DDoS by someone (or, more likely, several) who thinks they're doing good for the open-source world. I personally believe that SCO is guilty of libel and other crimes. However, mob justice is no justice at all -- and as has been pointed out by wiser heads than mine own, cannot benefit the open-source community. SCO is crooked, but the way to handle a crooked company is with due process in the courts, not pitchforks and torches.

In the second case, the engineering firm Osirusoft has been attacked -- probably by spammers -- for its hosting of a number of DNSBLs, including one based on the SPEWS lists. (Contrary to urban legend, Osirusoft did not maintain SPEWS. Rather, it translated the SPEWS data set into a DNSBL and made it queriable on a nameserver. There are other SPEWS-based DNSBLs.) SPEWS is controversial because of three facts: it is anonymous; it has a policy of predictively listing network blocks of ISPs that fail to terminate spammers; and it has been for a time increasingly effective and widely used.

Some people (erroneously, in my opinion) believe that SPEWS practices censorship. Some people (correctly, in my opinion) believe that SCO practices libel and the perversion of justice. Yet the rise of denial-of-service as a means of speech suppression is both censorious and unjust. It is a tool by which anyone offended by a speaker can (with a modicum of technical knowledge) stifle that speaker and inflict upon him or her substantial costs. It is destructive both of property and of discourse.

My worry is that many have cheered these attacks, as a way of getting revenge upon unpopular targets. This trend of rising mob violence -- and violence it is, even if only against property and not persons -- threatens to destroy everyone's freedom to speak on the Net. Freedom is the freedom to be both unpopular and safe -- and it is as surely threatened by the lynch mob as it is by the government censor; nay, more so -- for the mob are more numerous and observant of that which offends them.

I ask those who have cheered these attacks -- is this the kind of Internet polity you want to have? Do you want criminal gangs of script-kiddies and spammers deciding what online speech is to be punished? For if you do not want this perpetrated against you, you are obligated not to countenance it when it is committed against others.

It seems that Dell has found one solution to the problem of people writing down their passwords on sticky notes and sticking them around their monitors. They have made the cases of their current UltraSharp LCD monitors out of a plastic that sticky notes will not adhere to.

One feature of many forms of political and social power is to require subjects of that power to make gestures or proclamations of their submission. Those who refuse to perform these rituals of subjection are frequently persecuted.

In the time of the Maccabean revolt in ancient Judea, for instance, the Greek king Antiochus demanded of his subjects that they sacrifice to him as a god. The Jews were persecuted for their refusal: though they would willingly obey the king's civil laws and pay his taxes, they would not commit idolatry.

It is said that many could not understand why religious Jews would refuse something so simple as making a small sacrifice in the name of the king. It was only expected once per year, and would signify that they were ordinary, normal, law-abiding subjects just like their Greek neighbors. They could go on worshipping their own god on the other 364 days of the year. Why resist -- why be a freak? Come on, it's only one little chicken on the altar. It's not like we're asking you to go to the emperor's orgies every week, too.

In the Roman Empire in the early years of the common era, the same persecution came to Christians, who would not make sacrifices nor acknowledge Zeus nor the emperor as divine. As commanded by Jesus, they would "render unto Caesar what is Caesar's, but render only to God that which is God's." Again came the persecution, with whips and with lions.

When rituals of loyalty came to the American school classroom, it was the Jehovah's Witnesses who refused to comply. (Contrary to what you heard on Limbaugh or Bill O'Reilly, it wasn't the atheists or the Communists.) The Witnesses' faith teaches not to pledge allegiance to any power but the divine, so their schoolchildren would not pledge allegiance to the flag. It's only one minute out of the day -- why put up such a fight? Just say the words like you were a normal American. No lions this time, but many kids did get beaten up and a few thrown out of school for their beliefs -- even after the Supreme Court ruled that the schools couldn't require a loyalty pledge that went against some students' beliefs.

What is the function of rituals of allegiance? Perhaps it is that they show unity in subjection -- everyone pledging is equally submitted to the same authority, equally a subject and worshipper of the god-king. They constitute acceptance of the symbol of authority as part of the daily social order. However, they also draw the line between the willing, truly accepting subject, and those whose hearts and minds are fixed on some other star. They define by exclusion those groups who maintain reservations in their loyalty -- those who will render unto Caesar their tax, but will not render unto god-king nor flag their consciences.

It might be something to think about, the next time you click "I Accept".

"Securing systems or programs is basically about closing the holes and weaknesses that let hackers in." Rather, security is about correctly modeling in software and hardware the trust relationships that people have regarding their computing resources and data. It is about making computer systems behave in the way that their operators want and trust them to behave, with respect to such things as authorized use and availability. It isn't about patches; it's about correctness.

"A firewall is essential to keeping a network secure by rejecting attacks." A firewall is nothing more or less than a network bridge or router that selectively drops packets. It does not "block attacks" or "forbid unauthorized access" -- it drops packets. Sometimes this is a useful thing to do on a network segment in order to provide assurance as to what sorts of activity won't come in over that segment. This can be useful in modeling trust: if you block port 23 with a firewall, you can guarantee that nobody outside can send port-23 packets through that segment. That's not the same as saying that nobody outside can do unencrypted login to any machine inside ...

"If a program crashes, that only means it's unreliable, not that it's insecure." In fact, many forms of attack against programs are first discovered as ways to make the program crash with a piece of malformed input. If your FTP server dumps core when I send it an excessively long username, that's probably because it's overflowing a buffer. Breaking in is just a matter of overflowing that same buffer with the right data.

"All software has bugs, and bugs lead to holes -- so from a security perspective it doesn't really matter what software I use, since I'll need to patch it anyway." The fact of the matter is that some software projects release programs that are consistently more reliable than others. Some projects release software that is easier to patch than others. Some projects release software that is better documented, and its behavior better understood, so that you can more set it up with more accurate trust relationships. In short, some software is more correct than other software, and you can reduce the amount of time you spend fixing broken software by choosing software that is less broken. Anyone who tells you that all software is buggy is a cynic; anyone who tells you that all software is equally buggy is trying to sell you IIS.

My workplace -- an internationally reputed research institution with about 1500 employees and 2500 Internet-connected computers (and a /16 network prefix) -- now has a firewall. Finally.

Oh, we had a firewall of sorts before. What we had was a default-allow packet filter, which we populated manually with rules blocking access from addresses which had portscanned us, and to machines we had discovered were insecure. See, a few years back, the head sysadmin at the time had asked to install a firewall -- but some of the scientists were concerned that such a thing would get in the way of innovative uses of the network. But he managed to get not a firewall, but a "filter" -- an early Netscreen firewall appliance configured in this default-allow mode.

Maintaining this system was very labor-intensive. Our intrusion detection system (IDS) was based on Snort and email -- meaning that every ten minutes, it would email us a chunk of logs. When we could, we'd keep the live logs in an xterm in the corner of the screen -- and put in firewall blocks against any remote node that portscanned, probed, or tried to Nimda us. Besides being a lot of work, this was also error-prone: we often found that we had accidentally blocked some legitimate traffic, since an automated set of FTP jobs can look a lot like a scan or a DoS.

And so it went for a few years. Then, last year, my boss (who is remarkably un-PHB-like for a guy who likes Windows XP) convinced the scientists' IT oversight group that we needed a real, default-deny firewall. The project was dumped in my lap as medium-range: not so time-critical that I should quit doing Linux systems support to implement it, but also in need of long-range planning and consensus gathering before we went forward with it. (He's trying to turn me into a manager. Really, he is.)

(I should note: Our IT department is very slow moving. We are not the sort of department that can push out a complete transformation of institutional computer use in a day -- or even a week. We like to think we are conscientious, methodical, and modestly refrain from shoving technologies on an unprepared user base, but the fact of the matter is that we are slow. The week I started working here, two and a half years ago, we started talking about replacing the aging and unreliable mail servers. We started building the new mail system a year later, and finished migrating users to it a year after that.)

Before we could put up a default-deny firewall, we had to establish clearly what services needed to be allowed through it. In our institution, anyone on staff can request an IP address and add a new computer to the network -- with whatever OS and services they want to run. It's not our job to tell them no -- it's our job to make their stuff work the way they want it. So I needed to extend this philosophy to the realm of firewall access rules. The result was a database-driven Web application which let people request firewall openings, and let us approve their requests and translate them into firewall rules understandable by our spiffy new Netscreen-500 firewall.

We gave our users a month to register their existing services. On this past Monday night, the network administrator and I switched our Internet link over to filter through the new firewall.

It's actually gone rather well. We had a few glitches -- our dial-up server is outside the firewall, but the RADIUS server it authenticates against is inside; we'd forgotten to give it a pass rule, and didn't notice until the next morning when we got the user complaints. A few people failed to register their services, or didn't realize that accepting raw X11 sessions from Norway involves allowing certain ports through the firewall.

And now I and the other network security team members find ourselves in a very different job. Instead of watching IDS logs like hawks, and scrambling to block the latest source of attacks, we're now building up information about what our previously inscrutable user base actually wants to expose on the network. With the new firewall, we now know for certain that no incoming SYN is going to a system whose operator doesn't want an incoming SYN. We have a valid list of exposed services, so we can run vulnerability scanners like Nessus with impunity.

And the worst complaint from the users? One paranoid is griping that we don't block pings.