Friday, December 6, 2013

Attack Surface continued

This is going to be all over the place, so, sorry in advance.

I've said this before, but... Over time, hardware breaks down, but software gets better.

Having worked on both, I can testify that hardware needs a lot more fixing and monitoring than software. Software, yes, you are on the lookout for the inevitable bugs, which, over time, will do a Dragon King event on you. But hardware, working on all that teaches you (faster) that the world is dynamic in a way that supporting software will not teach you in a timely manner.

And so, it is not surprising that software folks would use the term "attack surface", kind of implying a static defense, like a Maginot line or the Great Wall of China, that once you identify all of the chinks in the armor, you are good to go forever. And it suggests a old fashioned way of thinking about things, a neolithic or medieval or pre-modern attitude towards how things work. Which is surprising and kind of counter-intutive, but I think it applies.

Want a good example? Let me start by defining pre-modern as anything prior to 1848. Why that date? Because I consider 1848 the beginning of the modern age, and not just because of the failed revolutions in Europe, with the concomitant underground percolation of liberalism and nationalism (and it's inadvertent export to the USA), but rather the founding of the first modern scientific institutions (primarily with the Imperial Academy of Sciences in Vienna). It is also a post-industrial-revolution date, but also pre-contemporary-corporate-structure date.

Under this definition, the United States Constitution is a pre-modern document. Wait! You might say, the document has amendments, thus making it a, not a static, but a dynamic document.

True. True. But keep in mind that I'm thinking of the Constitution, and all of the rather unwritten laws of governance that occur within and between the three branches, as software. And the machine code of all of these instruments of government, Lockean though they be in intent, are all decidedly Hobbesian in practice, and thus, pre-modern. And as such, I would propose that the practice of governance based upon this software (which teatards revere as holy scripture) is woefully inadequate for modern times.

Primarily in that it does nothing to enhance or support individual freedoms (and note that I did not use the term liberty, and thus, distinguish the difference between omissions and commissions). Now, is this the fault of the original software, or the current hacks that are used based upon the original software (and isn't it sad, don't you think, that one of the primo badass big dick daddio hackers of this code is the chinless reptile Mitch McConnell?)

Consider that, according to various institutions such as, countries such as those following the Nordic welfare model, or countries that were once Soviet satellites, or even traditional monarchies (like, respectively, Finland, Latvia, United Kingdom), have more practical individual freedoms than those that are enjoyed in the US. I would submit that this is so due to these nations updating and rewriting their constitutions. Keeping their software up to snuff, if you will.

Regardless, the point of this that one should (if not occasionally change the nation's genome) at least be open to a little manipulation of gene expressions, which even the lowliest bacteria can accomplish.

Getting me back to attack surfaces. I don't believe in attack surfaces. I believe in attack laminae, which would be the dynamic striations, the active and changing portions of this so-called surface. As such the entry points more appropriately include a time component.

Back to the cell surface analogy. Some toxins are multi-part molecules. One molecule may force a pore in the membrane open, a foot in the door if you will, while another part gains entry to muck up the works. Alternately, since protein channels are slippery critters, one molecule may keep the first from being dislodged, and then allow ion exchange to do the rest (this is employed in some forms of snake venom). But here is the thing. Not all protein channels are vulnerable all the time. There is a window of opportunity when they may be violated. Similar things can happen at many levels of cell membrane biology, and thus the idea of striae or laminae.

Where was I going? Okay, consider the defeat of both the French and Americans in Vietnam. Here you had a situation where a materially more powerful enemy is overcome by political superiority, through the mobilization and organization of the mass of people in a total and protracted engagement. The idea being that, it is possible to achieve a change of war venue and determine its outcome away from the battlefield.  This is more than just a test of wills and commitment, this is a combination of resilient innovation coupled to massively parallel inundation of any all perceived or real entry points.

This isn't your medieval/neolithic physical occupation of land and people's, this is perceived power projection, virtual empire, perceiving the protocols beneath the surface events, and hacking the situation to your advantage. Or to it in a different light:


Fuck that!


