Language Selection

English French German Italian Portuguese Spanish

Intent Is The Problem

Filed under
OS

Of late, I keep banging into the problem that people want systems to be “secure by default”: they don’t want to pester the user about security. They want the system to just do the right thing. The problem is, this just isn’t possible. One example I like to give is “rm -rf *“. Clearly this command is sometimes a very bad idea, and sometimes exactly what you want to do. If some piece of code I mistakenly trusted runs that command on my behalf, I might be very sad about it. Therefore, any system that wants to be “secure” has to somehow know that when I move to some directory and type rm -rf * I mean it, and when I run a piece of code I’m expecting to (say) edit some text, I don’t mean it, and it should not be allowed to do it.

How can the system discover this? Clearly it must be through some user action. The user must behave differently in some way in the two cases, so that the system can discover his intent. Therefore it is impossible to be “secure” without, in some way, consulting the user about his intent.

Rest Here

More in Tux Machines

6 Ideal Last Minute Linux Xmas Gift Ideas

Christmas, Yule, Winterville, new socks day… Whatever you call it you’ll be panic stricken to hear that it’s almost here. Like the rest of us in denial, you are a little stumped for ideas. Read more

Reviewing 2014, Penguin Porn, and Dropping Distros

Today in Linux news are several reviews of the events of 2014. Elsewhere Linux.conf.au lost its hashtag to an adult entertainment awards and another Linux security flaw is making the news rounds. KDE 3-clone Trinity desktop saw a new release and Bruce Byfield asks why the number of Linux distributions are declining. Read more

Firefox OS Expands to Nearly 30 Countries

Firefox OS has brought choice to the mobile industry with 14 smartphones offered by 14 operators in 28 countries. Firefox OS unlocks mobile ecosystem participants from the barriers set by proprietary systems, allowing for independence, control and innovation. Read more

Red Hat Brings Business Intelligence and Data Analysis Suite to the Public Cloud

Red Hat (RHT) has broadened the deployment options for its integrated data analysis and business intelligence platform with the announcement that Red Hat Enterprise Linux for SAP HANA can now run across a variety of public cloud providers that Red Hat has certified, as well as on new hardware configurations. Read more