Mozilla plans to automatically update Firefox 4, without asking the user anything:

Mozilla plans to silently update Firefox

There was once a time I would have thought this is bad. Not telling a user what's going on can't be good, right?

I think this is true for some users, but it's a minority of them. Most people don't understand what the update is for, or why they should get it. That means that some of them will click "no" when asked if they should update. In the rare event someone has a need to not take an update, they can choose to go down this dangerous path.

The obvious counter argument is "what if my vendor does something evil with their update!" If this is something you're worried about, you need a new vendor. If you can't trust your vendor, what's worse, a system that can be infected by an evildoer, or a system that IS infected by a dishonest vendor?

Automatic updates for security flaws are good, automatic updates for random vendor whims are not. I suspect that much of the fear of automatic updates comes from vendors trying to sneak in other changes. I would say if you don't trust your vendor, and they don't trust you, what's even the point?

Private browsing is not as secure as users think, says study

This shouldn't come as a surprise to anyone. Anytime you try to retrofit a new security model into an old one, you will break things, and sometimes it's just impossible to do it right. I suspect that most modern browsers will never be able to remove all possible traces of what you've been up to. There is a clever solution in Fedora 13 though. There is a tool called sandbox that Dan Walsh cooked up. I'll save the scary details, you can read Dan's blog for that.

The basic idea is that you can run a web browser inside of a sandbox, once you exit the sandbox, your files are all deleted. By using SELinux to confine the browser, you don't have to worry about an exploit breaking out of the sandbox. Since all the files are removed once you exit, there is no history left on the disk. Currently the sandbox only deletes the files written to disk, I filed a bug to shred them instead, which would prevent someone from inspecting the leftover bits on the disk.

The only trick that's no obvious, is you probably want to carry along your .mozilla directory for things like bookmarks and plugins. My sanbox browser command is

sandbox -t sandbox_web_t -i /home/bress/.mozilla -X firefox

It's not perfect and I don't use it for everything (yet), but I hope in the near future, all my browsing will happen this way.

Does hype hurt the world of security? Maybe, but probably not.

Black Hat convention hype hurts the enterprise risk management process

The author has one good point about security. Don't fall into the hype. It also has a number of silly points, my favorite being:

The security community must stop this hysterical response to vulnerability research. Security professionals must embrace more measured, logical and reasoned responses to new threats.

This isn't really true. The press needs to stop the hysterical response, vendors should fix their problems and have a reasonable story to tell their customers.

Most of these people are looking to make a name for themselves. The difference is that when these people cause a stir, it sounds scary.

It gets even more scary when you have an unresponsive or silly vendor who just stirs the pot. There are still a lot of vendors who treat security like a PR problem rather than a technical issue. Security flaws are bugs caused by programming mistakes. They need to be fixed, not approached as if they are a news story. If you fix the problem without much fanfare, there isn't much of a story. How many headlines have you read that are "Vendor fixes flaw in timely and reasonable manner!" Not many, it's way more fun to write about the vendor who refuse to fix a security flaw and insists the researcher is a bad bad person who lies and is bad.

Security flaws can be embarrassing for the affected party. Public disclosure, even sensational public disclosure is sometimes needed. These people often don't get paid directly for their work. Their pay is in reputation; they aren't going to complain if their flaw gets lots of hype.

As most people have likely heard, Google Wave is going away. I never really understood Wave myself, but the story here is that it will vanish, and there is nothing you can do about it. Up until this whole explosion of "cloud computing", if a vendor killed a product or went out of business, you still had your product. It probably came in a box, with some floppies and a manual nobody read. You could keep running your application pretty much as long as your operating system let you. There would of course be various support issues to deal with, but if you're clever, you could get by.

The cloud changes this. Google has decided that Wave isn't the future, so it's going to go away. If you like Wave and think it's great, you're out of luck. You can't keep running it, Google says it goes, so it's gone. This is sort of scary. Welcome to vendor lock in 2.0.

This is probably going to happen to other things. I'm not sure which ones, but if you think things like Twitter, Facebook, and Gmail are never going to change, you are sadly mistaken.

This is where it's quite easy to add a positive note for the open source concept. One of the single biggest advantages to open source is getting to control your own destiny. You can help add features, fix bugs, keep features you like. Even if all you ever do is run the application, you don't have to worry about it going away. If you have the source code, you (or some other clever person) can make it run.

But it's the future, and all cloudy and magic, open source doesn't work with this new paradigm!
If you have a hard time "thinking outside the box" where I really mean, wet paper bag, then this is might be a true statement. When you're dealing with open source in a services like atmosphere, you get an added goal of playing nicely with others, and getting to control your data. Identi.ca is a good example of Twitter done right. Look at how XMPP is designed; it's a real distributed instant messaging platform. Unfortunately these services have a huge uphill fight as the money is in keeping users trapped on one service. Many people have never even heard of these things.

Consider things like email and the web. They still exist because they are public standards anyone can use to communicate with anyone else. There is no vendor control. The power is in the two endpoints, not the machines in the middle. Anytime you try to make the middle bits more important than the endpoints, you eventually fail. It can take a while, but it will always happen.

The problem with Wave was that the emphasis was put on Wave, not the users. Wave was really just the string between the tin cans, except it's not my string, it was painted bright orange, and the owner came to take it back. Now all I have are two tin cans. Luckily there's plenty of string.

It seems some folks are indeed storing the body scan images everyone said would never be stored:

Feds admit storing checkpoint body scan images

This probably shouldn't surprise many people. The issue isn't so much that these guys are trying to be evil, but are protecting themselves. Let's say a bad guy gets through the machine. If there is no record of the scan, you have an instant scapegoat; the security screener clearly didn't do their job! If you've saved it though, you can point at it and say "Look, the scan was fine, not my fault!"

People generally don't like to be blamed for anything. When given the choice between what is right, and what could keep them of trouble, most people will opt to stay out of trouble. It's part of our monkey brains at work, we don't like to be in trouble.

Storing these images will probably never change, as it's really easy to convince most people we need these. When someone says "it makes us safer", it's hard to create an argument a normal person will understand. Normal people can relate to wanting to stop bad people from doing bad things (especially to themselves). What they can't relate to is how the people in charge can systematically remove freedoms over a very long period of time, slowly, so most don't notice. Sadly the closest thing to an argument most people grasp about these machines is that they don't want pictures of their naked bodies stored.

The breakfast was quite welcome this morning. I needed a cup of coffee, I woke up rather tired. I never sleep well when I'm away from home.

The morning keynotes were great. I love hearing our message, Jim pointed out that most companies sell features, we sell a subscription. This makes me ponder the normal computer product cycle, which falls in line with The Innovator's Dilemma. You have companies that are really only adding new features, and not usually removing old features, as they're selling a box. Disruptive technology bubbles up from the bottom that's not encumbered by 20 years of "needed" features. With open source, I wonder how or if there is a disruptive force that can come in behind it, that isn't just a new open source project.

I also had the joy of working in the Red Hat booth this afternoon. It's always fun to talk to new people and learn about new things. People also seem to really like the Red Hat buttons we're handing out (or I'm just a really good button hander outer). It's almost frightening how many people I now remember the names of. I'm generally really bad at remembering names. Perhaps drinking the city water unfiltered has granted me some sort of super powers.

The evening event was pretty good. We had happy hour in the partner pavilion. I got a way cool USB hub from Enterprise DB. It looks like a children's toy. I love it. Now I just need to keep it away from the kids. The party upstairs was great. The food was good as was the company. I has some grilled swordfish. I won't complain about that. So far this is a pretty good Summit.

I give my talk tomorrow. Luckily I'm not staying up too late this evening, which should work out well as I speak at 10:20am.

So the first day of the Red Hat Summit is done. It's been a great day. I got to Boston around noon. I ate lunch at the Barking Crab, which turned out to be a great choice. The oyster Po' Boy sandwich was awesome. I spent a few hours wandering around Boston. I love tourist traps, they're so much fun.

The Summit itself always starts out with a reception. You get to walk around, see the booths and talk to various folks. It's always nice to see people I've not seen for a while (usually about once a year at the summit). The turnout seems good. There are a ton of people here.

The talks start tomorrow, there will be plenty more to say then.

Wow, it's been a long time since I've updated this thing. Hopefully I'll be less busy in the future.

Bruce Schneier had a really interesting story:
Nobody Encrypts their Phone Calls

I'm not very surprised by this. Encrypting phone calls is hard (even if you know what you're doing), which I suspect puts folks into two buckets

1) People who don't understand their phone calls can and probably are being recorded
2) People smart enough to not use the phone

The really scary thing though is this quote:

In 2009, encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications,

The question to think about now, is how did they get a transcript? (I suspect it was from a different remote listening device that wasn't a telephone)