Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  Security by Isolation (5+ / 0-)
    Recommended by:
    duhban, VelvetElvis, Sparhawk, J M F, RUNDOWN

    is not a new concept.  It's been very clear that since there were computer networks -- ARPANET began around 1969 -- that a really secure computing system could not be connected to the network.  Been there.  Done that.  Was not permitted to get the t-shirt.

    That's perfectly fine if all you need to do is crunch some numbers (which can be delivered to the computer in a very strictly controlled and sanitized manner), but not so fine for probably 99.99999% of today's computer users who want to send/receive email, surf the 'net, and participate in social networks with all of their known and unknown friends.

    The point is, you can put in all of the operating system "isolation" technology you want, but the weak link in computer security is -- and I dare say always will be -- a layer 8 or PEBKAC issue.

    We must drive the special interests out of politics.… There can be no effective control of corporations while their political activity remains. To put an end to it will neither be a short not an easy task, but it can be done. -- Teddy Roosevelt

    by NoMoJoe on Fri Jul 12, 2013 at 10:30:33 PM PDT

    •  Mmm. I think we have two different... (2+ / 0-)
      Recommended by:
      Cedwyn, Indiana Bob

      ...ideas on what isolation is.  Or at least what it can be today, given advances in software/hardware technology.

      QubesOS creates an isolated environment, while still having full access to the network/internet.

      I think you're talking about...

      ...that a really secure computing system could not be connected to the network.
      ...the isolation of the sneaker-net.

      Although there is certainly no denying that PEBKAC issues are endemic.

      It ain't called paranoia - when they're really out to get you. 6 points.

      by Jaime Frontero on Fri Jul 12, 2013 at 10:46:13 PM PDT

      [ Parent ]

      •  you must always allow for the I-D-ten-T error (3+ / 0-)
        Recommended by:
        CwV, jabney, Cedwyn

        potential too.

        LBJ, Van Cliburn, Ike, Wendy Davis, Lady Bird, Ann Richards, Barbara Jordan, Molly Ivins, Sully Sullenburger, Drew Brees: Texas is NO Bush League!

        by BlackSheep1 on Fri Jul 12, 2013 at 11:33:40 PM PDT

        [ Parent ]

      •  contradiction in terms there dude (0+ / 0-)

        "isolated environment, while still having full access to the network/internet."

        in what way is that isolated? a virtual OS is not even close to isolated unless

        a) it's on a physically isolated host (_not__ networked)
        b) the only virtual host present

        And even then it's not isolated from the underlying hardware - which is shared by the host OS.

        More enthusiasm than fact, I'm afraid

    •  NSA pulls from Tier 1 servers (10+ / 0-)

      By splitting the data stream. People have to understand that fundamental.

      Only air space and total isolation from devices that ever connect to net connected systems achieve isolation.

      Proof: Stuxnet.

      400ppm : what about my daughter's future?

      by koNko on Fri Jul 12, 2013 at 11:23:48 PM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site