On 7/14/15 10:35 AM, John Young wrote:
Cloud and browser together constitute the most invasive programs
since religion was invented and rewarded to absolve overrreaching
and abusive authority.

You don't think ODBC (which was Microsoft's fault, via ANSI) was worse?  CORBA?  Windows itself?  SMB file servers?  We are in massively better shape than we used to be.


Both cloud and browser are deliberately designed to mislead users
about their threats to privacy and security. Iterations, adjustments,
corrections of errors, automatic upgrades, official endorsements,
repeatedly easy hacks, futile hearings of maladies long known and
ignored, concentration of computer power, reduction of alternatives,
foretell disaster as if natural, expected, bearable, and better than
DIY, desktop, solo solutions, mavericks, and worst of all, openness.

Even narrowly true levels of security are better than what we used to have.  Certainly we need to keep getting better.


Cloud and browser are like imperial dogma, what's good for the
empire operators is good for the people. Although cloud and
browser to  succeed must have access to all the people's private
data to assure they remain peaceable.

It's getting better.  Fund Firefox to keep the pressure on.


Sysadmins are the Cromwells, the Hacking Teams, the
Kasperskys, violating law with impunity.

sdw



At 01:02 PM 7/14/2015, you wrote:
Everything will be run in the cloud and browser because it is, overall, a better computation model.  However, that doesn't preclude you from running a cloud locally.  Although pretty much proprietary to Google & Amazon until recently, Docker et al and related VM/container management APIs that are mappable to all kinds of implementations will allow apps, administration, networking, etc. to be fluid between commercial and various types of private clouds.

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows.  Assuming your container system isn't running in Windows, which is becoming an option; one that I won't trust easily.

sdw

On 7/14/15 8:52 AM, dan@geer.org wrote:
 

Discussing security policy post-OPM debacle in a setting to
which
I have access (sorry to be oblique), it was said by a CxO "We have
to prepare for the day when no software we depend on is run on
premises."

I did not handle this well (think sputtering as an alternative to
white rage).  At the same time, I am probably in a bubble in that
I suspect that nearly everyone I see with a computer (of any form
factor) is already in that situation or, save for Javascript piped
in from the cloud to run locally, soon will be -- denizens of this
list and a few others excepted.

Echoing Lenin echoing Chernyshevsky, "What is to be done?" or,
perhaps, "Is anything to be done?"

--dan




-- 
Stephen D. Williams sdw@lig.net stephendwilliams@gmail.com LinkedIn: http://sdw.st/in
V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407
AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres
Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer