Frank Lloyd Wright was right!
In spite of Linus' Law ("given enough eyeballs, all bugs are shallow"), despite the best efforts of the national CERTs, and in spite of layers upon layers of security, we keep seeing new attacks, new exploits, and new vulnerabilities. In simpler terms, it's the "same stuff, different day". It's not because there are more bad guys out there (although there are), and it's not because the bad guys are smarter (but they are). It is because we are working with tools and systems that are fundamentally flawed.
Our house of bricks is built on a sandy foundation, and we find ourselves at a crossroads - the same crossroads that every technology has faced in our long history: start over again and do it right from the start, or keep doing it wrong until it all falls over in a heap.
This talk will try to take a lighthearted look at some really bad news:
Either we will have to spend a lot of money redeveloping our basic tools, infrastructure, and even operating systems properly, or we will have to spend a lot MORE money patching bugs and regularly recovering from security disasters (and continually be faced with the same basic problems). One way we have a lot of unhappy people now, the other way will have a lot of unhappy people now AND later.
In the 1950's, the architect Frank Lloyd Wright was given a tour of Pittsburgh, which ended atop Mt. Washington. He was asked "what should we do (with the city)?". In his inimicable style, he looked around and said "raze it and start over". Having lived in Pittsburgh for 35 years, I can tell you that he was right.
I've worked with computers for as long as I've been in Pittsburgh. Frank's advice is strangely appropriate for our current state of computer affairs, too...
Daniel Klein has somehow convinced the Danish authorities to let him back in the country after his last visit to Open Source Days. He began his life of crime in 2nd grade, when he was caught with a pack of firecrackers. Since then his brushes with authority have been sporadic but relentless, but have not managed to deny him a security clearance, a job, or his well deserved reputation as an off-the-wall maverick. His computer experience has included simulation and process control, the internals of almost every Unix kernel released in the past 31 years, graphical user interface management systems, compilers, medical diagnostic systems, the 800 year history of drawing languages, Ada runtime kernels, a racetrack betting system, research into Unix password security, and oodles of CGI scripts. He holds a Masters of Applied Mathematics from Carnegie Mellon University in Pittsburgh, and in his free time is a photographer, directs a professional a cappella group, and a member of an improv comedy troupe. Dan is a frequent invited speaker and tutorial xinstructor at USENIX, SANS, and assorted courtrooms and classrooms around the world.