[Info-vax] A DCL wish list of sorts...
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Mar 22 16:29:54 EDT 2019
On 2019-03-22 16:45:09 +0000, Dave Froble said:
> I can imagine that those writing system and utility level code make
> some assumptions, such as "reasonable" users.
It's not just the folks writing system and utility code, we're well
along and headed for everybody. Well, everybody with an interesting
network position, or with sensitive data, or financial data, or that's
part of the supply chain of an interesting target.
> Try writing apps. One learns quite quickly to trust nothing, and check
> everything. Nothing like a casual user to find ways to screw up just
> about anything. There was a phrase I used to know, went something like
> "Why would you ever do that?", and the thing was, many times the user
> had a perfectly valid reason for doing so.
As you state, "trust nothing". That's been longstanding and good
advice, though we're increasingly working with a better assumption;
that the apps are or will be breached. Striving for perfection hasn't
worked all that well. Hence software and hardware isolation (SGX,
TrustZone, etc), encrypted storage, faster patch deployments and with
automated patching, and with sandboxing and related techniques.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list