Tuesday, January 06, 2015

What to do while we wait for secure computing

The problem with secure computing is that it is an obscure design feature that has to be written in at the base level of an operating system, as it effects all subsequent layers... so it is going to take quite a bit of time and effort for people to get it done, once awareness is raised enough to stimulate a demand.

The best measures to take are, in the meanwhile, common sense. Make backups, TEST them. Don't put anything into your computer that can ruin your life if shared with the world. Assume at some point your computer will be wiped randomly... hardware failure is still a fact of life.

Putting operating systems inside of virtual machines is a crude form of capability security, if you lock down the permissions and networking... not something for the casual home user, though.

Let's be careful out there.

Monday, January 05, 2015

Secure computing can be easy to use

Thanks to the PowerBox pattern, capability based security can be fairly easy to use, and in many use cases, it can be almost click for click identical with current ways of getting things done.

A PowerBox is a traditional file dialog box, with a twist in that the results give capabilities (similar to file handles) to an application, instead of just letting the application grab resources as required. The end result is a system in which an application is never directly trusted, and only gets the resources the user decides are appropriate to provide. 

The Genode operating system provides such a system called nit-picker (if my reading is correct)... and this could have been done as long ago as 1995 for Windows, if the need for better security was more apparent back then...

Your computer can be safe, secure, and easy to use.... but we have to demand change to get there.

Hand over your purse or wallet to continue this transaction

Imagine if you had to surrender your wallet or purse in order to buy a pack of gum at the local store... so the clerk could remove the appropriate amount of money, then hand it back to you at the end of the transaction.

This is obviously an unacceptable and odd way of doing things, the clerk could do all sorts of unacceptable things to your possessions, and you would have no way of stopping them. In technical terms: The side effects in this situation are unlimited in scope.

Back in the real world, we have a much simpler way of dealing with it, we hand over a small amount of cash, and expect change. This limits both the amount of risk, and the side effects that are possible. In technical terms: There are hard, a-priori limits to the scope of the transaction.

When you run a program, browse a web page, open a PDF file, your computer's antivirus attempts to guess if the action is safe... and most of the time gets it right. But there is no way to limit the damage that can be caused by a wrong guess... which in 2015 is just plain stupid.


This is the gist of why I've decided to start this campaign to bring security to our modern PC operating systems... we need to be able to be at least as safe as we were in 1983 when we had dual-floppy IBM PCs.... the A: disk was write protected, and the worst you could do was corrupt the floppy in the B: drive if you had a bad day.   You could make backups in less than 5 minutes, and they always worked.

Things can get better...awareness of the problem is the first step

Sunday, January 04, 2015

Windows needs a grenade sump

In warfare, you dig defensive positions to incorporate a grenade sump, so that an inbound grenade can be directed to a place where it will result in minimum harm....

There is no equivalent of a grenade sump in Windows... nowhere you can stick a program that you don't trust, then wait and see if it blows up.

Saturday, January 03, 2015

Windows is like a Fort made out of explosive bricks

Here's an over the top analogy to help make my point:
Imagine you just completed an old fashioned Fort, with thick sloped masonry walls to deflect incoming artillery, etc.... only to learn all the bricks were actually blocks of Plastic Explosive (due to a massive supply chain failure). 
 You have a Fort that can destroy itself and offers zero defense...

This is the exact situation we all find ourselves sitting in, because our operating systems trust all the code they run by default. Any piece of code executing has no effective limits on what it can do, the side effects of any byte of code are unlimited. The damage that can be done by any instruction about to be executed next is unlimited.... and the one after that, etc.... it can all chain react and there is no way to prove  program won't do that (although to be fair, it's not very likely at any given moment)

Operating systems exist that don't ever trust programs to do what they say on the tin... we need to adopt them.... by about 10 years ago.,

The closest you're going to get in the open source world is to browse over to the Genode project... the rest of the systems are old and obsolete, because nobody (besides me) is convinced we need them.
Comments, suggestions welcome.

Friday, July 11, 2014

Tesla was smarter than even the conspiracy folks think.... here's why.

Using high frequency RF energy, the HAARP project is able to modify the conductivity of areas of the ionosphere to lower frequencies (and even DC)... if you did this in a manner to cause the conductive area to shift back and forth, you could turn the entire ionosphere into a MASER.
This was Tesla's grand plan. To harness almost unlimited power from the solar wind, and turn it into usable electricity that could be received by anyone, anywhere, for free.

It wasn't a replacement for power lines... it was way, way better than that!

Monday, May 05, 2014

The future I want to prevent

I've written often about the inadequacy of our current approach to computer security. The biggest problem we face isn't technological, its our hidden, deeply entrenched assumptions about what is (and isn't) possible to do with computing, in general.

I want to describe some of the things I see coming down the road, if we continue our current course of action, hopefully to expand our imagination a bit, and to create the necessary cognitive dissonance to shake things up, and rouse us all to finally fix this, and get on with our lives.


Scenario 1: The I-95 virus.

April 27, 2021  The entire Northeast United States goes under Martial law to deal with the latest cyber-attack. Launched by the "free peoples party of Belgium", it has disabled all Toyota, Lexus, Ford, and Kenworth vehicles implementing the new V2V standard. Over 250,000 vehicles were involved in a series of accidents that took place at 6:51 AM EST.

In the weeks that follow, computer experts determine that a zero day flaw in the subsystem supplied by Acme Limited was successfully exploited to cause this cascade effect. The simultaneous disruption of so many vehicles contributed to the 1,000,000+ injuries and yet unknown number of deaths.

... more scenarios to follow.

Blog Archive