Dragan on Security

Interesting interview: Safe, But Also Sorry: Security expert Bruce Schneier talks about privacy and property in the information state – Reason Magazine.

Citation:

Reason: In Schneier on Security, you emphasize that technology isn’t the only (or even the most important part) of a security solution. Why do people tend to systematically discount cultural and economic factors in considering questions of security?

Schneier: We live in a technological world, and it’s common for us to believe that technology can solve our security problems. It solves so many of our other problems, so it’s a plausible belief. It’s also easier to believe that a shiny new piece of technology—a new ID card, a new airport scanner, a new face-recognition system—can solve our problems than boring old concepts like culture and economics. Admitting that technology isn’t the answer is admitting that there isn’t an answer that will solve the problem, and many people can’t do that yet. We’ve forgotten that risk is an inherent part of life.

It might happen even in middle of worlds’ financial crisis. We should wait and see. Or not just wait, you can really contribute to new search engine. To contribute, you should just install free software and use it. The name is Edgios and software is in Alpha stage.

Edgios already have got lot of publicity on Web sites and discussion forums. It is a large-scale distributed search ‘cloud’ that offers higher-quality search results. Users participate in the cloud by downloading the Edgios personal search software, and connecting that software to the net.

Recent discussion on one of most important developers’ forums in Serbia raised many questions about Edgios. Some of participants questioned idea, concept, and many raised privacy and security concerns as well. Also, it seems that many people are scared by Google and Yahoo and have no courage to question their solutions and to start something what may compete with big ones. It can be successful or not, but it is worth a try at least, especially if you have famous Venture Capital to back your ideas. If that is one who backed Skype it is then more serious.

Some of question raised in discussion are: Is it secure? Is it safe? Authors say:

Yes! That’s exactly the point. By having the Edgios personal search client on your computer, you’re in control of what you share and what you keep private. Traditional search engines keep much more information than you might expect, and they hang onto it for a long time. With Edgios, you’re in control.

I would add: do you know what Google or other search engines know about you already? Have you asked yourself that question?

Here are some facts grabbed from Edgios Web site about company:

Edgios is a US company, based in Palo Alto, CA. The company is backed by Draper Fisher Jurvetson (DFJ), a premier Venture Capital firm based in Menlo Park, CA. DFJ shares with Edgios a passion for distributed computing, having backed Skype, the most successful P2P startup to date. Edgios has additional offices in Portland, OR, and in Serbia.

About founder:

The company has very strong connections with Serbia, having been founded by Dr. Borislav Agapiev, who grew up in Belgrade before moving to the US in 1985. The technology that makes Edgios possible has been developed entirely in Serbia, by a team of extremely talented and bright young developers. The entire team is proud of demonstrating that world-class search technology can be developed in Serbia, relying on the deep talent pool of local developers.

Edgios is Dr. Agapiev’s second search startup. He was also the founder of Vast.com, a San Francisco-based search engine for online classifieds. Vast.com is a leader in the online classifieds market, reaching millions of customers in the US and worldwide, having as partners and customers several large US companies. From its start, Vast.com has also been relying on Serbian engineers for technology development and innovation.

About search mechanism:

Edgios does not use a centralized search index of the Web, located in a massive data center, fed by an algorithmic ‘crawler’. Instead, it has an index that’s built by users, for users, and it employs a fully distributed index residing in memory and on the disks of computers that are part of the search cloud. The power of a fully decentralized, distributed search system is dependent on the number of its users. We believe that with just a few hundred thousand users that the Edgios search cloud is capable of surpassing conventional search engines, in terms of freshness, depth, and quality of search results.

It will be interesting to watch progress of this story and to be part of story, why not?

Financial crisis is going to overflow from financial sector to real sector. It can result in slowdown and less spending for technology, higher unemployment rate etc. Results also can be in growth in the use of open source, cloud computing and virtualization technology as consumers cut back on their “discretionary” purchases while businesses, strapped for credit (because banks won’t have it to lend), decide to make the best of what they’ve got and squeeze the last possible drops of life from the hardware they have, while reducing costs on software as far as possible.

Security business will be certainly affected. Many managers consider this spending as something what does not give proper ROI (return of investment).  Effects of improper security processes, services and products are usually seen as only negative reference. Management will not prize people and teams responsible for security based on what could happen but not happened because you implemented proper security processes, mechanisms, policies, products, services. But, in case of security incident you will get negative publicity. It is role similar to goal keeper in football team.

Security researchers and developers will certainly face with cut of funds for this purpose in first sign of overflow of crisis from financial sector to, so called, real sector.

Is that good? Definitely it is not at all.

In vulnerable systems which are more than 90% systems in use at present, this will open new holes. Financial sector will be strongly affected. As result of ruined confidence to that industry, lack of proper security in future will continue derogation and eventually will result in lost confidence in sector. This is going to lead to new problems.

Some tradeoff should be found. That is tradeoff between necessary spending and mechanisms, products and services that can provide better security for less money.

Another view on result of economic crisis toward tech sector spending can be seen here. It says:

Meanwhile, for those aiming to start technology businesses, it might – ironically enough – be slightly easier than before to get venture capital cash. That’s because the people who have money need to find somewhere to invest it. Gold? Oil? USTreasury bonds? All are a rollercoaster right now. Finding a company with a really good idea and business plan – preferably not reliant only on advertising – looks, by contrast, like an excellent way to make money. After all, in 1976, when Apple was founded, US unemployment was 8.5% and inflation was 8.9%; at present the comparable numbers are 6.1% and 5.4%. But of course in 1976 the US was coming out of recession. Now? It’s anyone’s guess how bad it will get.

The squeeze will also push companies towards open-source models, since those don’t require expensive licenses as well as expensive support. That could be a threat to Microsoft and other big ones.
I would say that this is good chance for clever and bright people with good ideas to create next big things. Or said in different words: someone will take crisis as problem, somebody as challenge and opportunity. It is time to consider next big move.

As result of this crisis, we can expect not only problems but also some good outcomes. Every crisis teaches us something and makes us stronger.

So, go back question in title of post. Answer is: yes, it is almost certain now. We still don’t know level and impact. But, impact doesn’t have to be only negative. It can have positive outcomes as well.

Update on October 19, 2008: I’ve added question from title as poll with three possible choices as answers:

• Yes
• No
• I don’t know

I wish to hear your opinion on this topic.

We Are Sorry to Inform You - about rejected papers of famous researchers.

Also interesting: “Once upon a time there was a little-known patent clerk in Bern who received a disappointing annual performance review in ‘05 – Annual Performance Review: Albert Einstein“.

You’ll probably be surprised when you see this.

WordPress 2.5 has been released. From a security perspective, the new WordPress release 2.5 promises many improvements: secure cookie management, salted passwords, password strength meter and prepared SQL querying functions etc.

It also supports Automatic Upgrade feature and Wordpress Automatic Upgrade Plugin which I needed for long time and wrote about in an earlier post.

This article is… a funny: Asking a Judge to Save the World, and Maybe a Whole Lot More – New York Times. It says:

The world’s physicists have spent 14 years and $8 billion building the Large Hadron Collider, in which the colliding protons will recreate energies and conditions last seen a trillionth of a second after the Big Bang. Researchers will sift the debris from these primordial recreations for clues to the nature of mass and new forces and symmetries of nature.

But Walter L. Wagner and Luis Sancho contend that scientists at the European Center for Nuclear Research, or CERN, have played down the chances that the collider could produce, among other horrors, a tiny black hole, which, they say, could eat the Earth. Or it could spit out something called a “strangelet” that would convert our planet to a shrunken dense dead lump of something called “strange matter.” Their suit also says CERN has failed to provide an environmental impact statement as required under the National Environmental Policy Act.

Although it sounds bizarre, the case touches on a serious issue that has bothered scholars and scientists in recent years — namely how to estimate the risk of new groundbreaking experiments and who gets to decide whether or not to go ahead.

Do you think it is threat to security of the world and do they know some of physics?

This is non security post on my security blog. :)

I have bought an ASUS Eee PC recently. When I saw that subnotebook for the first time, I simply thought it was one of those stupid toys. But after I had talked to Maksa and David, I decided to buy “the toy” and started playing.  The ASUS Eee PC is a subnotebook computer designed by ASUS and Intel. At the time of its introduction, it was noted for its combination of light weight, Linux-based operating system, solid-state drive and low cost. Amidst great expectations, ASUS recently launched the ASUS Eee PC pre-installed with Microsoft Windows XP.

There is also a good source of information, tools and guides here. There is an article about ASUS Eee PC on Wikipedia.

As soon as I finish with some additional tests, I will write more about Asus Eee PC  and its security related topics.

Foreign-born researchers are significant contributors to U.S. science and technology endeavors.  In fact, between 1990 and 2004, more than one-third of all Nobel prizes in the United States have gone to foreign-born recipients.  The success of many U.S. universities and research institutions depends on attracting the best and brightest students both at home and abroad.  After tighter visa restrictions were enforced following the Sept. 11 attacks, international student enrollment decreased dramatically.  Although some visa restrictions have been lifted and foreign enrollment is again on the rise, the visa clearance process should continue to be monitored, the report says. Report: Science and Security in a Post 9/11 World: A Report Based on Regional Discussions Between the Science and Security Communities.

To strengthen the essential role that science and technology play in maintaining national and economic security, the United States should ensure the open exchange of unclassified research despite the small risk that it could be misused for harm by terrorists or rogue nations, says a new report by the National Research Council.  Because science and technology are truly global pursuits, U.S. universities and research institutions must continue to welcome foreign-born science and engineering students, said the committee of former national security leaders and senior university researchers and administrators that wrote the report.

This blog uses WordPress Mobile Plugin by Andy Moore.

 You can subscribe to this blog from your mobile device and it will look much better then earlier. I’ve tested it for 2 or 3 weeks and from different devices. It seems very good. You can check it also from mobile ready web site.

Author of this plugin says:

A plugin to let you post and upload files to your WordPress blog from your mobile phone. It also enables mobile phone users to view your WordPress posts, archives, comments and pages in a mobile friendly environment. Users can even reply via comments. This plugin supports MTLD and W3 best practices plus optional mobile revenue from admob.com. It’s a quick and easy way to make your WordPress posts mobile ready.

If you are blog reader or subscriber, just put blog URL on your phone or subscribe for RSS feed or FeedBurner. If you have own WordPress blog, I recommend to try this plugin.

We-Go | Enhancing Western Balkan e-Government Expertise summit has been held at Belgrade University on October 4th, 2007. It was attended by University deans and professors, government officials and industry representatives from West Balkan countries and also Austria, Germany and Estonia. Rector of Belgrade University gave welcome speech. Serbian key speaker was Prof. Dr. Aleksandra Smiljanic, Minister of Telecommunications and Information Society. I also delivered my short presentation at this summit. Here is agenda at Belgrade University web site.