This article from Ars Technica discusses a talk over the summer by Merrill Lynch’s chief technology architect, Jeffrey Birnbaum on “stateless cloud computing” – most concretely on distributed file systems. Birnbaum believes that one of the key foundational elements of
Sorcerers apprentice at ATT: Security and privacy and reliability collide again
AT&T considers reading all the packets that cross its lines. Quite an interesting proposal. Tim Wu’s take The prospect of AT&T, already accused of spying on our telephone calls, now scanning every e-mail and download for outlawed content is way
what do we got to verify in an os?
From comments below. Just one more comment: I think we should make a distinction between a tool that can verify threaded code and a tool that can verify the code that implements threading. The latter is what you are looking
Happy new year and validation
Updated below! Years ago I proposed the following code snippet as a minimal standard for a useful verification method. Still not quite there. /* you are not expected to understand this */ if(save()){ load_memory_management(); /* map in new current */
formal methods considered harmful and more on soft real-time
[fixed a couple of typos, Dec. 20 2007] John Regehr writes: On the other hand, there is plenty of useful work to be done on supporting time sensitive applications (I’ll just avoid saying “soft real-time”) even when no guarantees are
OpenBSD developer notes king’s clothing is “virtual”
Theo de Raadt explains why virtualization does not improve security. How about this: to improve security, you have to have a secure design, a marketing buzzword won’t do the trick. Anyone who has seriously looked that the current generation x86
universal machinery
If even 20% of what Peter Gutman says is so, then I’ve been optimistic in my assessement of DRM.
Notes on unintended security effects
I’ve been complaining about the security implications of DRM and “trusted computing” and “safe boot” for some time now. Susan Landau points out that the expansion of wiretapping has the same effect. Such threats are not theoretical. For almost a
Security cannot be improved by waving flags
Via Schneier comes a story about the US Navy and a disgruntled contractor who just plead guilty: He confessed to programming malicious software codes into computers that track Navy submarines in May 2006 while in Naples. He told Navy investigators