Collaborate Disseminate
The first modern wind turbines designed for bulk electricity generation came online gradually throughout the 80s and early 90s. By today’s standards these turbines are barely recognizable. They were small, …read more Continue reading Clipper Windpower: Solutions in Search of Problems
Examples of dumb password rules.
There are some pretty bad disasters out there.
My worst experiences are with sites that have artificial complexity requirements that cause my personal password-generation systems to fail. Some of the systems on the list… Continue reading Dumb Password Rules
Sometimes simpler is more impressive than complicated, and part of this is certainly due to Arthur C. Clarke’s third law: “Any sufficiently advanced technology is indistinguishable from magic.”. It’s counter-intuitive, …read more Continue reading Too Many Pixels
We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater.
In A Hacker’s Mind (coming in February 2023), I write:
Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable. The trajectory may appear to be upwards when viewed in hindsight, but from a more granular point of view there are a lot of ups and downs. It’s a “noisy” process.
Technology changes the amplitude of the noise. Those near-term ups and downs are getting more severe. And while that might not affect the long-term trajectories, they drastically affect all of us living in the short term. This is how the twentieth century could—statistically—both be the most peaceful in human history and also contain the most deadly wars…
This is from a court deposition:
Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine…
I’ve been saying that complexity is the worst enemy of security for a long time now. (Here’s me in 1999.) And it’s been true for a long time.
In 2018, Thomas Dullien of Google’s Project Zero talked about “cheap complexity.” Andrew Appel summarizes:
The anomaly of cheap complexity. For most of human history, a more complex device was more expensive to build than a simpler device. This is not the case in modern computing. It is often more cost-effective to take a very complicated device, and make it simulate simplicity, than to make a simpler device. This is because of economies of scale: complex general-purpose CPUs are cheap. On the other hand, custom-designed, …
For much of the last century, the ownership, loving care, and maintenance of an aged and decrepit automobile has been a rite of passage among the mechanically inclined. Sure, the …read more Continue reading From Car To Device: How Software is Changing Vehicle Ownership
Depending on who you ask, the Norden bombsight was either the highest of high tech during World War II, or an overhyped failure that provided jobs and money for government …read more Continue reading Less Is More — Or How To Replace a $25,000 Bomb Sight for 20 Cents
A while back, I sat in the newish electric car that was the pride and joy of a friend of mine, and had what was at the time an odd experience. Instead of getting in, turning the key, and driving off, the car instead had to boot up.
The feeling …read more
Continue reading Electric Vehicles Continue the Same Wasteful Mistakes That Limit Longevity
“Never trust, always verify” is a solid security concept — but it’s important to realize that putting it into practice can be complex. Continue reading Tips for Successful Zero-Trust Implementation