Tuesday, December 17, 2013

Project Snowball

I want to stack the following layers of code into a coherent collection of things that actually work...

Genode  (A capability based security, which uses an L4 trusted kernel)
Linux (which can run already as an app in Genode)
WINE (yeah, I want to run Windows apps)

I'm going to have to deal with QT5 for GUI elements, and my choice of programming languages to try to tie things together.

I want to lock Windows XP applications in sandboxes, in a way transparent to the application, and mostly to the user. This would allow legacy Win32 applications to get a non-proprietary fountain of youth, while also providing actually secure computing.
The main idea is to virtualize applications in such a way as to allow them to work... the way they always did... but not be able to compromise the OS, or anything else. Careful use of scripting to handle events such as file dialog boxes would make it also appear to work the same as it always did, to the user.

They don't have to know that the application actually writes changes to a temporary workset, and only gets true access to files that the user selected via Powerbox (that is made to look identical to the Windows File Open dialog), and then passed to the application via the simulated dialog box not shown to the user. Careful management of interfaces to the application, and to the user, can create a seamless native experience, without the insecurity.

Lots to learn, but at least we don't have to re-write any applications. 

Who is with me?

Hope for the future?

After this mornings posting, on the drive to work... I had an epiphany that may make it possible to have secure computing for everyone after all...

Here's are the working parts going into this ghost of an idea

  • Genode, a L4 microkernel based OS has been churning towards self hosting for a while, and delivers complete Capability Based Security.
  • Genode can run Linux programs as a process.
  • The Linux Wine project has gotten to the point where it can run Windows XP programs quite well.
  • The APIs for Windows are somewhat well known at this point.
If one were to write the code to manage an XP application as a process under Linux / Wine inside of Genode, you could make it appear to the user to be just like XP for most things.

But... a layer of manangement would make things more secure.  How?   Intercept all the dialog boxes for file names, etc... and have them passed up to the user as normal, but then add those as capabilities to the process. This would allow the application to believe it's in a normal XP world, and not have to be tweaked.  The user would still ask for files, etc... like normal.

The difference would be when the application tried to access something outside its normal mission... the management layer would then translate it to the appropriate access, OR just fake it so the application thinks it got away with it.... and toss the results after run-time.

This means that Macro Viruses would work just fine (as far as they knew), but wouldn't actually do any damage. All without tweaking Word, Excel, etc.

A back-end which had a database of appropriate settings could be maintained for everyone which volunteers could add to, in order to support new apps as they were discovered.

This would lead to a secure XP like system (which actually wasn't dependent on Microsoft), and could be managed remotely, at very low cost, for a very long time.

How secure? No virii, no need for scanners. ;-)  Surf any web site with IE6, and it just works, does no damage, and life goes on.

Now to figure out how to make this idea actually work.  Comments and help appreciated.

The lost opportunity of computer security.

I have lost faith in the future. I know that we've lost a key opportunity to build a better future. It's very tempting to look back and point the finger at 4 key men: Gates, Jobs, Torvalds and Stallman, but that wouldn't be fair to them. They had their own battles and fog of war to overcome.

Nobody seems to really understand how truly fucked up things now stand. We could have computers on our desks, and in our hands which are honestly secure. No virus scanners, no constant need to live in fear of something taking them out at random just because you looked at the wrong document, email, or web page.

We don't have that... instead we have layers of scanners trying to quantify evil before it gets executed. We're locked into a future of having devices we can never trust. Devices which will always be a possible tool of oppression.

There is only a narrow window left, while there are still enough desktops and developers to use them to develop something new. An honestly secure operating system, which can be the foundation of honest and trustworthy computing for the masses.

I've explained capability based security so many times, and so many places... your first instinct is to say I'm calling for a silver bullet... but it's not magic, it is just common sense when you think about the really big picture. It's also not a bullet, as it's going to take epic amounts of work to get everything ported to it, years of work.

But... if we can turn this ship, just a bit, we can have computers we can trust. Computers that could then be trusted to talk to other systems. We can end the persistently insecure end-node issue, and start building an internet we can control and govern ourselves.

I hope this makes sense, and catches hold in your psyche... the stakes are huge, and I think you, dear reader, are the only hope left.

Thank you for your time and attention.

Sunday, December 15, 2013

Hard problems in computing

There are some problems, which I've become aware of over time, which tend to take a long time to explain to the layman, because they involve layers of abstraction, that are hard problems. But it's not the abstraction that makes them hard, its programmers and power users and "experts" who really keep things from getting fixed.

Why? Because we feel the issue isn't important, or has already been addressed adequately.

This list will grow, but here's a few to start from.

1. Computer Security - I've talked about this one at length, but the basic gist of this is that the idea of trusting application code, or anything outside of the microkernel of the OS, is insanely stupid. Yet all the Linux fanboys are convinced they don't have anything to worry about. The Network security folks see it all as either dumb users, lazy admins, or bad programmers. Nobody sees the broken security model that got obsolete once Unix left the classroom in the 1970s.

2. Metadata as part of the operating system's job. - There was a good set of blog posts by the person who headed up the Microsoft efforts to integrate metadata into the OS, the last attempt being WinFS. As with problems in this list, it takes a lot of time just to explain the problem. Linux doesn't do it, Windows failed to do it, and we're all the poorer as a result. You should be able to manage and transport metadata with a file, across systems, and just have it work.

3. I haven't found this one yet, and it will take someone an hour just to explain it to me, should they convince me to listen that long... and I'll have an ah-ha moment.... and add it here.

What are your Hard problems in computing?  Doc Searls probably would put VRM vs CRM in here, as an example.