You Had Me at Dumbest There's a link bouncing around del.icio.us, The Six Dumbest Ideas in Computer Security. These kinds of lists are always fun, because any time somebody else calls something dumb, that's one less thing you have to call dumb. You can say stuff like "Hey, I'm not saying that using O'Blarton's Trust-Eazey is dumb. I would never question your decision-making like that. There's just this article I read somewhere that said something about it being totally inadequate, and providing a false sense of security, and is apparently sold primarily to Siberian elementary schools. But you probably wouldn't be interested in reading it..." When articles like this get written, you are not shutting down anything. You are merely a vessel. Anyway, I thought Dumb Idea #2, was especially compelling: Enumerating Badness.

"Examine a typical antivirus package and you'll see it knows about 75,000+ viruses that might infect your machine. Compare that to the legitimate 30 or so apps that I've installed on my machine, and you can see it's rather dumb to try to track 75,000 pieces of Badness when even a simpleton could track 30 pieces of Goodness."

And the writer anticipates a response for which he has no patience!

"Now, your typical IT executive, when I discuss this concept with him or her, will stand up and say something like, "That sounds great, but our enterprise network is really complicated. Knowing about all the different apps that we rely on would be impossible! What you're saying sounds reasonable until you think about it and realize how absurd it is!" To which I respond, "What about the title 'Chief Technology Officer' are you earning if you don't know what your systems are running and/or being used for?""

My appetite whetted for more on security, I continued to browse the security tag on del.icio.us, when I bumped into this movie that put the fear in me, regarding trusted computing. It's got incredible graphic design (I grabbed the gif above from the movie), but in general, doesn't explain enough about the idea it's so critical of. It's basically about how the concept of trust is an important one in security, and how devices can make some of those decisions for us, and that we should be concerned about this. Fair enough. I'm sure I share some of these same concerns, and I don't expect a few-minutes long short to cover everything. But when you invoke totalitarian industrial complex and death via ambigious blood silhouettes and dramatic graphic design, go the extra mile to justify the tone! In any case, if you're a graphic design fan, there are lots of really cool details. If you're concerned about trusted computing, give them some helpful narrative to compliment their flair for the dramatic. It is a topic worth getting dramatic about.  ¶ 12:25 AM