[Info-vax] Intel proposal to simplify x86-64

Johnny Billquist bqt at softjar.se
Mon Jun 12 05:38:05 EDT 2023 

On 2023-06-12 01:33, Arne Vajhøj wrote:
> On 6/11/2023 5:12 PM, Johnny Billquist wrote:
>> On 2023-06-11 19:42, Arne Vajhøj wrote:
>>> On 6/11/2023 9:34 AM, Johnny Billquist wrote:
>>>> On 2023-06-11 03:34, Arne Vajhøj wrote:
>>>>> Computers are way more secure today than they were 40 years
>>>>> ago. They have to because the threats have evolved dramatically.
>>>>
>>>> I'm not sure I agree with that. However, the security problems and 
>>>> issues have shifted a lot.
>>>>
>>>> 40 years ago, you had a lot of rather stupid, simple security 
>>>> problems. Like no encryption on network traffic, little 
>>>> authentication, little audited code, and so on. So it was very 
>>>> insecure in that way.
>>>>
>>>> Nowadays, those kind of problems are getting scarce. However, 
>>>> programs these days are so complex, and contain so many components. 
>>>> That means pretty much noone can really audit or understand the code 
>>>> anymore, and noone even tries. In addition, since so many things are 
>>>> in the form of libraries or services that you depend on, any kind of 
>>>> problem in any of them can potentially affect a whole lot of systems 
>>>> and programs, meaning any security issue is potentially a very large 
>>>> and severe one. That was not the case 40 years ago.
>>>>
>>>> So security problems are harder to identify, and have a potentially 
>>>> way larger impact today. So are we more secure? If you go by the 
>>>> impact of the security problems 40 years ago and security problems 
>>>> today, then the impact today is way higher. (Obvious, since people 
>>>> exploiting security issues have also become way more sophisticated 
>>>> over 40 years, along with the tools available.)
>>>>
>>>> 40 years ago, social engineering was the biggest exploit vector. 
>>>> Probably not different than today. Just think of War Games as a good 
>>>> example (pretty close to 40 years ago now).
>>>
>>> There are 3 aspects:
>>>
>>> practices 40 years ago vs practices today
>>> applications 40 years ago vs applications today
>>> threats 40 years ago vs threats today
>>>
>>> Applications has become way more complex and are usually
>>> more openly accessible than 40 years ago.
>>>
>>> Exploiting vulnerabilities has become an industry with
>>> both criminals and socalled "state actors".
>>>
>>> If practices from 40 years ago was used today to develop
>>> applications, then I don't think that would go well.
>>>
>>> It is not really surprising. The world progresses. And
>>> it is not unique for IT. Try design a car using 40 year
>>> old practices and compare the result to a modern car.
>>
>> Not disagreeing with anything you've said, except that I don't agree 
>> that computer systems have become "way more secure than 40 years ago".
> 
> Let me try and rephrase and see if you agree with that.
> 
> If we approximate security risk as:
> 
> f(applications, threats, practices)
> 
> then my claim is that:
> 
> f(applications_2023, threats_2023, practices_2023) < 
> f(applications_2023, threats_2023, practices_1983)
> 
> and:
> 
> f(applications_1983, threats_1983, practices_2023) < 
> f(applications_1983, threats_1983, practices_1983)
> 
> I am not claiming that:
> 
> f(applications_2023, threats_2023, practices_2023) < 
> f(applications_1983, threats_1983, practices_1983)

:-)

Yeah, that I can agree with.

   Johnny

More information about the Info-vax mailing list