
How Design Works (2012) - macco
https://startupsthisishowdesignworks.com/
======
TheBiv
For a website that is all about design, I found this website to be not very
intuitive or pleasing to look at. I may be in the minority though.

I found the typography was too big, there were too many bold/italics/font
sizes and the actual elements of what makes good design made me click in order
to reveal what the elements are.

~~~
Khao
This feels to me like design overload. Someone tried to do too much or too
many ideas in a single page. I'm with you, I don't like it.

~~~
mod
I also had this feeling, but I'm a far cry from an expert, so I kept my mouth
shut.

I can confidently say I wasn't a big fan of the design, though.

------
mod
Second highlighted word already doesn't work, so now I can't read more about
"undesigned."

(Same for "unstoppable" later down the page)

~~~
metasean
Same for "aesthetic"

------
luxstyle
Why is "environmentally friendly" an aspect of design here? Maybe industrial
design but certainly not a factor in digital design.

~~~
nickpsecurity
In security, environmentally friendly designs are almost always insecure. The
reason is that you get all that low cost and energy through tons of
integration/sharing. This introduces attacks from hardware emanation on up to
software issues due to shared resources. The paradigm of both reliability and
security is isolation of problems one can't prevent. Long story short, that
leads to extra hardware in many forms. Means those systems will always use
more space and energy.

Further, the stuff that's easier to verify and more diverse is on the older
process nodes. They deliver less transistors and use more power in the same
space. However, they're cheaper in mask costs, open-source tools can semi-
handle them, still diverse in number of fabs, and easier to reverse engineer.
So, once again, high confidence and low design/development cost = not
environmentally friendly.

For high confidence systems, it's best to just forget about the environment
entirely. As if those smartphones weren't manufactured from very polluting
processes anyway. Their users are just as guilty: just more judgemental. ;)

~~~
nosuchthing
Curious, what areas or systems are sacrificing environmentally friendly
choices for security choices?

~~~
nickpsecurity
You can start with my security framework that lets you see all the risk in
modern systems along with many techniques for addressing it in development
process:

[http://pastebin.com/y3PufJ0V](http://pastebin.com/y3PufJ0V)

The stuff on the bottom, esp hardware, usually need either faster hardware or
extra hardware to isolate functions on dedicated chips/boards. Except in most
brilliant designs, the more things you counter the more chips or energy you
must use.

An example is a VPN where you have one node for trusted side (Red), one for
crypto component, and one for untrusted side (Black). This is called Red-Black
separation: used by many high-assurance, crypto devices. Having a
node/chip/board each lets you make separation work to your advantage. The Red
and Black nodes will each handle transport, input validation, conversion from
complicated (i.e. standard) interfaces to simpler ones (esp non-DMA), and
administration to a degree. The crypto node, running state machines for just
security part, can be built on all kinds of hardware, have minimal onboard
software, and use about as much security as you like. Such a combo of physical
isolation, interface protection, and implementation simplicity lets you have
confidence that even strongest attackers hitting Black node won't steal data
from Red. That's three pieces of hardware at a minimum with more if you
isolate crypto node's logical functions (esp I/O).

Another angle comes from an approach I advocate against nation-states called
Security through Diversity. The risk is that markets converge on a small
number of hardware, peripherals, OS's, etc. Nation-state resources are large &
necessary targets are small. High odds of 0-day development. Also, increasing
worries that modern stuff might be subverted by NSA, China, Russia, etc.
Easiest way of dealing with this is to diversify one's hardware (even
processor types) and use portable software that cares not what it runs on.
Plus lots of randomization and obfuscation. All this makes the job of getting
from known software issue to working, stealth exploit harder. The best
hardware choices are all old hardware or embedded which takes more hardware
(i.e. servers, boards) to equal modern performance. Will use more space and
energy.

Combining these two models will certainly use more space and energy. Plus, a
lesson established by criminals and spooks alike is to treat all the equipment
as disposable: constantly changing it. Sure someone might use it if you erase
it and drop it off at a pawn shop, etc. The trend still causes more hardware
manufacturing and waste, though.

So, there's a few ways that security against High Strength Attackers trades
against the environment. There's some tradeoffs that can be made with
MCU's/CPU's on low-power process nodes but development costs are prohibitive.
New projects will likely combine existing ASIC's onto boards with redundant,
power-using components. That power usage itself is a security hole (eg side
channel attacks) guarantees this.

------
dang
Discussed at the time:
[https://news.ycombinator.com/item?id=3791427](https://news.ycombinator.com/item?id=3791427).

------
meesterdude
unsurprisingly, well designed! And very informational.

If you're a bootstrapped startup, you should probably consider a bootstrap
template. There are a lot out there, and it allows you to leverage a designers
thoughts, ideas and work that they've already done, and adopt them to your
own, all to the tune of $9. Unless you absolutely know what you're doing, or
unquestionably need a designer, its better to pay for something prefab and
build out from there.

------
AliAdams
I'm interested in reading this but it isn't designed for mobile screens.

Who needs that, amiright?

