Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think gatekeeping example serves just as a proof of concept. It could be more useful for continuous monitoring. For example to tell you that somebody else may be using the computer that you are still logged in to.


This is the more compelling case for me. Train it across an organization and then you can monitor who typed what. In operations, this is my killer use case.

The problem is that we have 'server' machines and a system which requires 'root' access to do certain things. We'd love to know who on the operations staff did something on the server (a workaround is to set an environment variable but which works in the 'normal' case but fails if someone is being a bad actor). So you train it up across the org, and then when ever you have a session where the signal from the type sig doesn't match the logged in UID, you alert it (or log it). SO instead of 'root just changed the date to last year' you get 'Chuck just changed the date to last year'. That would be a very very very useful tool to have in one's toolbox.


if someone is misbehaving (and is aware of the system), I would imagine with a certain discipline (say, rotate the keyboard 180degrees and try to touch-type, or just hunt-n-peck with some significant random variation) it would be reasonably easy to 'fool'. That is, it would be unable to classify it as any of the known users.

I'd think it could be more robust than the 'remember to set env X=y before doing stuff' especially for real-time oh shit fix everything moments, as a sort of passive identification, but couldn't hope to stand against a determined adversary.


Isn't the point that it would be rather difficult to impersonate someone else? I mean, the system would realize that "someone" is misbehaving and can flag/log the actions appropriately or even disallow them entirely.


I suspect you are right, however note that the proponents of this technology often claim that they can tell who you are even if you do these sorts of things.


why wouldn't you disable root login and only use sudo with command logging enabled.

http://aplawrence.com/Basics/sudo.html

EDIT: noticed the 'root', making a new assumption this is a windows server box.


"why wouldn't you disable root login and only use sudo with command logging enabled."

Without going into operational specifics, the answer is that this doesn't scale.


Indeed, I'm pretty sure a lot of people are missing the point by commenting that this isn't a successful replacement of the password login mechanism.


Imagine a typing tutor website. You start typing a few warming up exercises, then the system recognizes you and selects the material according to your progress so far. No need to log in whatsoever.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: