Hacker News new | past | comments | ask | show | jobs | submit login

You can fix heartbleed--even in C. You can't fix TPM hacks, rowhammer, etc. without buying a new machine.

That's not even getting into the potential of the missteps in the RMM / MMU / SMP / virt systems that exasperate even Torvalds and deRaadt.




You are making an all or none fallacy. While those things do exist, we can't use them as an excuse to prevent the common case.


I'm not making any kind of fallacy here. The chipset is the foundation. Even with perfect programs written in perfect languages, the Mossad can still get whatever they want without breaking a sweat thanks to the silicon.

If we were going to set priorities for making things "better," the foundation would be the reasonable place to start. We'd probably be happy with Algol if we were running it on B5000-style hardware.


It sounds like you mean that stopping the vast numbers of lesser attackers other than Mossad is so much less important that its worth ignoring.

Most people's day to day experience of vulnerabilities is someone getting access to their password or (for the techies) their private server. Stupid actions aside (like leaving a database open to the internet), it'd be nice if things like heartbleed weren't so prolific.

Perhaps when we're living in a dystopian facist state we will wish we started out by fixing the hardware vulns, but until then it'd be nice if, for example, a person who has setup ssl correctly can assume it won't leak data all over the place.


Never said to ignore anything. I'm just outlining priorities.

With things like rowhammer, you don't have to be Mossad to exploit it, and you can't apt-get or windows update your way around it.

From your own examples, better languages can only do so much.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: