Re: PcwRunAs Password Obfuscation Design Flaw

[夜神 岩男 <supergiantpotato () yahoo co jp>]

--- On Thu, 2012/3/29, Christian Sciberras <uuf6429 () gmail com> wrote:

> So, it seems it dawned on everyone that current computer models are fundamentally flawed.
> The "protection" we're trying to add is, at this point, one huge hack attempt to get things right.
> Do I have a specific solution? No. But I do think rethinking the wheel might be worthwhile.
> This would include forgetting POSIX for a minute and think what could be improved without relying on religious zeal.
> Yes, I know it's hard, but it's for the betterment of humanity! I hope...

There are other architectures that provide very different situations, some of them significantly more secure than the 
shared data/instruction memory concept in widespread use today. But they aren't cheap.

cheap + secure = really hard

Well, perhaps provably impossible at some level which is what you're getting at, I think.

People favor cheap over secure. They prefer what they think they know to what they know they don't. They prefer 
breathtakingly mediocre to boringly deep tech.

This is manifest in the current market and I don't think it'll change any time soon. To the bulk of paying customers 
computers are still full of magic and dragons, and probably always will be. To stakeholders big enough to actually 
shape markets the interest is in selling what people can understand, not in actually advancing technology -- because 
this sort of advanced technology does not sell well. 

Consider that the bulk of the IT market is still focused on literally licensing arrangements of bit-spaces that the 
users already own and calling it a product -- and to convince users that they are "getting something" we have to go as 
far as actually putting arrangements on media in physical boxes on real store shelves with pricetags and things. This 
is ridiculous if you consider it for a moment, but the average customer just can't wrap their head around what 
information is in the first place, and they require this mnemonic crutch of a marketplace to understand how to give 
money to us developers and why they should do that.

Motorola, IBM, and a slew of companies now totally out of business discovered the truth about trying to sell the public 
high tech instead of cheap tech, and the related necessity of the marketplace farce above though repeated (usually 
disastrous) experience. In short, it is difficult to generate market buzz around a product that nobody understands, and 
architecture is definitely one of those things.

Now if you can dream up a use case which itself embodies the "next killer app" and which actually requires an 
architecture of strict data/instruction/signal and memory/register/bus segregation, and this killer architecture for 
this killer must-have app isn't actually a mainframe, and you can generate sales to a general enough segment of the 
global public that education systems, social dialogue and the DIY hardware and book markets begin to focus on your 
new[1] idea, then you might have a shot at changing the status quo. This is all assuming you can amass sales large 
enough to effect a seriously beneficial economy of production scale to cut the price of these hardware architectures 
down at least a thousand times compared to what they cost today (doable, but only if the market cooperated, hence the 
whole thing hinging on necessity and buzz).

Them's the breaks, my friend. Unfortunately it is going to be some time before a radical paradigm shift demands a 
change as significant as a real re-working of the hardware architecture. Even a departure from just x86 is hard enough 
to follow through on, despite vastly superior alternatives because nobody wants to change that bad.

The next chance for something that really will be useful that will really require a reworking of architecture is 
probably whenever quantum computing becomes a public thing -- but there is a whole world of crazy that goes along with 
that, because its sort of like nuclear weaponry, in that everyone wants to have and use it but not let anyone else.

Anyway, don't stress over it. The market is screwed up and its going to remain so for some time yet, fretting about it 
won't help.

-IY

[1. Not in fact new, of course, but rather a rehash of existing architecture ideas not well known outside of 
high-performance and experimental computing. But this will be new to the public and even the vast majority of IT 
professionals, and therefore magic that is new enough to be marketably mysterious.]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/