Chad Perrin: SOB

4 August 2007

itsec posts: after the first

Filed under: Metalog,Profession,Security,Writing — apotheon @ 06:36

The following are new posts since my first as a security blogger at TechRepublic, in chronological order:

  1. Check out the results of CNET’s security vendor survey

    By now, we should all know that federal law enforcement is using keyloggers in surveillance activities, and a court ruled it constitutional — even without probable cause. What this means to the general public is that the U.S. Constitution provides absolutely no protection against law enforcement eavesdropping on our digital lives. Somehow, the fact that it’s a computer means none of the usual rules apply.

    Many TechRepublic regulars will also be aware of the fact that CNET has published the results of a survey of 13 security software providers that questions their policies toward law enforcement malware — specifically spyware, such as keyloggers. The results were varied and interesting.

  2. Myth: I’m not really at risk.

    I regularly hear variations on a theme:

    • “Security vendors blow the threat out of proportion. Don’t worry so much about it.”
    • “I’m a careful computer user. I’ve been using computers for years without antivirus solutions and have never been infected.”
    • “There’s nothing on my computer that anyone wants. Nobody’s going to bother cracking security on this machine — and even if they did, they’d be disappointed and find someone else to bother.”
    • “Security software itself introduces more problems than it solves. I’m better off without it.”
    These are seductive ideas, tempting us to take them at face value — because each contains a grain of truth. The important thing to do with such statements, however, is to find that grain of truth and ignore the rest.

  3. Reduce permissions to increase DNS security

    Every server process you run on your system provides another potential point of compromise. That’s why it’s so often recommended that you turn off unnecessary services on Windows machines and deactivate unneeded daemons on UNIX operating systems.

    You can’t simply turn off all services and daemons, however, as the ability to use your operating system environment would be severely crippled if you did. As a result, it becomes necessary to attempt to secure the operation of the server processes you need.

  4. UNIX/Linux rootkits 101

    The term rootkit originated with a reference to the root user account on UNIX systems. Rootkits are not limited to UNIX, however, or even to administrative user accounts such as the UNIX root account. No matter what operating system you use, you should be familiar with good practices for detecting and dealing with the threat of rootkits.

  5. Rootkits 201

    Once you have security measures in place to protect you against unauthorized access to your computers and data, as well as the means to detect rootkits in case security is compromised despite your best efforts, you should have a plan ready for recovering in case the worst happens. Rootkit detection is a little different from one operating system platform to the next; whether you’re using, for example, Microsoft Windows XP or FreeBSD, makes a difference for what tools you’ll use to detect rootkits.

    The procedures for recovering from a rootkit infection, however, are effectively the same no matter what platform you’re using.

Right vs. Left: authoritarian wealth destruction

Filed under: Liberty — apotheon @ 05:48

I feel a need to address an interesting post at Philaahzophy with the catchy title Trickle Down Poverty?. It has been a while now — a couple weeks, in fact — since I saw that response to my Ameliorations essay, . . . why capitalism doesn’t flow to poor countries.

The author of Trickle started out with some kind words:

Earlier today I stumbled across a post at Ameliorations discussing a paper from the University of Connecticut’s Department of Economics titled Why doesn’t Capitalism flow to Poor Countries?. The post’s author, Chad Perrin of SOB, does an excellent job of summing up the paper’s conclusions and reframing the discussion from the academic language of the paper into nearly conversational language.

According to Trickle‘s author, the “poignant conclusion” that summed up flow was as follows:

Leftism leads to poverty. Leftist leaders distract people from the causes of their poverty by promising bread and circuses (or, in modern parlance, “social programs”). The poverty-stricken populace thinks it’s getting something for nothing, so it increases support for leftist leaders as a means of “gettin’ mine” in an increasingly poor system. Voila: vicious circle.

According to Trickle‘s author, however, there’s a problem:

However, I don’t see why he stops there.

I’m done with the blow-by-blow recitation of what was said, by the way. Read the rest of it for yourself — from here on out, I just discuss it as though you’ve read it (and my Ameliorations post as well). I assume some implied conclusions based on what was said there — so feel free to dispute the conclusions I’ve drawn, but don’t tell me “(S)he never said that!” I know (s)he never explicitly said some of the things I’ll discuss, but I believe the implications are inevitable and, to the extent they were conscious, quite deliberate on the part of Trickle‘s author.

In the grand scheme of things, of course, Trickle‘s author is right that the big problem isn’t limited to the left wing of government. “The problem” really is authoritarian government in general. Run-away government leads to poverty, period — and it is only to the extent that a society is free that this downward spiral of wealth destruction can be mitigated or even overcome. I never meant to suggest that only the left wing of politics is responsible for the lemming-run to poverty. To directly answer the (implied) question posed by Trickle‘s author: I stopped where I did because that is, in essence, where relevance to the original paper in flow ended. My purpose was then to address the conclusions of the paper with regard to a wealth-destroying impulse toward the political left under certain circumstances. My purpose now is to address the wealth-destroying negative feedback loop that exists in socioeconomic systems such as that in the United States.

The right and left in power are engaged in a mutually reinforcing system of counterbalancing approaches to increasing authoritarian power. The left’s wealth-destroying approach is as described in flow, with the further understanding that the key failures arise as a result of concentrating economic power in a “publicly” managed economy, with governmental officials as representatives of the public majority. The right’s wealth-destroying approach is that of corporatism, with governmental officials as arbiters of a system of a “privately” managed economy in which self-reinforcing concentrations of wealth in “legal entities” leads to their increasing power as extensions of the corporatist state — as managers of a mixed market economy. In both cases, market failures arise thanks to the negative externalities of authoritative economic management.

Furthermore, as Trickle‘s author points out, there is a counterbalancing “see-saw” effect where each extreme — the right and the left — serves as a market-wide overreaction in the public. Majority support is thrown behind first one, then the other, extreme as presented to the public by those seeking to spin their own position in a positive light and the opposing position in a negative light. It is beneficial to each side, in terms of maintaining and even increasing control, to foster a general misconception of only two options. Ultimately, the public majority tends to settle on a fuzzy middle ground made up by this right-left balancing act, where market corrections occur by pitting right-wing and left-wing politics against each other, but the manner in which this is accomplished does not effectively mitigate growing authoritarianism in the system as each extreme (right and left) becomes further entrenched and advertises itself as the only alternative to the danger of the other.

Trying to systematically guard against the growth of centralized authority structures and concentration of power there is a tricky game. The US Constitution was very nearly the best possible attempt at an effective solution to this problem possible at the time of its creation. Time has come to show that it was not perfect, as aptly demonstrated by the problems of the attempted fostering of positive economic and defensive governmental power effects by many of the Constitution’s clauses (such as copyright and patent provisions, unrestricted self-editing provisions, and generative legislation bias). It has become increasingly clear that these are issues in need of addressing in the constitutional definition of a government’s role and reach in safeguarding social harmony.

For the moment, of course, I’m just taking it as a given that we do need government in some (limited) form — as a means of filling the void that would otherwise be filled by the first uniquely successful concentration of power in an anarchistic social order. That assumption as a foundation of some of my statements is not necessary to the core concepts of this SOB entry, however. Any reasonably clear-thinking reader should be able to separate the concepts from the underlying assumptions of equilibrium failures in anarchistic systems (which are made without explanation only to ease the process of making my points).

For the author of Trickle, I hope this satisfies your desire to see me complete a cursory overview of the economic externalities of a counterbalanced right-left political dichotomy, as we have here in the United States of America. I also hope you find and read this, of course, so that if it satisfies that desire you’ll get to enjoy that benefit — and if not, you can let me know exactly how and why it fails.

Note: I’ll probably comment more fully at some “near” future point on the three Constitutional failures of “intellectual property”, self-editing provisions, and generative legislative bias (or what I’m inclined to call the Heinlein Legislation Problem for the moment). Other topics only brushed past in this SOB entry will likely also get some further attention in the future. Please feel free to let me know what needs further elaboration, dear readers, or what you think is poppycock and why (thus giving me motivation to provide further elaboration of course).

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License