a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by speeding_snail
speeding_snail  ·  4555 days ago  ·  link  ·    ·  parent  ·  post: What Fearmongers Get Wrong About Cyberwarfare
I have to point this out. Cyberweapons might not be easy to develop, however, once developed the can be used over and over again. Imagine an A-bomb that you could detonate over and over again once it has been developed and build. The incremental costs for software are really low, and as such, once designs are stolen, which also happens to be quite easy with software (software doesn't blow up), people can use them. Be it governments, terrorists, criminals or any other group.




mk  ·  4555 days ago  ·  link  ·  
Good point.

IMO as market and governmental forces trend towards consolidation and standardization we risk building and defending infrastructure that becomes a reflection of this conflict more than the needs that gave birth to it. Not only is the best defense variability, it also ensures that we are defending something of value.

speeding_snail  ·  4554 days ago  ·  link  ·  
Its not that standardisation is a bad thing per se, because the different implementations of standards can still differ and as such have different weaknesses. The danger of standardisation is when you standardize on one product, like everybody uses the same firewall. Then one weakness is catastrophic, because it means that you can use it everywhere. It's like having one kind of wheat. One disease can wipe out the whole harvest. But standardisation is important in things that need interoperatability. For example the web. I doubt you would like the web if there weren't any standards there. Using Chrome to browse google, Firefox to browse Hubski etc. These browsers are completely different in how they work, but use the same standards.

So, long story short: Standards have their place, but they should not be the products themselves in order to keep that variation you mentioned in your post.

mk  ·  4554 days ago  ·  link  ·  
I think "Standards should not be the product themselves" is a good way of putting it. Browsers are a good example. Maybe IE isn't such a turd after all; MS is working really hard at security via variation. ;)