Here's an over the top analogy to help make my point:
Imagine you just completed an old fashioned Fort, with thick sloped masonry walls to deflect incoming artillery, etc.... only to learn all the bricks were actually blocks of Plastic Explosive (due to a massive supply chain failure).
You have a Fort that can destroy itself and offers zero defense...
This is the exact situation we all find ourselves sitting in, because our operating systems trust all the code they run by default. Any piece of code executing has no effective limits on what it can do, the side effects of any byte of code are unlimited. The damage that can be done by any instruction about to be executed next is unlimited.... and the one after that, etc.... it can all chain react and there is no way to prove program won't do that (although to be fair, it's not very likely at any given moment)
Operating systems exist that don't ever trust programs to do what they say on the tin... we need to adopt them.... by about 10 years ago.,
The closest you're going to get in the open source world is to browse over to the Genode project... the rest of the systems are old and obsolete, because nobody (besides me) is convinced we need them.
Operating systems exist that don't ever trust programs to do what they say on the tin... we need to adopt them.... by about 10 years ago.,
The closest you're going to get in the open source world is to browse over to the Genode project... the rest of the systems are old and obsolete, because nobody (besides me) is convinced we need them.
Comments, suggestions welcome.
No comments:
Post a Comment