From mboxrd@z Thu Jan  1 00:00:00 1970
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 versus CORBA?
From: "rob pike" <rob@plan9.bell-labs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <20010925141950.92B86199DD@mail.cse.psu.edu>
Date: Tue, 25 Sep 2001 10:19:47 -0400
Topicbox-Message-UUID: f32eecb0-eac9-11e9-9e20-41e7f4b1d025

I think you misrepresent the purpose of security.  Its role is to
prevent us getting work done.  If someone constructs a security
solution that is usable, experts will focus on it like a cat watching
a mouse hole until a fatal flaw is found.  This results in three
things: 1) The technology is disabled, making it impossible to work
again.  2) A solution is worked on, distracting people from getting
regular work done.  3) Finally, a new solution is deployed, requiring
people to spend time updating their systems and networks rather than
getting work done.  At this point, security has failed because people
are working, so the cat goes back to the hole and in a few days the
mouse emerges and is caught and life returns to normal.

So the rule of security is the following: if you are able to work on
something other than security, your system is insecure.

-rob