[Info-vax] Variable declarations, was: Re: improving EDT

David Froble davef at tsoft-inc.com
Tue Nov 22 23:39:47 EST 2016 

Bill Gunshannon wrote:
> On 11/22/16 4:04 PM, David Froble wrote:
>> Scott Dorsey wrote:
>>>  <johnwallace4 at yahoo.co.uk> wrote:
>>>> Quite a few people and organisations would say they cared
>>>> about security. They especially say this after they've been
>>>> publically breached.
>>>>
>>>> Fewer people and organisations actually consider (let alone
>>>> invest in) real security upfront.
>>>
>>> Indeed, and few of them even consider or invest in it after the fact.
>>>
>>>> For certain specific applications, ARM's TrustZone seems to
>>>> have some applicability:
>>>> https://www.arm.com/products/security-on-arm/trustzone
>>>>
>>>> Intel have been trying to achieve something similar on=20
>>>> specific x86-based systems, with little visible effect to
>>>> date:
>>>> https://software.intel.com/en-us/sgx
>>>> https://en.wikipedia.org/wiki/Software_Guard_Extensions
>>>>
>>>> And back in the day, didn't Intel have a capability-based
>>>> chip? The ill-fated iAPX 432?
>>>> https://en.wikipedia.org/wiki/Intel_iAPX_432
>>>
>>> Yes, the iAPX 432 was a very slow machine but one with a lot of real
>>> security
>>> features.  Although it died a horrible death of bloat, many of the 
>>> useful
>>> features in the 432 appeared in the i960 which was an ingenious and well
>>> thought-out architecture that Intel seemed to be totally unable to
>>> sell in
>>> spite of excellent performance and well-designed security.
>>>
>>>> If people actually wanted security, we wouldn't be reading
>>>> about obvious exploit after obvious exploit on the latest
>>>> devices from the Interweb of Trash. Or something.
>>>
>>> Precisely.
>>> --scott
>>
>> I've had two experiences that caused me to throw in the towel and do
>> whatever people wanted.
>>
>> 1) I mentioned to a customer that storing credit card data and checking
>> account data with no protection on an IIS server wasn't a good idea.
>> The response: "why not, everyone does it".
>>
>> 2) While discussing security with another customer I was told "my boss
>> doesn't care about security".
> 
> For the first one I would explain the reason why.

I did.  But, "everyone does it" seemed to be all they wanted to know.

> For the second I would ask "his boss" if that was true.
> If yes, I would look for somewhere else to work.

Bill, companies, consultants, and such work hard to acquire customers.  They do 
not throw them away, just because the customer is wrong.

Rules of customers:

1) The customer is always right

2) When the customer is wrong, refer to rule #1

Nuff said?

I haven't worked as an employee since 1982 ...

>

More information about the Info-vax mailing list