People often have thought that I am too bloody paranoid at times, and more than once my inability to trust has lead to things falling apart. Trust, to me, is essentially a massive liability. Trust someone with anything, and you essentially hand them a loaded gun, with your name on every bullet.
I find the best way to treat "Trusting people" is to use the doctrine common to infosec people, that of "Least Privilege". i.e. where everyone is hostile and/or a untrustworthy backstabbing asshole until proven otherwise, and even then, they are treated as if they may well become hostile at any given point in time. This way, I manage to avoid getting completely fucked over... most of the time.
Unfortunately, society conditions us otherwise. As people, we are trained to trust people and tell all. Society as a whole ostracise's those who keep to themselves as paranoid or loners. In general, it is easier to take the risk of trusting too much, than put up with the social stigma associated with not trusting at all.
When we trust someone, they implicitly will begin to trust us. If we do not trust someone, they will instinctively mistrust us. Therefore, those of us who refuse to blindly trust are seen as dangerous individuals with something to hide.
I found that making myself deliberately vulnerable was not a solution to the problem of social ostracism due to my paranoia, so I found a different solution, based on privilege levels in modern operating systems.
In "Ring 3", or "usermode", we have "External" (automatically assumed to be hostile), guest (assumed to be hostile, but granted some privileges such as communication), "user" (granted several privileges, but not trusted with anything important to my survival or wellbeing unless strictly necessary, i.e. associates and friends), and "administrator", or "root", who is given the impression they have complete trust. This is reserved for "myself".
We then have the "Ring 0", or "kernelmode". This level of trust is denied to even myself, and is left to things like autonomous reactions, instinct, and other such survival instincts built in over time. Occasionally this may be overridden by directives from "root", but in Ring 0, at kernelmode, the only thing that matters is keeping myself from going unstable or ending up dead/injured. This is the "Self Preservation" part which enforces the other privilege seperations.
The funny thing is, this level of seperation is actually completely workable within the constraints of the human mind. The higher mind, or upper brain, is known as the "modern brain". It handles emotions, empathy, and other such vulnerable functions. The survival instincts and "base self preservation" is kept in the brain stem, or "old brain". To me, this is where the Ring 0 code is kept, well the fuck away from usermode. Can you imagine the havoc that could be caused by thinking yourself into stopping your own heartbeat?
In the end, this system can fail. If one day a user has "sudo" esque privileges, wherin they have almost unfettered access to certain usermode utilities, and they are dropped to "guest" or other levels, they can still leave "hooks" behind and regain some level of access as they please, if their privs are not dropped correctly. This leads to things like people being able to implant suggestions long after being determined to be hostile, and means that granting anyone any privileges whatsoever, is a major security risk to my own sanity.
TL;DR: The best way to go about things is trusting fucking no one, no matter how segmented you keep things. No matter what, someone will manage to abuse the privs they were granted and screw you over at a later date. Enforcing a strict rule of "least privilege" is the best way to avoid unnecessary fucking about, and at least gives untrusted people the impression they are somewhat trusted, avoiding ostracism from society for breaching the societal norm of trusting people.
No comments:
Post a Comment