[Info-vax] Servers: Location, Ownership, Control (was: Re: The new world that VMS will be living in)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sat Dec 19 11:48:49 EST 2020
On 2020-12-19 02:51:16 +0000, alexrubensnj at gmail.com said:
> when my kids were in middle school they had an assembly about social
> media. they were taught to consider anything they post to be "public
> and permanent" putting your business, and customer, data on a
> commercial cloud provider is much the same. in doing so you relinquish
> control over who administers your business and where in the world your
> information is accessible from. these commercial services either employ
> staff or deploy systems in regions that may be considered "unfriendly"
> and impose immeasurable risk.
That social media session is an ancient speech in newer togs. There's
the "Never do nothing you wouldn't want printed on the front page of
The New York Times." and the "The microphone is always hot" among many
older versions. The so-called "Right To Be Forgotten" hasn't gotten all
that much traction, either.
Around discussions of servers, there's physical location, there's
server ownership, and there's server control. And in 2020, ~nobody
controls their own servers. That whether those servers are local or
hosted.
A little light reading from 2014 explaining issues of control, "Why
Johnny can’t tell if he is compromised, and what you can do about it"
providing some background on this:
https://docs.google.com/presentation/d/1dRk1czhS0FSNcWEFdRea2_QN7AVuGFLjxL-7gEXBe7w/edit#slide=id.p
Some light reading from 2015, an example of competing backdoors in the
same common VPN server:
https://blog.cryptographyengineering.com/2015/12/22/on-juniper-backdoor/
(And how many of us running local servers in 2020 aren't also running
VPN servers for remote access?)
Or lower-tech, pay somebody for network access, or threaten somebody
for access, or embeds somebody with access. "Plata o Plumo", as it's
also known. Silver or Lead. Or some entity gets a law passed allowing
or requiring access and/or a backdoor.
OpenVMS and VSI and app developers and hardware vendors all have some
work ahead in these system-integrity discussions, whether we're
discussing local or hosted computing.
ps: it's looking likely that HPE won't re-issue the OpenVMS kit-signing
certificate due to expire in 2029, for some of the tracking implemented
within OpenVMS.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list