[Info-vax] Intel proposal to simplify x86-64

Johnny Billquist bqt at softjar.se
Sun Jun 11 09:34:07 EDT 2023 

On 2023-06-11 03:34, Arne Vajhøj wrote:
> On 6/10/2023 7:20 AM, Scott Dorsey wrote:
>> Unfortunately the focus today is on speed and low cost.  People toss 
>> together
>> rapid prototypes and put them into production systems.  Back in the 
>> eighties
>> software engineering people talked about code reusability as being a goal
>> for improving code quality.  Now people just cut and paste library calls
>> that they don't understand off of websites and wonder why their 
>> machine is
>> so slow and insecure.
>>
>> Pretty much all of the things we need to implement very safe computing
>> systems were developed in the 1970s and 1980s and prototype capability
>> architectures have been tested and used.  Back then, people were not 
>> willing
>> to live with the substantial performance hit.  Today, that performance 
>> hit
>> is even more of a problem because so much code is written so much more 
>> poorly.
> 
> Code reuse means library use.
> 
> Todays developers knows less about the library functions they use than
> they did 40 years ago. Because the number of library functions increased
> by a factor 100 or so.

True. However, I also feel that people in general are less writing 
libraries, and more just using them. And instead they copy code and have 
several versions of the same code for every different project they work on.

Most people don't even know how to create a library anymore.

> But it would be horrible expensive to develop todays applications
> with the libraries from 40 years ago. So very little to do
> about that.

Also true.

> Computers are way more secure today than they were 40 years
> ago. They have to because the threats have evolved dramatically.

I'm not sure I agree with that. However, the security problems and 
issues have shifted a lot.

40 years ago, you had a lot of rather stupid, simple security problems. 
Like no encryption on network traffic, little authentication, little 
audited code, and so on. So it was very insecure in that way.

Nowadays, those kind of problems are getting scarce. However, programs 
these days are so complex, and contain so many components. That means 
pretty much noone can really audit or understand the code anymore, and 
noone even tries. In addition, since so many things are in the form of 
libraries or services that you depend on, any kind of problem in any of 
them can potentially affect a whole lot of systems and programs, meaning 
any security issue is potentially a very large and severe one. That was 
not the case 40 years ago.

So security problems are harder to identify, and have a potentially way 
larger impact today. So are we more secure? If you go by the impact of 
the security problems 40 years ago and security problems today, then the 
impact today is way higher. (Obvious, since people exploiting security 
issues have also become way more sophisticated over 40 years, along with 
the tools available.)

40 years ago, social engineering was the biggest exploit vector. 
Probably not different than today. Just think of War Games as a good 
example (pretty close to 40 years ago now).

   Johnny

More information about the Info-vax mailing list