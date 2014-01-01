The online world is not particularly horrible; we overwhelmingly use it by choice, not out of necessity, and the benefits far outstrip the risks. Sure, it's also far from being great, and the genuine difficulty of designing complex systems in a secure way plays a role in this (heck, between all the interested parties, we can't even really define what "secure" means in practical terms). But it's not because everybody else is dumb.
While I generally hate analogies like this, I think there are quite a few parallels between the online world and the physical realm, where we seldom settle on absolute security. You have a $10 door lock that can be opened with a paperclip, protecting probably in excess of $5,000 in electronics within your home. In that realm, we are far better accustomed to the trade-offs, in part because we have more intuitive data about what can go wrong. We also take a more dim view of a burglar than of a hacker, which makes us assign the blame a bit differently.
In any case, with online security in particular, there some paths forward, including fairly plausible incremental strategies (better UX in the browsers and operating systems, better developer guidance, better mitigations, a culture of fuzzing and other security testing as a part of QA, etc). There are also some ambitious revolutionary dreams ("New everything! In Rust!") that may actually pan out if enough people get behind them. But I'm not sure what this article is hoping to achieve.
I had an odd thought today about the internet. I was listening to a podcasts (How I built this) and it was about AOL how the internet used to be illegal to connect to, modems, etc...
It's just odd to me how we connect to the internet and we don't even see a screen, we're connecting to someone else's computer (though it's a public-facing server or whatever) but I don't know. Then you create the interface and your brain maps it out where things are. Even though it's all representative ahhhh. I don't know, I'm not really going anywhere with this but damn, I'm glad to be here now in this time. Though I wouldn't mind being in the future being some space pilot or something.
A great many of the security issues that we are seeing in computing are mainly due to fundamental, architectural decisions (it's probably in the text), but it's not as if there is no choice. We had and we still have hardware and architectures that are not memory-oriented and don't use memory-protection, but are fundamentally object-based and use object permissions (i.e. ACLs), enforced at a hardware level. It's just that when these were introduced they were complex and either too expensive or too slow for the mass market, hence simpler architectures prevailed (and no one could've expected otherwise) in the mass markets (desktops, laptops, mobile, computer servers).
The difference between these approaches boils down to memory-oriented systems being fail-open, information-dissemination machines, while object and permission oriented systems are meant to be fail-closed, information-protection machines at the hardware level (before adding millions of lines of C code distributed across rings -2 to 0).
Note how successful information security nowadays tends to be based on similar principles, e.g. SGX or the Enclave on iDevices — the main processor and the main OS are so completely and fundamentally untrustworthy that you throw in either another completely separate computer, or strong-arm (some pun intended) protections at the hardware level, e.g. encrypting memory so the host can't read it, since it is physically unable to access the key.
On the other side, there are many more vulnerable IoT devices and CVEs today than there were in 2014, but even then the problem was evident. As another poster has pointed out, the solution seems to hide behind software ACLs and hardware devices, and hope that those are not also compromised.
As an alternative - "Welcome to the fishbowl, please do not swear."
