Lifestyle, Photography, Technology, Cybersecurity, Nature, Wildlife Photography, Open-source software, Analogue Photography, 35mm Film Photography, Bird Photography, IndieWeb

Meetup: ACM / IEEE Computer Society: "If You Trust Your Computer, You’re Crazy"

The Princeton ACM / IEEE Computer Society Joint Chapter is delighted to host:Google Software Engineer Ron Minnich, presenting: "If You Trust Your Computer, You’re Crazy"

The Princeton ACM / IEEE Computer Society Joint Chapter is delighted to host:Google Software Engineer Ron Minnich, presenting: "If You Trust Your Computer, You’re Crazy"

Attending ACM / IEEE Computer Society:

The Princeton ACM / IEEE Computer Society Joint Chapter is delighted to host:Google Software Engineer Ron Minnich, presenting: "If You Trust Your Computer, You’re Crazy"

Ron Minnich is a Software Engineer at Google. He has contributed to many open source projects in the last several decades, including the Linux kernel (9p file system); the FreeBSD kernel (rfork); and Plan 9 (many different areas). He directed the team that ported Plan 9 to the Blue Gene supercomputers. He invented LinuxBIOS (now called coreboot) in 1999. He is one of the core contributors to the Harvey operating system. Ron’s most recent Linux Foundation talk was on “How to build your own signed version of ChromeOS and resign your Chromebook with your personal keys” in 2016.

Without Worry

The Definition of Security is “Without Worry" by Daniel Miessler (Daniel Miessler)

The only approach is to abandon the pure play of prevention, and move to a more mature model of resilience. Resilience is powerful precisely because it gets us to the true definition of security—being ok no matter what.

Over the years I’ve said something like that second paragraph to the CISO or security director only to receive a blank stare or admonition not to say anything like that to an executive team. It’s time for security folks to admit the truth.

My viewpoint is one I learned over the years from reading Christopher Hoff’s blog, Rational Survivability.

Reality in Security

The Difference Between Feeling and Reality in Security by Bruce Schneier (WIRED)

If we make security trade-offs based on the feeling of security rather than the reality, we choose security that makes us feel more secure over security that actually makes us more secure. And that's what governments, companies, family members and everyone else provide. Of course, there are two ways to make people feel more secure. The first is to make people actually more secure and hope they notice. The second is to make people feel more secure without making them actually more secure, and hope they don't notice.

The key here is whether we notice.

Bruce Schneier wrote this article in 2008. Ten years later, I end up working in certain places that, in my opinion, make too many information security decisions based on FUD and feeling. They'll claim to make risk-based decisions. But the risks are based on one (or a few) person's feeling about risk.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.