Getting small
Gibson could just as well have been referring to Internet security, where spammers have already polluted electronic mail so much that an entire generation has abandoned it, where phishers, pharmers, and other identity thieves are wreaking havoc, and where the old paradigm of security still seems to think it's doing a good job.
I hadn't thought of it, but my kids don't use e-mail. They are all on peer to peer chat/voice solutions in conjunction with blogs. Further, my personal response to the withering attacks on PCs (which had forced me to completely reload Windows every 6 months to a year in order to eliminate invasions), was to move to a PowerPC mac. By getting small, I've totally avoided the security problems I've had with a PC.
Here's a bit of philosophy.The more commonly used (the more ubiquitous) the ecosystem, the less secure it is. These systems represent too big a target, and they are burdened by a complexity and connectivity that makes them impossible to defend. Getting small alleviates the problem.
How small should ecosystems get? Down to the minimal level of viability (viability being defined by the minimal level of activity necessary to provide it with robustness, innovation, diversity, etc.).
How many ecosystems? The greater the diversity of the ecosystems riding on the minimal rulesets of the global platform, the more secure all of us are.
Similar: http://austinbay.net/blog/?p=1366 on microfinance
Posted by: JTH | August 22, 2006 at 08:18 AM
When you carry this to its logical conclusion, you arrive at Object-Capability Security, which is rather obviously (IMHO) the way forward for secure computing. See http://www.erights.org and http://www.coyotos.org for more information.
Posted by: Paul Snively | August 22, 2006 at 01:38 PM
John,
The other approach is to build a system which is itself far less trusting and far more paranoid... I've written about Capability based security quite a few times.
Search URL: http://search.blogger.com/?as_q=capabilities&ie=UTF-8&ui=blg&bl_url=mikewarot.blogspot.com&x=274&y=17
The idea is to only give a program certain abilities, instead of free run of everything.
This approach does work, though its not popular. As I type this in, I see the previous commentor has the same idea.
--Mike--
Posted by: Mike Warot | August 22, 2006 at 05:04 PM
One of my background paranoias is on the lack of diversity in our food supply; we rely an awful lot on soybeans and #2 feed corn. Seems like there might be some transferrable lessons here, with the Irish potato famine as one data point.
Posted by: Dan Lyke | August 22, 2006 at 06:44 PM
About the email spam-- or you just do what a lot of people I know do, periodically get a new email account. Or have several. Or both.
Posted by: tim302 | August 22, 2006 at 08:32 PM
I've had to abandon email accounts due to spam. One account, if you had some error (like a hang up) downloading email, they'd mark it all unread for your next download. It had to be abandoned because they'd hang up after 7 hours online, and at the fastest dialup speed I could get, I could not download it all (in order to delete it) before they hung up on me and I'd have to do it all over again. The customer unhelp line was spectacularily unhelpful.
Dan, the book you're looking for is called "Altered Harvests."
http://www.amazon.com/gp/product/0140096965/
Out of print, but has a pretty scary bit in the begining about the corn blight in 1970 that took out 15% of our corn crop. Similar to the potato blight in Ireland, where the source of all genetic diversity in the potato crop came from 3 potatoes, 80% of our crop that year used Texas Male Sterile Cytoplasm, so a disease that attacked one plant would be able to attack 80% of the crop. If the weather hadn't broken, and lasted about 2 more weeks, we could have lost 80% of our corn crop that year.
Posted by: Tangurena | August 22, 2006 at 10:26 PM
Presumably the desire to be obscure and different (minority game) has to be balanced by the need to be compatible. There are benefits of being part of large networks (Reed / Metcalfe and all that)
It's gonna be a delicate balancing act. Any network large enough for membership to create value is going to be attractive to parasites.
Maybe you can control the interfaces a bit. But ultimately we're all constrained to be implemented on the same biological substrate. Food, disease, susceptibility to shrapnel : these are things we can't opt out of.
Posted by: phil jones | August 22, 2006 at 11:06 PM
john: excellent post. have you considered the application of this to our federal system?
Posted by: Federalist X | August 23, 2006 at 10:25 AM
I always thought this was fairly obvious. The military has worked this way for ages. They've always recognized the distinction between efficiency and effectiveness and leaned toward the latter.
A diverse fighting force is always more effective because if a vulnerability is found against one component, you introduce the next. Helicopters are vulnerable to AA, tanks aren't. Infantry is vulnerable to those biological substrates, but ROVs aren't. The cold war tactic of creating a biological, chemical, and radiological no-mans-land out of a strip of eastern Europe to stop Soviet tanks doesn't work if there aren't people in the tanks.
Security has always been a function of throwing some degree of efficiency out the window for the sake of diversity. And that's the problem with privatization and applying capitalistic thinking to all problems - capitalism *always* favors efficiency.
Posted by: Robert Cassidy | August 23, 2006 at 04:36 PM