[Info-vax] Variable declarations, was: Re: improving EDT
Bill Gunshannon
bill.gunshannon at gmail.com
Tue Nov 22 16:31:00 EST 2016
On 11/22/16 4:04 PM, David Froble wrote:
> Scott Dorsey wrote:
>> <johnwallace4 at yahoo.co.uk> wrote:
>>> Quite a few people and organisations would say they cared
>>> about security. They especially say this after they've been
>>> publically breached.
>>>
>>> Fewer people and organisations actually consider (let alone
>>> invest in) real security upfront.
>>
>> Indeed, and few of them even consider or invest in it after the fact.
>>
>>> For certain specific applications, ARM's TrustZone seems to
>>> have some applicability:
>>> https://www.arm.com/products/security-on-arm/trustzone
>>>
>>> Intel have been trying to achieve something similar on=20
>>> specific x86-based systems, with little visible effect to
>>> date:
>>> https://software.intel.com/en-us/sgx
>>> https://en.wikipedia.org/wiki/Software_Guard_Extensions
>>>
>>> And back in the day, didn't Intel have a capability-based
>>> chip? The ill-fated iAPX 432?
>>> https://en.wikipedia.org/wiki/Intel_iAPX_432
>>
>> Yes, the iAPX 432 was a very slow machine but one with a lot of real
>> security
>> features. Although it died a horrible death of bloat, many of the useful
>> features in the 432 appeared in the i960 which was an ingenious and well
>> thought-out architecture that Intel seemed to be totally unable to
>> sell in
>> spite of excellent performance and well-designed security.
>>
>>> If people actually wanted security, we wouldn't be reading
>>> about obvious exploit after obvious exploit on the latest
>>> devices from the Interweb of Trash. Or something.
>>
>> Precisely.
>> --scott
>
> I've had two experiences that caused me to throw in the towel and do
> whatever people wanted.
>
> 1) I mentioned to a customer that storing credit card data and checking
> account data with no protection on an IIS server wasn't a good idea.
> The response: "why not, everyone does it".
>
> 2) While discussing security with another customer I was told "my boss
> doesn't care about security".
For the first one I would explain the reason why.
For the second I would ask "his boss" if that was true.
If yes, I would look for somewhere else to work.
bill
More information about the Info-vax
mailing list