[Cryptography] defaults, black boxes, APIs, and other engineering thoughts

[Marshall Clow]

On Jan 4, 2014, at 8:06 AM, Jerry Leichter <leichter at lrw.com> wrote:

> On Jan 4, 2014, at 5:22 AM, ianG wrote:
>> Have you noticed how the entire world is moving to a much more sophisticated update model, typically dynamically, monthly?  If you can do that, you don't need algorithm agility as a static tool.
> I would contend the dynamic, monthly update model is a sign of failure, not success.  For it to be a success, it would have to be putting itself out of business - i.e., the quantity and severity of problems would be going down over time, aiming for complete cessation in some visible future.  In fact, there is no evidence I've seen that this is happening.  Most likely, the *opposite* is happening:  One of the reasons we've gone to monthly updates is that the volume of individual updates was so large that people couldn't keep up.  And then we went to automatically, silently installed updates because people couldn't even keep up with the monthly updates.

The “best” part of the dynamic update systems that are currently in place (Windows, Mac, iOS, etc), is the opportunity for a malicious actor to automatically push malware/spyware to a million devices at the same time - or (possibly even more chilling) to deliver targeted payloads to individual systems.

[ Broadly speaking ]
When you run “software update”, it sends a whole bunch of identifying information back to (say) Apple. How much of this is unique to your machine? Or you?
Then the servers at (say) Apple send back a list of recommended updates, along with URLs for downloading the updates.

This setup is *designed* to deliver individualized updates.

— Marshall