Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Display:
Is it not possible to segregate program memory from applications memory and to sufficiently restrict access to program memory that web access is impossible - starting with 'cookies'? I can see that this might be inconvenient and might trash some currently beloved commercial practices but I would be happy to have only a few software changes per year that I installed via CD I received in the mail from a trusted source. Were this to drastically cut into the business models of Google, Yahoo, etc. they or their replacements could devise new ways to make money. Would work for me. After all, this is a Utopian thread. :-)

"It is not necessary to have hope in order to persevere."
by ARGeezer (ARGeezer a in a circle eurotrib daught com) on Mon Jun 10th, 2013 at 01:55:33 PM EST
[ Parent ]
H'mmm.  OK.  

First you gotta understand commercially available consumer computer architecture is stuck in 1975 using "mental-ware" thunk-up in 1956.  

Second, the security folks are brought in after the hardware, hardware/software, and software folks have designed and built their stuff.  And the conversation goes something like:

Management:  OK, make this secure.

Security Folks:  We need to make fundamental design changes x, y, and z to secure the system.

Management:  Can't change anything.  OK, fake it.

Security Folks:  ^#$%^&!

So ...

Is it not possible to segregate program memory from applications memory

Yes and No.

Yes in the sense everything needed is laying around waiting for someones to get off their asses and plug 'em together.  (The Raspberry Pi gives a hint of what is now possible.)

No because the Decision Makers in the Computer Industry are either technologically illiterate or technologically obsolete.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre

by ATinNM on Mon Jun 10th, 2013 at 04:03:02 PM EST
[ Parent ]
So computer insecurity is just another aspect of the present financialized economy where all decisions are made on the basis of the short term profits of the biggest economic incumbents - unless someone can find a way to make new, spectacular profits from some disruptive development. OR - unless governments or philanthropists make grants to exceptionally able individuals, such as pi suggests down thread, or some combination.

As ASKOD has noted, there is a large potential market for secure, reliable software to run important infrastructure programs, such as taxes, welfare, the entire medical records complex, vehicle registration and tracking, real estate records, etc. The problem, again, is the structure of the society and the role of finance, which, as Migeru notes, is to be the brain cancer of our society. Trying to get software that takes as its most important roles functionality and security, under the present paradigm, will reliably turn into a death match between politically powerful business entities - with a continuation of the current bungling incompetence with regard to functionality and security remaining the likely default solution.

That is a very different conclusion than TINA, which is what the first response seemed to be tending towards. The structure of our societies, optimized as they are for the maximum wealth extraction capability of the very wealthy, quite naturally make all aspects of our existence miserable. Perhaps the situation will self resolve with the current plague of viruses ending in the destruction of the ability to have any confidence in the existing ownership records within out private ownership societies.  

"It is not necessary to have hope in order to persevere."

by ARGeezer (ARGeezer a in a circle eurotrib daught com) on Mon Jun 10th, 2013 at 06:16:13 PM EST
[ Parent ]
So computer insecurity is just another aspect of the present financialized economy where all decisions are made on the basis of the short term profits of the biggest economic incumbents

The entire computer industry is just another aspect of the present financialized ... & etc.  Has to be.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre

by ATinNM on Tue Jun 11th, 2013 at 01:57:03 AM EST
[ Parent ]
And this, once again, is why I wonder if a completely different funding and production model for software should be given a shot.  If the majority of problems are due to past ignorance and present laziness, then focused attention and effort in the right circumstances oughta be able to accomplish something.

Fund people to do the actual hard work of rebuilding things the right way, without an expectation of profit in the near or medium term.

by Zwackus on Mon Jun 10th, 2013 at 08:55:54 PM EST
[ Parent ]
That would be more interesting than trying to enforce standards first and innovate around them later.

In fact there's a fair amount of research in Comp Sci (sic). There are even alternative OS models that are more interesting than anything that's been commercialised.

Problem is, it's not interesting to corporates and it would take too much time/money to make it economic.

What will probably happen instead is a new wave of stuff that's computing++ - a completely different hardware/software/philosophical model, completely new applications, and none of the baggage we have now.

Getting to there from here would be more interesting than trying to reinvent what's around today and make it the-same-but-better.

by ThatBritGuy (thatbritguy (at) googlemail.com) on Tue Jun 11th, 2013 at 07:19:09 AM EST
[ Parent ]
I'm sorry, I guess I hadn't properly explained myself.  What I wanted to propose was . . .

1 - Establish a government body, and hire people to write good OS (for whatever device categories that need it - including buy not limited to home PC, network servers, database hubs, and the computer-bits that run industry and infrastructure hardware) and basic applications software, with the eye on the medium to long term, and with things like security and reliability built in from the beginning.

2 - As a side project, do basic research into things like software verification and whatever other basic things that we don't understand all that well, but which might be useful for the staff working on 1.

3 - When a bunch of the stuff starts to coalesce, think about standards based on the new stuff, and how to use them to bring everybody else up to par over time.

by Zwackus on Tue Jun 11th, 2013 at 09:41:08 AM EST
[ Parent ]
And I hadn't explained myself because a side-idea got stuck in my head in the writing, and went first, and obscured the bit that I thought was more important all along.  Grrr.

What I'd really meant by standards, at least when I was writing it, would be something less like ASCII and more like an objective way of measuring how secure a piece of software is.  I don't think there's really any way right now to formally state or measure something like that, and this seems like a problem.  Maybe it's utterly impossible, but it seems like it would be useful to have a proper security rating, that is properly testable, and legal restrictions based along it.  For example, anything that accesses the internet must get an 8/10 on the formal security scale, or something.

by Zwackus on Tue Jun 11th, 2013 at 09:45:49 AM EST
[ Parent ]
There are lots of security ratings. They're mostly useless or so time consuming and expensive to pass that they apply to previous generations of tech and can only be passed by the big corporates.
by Colman (colman at eurotrib.com) on Tue Jun 11th, 2013 at 09:50:06 AM EST
[ Parent ]
Well - that's been my point here. Such a thing is simply not possible given the current state of the art, no matter how much money you throw at it and how many clever people you hire.

Even if you devised a perfectly secure system - using quantum signalling, or something - there's still a key on file somewhere, or stuck on a postit note next to someone's desk. Etc.

Even if not, security services will demand a back door, which can be exploited.

Security is relative. Most security is non-existent. A few applications pretend to offer 'almost good enough', with hope rather than certainty.

All information has a market value, and if the cost of breaking security is higher than the value, you're safe, up to a point.

But some hackers like breaking into things just because they can. So 'secure' is pretty much meaningless in absolute terms, and certainly not something you can rely on with any confidence.

by ThatBritGuy (thatbritguy (at) googlemail.com) on Tue Jun 11th, 2013 at 11:22:18 AM EST
[ Parent ]
As computing is a fairly new thing, in terms of human endeavors, there may still be a fair bit of wiggle room when thinking about what might be possible or impossible.  Throwing steady, full time employment at people and asking them to think about the problem may be a waste of time if all one is looking at is the final success of e project.  However, this sort of job creation program seems no more harmful or misguided than most, and worse comes to worse, the engineers and programmers so employed, and their families, and they people from whom they purchased goods and services, will have been better off for it.

And even if the project fails in terms of its main goal, its possible that something good may well come of it.  It's a heck of a lot more likely than putting people to work on weapons tech, where success is its own form of failure.

by Zwackus on Wed Jun 12th, 2013 at 12:52:12 AM EST
[ Parent ]
Fund people to do the actual hard work of rebuilding things the right way, without an expectation of profit in the near or medium term.
Government...

Finance is the brain [tumour] of the economy
by Migeru (migeru at eurotrib dot com) on Tue Jun 11th, 2013 at 08:16:16 AM EST
[ Parent ]
"Government..."... which so regularly has such spectacular failures while trying to buy custom software from private sector vendors. If 20% of the money regularly wasted on such fiascoes were put into an ongoing program to develop basic secure, reliable software for a range of governmental operations...we would blow a major hole in the private software business.


"It is not necessary to have hope in order to persevere."
by ARGeezer (ARGeezer a in a circle eurotrib daught com) on Tue Jun 11th, 2013 at 10:35:26 AM EST
[ Parent ]

Display:

Top Diaries

Latest Data Omicron Variant

by Oui - Nov 30
26 comments

Sweden almost has a new PM

by fjallstrom - Nov 26
9 comments

Ten Days That Redefined PM Johnson

by Oui - Nov 14
35 comments

Salman's Saudi Tiger Squad

by Oui - Nov 7
13 comments

Occasional Series