Profile cover photo
Profile photo
Jason Brooks
6,774 followers -
I may or may not be the Jason Brooks you're looking for.
I may or may not be the Jason Brooks you're looking for.

6,774 followers
About
Jason's posts

Post has attachment
I’ve been paying extra attention to the news these days, because of the election, so I’ve been having lots of interactions with the Washington Post’s “You Have X Free Articles Left This Month” subscription nag screens, and the similar ones from the New…

Post has attachment
Followup to my post yesterday about WordPress, me, and insufficient delight. I mentioned that my editor fonts look crappy. I noticed that as of version 4.6, the dashboard is supposed to take “advantage of the fonts you already have, making it load faster…

Post has attachment
I’ve switched blog engines from WordPress to Middleman (a static website engine) and back to WordPress, with various other static engine experiments in between. I switched back to WordPress, on a premium subscription, because WordPress started supporting…

Post has attachment
Version 1.4 of Kubernetes, the open-source system for automating deployment, scaling, and management of containerized applications, included an awesome new tool for bootstrapping clusters: kubeadm. Using kubeadm is as simple as installing the tool on a…

Post has attachment
I’ve written recently about running kubernetes in containers on an atomic host. There are a few different ways to do it, but the simplest method involves fetching and running the Debian-based container provided by the upstream kubernetes project. Debian…

Post has attachment
test with more foo

Let me try that again. I’ll link somewhere and make this a link post. If I share to twitter, will the link pass right on to the linked location, or to this post on WP?

Post has attachment
The atomic hosts from CentOS and Fedora earn their “atomic” namesake by providing for atomic, image-based system updates via rpm-ostree, and atomic, image-based application updates via docker containers. This “system” vs “application” division isn’t set…

Post has attachment
While (pretty much) everyone who’s using docker is running it on Linux, and while lots of people run docker on their laptops and desktops, most aren’t running it directly on Linux desktops and laptops. Instead, most individual docker users are relying on…

Post has shared content

Post has shared content
Dear Yubico.

I've read your open letter (https://www.yubico.com/2016/05/secure-hardware-vs-open-source/), and, frankly, I'm disappointed. Your arguments basically boil down to the following

1. Building secure hardware is hard. We've gone out of our way to improve security on Yubikey 4, and believe that disclosing how it works internally will do more harm than good by allowing attackers craft better attacks. (To quote you directly, "the attacker’s job becomes much easier as the code to attack is fully known and the attacker owns the hardware freely").

I was hoping you wouldn't use "security through obscurity" as a bona fide argument, but you did. The reason obscurity arguments are invalid in security circles is because we must always assume that attackers will find ways of getting their hands both on the source code and on full hardware implementation details. They will be stolen, leaked, or subpoenaed (and then stolen or leaked). Security through obscurity always benefits malicious actors to a much greater degree than defenders.

2. Ever since non-developer NEOs, which disallowed uploading applets, there was no way to verify that what is running on the device is the actual source code we publish, so what's the point anyway?

Publishing the source code was a very good indication of openness and good will on the part of Yubico. When it comes to any hardware, we must at some point trust the manufacturer -- unless we have very large budgets that would allow us to fully monitor every step of the manufacturing process. In the absence of such large budgets, we must base our trust on the company's prior record and their willingness to work with the community to show that their hands are clean and their intentions are pure. Putting out a blackbox proprietary device after all the good will you have built up with NEOs sends the exact opposite message. Doing so after all the crypto scandals and at the height of the Burr-Feinstein government backdoor controversy is just feeding the frenzy.

3. "Considering a utopian scenario with an open-and-fully-transparent-and-proven-secure-ip-less chip, given the complexity and astronomical costs of chip development, who would make it?"

Finally, we get to the bottom of it. You had to choose between making an improved-security yubikey-4 available, or making it affordable. As a company operating on the market you must be able to compete, and when faced with a decision of whether to continue with your commitment to open source and open platforms, or whether to remain profitable, you went with the latter. I don't fault you for this decision, but I also leave it entirely on your conscience.

Please fight. Fight with the silicon manufacturers. Fight with IP people who put their stock with NDAs and other three-letter entities. It's not too late. You have built up a faithful following of people who believe that security devices must be fully open and auditable. These people are not utopian idealists -- they are security professionals who know that any alternative is inherently insecure. You know you are in the wrong here, hence your open letter that reads like an apology.

Please fight. On our side. We need you to.

Wait while more posts are being loaded