> We need open and verifiable firmware, at the very least, to be able to trust anything.
How? Even ignoring ASICs, I just don't see how it's possible. Even if you had no binary blobs anywhere (we are already in the wonderland), with process for turning source to binary, you need to trust compiler, cpu, flashing hardware and software and the whole lot of other things.
And that's all ignoring the fact that hiding bad stuff in open source is many orders of magnitude cheaper than finding it.
I don't think we have even a theoretical plan for fixing computer security, it just becomes ML bots arena.
> I don't think we have even a theoretical plan for fixing computer
security.
I think we do, but the implications of it are terrifying, overwhelming
and just make people shrug and say "That'll never happen".
How I see it there are two sides.
Those who want a functioning technological society with all the
benefits we believe in as hackers - transport, medicine,
communications, planning... For that we'll have no choice but to make
computers secure.
That side is "society".
In the other corner are those who do not want computers to be secure
(despite what they say). They benefit from insecurity. These are;
- Criminals.
- Governments.
- Industry.
They are not aligned and fight amongst themselves. Only the criminals
are honest in that they don't pretend to want secure computing.
Governments and industry want secure computing for themselves, but not
for the others, or for society.
For secure computing to ever happen three well organised, well funded
and determined groups would have to lose against a disorganised,
distributed, and poor remainder.
There are two things on our side to give us hope;
- That the enemy of my enemy is a temporary friend.
I would be much more worried about the future if not for bitcoin.
It’s the “distributed remainder” you are taking about, and what we are betting one is for the governments of the world to print so much money that everyone loses faith in them. That will act as a check on their power and they’ll need to start earning trust and support rather than taking it for granted.
> with process for turning source to binary, you need to trust compiler, cpu, flashing hardware and software and the whole lot of other things.
"We should not solve this solvable problem because other problems exist" is false.
Meanwhile the other problems have solutions, like reproducible builds, so that the attacker not only has to compromise your compiler/CPU/hardware, they also have to compromise any others the output result gets compared by, or one of them will differ and the attack will be detected.
> "We should not solve this solvable problem because other problems exist" is false.
Without commenting on the truthiness of the comment you are replying to, you have constructed a strawman argument here. They weren't saying that the problem shouldn't be solved because other problems exist, rather that it might not be solvable b/c of so and so obstacles that don't seem to have a solution.
The more accurate statement would be "we should not apply this silution because it only solves 60% of the problem. Instead we should despair abd do nothing at all"
You need deterministic builds of firmware artifacts proven to correspond to source code by multiple parties. You also need hardware purpose made to be user auditable.
How? Even ignoring ASICs, I just don't see how it's possible. Even if you had no binary blobs anywhere (we are already in the wonderland), with process for turning source to binary, you need to trust compiler, cpu, flashing hardware and software and the whole lot of other things.
And that's all ignoring the fact that hiding bad stuff in open source is many orders of magnitude cheaper than finding it.
I don't think we have even a theoretical plan for fixing computer security, it just becomes ML bots arena.