From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu Subject: Re: [9fans] Plan 9 versus CORBA? From: "rob pike" MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Message-Id: <20010925141950.92B86199DD@mail.cse.psu.edu> Date: Tue, 25 Sep 2001 10:19:47 -0400 Topicbox-Message-UUID: f32eecb0-eac9-11e9-9e20-41e7f4b1d025 I think you misrepresent the purpose of security. Its role is to prevent us getting work done. If someone constructs a security solution that is usable, experts will focus on it like a cat watching a mouse hole until a fatal flaw is found. This results in three things: 1) The technology is disabled, making it impossible to work again. 2) A solution is worked on, distracting people from getting regular work done. 3) Finally, a new solution is deployed, requiring people to spend time updating their systems and networks rather than getting work done. At this point, security has failed because people are working, so the cat goes back to the hole and in a few days the mouse emerges and is caught and life returns to normal. So the rule of security is the following: if you are able to work on something other than security, your system is insecure. -rob