worldwide internet threat map

That's merely changed the magic incantation from one form to another - without solving anything. (And adding the issue of doing it on the fly without increasing latency)

"Bad packet" is equivalent to "bad subroutine call" or "bad memory address".

Why not merely "identify the bad subroutine calls" or bad "memory locations"? The antivirus industry is highly competitive, and has been addressing such issues for decades.

I leave it to you to decide how well that industry has (not) succeeded.

Indeed. I'd bet on CAP architectures, e.g. Intel's iAPX432.

Many attempts have been made, but they have all floundered on the problem of how you get to get to Nirvana starting from here.

The problem is worse than that. Consider the effect of a false positive that incorrectly deleted one packet.

What effect would that have on the end applications?

Who would be liable for the end applications' failure?

And don't forget the associated NewSpeak language in which it was impossible to express a faulty program. Was /anything/ ever released?

Apply compute power. Add a millisecond to every packet transported.

A good AV usually works, but you have to install it, and keep it updated, and trust it, and it slows things down quite a bit.

Enough people aren't protected that their PCs (and webcams, and thermostats, and light bulbs) can be botnet slaves. Using Chinese electronics sure doesn't help that.

OK, things will never change. We'll be running buggy Adobe code under Windows 655 in the year 2200. Only your PC will be attacked 40 million times per second.

Sure. Apply compute power. It will take less than bitcoin mining.

AV programs slow down everything, except pure compute-bound apps. Serious hardware in the net could apply security a number of ways and would not affect an individual PC. You might have to pay a bit more for X megabits of secured internet service; I wouldn't mind.

We already use a DNS server and email scrubbers that make an honest effort to not deliver dangerous IP addresses or emails.

Heck, identify and cut off entire countries until they kick some heads.

Then, they'd have to handle TONS of support calls.

Eventually something will be done.

If the entire internet transport mechanism killed 99% of malicious traffic, and decent OSs killed another 99%, you'd have the same effect. Writing and launching malware just wouldn't be worth the effort.

There are a number of avenues being followed to address these problems, for example the Java virtual machine is an example of a (software) implementation of the situation you describe in second paragraph. Lock it all down and manage it so ideally every hardware resource is abstracted away and interfaced with by user code thru only a known-good set of API calls, require all binaries to be digitally signed, etc.

There were also hardware Java machines for a while that did it in hardware but eventually general purpose CPU software-implementations won over in performance, you can't dynamically optimize hardware logic gates for optimal performance in every use case, it's much easier to optimize the execution flow of a general-purpose CPU for any given application.

It's sure better than just running straight C99 code on a Windows 95 machine connected to the Internet but it's not perfect vulnerabilities have been found in the JVM as well. And users who develop are free to use whatever code they want when they design their web apps, some of which may not have been validated line by line by the developer that such vulnerability isn't there.

Just not using C or junky C++ from the 1980s and 90s would help a lot. C++ has improved in its modern incarnations and there are other newer compiled languages that claim to offer the speed of C plus no undefined behavior/automatic enforcement of secure coding practices. it'll take time for this stuff to filter down, though. A lot of shit code has already been released.

But there's no reasonable way to verify any modern piece of compute hardware or non-trivial software is utterly 100% un-exploitable and semantically correct. Basically it's a trade off between liberty and security how much are you willing to have everything locked down, and firewalled, and slow the execution down as the code dynamically verifies it's not doing anything "wrong" every 10uS, and buy your equipment from the one state store that checks every single line in quadruplicate to get total security. I don't doubt you could get there but at what cost.

It's kind of the Apple model. Modern Apple products and Macs are pretty secure and you won't find too many as members of a botnet. They're locked down in their "ecosystem" and Apple polices it and maintains it, you get your little suite of vetted apps and if you say "Hey I'm a small time developer I'd like to make this for the Mac and..." and they object to your idea or can't vette your code or don't pony up the cash they tell you to piss off. Apparently some people will indeed pay for that.

By all means if you can design the architecture that can provide that level of security, plus competitive execution speed, and power consumption, and also requisite level of backwards compatibility and OS and hardware support please do I'm not gonna be mad.

I'll even put in my promise to buy 1k shares right now I'd sure like to retire by 45 if I can!

Not as amused as the rest of us are by your delusion that you know what you are talking about

All the time?

Perhaps. But DEC got taken over by Compaq in 1998, and Compaq merged with HP in 2002 while Intel still exists.

Pseudocode allows an X86 to run a rational, safe instruction set. Or throw away more cycles and run an interpreter, like Python.

Lock

Yes. c pushes everything onto the stack... data, pointers to code, all sorts of nasty stuff. And x86 brutally mismanages stacks.

So, until we get a decent hardware architecture, pseudocode should be the standard for distributing applications. Too bad that's not going to happen.

We're living in the dark ages of computing.

We'd need to have a modern architecture to try.

John Larkin is living in his own personal dark age of computing.

"Modern" just means recent. The implied contrast is with "old-fashioned" bu t computing hardware is optimised for particular applications, and the most profitable applications have been changing rapidly over the past few decad es, and most of those applications haven't involved running absolutely secu re software.

John Larkin is using "modern" here to mean "magical".

When I disconnect from the internet, the attacks continue. It's fake.

WoW ! Interesting that he did that to you but I guess I shouldn't be surprised. He makes up all these weird names for things and it makes my head spin. I can only take a couple minutes at a time of his videos but sometimes I have to show ppl how weird others can get. No wonder the US is short on technical people and engineers !

BTW, your interesting.html page gives a 404 error. But I see some cool stuff on your site nonetheless.

Actually the ones that you compile yourself from the sourcecode are amenable to direct inspection checking (as is the resulting code). It only takes one level of bootstrapping to get a clean compile.

It was the meme running through Blake's Seven and its AI character Orac.

Basically all computers had a bit in them designed by Orac's creator which allowed it to tap into any and all other computers.

No. We have a much better idea of what is possible and what will work so we spend much less time tilting at windmills a la Don Quixote.

Dec did that fairly well. IBM did not.

The Intel CPU is (possibly was) quite capable of running a hard protected segmented operating system like OS/2 but IBM made such a hash of marketing it by conflating it with their lockin FUD PS/2 hardware that instead of revolutionising desktop computing it sank without trace.

OS/2 still had some niche markets in air traffic control and banking until relatively recently. I suspect few systems remain live now.

It isn't the Intel CPU at fault here. It has or at least had modes that could support segmented data and code where anything that steps out of line gets summarily terminated with extreme prejudice.

Problem is that Windows with a flat memory model with every integer potentially as a pointer to God knows what object allowed chaos.

Spoken like a true hardware engineer.

As someone else noted, solving this problem is equivalent to solving the halting problem. The world will beat a path to your door when you have done that.

Alternatively, partly solving the problem is akin to having pattern-sensitive behaviour in hardware. If you did that with the 'net, the world would beat a path to your door for a different reason.

So that is a concrete illustration of how imperfect your proposed magic is.

Agreed. It is a real problem and will get worse.

COBOL is still around, and so no sign of being removed. It is, however, supplemented by other languages. Similarly, Windows is supplemented by Linux, Android, etc.

The credit card industry offers the best scaleable model. They don't authenticate the users, they do authenticate the transactions.

However, the transactions are not authenticated by all the intermediary companies in the ecosystem (equivalent to the network), but the transaction is authenticated by the end companies i.e. the merchant or the company with their name on the credit card (equivalent to the application).

The end companies decide how much it is worth it to spend on authentication, and that's a commercial decision. You pay those costs, of course.

There is precisely one such modern architecture in existence: see

It has very interesting hardware and software properties, being based on experience personally gained over the past half century on a wide range of architectures.

But they are not fools. It is explicitly designed to run all languages efficiently, specifically including C.

Apple doesn't allow nasty programs by requiring that applications came from the Apple Store. A program called Gatekeeper does a signature check and refuses to run any program it finds lacking. Sometimes the design is not quite right: "Malware Has a New Way to Hide on Your Mac" Microsoft does something similar with programs that originate from the MS Store. Android can be set to only allow apps that came from the Play Store. One can also authenticate scripts and such: If users run only signed programs and apps, we wouldn't have a problem, but there are plenty of good and worthwhile programs from "unknown sources" that do not have or need such signatures or don't want to pay OS vendors to distribute their products. This does not solve all malware problems and assumes that the operating system hasn't been compromised, but it's a step in the right direction. Eventually, the new and improved model of the internet will need to have literally everything authenticated, which then begs the question of whom are you going to trust?

And yet already bumping up against physical/quantum mechanical limits of CMOS feature size!

Well the graveyard of tech biz history is littered with companies who developed the One True Architecture or the One True OS the usual result being nobody ever used it for anything. :(

torsdag den 4. oktober 2018 kl. 16.51.16 UTC+2 skrev Jeff Liebermann:

or the OS vendor refuses

and who are you going to give the power of deciding what you can and cannot run?

And everyone here seems resigned, or maybe happy, about that.

They probably miss steam powered sawmills and gas lighting.