Language Selection

English French German Italian Portuguese Spanish

Intent Is The Problem

Filed under
OS

Of late, I keep banging into the problem that people want systems to be “secure by default”: they don’t want to pester the user about security. They want the system to just do the right thing. The problem is, this just isn’t possible. One example I like to give is “rm -rf *“. Clearly this command is sometimes a very bad idea, and sometimes exactly what you want to do. If some piece of code I mistakenly trusted runs that command on my behalf, I might be very sad about it. Therefore, any system that wants to be “secure” has to somehow know that when I move to some directory and type rm -rf * I mean it, and when I run a piece of code I’m expecting to (say) edit some text, I don’t mean it, and it should not be allowed to do it.

How can the system discover this? Clearly it must be through some user action. The user must behave differently in some way in the two cases, so that the system can discover his intent. Therefore it is impossible to be “secure” without, in some way, consulting the user about his intent.

Rest Here

More in Tux Machines

Red Hat and Fedora News

  • Red Hat Adds Common Criteria Security Certification for Red Hat Enterprise Linux
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1, the world’s leading enterprise Linux platform, has achieved an additional Common Criteria Certification. Enhancing the existing Evaluation Assurance Level 4+ certification announced in October 2016, this certification was under the General-Purpose Operating System Protection Profile (OSPP) 3.9. Red Hat Enterprise Linux was the first operating system to be Common Criteria-certified with Linux Container Framework Support, underscoring Red Hat’s commitment to delivering hardened and more secure IT innovations like Linux containers.
  • ASX Upgrades Its Technical Architecture to Improve Requirements for Business Productivity with JBoss Middleware
  • Fedora 25 Linux Operating System Reached End of Life, Upgrade to Fedora 27
    As of December 12, 2017, the Fedora 25 Linux operating system is no longer supported and it won't receive further updates or security patches as it reached end of life. Fedora 25 Linux was released last year on November 22, and will be remembered as the first release of the GNU/Linux distribution to adopt the next-generation Wayland display server by default for its Workstation edition using the acclaimed GNOME desktop environment. Fedora Project usually provides updates for each Fedora Linux release until a month after the second succeeding version of the operating system is released. Fedora 25 received thirteen months of support, and now that Fedora 27 Linux is out as of November 14, 2017, users need to upgrade.
  • Server Edition of Fedora 27 Linux Is Finally Here, but It Lacks Modularity
    Three weeks after the launch of the Fedora 27 Linux operating system, the Fedora Project announced the release of Fedora 27 Server edition, but it's not what you might have expected.

OSS Leftovers

Openwashing and FUD

today's howtos