Sunday, January 10, 2021

Computation isn't as safe as a table lamp, yet.

 Computation doesn't have the equivalent infrastructure as table lamps yet.

Testing / Certification: 

A table lamp will be UL/CE approved. This means it will be tested in such a manner that normal use and abuse will not cause unexpected side effects.  Knocking a UL approved lamp off a table will not cause your house to get burned down.  A light bulb of rated capacity will  not cause a short circuit. Normal wear and tear will not cause it to become unsafe.

Outlets: A table lamp plugs into an outlet, of a standard size and characteristics. The outlets are a standard interface that is often nation or region wide. The voltage and current that can be delivered through an outlet are standardized, as is the nature of the loads which may be plugged into it.  The outlet itself, and the housing, and wiring are well regulated.

The outlet is connected to a circuit, and a circuit breaker (or fuse). These devices completely and permanently interrupt the delivery of voltage for a number of standard conditions, including over-current, and also ground faults.

The circuit breaker, or fuse socket, is part of a standard and well understood panel, which is designed to allow a variety of options in deployment, with electricians able to configure them in a wide variety of applications.  Yet, the user of a breaker of fuse panel is protected from the voltages and power inside, and given a standard and easy to understand model of how power is distributed, and controlled.  In fact, some advanced users can use the panel to disable part of their local power network to allow maintenance and modification in a safe manner.

Breakers and fuse panels allow for *lock out*, which will physically prevent the reapplication of power, while maintenance is ongoing.

Power feeds include metering, and themselves are driven from a circuit, and the system is designed in much the same way as the residential and business circuits, but on a larger scale.

Not only all of those are true, but there is more

Circuit breakers and fuses on devices, etc.. are all designed to be coordinated. The smallest fuse/breaker in the chain from source to load should always trip first. This prevents a scenario such as the one where a person plugging a defective toaster into an outlet brings down the entire power grid.

Circuits and power routing have well separated areas of concern. There is no way that a power system problem can directly cause problems with the sewers or other infrastructure, other than failing to deliver power.

Our software infrastructure lacks all of this sophistication and standardization. You can plug in a fan made 100 years ago into a modern outlet, and it will work.  You can't even run an MS-DOS program from the 1980s without resorting to an emulation layer.

You can know that same fan will not cause Russian bots to be able to control the power grid. Nothing plugged into an outlet can ever give you control over the grid.  The same is not true of software, no matter how carefully constructed. We're still at the stage where a bad program can take out its host operating system, and then the network its on.

To say we need more skilled programmers, better aware of the security implications of their work, is to insist that we could run a power grid without circuit breakers in every home. 

The operating system has the job of protecting the network and its users and applications from each other.  There is no equivalent to circuits and breakers.  You can't run a program, and know that it will only consume X amount of CPU, network I/O, or RAM, unlike the outlet limited to 15 amps.

You can't be sure that a program won't have side effects. Plugging in a bad toaster in the kitchen shouldn't effect a circuit in the garage. The damage should be limited by default. None of our Operating Systems do that.

Computation lacks maturity, especially our operating systems. We have no stable standards for anything important.

That, in my opinion.. is the real root issue of almost all problems with computers, software, and security.

No comments: