A great many of the security issues that we are seeing in computing are mainly due to fundamental, architectural decisions (it's probably in the text), but it's not as if there is no choice. We had and we still have hardware and architectures that are not memory-oriented and don't use memory-protection, but are fundamentally object-based and use object permissions (i.e. ACLs), enforced at a hardware level. It's just that when these were introduced they were complex and either too expensive or too slow for the mass market, hence simpler architectures prevailed (and no one could've expected otherwise) in the mass markets (desktops, laptops, mobile, computer servers).
The difference between these approaches boils down to memory-oriented systems being fail-open, information-dissemination machines, while object and permission oriented systems are meant to be fail-closed, information-protection machines at the hardware level (before adding millions of lines of C code distributed across rings -2 to 0).
Note how successful information security nowadays tends to be based on similar principles, e.g. SGX or the Enclave on iDevices — the main processor and the main OS are so completely and fundamentally untrustworthy that you throw in either another completely separate computer, or strong-arm (some pun intended) protections at the hardware level, e.g. encrypting memory so the host can't read it, since it is physically unable to access the key.
That being said "everything is broken" is a common theme / a painfully sarcastic in-joke between colleagues on the purely functional level of software.
Most security issues we are seeing today are simply a consequence of economic decisions. Omitting security gives one an advantage in time-to-market. "Security can be dealt with later."
Even in 2014, I'm not sure what the takeaway was supposed to be from this, or why this was an article that needed writing. Was it the author's concern that laypeople felt computing was too reliable, too secure? The real problem is the opposite one.
I believe this is partially a "Chicken Little" response to the "Fishbowl Singularity" we've suddenly thrust ourselves into - a number of individuals panicking about living under constant (governmental, advertising, etc) surveillance, as a byproduct of our internet-connected lives.
On the other side, there are many more vulnerable IoT devices and CVEs today than there were in 2014, but even then the problem was evident. As another poster has pointed out, the solution seems to hide behind software ACLs and hardware devices, and hope that those are not also compromised.
As an alternative - "Welcome to the fishbowl, please do not swear."
I hate to be negative, but I've been working in the security industry for several decades now and... the article reads to me like a collection of condescending platitudes that attribute malicious intent or extreme incompetence to just about any person other than the author. Jumping back and forth between Snowden, PDF attachments, and C memory safety does not help.
The online world is not particularly horrible; we overwhelmingly use it by choice, not out of necessity, and the benefits far outstrip the risks. Sure, it's also far from being great, and the genuine difficulty of designing complex systems in a secure way plays a role in this (heck, between all the interested parties, we can't even really define what "secure" means in practical terms). But it's not because everybody else is dumb.
While I generally hate analogies like this, I think there are quite a few parallels between the online world and the physical realm, where we seldom settle on absolute security. You have a $10 door lock that can be opened with a paperclip, protecting probably in excess of $5,000 in electronics within your home. In that realm, we are far better accustomed to the trade-offs, in part because we have more intuitive data about what can go wrong. We also take a more dim view of a burglar than of a hacker, which makes us assign the blame a bit differently.
In any case, with online security in particular, there some paths forward, including fairly plausible incremental strategies (better UX in the browsers and operating systems, better developer guidance, better mitigations, a culture of fuzzing and other security testing as a part of QA, etc). There are also some ambitious revolutionary dreams ("New everything! In Rust!") that may actually pan out if enough people get behind them. But I'm not sure what this article is hoping to achieve.
> we can't even really define what "secure" means in practical terms
I'd suggest a very practical approach here: A system is only secure if the value required to break it is higher than the value that can be obtained by breaking it.
We chose not to define what value means in practical terms, with Internet infrastructure. That is to say, we allow unlimited access to compute resources using conditionals, which themselves may or may not be valuable, or secure.
By turning the golem on its head, and making compute resources use value to return value, we will eliminate this problem. That won't be easy and it won't happen immediately, but it will happen.
The value of protected information is quantifiable. You can assign an average dollar value to a credit card number, SSN, or other information. There is automated software like solarwinds risk intelligence that can find this information on your network to help you either remove it or ensure it is not on unpatched servers.
I'm amazed things aren't worse, that they work at all.
Analogies to the real world are useful, mostly for expectation management.
I know a few things about election integrity. Private voting, public counting. We can have all the laws, rules, procedures, transparency, accountability and so forth we want, to better prevent chichanery.
But what makes it work (when it does) is buy-in, common culture, a shared suspension of disbelief. That this thing is important and worth preserving.
Cliche: locks keep honest people honest. What keeps us (mostly) safe and secure is people's strong preference to simply being honest, to get along with others.
Cheaters, cons, freeloaders are exploiting an evolutionary hack: people's innate sociability (trustfulness). To me, the greatest benefit of these security algorithms, crytpo, blockchains, etc. is to help us identify and mitigate the cheaters and freeloaders.
> The online world is not particularly horrible; we overwhelmingly use it by choice, not out of necessity, and the benefits far outstrip the risks.
Maybe this was true 20 years ago, but it increasingly is not. For example, there are many shops and other institutions in Sweden that no longer accept cash – only debit/credit cards or other forms of online payment. Whether you like it or not, dealing with the online world is often not a choice, and if it was there's a good chance it was made for you.
> the article reads to me like a collection of condescending platitudes that attribute malicious intent or extreme incompetence to just about any person other than the author.
She absolutely attributes extreme incompetence to herself several times. Like, multiple paragraph length anecdotes.
In the future it's going to blow people's minds that software engineers were ever allowed to work on systems that touch people's personal information without a license.
I wonder if in the future there's going to be a divergence in the field of software between programmers who do the software equivalent of haircuts <insert PHP joke here> and those who do the "hard work", whatever that will be.
Having worked for the state, I learned licensing is about protecting jobs of the license holders now protecting the public. Case in point. You need to go to school for two years to be a beautician. You only need to go to school for six months to be a Cop and carry a gun.
It seems insanely optimistic to suppose that any licensing requirement implemented in scope of the current regime would be anything but will anything other than food stamps for whomever manages develops and implements licensing and manages the training process not least of which bureaucracies in schools.
Little of it will even stick to the hands of those who actually do the teaching.
To be clear the idea of education and operational standards is a good idea I just believe your idea would lead to institutionalized and licensed stupid that is very hard to change instead of real sane standards.
I don't know if standards imposed from on high can even be formulated in a way that improves rather than ossifies in the long term your concept may even be broken just in context of current affairs but unfix-ably broken in all possible worlds.
I had an odd thought today about the internet. I was listening to a podcasts (How I built this) and it was about AOL how the internet used to be illegal to connect to, modems, etc...
It's just odd to me how we connect to the internet and we don't even see a screen, we're connecting to someone else's computer (though it's a public-facing server or whatever) but I don't know. Then you create the interface and your brain maps it out where things are. Even though it's all representative ahhhh. I don't know, I'm not really going anywhere with this but damn, I'm glad to be here now in this time. Though I wouldn't mind being in the future being some space pilot or something.
What I was smoking is exhaustion /staying up too late. Now my day will be ruined because of this. Oh well. Got some stuff done at least. But then I wonder/start to question myself, am I delusional. Proof is in the money I guess.
Kind of funny how money on my screen are just digits, I could just open up the console and edit the amount displayed but you know... it's not real haha. I'm still poor as hell.
Ironically, every time I read an article on Medium I get a warning that some web content has crashed. I have no idea what causes this, but it seems unlikely to be anything good.
42 comments
[ 3.1 ms ] story [ 83.6 ms ] threadA great many of the security issues that we are seeing in computing are mainly due to fundamental, architectural decisions (it's probably in the text), but it's not as if there is no choice. We had and we still have hardware and architectures that are not memory-oriented and don't use memory-protection, but are fundamentally object-based and use object permissions (i.e. ACLs), enforced at a hardware level. It's just that when these were introduced they were complex and either too expensive or too slow for the mass market, hence simpler architectures prevailed (and no one could've expected otherwise) in the mass markets (desktops, laptops, mobile, computer servers).
The difference between these approaches boils down to memory-oriented systems being fail-open, information-dissemination machines, while object and permission oriented systems are meant to be fail-closed, information-protection machines at the hardware level (before adding millions of lines of C code distributed across rings -2 to 0).
Note how successful information security nowadays tends to be based on similar principles, e.g. SGX or the Enclave on iDevices — the main processor and the main OS are so completely and fundamentally untrustworthy that you throw in either another completely separate computer, or strong-arm (some pun intended) protections at the hardware level, e.g. encrypting memory so the host can't read it, since it is physically unable to access the key.
https://www.youtube.com/watch?v=3kEfedtQVOY
On the other side, there are many more vulnerable IoT devices and CVEs today than there were in 2014, but even then the problem was evident. As another poster has pointed out, the solution seems to hide behind software ACLs and hardware devices, and hope that those are not also compromised.
As an alternative - "Welcome to the fishbowl, please do not swear."
The online world is not particularly horrible; we overwhelmingly use it by choice, not out of necessity, and the benefits far outstrip the risks. Sure, it's also far from being great, and the genuine difficulty of designing complex systems in a secure way plays a role in this (heck, between all the interested parties, we can't even really define what "secure" means in practical terms). But it's not because everybody else is dumb.
While I generally hate analogies like this, I think there are quite a few parallels between the online world and the physical realm, where we seldom settle on absolute security. You have a $10 door lock that can be opened with a paperclip, protecting probably in excess of $5,000 in electronics within your home. In that realm, we are far better accustomed to the trade-offs, in part because we have more intuitive data about what can go wrong. We also take a more dim view of a burglar than of a hacker, which makes us assign the blame a bit differently.
In any case, with online security in particular, there some paths forward, including fairly plausible incremental strategies (better UX in the browsers and operating systems, better developer guidance, better mitigations, a culture of fuzzing and other security testing as a part of QA, etc). There are also some ambitious revolutionary dreams ("New everything! In Rust!") that may actually pan out if enough people get behind them. But I'm not sure what this article is hoping to achieve.
I'd suggest a very practical approach here: A system is only secure if the value required to break it is higher than the value that can be obtained by breaking it.
Edit: Bank account information is valuable, but it's also one account number change away from being valueless.
By turning the golem on its head, and making compute resources use value to return value, we will eliminate this problem. That won't be easy and it won't happen immediately, but it will happen.
Analogies to the real world are useful, mostly for expectation management.
I know a few things about election integrity. Private voting, public counting. We can have all the laws, rules, procedures, transparency, accountability and so forth we want, to better prevent chichanery.
But what makes it work (when it does) is buy-in, common culture, a shared suspension of disbelief. That this thing is important and worth preserving.
Cliche: locks keep honest people honest. What keeps us (mostly) safe and secure is people's strong preference to simply being honest, to get along with others.
Cheaters, cons, freeloaders are exploiting an evolutionary hack: people's innate sociability (trustfulness). To me, the greatest benefit of these security algorithms, crytpo, blockchains, etc. is to help us identify and mitigate the cheaters and freeloaders.
Maybe this was true 20 years ago, but it increasingly is not. For example, there are many shops and other institutions in Sweden that no longer accept cash – only debit/credit cards or other forms of online payment. Whether you like it or not, dealing with the online world is often not a choice, and if it was there's a good chance it was made for you.
She absolutely attributes extreme incompetence to herself several times. Like, multiple paragraph length anecdotes.
I wonder if in the future there's going to be a divergence in the field of software between programmers who do the software equivalent of haircuts <insert PHP joke here> and those who do the "hard work", whatever that will be.
ANFSCD: Have a free laugh: https://www.youtube.com/watch?v=THNPmhBl-8I
Little of it will even stick to the hands of those who actually do the teaching.
I don't know if standards imposed from on high can even be formulated in a way that improves rather than ossifies in the long term your concept may even be broken just in context of current affairs but unfix-ably broken in all possible worlds.
I had an odd thought today about the internet. I was listening to a podcasts (How I built this) and it was about AOL how the internet used to be illegal to connect to, modems, etc...
It's just odd to me how we connect to the internet and we don't even see a screen, we're connecting to someone else's computer (though it's a public-facing server or whatever) but I don't know. Then you create the interface and your brain maps it out where things are. Even though it's all representative ahhhh. I don't know, I'm not really going anywhere with this but damn, I'm glad to be here now in this time. Though I wouldn't mind being in the future being some space pilot or something.
Anyway thanks
Still, fonts where "0" (zero) and "o" (the lowercase letter) look the same are perverse.
Good one.
My guess is bloated active content in support of advertising.