<div dir="ltr"><div class="gmail_extra">You are entirely right in that security comes second to most things, especially features.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_quote">2014-06-06 21:08 GMT+02:00 Bear <span dir="ltr"><<a href="mailto:bear@sonic.net" target="_blank">bear@sonic.net</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":1dw" class="a3s" style="overflow:hidden">Ultimately, I believe in security. But what I believe<br>
about security leaves me far from the cutting edge; my<br>
security environment is more like bearskins and stone<br>
knives, because bearskins and stone knives are simple<br>
enough that I can *know* they won't do something I don't<br>
want them to do. Smartphones and computers simply cannot<br>
provide that guarantee. The parts of their security models<br>
that I do understand, *won't* prevent any of the things<br>
I don't want them to do.<br></div></blockquote><div><br></div><div>I'm afraid that not even our chips can provide any guarantees anymore. It's mostly (entirely?) because they have grown so complex. The question is how to have "secure bottlenecks", behind which complexity can exist without causing any harm.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":1dw" class="a3s" style="overflow:hidden">An iron box with a padlock on the other hand is a simple<br>
enough security model to understand, and does provide<br>
strong guarantees about what that environment won't do.<br></div></blockquote><div><br></div><div>I don't consider my physical safety to be very high. Maybe that's a mistake, but anyone could knock in my windows (double glass is hardly any stronger than single glass) and break whatever physical security I have. Breaking my computer/software stuff takes real skill. I'm not so very high value (yet) so nobody would expose his/her capabilities hacking me.</div>
<div><br></div><div>At least, that's the general reasoning. I will have to increase my security gradually as my getting-hacked value increases. And it really worries me. I don't know how to increase security very far. So little of the stack is trusted. Actually nothing in the stack is trusted. It's like getting entropy without randomness, it just isn't there. The CPU itself, with it's remote administration, the motherboard, with it's build-in ethernet port, the macrokernel OS with it's binary drivers, etc, etc.</div>
<div><br></div><div>What's worse is that security is immeasurable, the cost of a loss of security is unclear, etc. How can I justify buying something that's obviously worse for everything except security?</div><div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":1dw" class="a3s" style="overflow:hidden">Just a musing, I guess.... the point is that the industry<br>
is now building security models which want to provide<br>
collaboration, and single sign-on, and synchronization,<br>
and interoperation, and 'cloud storage' and so forth -<br>
but in doing so simply do not and can't provide good<br>
reasons for trust nor solid mathematical proofs of<br>
how the things I don't want them to ever do have been<br>
rendered impossible.</div></blockquote></div><br>Single sign on has the potential for being a fantastic measure for identity and security online. The way it's done now quite the opposite is happening. Integration of services causes security woes. Fallback upon e-mail is still a crazy anti-account-capture-measure that's nonetheless very effective.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Your musing is heard and agreed with. In sorrow I must say that we are in quicksand up to our noses, and most people like it down here. If we are to get out it will be a very painfull, very long process. </div>
<div class="gmail_extra"><br></div><div class="gmail_extra">And some people say snorkles will keep us perfectly happy.</div></div>