Re: L4-hurd Digest, Vol 40, Issue 23

[C Y]

> Date: Tue, 02 May 2006 12:22:49 -0700
> From: "Jeremy Shaw" <address@hidden>
> Subject: Re: Challenge: Find potential use cases for non-trivial
>       confinement
>
> Hello,
> 
> I am not entirely clear on what non-trivial confinement means -- but
> here is my (contrived) attempt:
> 
>   I live in a country with a repressive, immoral government. I belong
>   to a group of like-mind individuals who are working to move the
>   government towards freedom.  We have a tool that let's us
>   collaborate (something like a wiki perhaps). We can not afford a
>   private server and internet connection, so we must opt for a shared
>   server with a web host provider.
> 
>   We would like to *know* that the government can not force the sys
>   admin to spy on us -- because the government would have our heads.
> 
> Obviously this is a very real problem for some people...

I would say this particular problem is a social problem without hope of
technical solution.  If a system does in fact make it impossible for
such a government to order the sysop to spy, then that system itself
becomes illegal to deploy and itself a sign of criminal activity.  It's
like sattelite imagery - the most suspicious areas are the ones you
can't examine, since in theory it is now possible to examine everything
on the surface.  Hiding something becomes socially impractical when the
mere act of hiding it flags it as interesting.

I should say I personally would not suggest that an OS prohibit any
possibility of DRM, since I doubt my own ability to certify that there
is no legimitate use for it, but that's just a personal opinion.  There
are an incredibly large number of uses for computers, and the search
space for use cases is beyond easy determination.  
 
> From: <address@hidden>
> Subject: Re: Design principles and ethics
> To: address@hidden
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> 
> On Mon, May 01, 2006 at 05:05:46PM -0600, Christopher Nelson wrote:
> 
> > Yes, but perhaps I wish to refuse the allow the program to run in
> > certain circumstances, and so I wish to write encode into the
> > program the means for detecting these situations.  You have taken
> > that ability from me.  You are constraining my actions, and
> > removing my freedom.
> 
> Yes, we are taking your "freedom" to enslave others.

There are many, many situations where I can envison a need to do this,
assuming I'm understanding the use case correctly.  Whether it is
legitimate is up for debate I suppose, but I might want to (for
example):

a)  Automatically disable any internet communication when I am in the
process of editing certain files, such as personal financial data.  I
can store this on physically removable media, but when it is loaded
into the computer for manipulation I would want to disable any internet
activity.  I would also want to prevent any program from automatically
reading those files - I would want them read ONLY on my explicit
command, and only from my own user account.

b)  Allow only work-related programs to run on a server if an important
distributed scientific simulation is running, in order to free up more
CPU time.  In a university setting, machines are often multi-purpose -
I may use CPUs both for student labs, and idle time for simulations. 
Since the only legitimate student use of these machines is for lab time
I want to be able to restrict people (at least the standard student
accounts) from running programs outside of lab time.

c)  If I have just recieved a report of a serious security
vulnerability or correctness flaw in a program, I may (depending on the
problem) want to disable the running of this program for every account
save my own until I can implement and test the fix.  I may want to
unlock it for someone else during this procedure if I have to enlist
help, but still keep it locked for general use.

Anyway, I'm not an expert on these issues, so I apologize if I'm
speaking redundantly or to the wrong problem.

Cheers,
CY

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com