
Everything Is Broken (2014) - Liriel
https://medium.com/message/everything-is-broken-81e5f33a24e1
======
f-
I hate to be negative, but I've been working in the security industry for
several decades now and... the article reads to me like a collection of
condescending platitudes that attribute malicious intent or extreme
incompetence to just about any person other than the author. Jumping back and
forth between Snowden, PDF attachments, and C memory safety does not help.

The online world is not particularly horrible; we overwhelmingly use it by
choice, not out of necessity, and the benefits far outstrip the risks. Sure,
it's also far from being great, and the _genuine_ difficulty of designing
complex systems in a secure way plays a role in this (heck, between all the
interested parties, we can't even really define what "secure" means in
practical terms). But it's not because everybody else is dumb.

While I generally hate analogies like this, I think there are quite a few
parallels between the online world and the physical realm, where we seldom
settle on absolute security. You have a $10 door lock that can be opened with
a paperclip, protecting probably in excess of $5,000 in electronics within
your home. In that realm, we are far better accustomed to the trade-offs, in
part because we have more intuitive data about what can go wrong. We also take
a more dim view of a burglar than of a hacker, which makes us assign the blame
a bit differently.

In any case, with online security in particular, there some paths forward,
including fairly plausible incremental strategies (better UX in the browsers
and operating systems, better developer guidance, better mitigations, a
culture of fuzzing and other security testing as a part of QA, etc). There are
also some ambitious revolutionary dreams ("New everything! In Rust!") that may
actually pan out if enough people get behind them. But I'm not sure what this
article is hoping to achieve.

~~~
jacquesm
> we can't even really define what "secure" means in practical terms

I'd suggest a very practical approach here: A system is only secure if the
value required to break it is higher than the value that can be obtained by
breaking it.

~~~
0xdeadbeefbabe
We can't even really define what value means in practical terms.

Edit: Bank account information is valuable, but it's also one account number
change away from being valueless.

~~~
kordless
We _chose_ not to define what value means in practical terms, with Internet
infrastructure. That is to say, we allow unlimited access to compute resources
using conditionals, which themselves may or may not be valuable, or secure.

By turning the golem on its head, and making compute resources use value to
return value, we will eliminate this problem. That won't be easy and it won't
happen immediately, but it will happen.

------
ge96
(read top comment rambling)

I had an odd thought today about the internet. I was listening to a podcasts
(How I built this) and it was about AOL how the internet used to be illegal to
connect to, modems, etc...

It's just odd to me how we connect to the internet and we don't even see a
screen, we're connecting to someone else's computer (though it's a public-
facing server or whatever) but I don't know. Then you create the interface and
your brain maps it out where things are. Even though it's all representative
ahhhh. I don't know, I'm not really going anywhere with this but damn, I'm
glad to be here now in this time. Though I wouldn't mind being in the future
being some space pilot or something.

~~~
nerdponx
I want some of whatever you're smoking.

~~~
ge96
What I was smoking is exhaustion /staying up too late. Now my day will be
ruined because of this. Oh well. Got some stuff done at least. But then I
wonder/start to question myself, am I delusional. Proof is in the money I
guess.

~~~
nerdponx
I've been there. Get some rest.

~~~
ge96
Going to work to wash plates ha. Got my podcasts and my solitude. One... is
the loneliest... numbah that you'll evah doooo...

Anyway thanks

~~~
ge96
Kind of funny how money on my screen are just digits, I could just open up the
console and edit the amount displayed but you know... it's not real haha. I'm
still poor as hell.

------
dom0
(I did not read the entire text)

A great many of the security issues that we are seeing in computing are mainly
due to fundamental, architectural decisions (it's probably in the text), but
it's not as if there is no choice. We had and we still have hardware and
architectures that are not memory-oriented and don't use memory-protection,
but are fundamentally object-based and use object permissions (i.e. ACLs),
enforced at a hardware level. It's just that when these were introduced they
were complex and either too expensive or too slow for the mass market, hence
simpler architectures prevailed (and no one could've expected otherwise) in
the mass markets (desktops, laptops, mobile, computer servers).

The difference between these approaches boils down to memory-oriented systems
being fail-open, information-dissemination machines, while object and
permission oriented systems are meant to be fail-closed, information-
protection machines _at the hardware level_ (before adding millions of lines
of C code distributed across rings -2 to 0).

Note how successful information security nowadays tends to be based on similar
principles, e.g. SGX or the Enclave on iDevices — the main processor and the
main OS are so completely and fundamentally untrustworthy that you throw in
either another completely separate computer, or strong-arm (some pun intended)
protections at the hardware level, e.g. encrypting memory so the host can't
read it, since it is _physically unable to access the key_.

~~~
amelius
Most security issues we are seeing today are simply a consequence of economic
decisions. Omitting security gives one an advantage in time-to-market.
"Security can be dealt with later."

------
lisper
Ironically, every time I read an article on Medium I get a warning that some
web content has crashed. I have no idea what causes this, but it seems
unlikely to be anything good.

~~~
ackfoo
It happened to me about a hundred times during the course of reading that
article on an iPad with latest IOS. Very difficult to make it to the end.

My guess is bloated active content in support of advertising.

------
paulcole
Counterpoint: things are pretty good.

------
beatpanda
In the future it's going to blow people's minds that software engineers were
ever allowed to work on systems that touch people's personal information
without a license.

~~~
booleandilemma
Barbers used to perform surgery.

I wonder if in the future there's going to be a divergence in the field of
software between programmers who do the software equivalent of haircuts
<insert PHP joke here> and those who do the "hard work", whatever that will
be.

~~~
dom0
We already have people that perform the software equivalent of rocket brain
surgery...

ANFSCD: Have a free laugh:
[https://www.youtube.com/watch?v=THNPmhBl-8I](https://www.youtube.com/watch?v=THNPmhBl-8I)

------
jjoe
Is it really surprising that the brokenness of the online world resembles its
real world counterpart?

------
tptacek
Even in 2014, I'm not sure what the takeaway was supposed to be from this, or
why this was an article that needed writing. Was it the author's concern that
laypeople felt computing was too reliable, too secure? The real problem is the
opposite one.

~~~
stephengillie
I believe this is partially a "Chicken Little" response to the "Fishbowl
Singularity" we've suddenly thrust ourselves into - a number of individuals
panicking about living under constant (governmental, advertising, etc)
surveillance, as a byproduct of our internet-connected lives.

On the other side, there are many more vulnerable IoT devices and CVEs today
than there were in 2014, but even then the problem was evident. As another
poster has pointed out, the solution seems to hide behind software ACLs and
hardware devices, and hope that those are not also compromised.

As an alternative - "Welcome to the fishbowl, please do not swear."

~~~
michaelmrose
How can you possibly imagine that this wont be used asymmetrically to a
dystopian degree?

------
mirimir
I enjoyed the article. But then, I also think that everything is broken. So
hey.

Still, fonts where "0" (zero) and "o" (the lowercase letter) look the same are
perverse.

------
draw_down
If we could go back and do it all over again, we'd probably do a better job.
Maybe.

~~~
spectistcles
We'd do just as bad, but differently. Time makes fools of us all.

------
majewsky
(2014)

~~~
stephengillie
_Sung to the tune of "Everything is Awesome" from the Lego movie._

    
    
      Everything is broken, everything is hacked when you're on wifi!
      Everything is broken, when you're living out a cloud!

------
d--b
> Build it badly, and they will come.

Good one.

