Discussion:
Computer Security Communication Network
(too old to reply)
Adam Sobieski
2012-12-16 15:22:33 UTC
Permalink
Internet Research Task Force,
Anti-Spam Research Group,

The aforementioned distributed, decentralized computer security communication network, a computer system for the dissemination of instantaneous computer security information between computer scientists is an interesting topic. Such a system can be interoperable with, synchronized with, some concurrent versioning systems of open source projects. Such a system can be interoperable with software development updates of certain varieties and the hashes of concurrent versioning system objects can be utilized. Such a system can, in numerous ways, enhance the security of computers, computer networks, and computer systems by enhancing the well-informedness of each interested computer scientist across the nation.

Such systems can reduce government waste and public expense with regard to some cybersecurity topics across a number of organizations such as the CIA, DHS, DOD, FBI, NSA and USNORTHCOM. Additionally, some existing computer networks, such as military computer networks, are considered to be more secure than some existing civilian computer networks and, amidst that, the government claims that the public should pay taxes for government personnel or government systems to surveil the civilian networks and to surveil the American people.

Americans have expressed concerns about an American news climate over the past decade or more. Americans have expressed concerns about a certain fearmongering concurrent to the introduction of, popularity of, or ubiquity of the Internet and the Web. Americans have expressed concerns about a news climate with regard to cybercrime, cyberwarfare, and cybersecurity topics. Americans have expressed concerns about a news climate with regard to various amorphous domestic and foreign cyberdangers, for example Chinese hackers. The matter, overall, calls into question whether any government organizations may have participated, either directly or indirectly, in activities somehow contrary to ensuring the domestic tranquility.

Additionally, the Shirky Principle states that some institutions might try to preserve the problem to which they are the solution. There could be, then, when faced with bold and new approaches to solving problems, a certain apprehension or reluctance to change, a reluctance to budgetary changes or to the repurposing of personnel. As a large percentage of Americans work for the government, in the public sector, and as an unknown portion of computer scientists have worked on or work on cybersecurity topics, job creation topics can be discussed concurrently to bold and new approaches to solving problems and to addressing Americans policy concerns. With too many remnant policy items from a previous administration, with a fiscal cliff approaching, the United States of America needs new solutions, new plans, to repurpose personnel, to create jobs, to stimulate the economy, and to affirm the primacy of Constitutional philosophy and Constitutional law.

Job creation topics include the construction of new scientific laboratories across the United States. When Americans tend to think of science laboratories, they tend to think of physics laboratories. Beyond physics laboratories, however, beyond the productive overlap of the DOE and computer science, there are many other possible types of science laboratories and computer science can advantage each (http://en.wikipedia.org/wiki/Branches_of_science, http://en.wikipedia.org/wiki/Outline_of_science). Many branches of science can be prefixed with the adjective computational, for example, when considering research topics possible at new multidisciplinary FFRDC's. FFRDC's are presently densely located in California and Virginia and it occurs that many more states across the nation could be enhanced by new FFRDC's for multidisciplinary scientific research and development.

On the topic of cyberpolicy, two pertinent topics include: (1) there exist computer systems and technologies which are more secure than civilian systems, military computer systems; (2) a new information network can be constructed for the dissemination of computer security information between computer scientists to enhance the instantaneous well-informedness of computer software developers and computer security personnel, personnel across the nation responsible for securing each computer, computer system, and computer network, resulting in a reduction of computer security problems and incidents.

Americans are dissatisfied with the United States' cyberpolicy. No American wants to be surveilled by law enforcement, military, or by whatever the DHS is. Would we have future Americans believe that Americans in the early 21st century wanted such cyberpolicies for themselves and for future Americans? Would we have future Americans believe that we wanted to sacrifice liberty for a sense of security?

The Bush administration put forward a false choice between the liberties we cherish and the security we demand. The construction of a new computer security communication network is both timely and appropriate.

As the United States approaches a fiscal cliff, we can consider that our tax dollars can be better spent than on previous cyberpolicy approaches and other remnant policy items from the previous administration. As we move forward, for numerous reasons including: stimulating the economy, job creation, and preparedness for excellence in STEM education with digital textbooks, our plans for leaping across the fiscal chasm can and should include a megaproject, the construction of a large number of new scientific laboratories across the United States, an investment in our American future.



Kind regards,

Adam Sobieski
Martijn Grooten
2012-12-16 16:03:53 UTC
Permalink
Adam,

I am a bit unsure about what the problem is you're trying to tackle in your post, and how you intend to tackle it.

But since this discussion started with the problem of bots sending spam, can you explain how it would solve or mitigate the following two cases:

1. I run a small site using WordPress as the CMS. Because of laziness, not being well-informed about the need for security, or because I run a plug-in that isn't compatible with the most recent version of WordPress, I haven't updated in a while. My site has been compromised and is used to spread spam.

2. I have an old computer running Windows XP that's still working well enough to browse the Internet with. I haven't run any updates unless strictly necessary for my browsing experience. Through a drive-by download on a compromised website, my computer has been turned into a spam-sending bot.

In both cases, let's assume I don't live in the US.

Martijn.


________________________________

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
John Levine
2012-12-16 18:10:03 UTC
Permalink
> The aforementioned distributed, decentralized computer security
> communication network, a computer system for the dissemination of
> instantaneous computer security information between computer
> scientists is an interesting topic.

Since this assertion is rather dubious, we can skip the rest of the
message for now.

We already have effective ways to distribute material from a central
point, such as CDNs. We also already have usenet (yes, it still
exists and some parts remain quite healthy.)

The main thing that a distributed network provides is the ability for
anyone to send out material, but as we've seen on usenet, that
instantly falls afoul of Sturgeon's Law.

In the meantime you might take a look at DCC: http://www.rhyolite.com/dcc/

It is not totally open like typical p2p networks, but anyone with
resonably large mail volume and who doesn't smell like a sleazeball
can run a server that exchanges DCC data, and anyone at all can
contribute message hashes. It's relatively resistant to bad guys
because the main thing you can do to poison it is to report hashes of
single messages as spam, which doesn't help other than for a rather
arcane DoS.
Adam Sobieski
2012-12-17 04:07:13 UTC
Permalink
Internet Research Task Force,
Anti-Spam Research Group,
John Levine,

Distributed checksum clearinghouse heuristics resemble some P2P concepts. Improving on DCC in distributed systems can be achieved simply with Digg.com techniques, with more complex voting systems, and with logic-based techniques, such as evidence-based distributed computing and uses of machine-utilizable argumentation which include user and mechanical observations. Logic programming and computer security, computer security policy, are interrelated, as you can see at the Singularity RDK which includes a Prolog implementation: http://singularity.codeplex.com/SourceControl/changeset/view/69631#140370.

Here are some publications: A Comparative Study of Pub/Sub Methods in Structured P2P Networks by Matthias Bender, Sebastian Michel, Sebastian Parkitny, Gerhard Weikum ; Publish/Subscribe for RDF-based P2P Networks by Paul - Alexandru Chirita, Stratos Idreos, Manolis Koubarakis, and Wolfgang Nejdl ; Content-based Publish-Subscribe Over Structured P2P Networks by Peter Triantafillou and Ioannis Aekaterinidis.

In addition to the discussion topics of new computer security information resources, improving Usenet, improving NNTP is entirely possible.



Kind regards,

Adam Sobieski
John Levine
2012-12-17 05:03:34 UTC
Permalink
> Improving on DCC in distributed systems can be achieved simply with
> Digg.com techniques, with more complex voting systems, and with
> logic-based techniques, such as evidence-based distributed computing
> and uses of machine-utilizable argumentation which include user and
> mechanical observations.

Do you have any basis whatsoever for these assertions? More bad data
is not better data.
Adam Sobieski
2012-12-17 14:33:31 UTC
Permalink
Internet Research Task Force,
Anti-Spam Research Group,
John Levine,

Some techniques for annotating message or system objects include tallying booleans, annotations from a list, or typed hyperlinks from users. In peer-to-peer systems, during search processes, tallied annotations on objects can adorn search result items. Some social networking websites utilize thumbs up or likes. In Digg-based or Reddit-based systems, tallied annotations are utilized in sorting search results.

Extending on those premises, towards the aforementioned more complex voting systems, or more complex annotational systems, a specific example includes that, beyond a button per message or system object, for indicating whether a message or system object is spam or not, or beyond a button pair, we can envision a forms-based process with an initial user interface item of a drop-down menu of spam or other annotational categories. Such a drop-down menu could suffice for either annotations from a list or typed hyperlinks.

Beyond that user interface, however, each category from that drop-down menu could have its own form to complete, where, in each such form, users could indicate one or more text or hypertext selections. At the end of each such form, there could be a navigational option to either return to the aforementioned drop-down menu to add another such annotative object or to complete the forms-based user interaction.

In the indicated example, the selections of text or hypertext, along with categorized annotations, resemble granular and machine-utilizable evidence and observations and users would then have more to either agree or disagree with one another about than with tallied booleans, tallied annotations from a list, or tallied typed hyperlinks.



Kind regards,

Adam Sobieski
John Levine
2012-12-17 17:54:45 UTC
Permalink
In article <SNT002-***@phx.gbl> you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Internet Research Task Force,
>Anti-Spam Research Group,
>John Levine,
>
>[ a lot of stuff ]

I can't help but note that you didn't answer the question.

In any event, if you think this stuff is a good idea, start
implementing it. If your plan is plausible, you might (and I stress
might), get other people to help.

R's,
John
Continue reading on narkive:
Loading...