Today's reminder that security and crypto will, by design, reduce reliability and cause breakage and extra work, was brought to you by Mozilla Firefox and code signing. 🤪
This is the expected outcome, folks!
(The reason I point this out is not to deny the need for security, but to point out that security has real costs and should be weighed accordingly.)
... the math people need to be doing, is to calculate whether (cost of exploitation) is greater than (cost of denial of service).
If the expected cost of attacks is lower than what it costs to not be able to use your tools when they inevitably break due to human error, hardware malfunction or code bugs getting amplified by security complexity... then the security isn't worth it.
Obviously this is impossible to know for sure. But always choosing one or the other is guaranteed to be incorrect.
Today's tech culture of security-uber-alles is, on the one hand, a sign of our industry growing up and becoming more mature.
On the other hand, it's also playing right into the hands of big corporations.
Small shops and hobby projects already struggle to meet our security expectations. Every time we raise that bar, projects die and the big guys have less competition.
Is Apple code signing protecting the end user? Or Apple's app store revenue and veto power?
Bit of both, probably. 🤷♂️
> Today's tech culture of security-uber-alles is, on the one hand, a sign of our industry growing up and becoming more mature. On the other hand, it's also playing right into the hands of big corporations.
Hmm, that's an interesting perspective. Based on the fairly amateur mistakes that often lead to massive data breaches and devs' collective willingness to use unverified code ( #docker, #npm, etc), I wouldn't have said we have a security-focused culture
I wouldn't say we have a security focused online culture either. But that's because putting workable security into practice is difficult, especially when security "experts" insist on fragile, complicated tech and rarely, if ever, weigh the costs.
That said, things are getting better. Let's Encrypt is a step forward. But solutions like that are not common. (And I know security researchers who rage about Let's Encrypt because it is not pure enough).
BGPSec is a classic example of security tech that just went too far. Because it is too cumbersome, brittle, and expensive, it is dead on-arrival. And thanks to BGPSec, attempts to talk about routing security in any reasonable fashion are nearly impossible. The well has been poisoned.
@codesections I didn't say we were good at security.
But there is an expectation that if someone finds a "security flaw", you drop everything to go fix it.
And people (admins and devs) relentlessly use "security" as a sledgehammer to crush ideas they don't like.
And our industry uses security to justify breaking things that worked fine last week.
But maybe we run in different circles...
@HerraBRE code signing isn't helping against bad actors who play by Apple's rules though.
It's just a way to control the market I'd say.
@HerraBRE security throughout history has been concerned with raising the cost of intrusion against the perceived value. This was one of my eye openers when I started researching physical security.
Digitally, the cost of intrusion is calculated vastly differently in terms of power and time and cryptography has been trying to outpace the many factors of attack with rapid innovation. That's a recipe for failures and high implementation cost.
@HerraBRE I'm just observing, though, and have no suggestions to improve the overall situation with regard to security.
The browser plugin signing bit is interesting because it's not really a security issue (except tangentially) but really an identity one. Did this come from who it says it comes from is a very different problem than "keep out unless authorized", and arguably much harder to solve well.
Availability is also part of Security. And "Denial of Service" is also an attack security people want to protect against. At least in theory.
What people often forget is that "how to prevent things from going wrong" is only half of the problem. The other half is "what do you do if things go wrong anyway?" . Because things will go wrong anyway, and you'll often have 2 failure modes to chose from. Both will be bad, but depending on your usecase /threat model, one of them will be worse.
@Wolf480pl Just about everything can be lumped under the security umbrella if you try hard enough. I don't think it's helpful to do so.
A loss of availability may well be caused by a security breach, but there are tons of other things that may degrade availability, including the security systems themselves.
Having different words for different things is important, otherwise you just get muddled discourse and muddle thinking.
Well, the most common definition of Security I've heard is:
Confidentiality + Integrity + Availability
3 terms for 3 things.
By saying they're all part of security I meant that anyone who claims to care about security without considering about availability, is probably incompetent.
And of course there are tradeoffs between these 3 aspects.
I just wish people more often included "forgot to renew cert" or "forgot to pay for domain" in their threat models.
@Wolf480pl If your definition of threat modelling becomes too broad, it risks becoming another word for "management."
Security threat modelling concerns itself with a subset of management, where those attributes (CIA) all matter. But not everything concerning those attributes is a "security" concern.
Natural disasters, corporate mismanagement, failed business plans, power outages... all sorts of things are generally considered out of scope.
At some point you draw the line. Where, varies... 😀
@HerraBRE hmm... I guess you're right.
Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.