From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from nm19-vm8.access.bullet.mail.bf1.yahoo.com (nm19-vm8.access.bullet.mail.bf1.yahoo.com [216.109.115.103]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 9811221F0F0 for ; Mon, 14 Apr 2014 18:16:52 -0700 (PDT) Received: from [66.196.81.166] by nm19.access.bullet.mail.bf1.yahoo.com with NNFMP; 15 Apr 2014 01:16:51 -0000 Received: from [98.139.221.158] by tm12.access.bullet.mail.bf1.yahoo.com with NNFMP; 15 Apr 2014 01:16:50 -0000 Received: from [127.0.0.1] by smtp118.sbc.mail.bf1.yahoo.com with NNFMP; 15 Apr 2014 01:16:50 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com; s=s1024; t=1397524610; bh=TvBKRCbdWkRJszkuBVmbN40LhgX4ci/HoLGqNx8/JmA=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding; b=aOFQs6D6UjY3Dh/+vPA43m14EQmtqZx67K3O7A/1RFrxHWd0R7RGm4gFMBSsn4o9WS6dXbtWtSVGqRJx+Rl3RsAFPA77guWfanpYDGl2Cawc98vj3tjxOKUodAYZ/0Ju5nw4oWndhlR64cPjxIWwt1VIvbmvKbWMzNrpbdX73sU= X-Yahoo-Newman-Id: 898404.82253.bm@smtp118.sbc.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: Xcdg2ZQVM1kH5HQGhXfHmqs7tQGguPGf5ToquIjCXm_stZU 7Mw_at2_9GEIUF81CH1xyUSGczLSgm3jRb0QN.GtL9IRvEdzPLI17q1LCAzn IzYb9EzC3.TGN2nztzr.0US.ZbzpiycerQtU1GrG3AJ3Xsx4m6Pv1Qt6XsxQ 0.Ch5JFWAMOTEgCycMB6ZOyCtu3uYA9phqVALenVg7UVLGBE9xq1OEURf_TF o8yTnR_LEK_xchrPIvNfQUpGf0Hv5.z_YGh.NDUWbv98ryNXYZc.M_g2atGs cpe7sHvZkP0XDSQWSC1UOI_yBVWLFwPMpMwH1f9nupcx8tDWbfQagbS41mth U2qDs9zC.m3HuNOM3nHkawFUOgMxz76XiSd8TE5d523s0YFhXRq0v4ZLzcnu ISGlxszk9Iihgg74avwft2I.FCalKmuu2OZyvDQlrXYRtIRozy7A43bMwhW6 VpwGEjD2qK8DR4GIExkGBGolzwhGxXdO49tDqJ5exSIU52lD34RbKvCWKRuL kXc_2Jw1QCU84b8bvJ14N1GGxapsSXuc6Efbr_NyxL.rjNvmSKrqtdhsdKDD yTPQFImgYIiqh3IjUjjAgJjV_.MqXM2LnZSqVwwwXeh1Gg4mHSJ2k0qgxJzH ahetF7inl5Ejduogd6WSOkXH7OuHJjlnrs.ptYDMInC4FdFwzkcUBiRuAxSS sORQaiZIitvy8L1Kfp6LiThEv5GryMTIyEyrRZy.TuhnMoqy6ZMY8u5oHyPC 1BtFzl0ex7AL45edkscP0.HIW7co- X-Yahoo-SMTP: sltvjZWswBCRD.ElTuB1l9j6s9wRYPpuyTNWOE5oEg-- X-Rocket-Received: from [192.168.0.13] (davec-b@99.225.150.135 with plain [98.139.221.125]) by smtp118.sbc.mail.bf1.yahoo.com with SMTP; 15 Apr 2014 01:16:50 +0000 UTC Message-ID: <534C8881.40206@rogers.com> Date: Mon, 14 Apr 2014 21:16:49 -0400 From: David Collier-Brown User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: bloat@lists.bufferbloat.net References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Bloat] [Cerowrt-devel] wired article about bleed and, bloat and underfunded critical infrastructure X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list Reply-To: davecb@spamcop.net List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2014 01:16:53 -0000 > Dave Taht wrote... > > On Mon, Apr 14, 2014 at 4:22 PM, wrote: >> All great points. >> >> >> >> Regarding the Orange Book for distributed/network systems - the saddest part >> of that effort was that it was declared "done" when the standards were >> published, even though the challenges of decentralized networks of >> autonomously managed computers was already upon us. The Orange Book was for >> individual computer systems that talked directly to end users and sat in >> physically secured locations, and did not apply to larger scale compositions >> of same. It did not apply to PCs in users' hands, either (even if not >> connected to a network). It did lay out its assumptions; but the temptation >> to believe its specifics applied when those assumptions weren't met clearly >> overrode engineering and managerial sense. > I worked on C2 level stuff in the early 90s, and on a db that tried to get B2 > certification - it was difficult, slow, painful, hard, and ultimately > just a checkbox Going far off-topic, I wrote a tongue-in-cheek article that was actually a suggestion we use labelling and crypto to create severely simplified orange-book compartments, in turn to protect confidentiality... http://www.slaw.ca/2014/01/02/thank-goodness-for-the-nsa-a-fable, with a more technical expansion at http://broadcast.oreilly.com/2013/12/where-were-ye-orange-book-in-w.html In part, this was to see if I could reduce the problem space to something a startup would find possible to fund... --dave --dave -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain