zlacker

[parent] [thread] 8 comments
1. tree_o+(OP)[view] [source] 2017-10-27 10:12:26
Yes, but virtualization does seem to have a lot of security benefits.

Theo using lots of clever words to call someone stupid isn't a refutation of this. Even if both layers have holes, the fact that there's more than one layer does, in fact, suggest the composition is more secure.

replies(1): >>jstewa+s
2. jstewa+s[view] [source] 2017-10-27 10:18:25
>>tree_o+(OP)
I respect Rutkowska. That being said, I also think she's putting a band-aid on a festering sore most people call the PC architecture.

Security guys have been going on about "defense-in-depth" for decades, and it all still looks like a trash fire to me.

From a systems perspective, you don't make things more robust by adding more layers that can break. You do it by simplifying it down to something manageable, then managing it.

You call it a security layer. I call it an extra attack surface.

replies(2): >>jerhei+k7 >>jnwats+oe
◧◩
3. jerhei+k7[view] [source] [discussion] 2017-10-27 11:53:33
>>jstewa+s
Using your own reasoning one would end up with absurd conclusions such as that sandboxing shouldn't be added, "You call it a security layer. I call it an extra attack surface." Therefore your reasoning is fallacious.
◧◩
4. jnwats+oe[view] [source] [discussion] 2017-10-27 13:14:28
>>jstewa+s
Rutkowsja herself has done more to expose the broken bits of x86 than probably anyone else. Remember blue pill? That was her. Also important work in SMM and Intel TXT.

I'd say she is well aware of the limitations of her product.

replies(1): >>jstewa+rl
◧◩◪
5. jstewa+rl[view] [source] [discussion] 2017-10-27 14:08:04
>>jnwats+oe
Nothing but respect for Rutkowska. Still think x86 and PC architecture are the kinds of abomination that should be cleansed with fire.
replies(1): >>mi100h+Nn
◧◩◪◨
6. mi100h+Nn[view] [source] [discussion] 2017-10-27 14:19:50
>>jstewa+rl
So your security solution is to just quit using computers?
replies(1): >>jstewa+Kq
◧◩◪◨⬒
7. jstewa+Kq[view] [source] [discussion] 2017-10-27 14:34:12
>>mi100h+Nn
Look into the many different architectures developed from the 60s all the way up to the early 80s. B5000, Symbolics, Alto, VAX, Connection Machine, etc... There are so many ways to go about it, and we really chose the wrong door.

Even back in the 70s, guys like Minsky and Kay knew that bending the man to accommodate the machine was not the way to go about it. x86 is even worse than that because we're bending the man to a half-baked machine that is the result of a collection of historical missteps committed by guys who were geniuses at chemistry and physics, but amateurs at computing.

Then to add insult to injury, in the early days of the PC, IBM drug their feet and tried to hobble the thing enough so that it wouldn't eat into their mainframe sales. I believe that was part of why Microsoft parted ways with them.

replies(1): >>mi100h+ht
◧◩◪◨⬒⬓
8. mi100h+ht[view] [source] [discussion] 2017-10-27 14:47:48
>>jstewa+Kq
Maybe that's true, but it's not like I can go out and buy a VAX laptop at Best Buy.

In light of current circumstances, Rutkowska has developed a solution that's arguably more than just "reasonably" secure.

replies(1): >>jstewa+lx
◧◩◪◨⬒⬓⬔
9. jstewa+lx[view] [source] [discussion] 2017-10-27 15:09:21
>>mi100h+ht
As alternative architectures go, Apple's tablets and smartphones have done rather well when it comes to revenue and market penetration. Also never had to clean a virus off of one.

Hopefully the next platform shift will also iron out that ugly little wrinkle of centralized control.

[go to top]