From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=unavailable autolearn_force=no version=3.4.4
X-Received: by 10.224.172.68 with SMTP id k4mr7917310qaz.1.1375992240321;
        Thu, 08 Aug 2013 13:04:00 -0700 (PDT)
X-Received: by 10.50.30.226 with SMTP id v2mr44120igh.17.1375992240283; Thu,
 08 Aug 2013 13:04:00 -0700 (PDT)
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!f7no1629638qan.0!news-out.google.com!he10ni1155qab.0!nntp.google.com!fx3no1706964qab.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.lang.ada
Date: Thu, 8 Aug 2013 13:03:59 -0700 (PDT)
In-Reply-To: <ku0qti$6nr$1@loke.gir.dk>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=63.80.193.9;
 posting-account=nD_N8QoAAACgNfe5vMwm0rMAu4pgYumJ
NNTP-Posting-Host: 63.80.193.9
References: 
 <85li4gmhrt.fsf@stephe-leake.org><2wgl8bcmdsu0$.1rs1604fzwufv.dlg@40tude.net><85vc3jfias.fsf@stephe-leake.org><1gwg87tgm2bo7$.ae7440ka6kmc.dlg@40tude.net><85bo59g6h7.fsf@stephe-leake.org><ul3xotcxb4wh$.1rfdfqdzhndf.dlg@40tude.net><kttvbd$jp7$1@dont-email.me><bccmiwywovsc.1gr3p41feupbk$.dlg@40tude.net><5987935c-dbce-4602-b0e6-2bb85513588b@googlegroups.com><9oo34px7j5ko$.1j7bcnxwzgcxe.dlg@40tude.net><ef5ac77e-14b7-4328-8b7f-0db73020cee5@googlegroups.com><20130808111404.5fc6ce14@hactar.xn--rombobjrn-67a.se><1nfcrgjw8vkrb.1aukq12ys882l$.dlg@40tude.net>
 <20130808133709.09dfef98@hactar.xn--rombobjrn-67a.se>
 <ku0qti$6nr$1@loke.gir.dk>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <2d28eb38-0cbc-4f43-983c-d11318614491@googlegroups.com>
Subject: Re: library/binding for sftp?
From: Alan Jump <alan.jump@gmail.com>
Injection-Date: Thu, 08 Aug 2013 20:04:00 +0000
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Xref: news.eternal-september.org comp.lang.ada:16708
Date: 2013-08-08T13:03:59-07:00
List-Id: <comp.lang.ada>

On Thursday, August 8, 2013 12:18:09 PM UTC-7, Randy Brukardt wrote:
> Everything I read about security says that there is "no practical defense=
=20
> against a determined attacker". That's a bit more nuanced than Dmitry's=
=20
> statement, but it's repeated all of the time by the security experts I re=
ad.=20
> You might be able to stop such an attack by unplugging all of your intern=
et=20
> connections and shutting down all of your computers, but even that isn't=
=20
> certain. And who can do that for long?

You're close. The only truly secure computer is one that has NEVER had powe=
r applied to it. But since that fairly effectively eliminates the usefulnes=
s of a computer as anything except a really expensive doorstop, the best we=
 can do is minimize the risks, since it's become impossible to completely e=
liminate them.

> And Dmitry's point about spies (like the NSA) using "known protocols" is=
=20
> certainly true. They are much less likely to generally monitor what they=
=20
> don't know about. Of course, if they are targetting you directly, see=20
> statement 1.

I have nothing to fear from the NSA. What I fear in doing any sort of contr=
act work is industrial espionage, which is a much more common occurrence, e=
specially if one is on contract with a multinational (which, thank Ghu, I a=
m not).=20

> Honestly, your attitude is dangerously naive. Probably the best strategy =
of=20
> all is to have no secrets that need protecting, as in today's environment=
=20
> you should assume all information is being read (or could be read) by=20
> someone.

Having no secrets to conceal is very close to being as impossible as concea=
ling every secret one has indefinitely.

> When RRS was doing business with the NSA back in the 1980s, we used to=20
> occassionally talk to the light fixtures to remind ourselves of the=20
> possibility of survialence. We thought it was reasonably likely that we w=
ere=20
> spied upon even then, and it's 100 times easier today (we didn't have a=
=20
> network - we used sneaker-net - and weren't connected to any public netwo=
rk=20
> until we started working on Ada 9x).

As stated before, the best one can hope for in this so-called "modern" era =
is to minimize the risks, and part of that is minimizing the damage which c=
an be done by compromised data, be it at rest or in motion. I'd much prefer=
 to place a certain level of trust into peer-reviewed, thoroughly-tested al=
gorithms than in an internally-developed process of unknown and untried eff=
ectiveness. I say "unknown and untried" because internally-developed securi=
ty processes seldom, if ever, are revealed to the computing public at large=
 as having been compromised...they simply quietly go away, and may or may n=
ot appear in security textbooks a few years later as examples of what not t=
o do.

Just my 2p worth.

 - -
73 de N5ILN
Alan