Why we need better Computer Security.

[swestrup]

A recent study has shown that 80% of computer users have spyware currently installed and running on their systems, and 20% have an active virus on their systems. Most of the folks with the spyware or virii were unaware of them, or unable to get rid of them. Now, as a seasoned software proffessional, my instinct is to put the blame where it belongs: on the software industry in general, and Microsoft in particular.

The average user should no more be required to understand the inner workings of the internet in order to be safe than the average car driver needs to know about the carnot cycle in order to safely get to the store. Microsoft has no incentive to fix its horrible security problems, because the average user is unaware when their security has been breached, and so security is not a major selling point for software.

Since Microsoft won't fix the problem, another solution is needed. Linix is a solution of sorts, but not the ultimate one. Linux still has consumer usability problems and while it is vastly superior to Windows in that it actually has a security model, it is woefully out of date, especially considering the sorts of tasks that the internet requires of it.

What is needed is a fully distributed operating system and language for internet operation with a security model designed from day one to deal with questions of resource quotas, authentication, authorization, capability assignment, cryptological identiites, and so on. We already know that any successful system for performing internet transactions will need to be good enough to do banking, voting, signing contracts or the discusion of politically hot topics in a safe manner, and so the needs of these operations have to be addressed in the initial design, not hastily bolted-on later.

Thus we come once again to the reason that _sps_ and I want to scrap the current internet and replace it with something that actually works.

Comments

[joenotcharles.livejournal.com]

I've meant to mention this before, but I wanted to take the time to give it a decent dissertation. It looks like I'm never gonna make the time, so I'll have to do the quick version:

You can't scrap the Internet. You need to evolve it. If you try to move to a new system with much fanfare and shouting, people will notice when it doesn't work (and it won't, at first) and they'll give up on it. When's the last time you heard about Internet II?

[swestrup]

I'm going to give a rather short answer, since a fair one would also be rather long and involved. To put it simply, we agree with you, and have a plan to 'evolve' the new system out of the old.

So, while what we want to do is replace the Internet with an entirely new set of protocols and systems. HOW we plan to do that will make it look like an evolution to the new users. Imagine something (very vaguely) working the way flash has, starting out as a small animation plug-in, and slowly aquiring more and more features that html doesn't have. Eventually you could make a push to take over the whole thing.

Only, flash isn't open source, and wasn't designed to have all of the fundamental features needed to produce an alternative to the web. Ours is so designed, and if our analyses are correct, would have a strong ability to lure users.

Of course, we'll never know unless I can somehow come up with the money to fund the development some day.

[joenotcharles.livejournal.com]

By curious coincidence, I'm looking for a new job now, and was thinking vaguely of maybe going into business for myself, if I could find a project I thought was ambitious enough to make money from... We should discuss this.

[swestrup]

I have several dozen ideas for projects that could make money. The NWO one is probably the hardest to do, in terms of the work involved, the money it would take, and the time until a profit was seen. Maybe we should talk about it though.

Internet II?

[sps.livejournal.com]

I last heard about it on Hallowe'en, when they carried my content for me, as they always do when we go to the states. You don't hear about it in Canada, because the current Canadian parallel is called CA*NET 4.

Or were you talking about something else with the same name?

Anyway, I have no interest in scrapping the Internet; IP is a startlingly sound piece of engineering, and IPv6 fixes many of its residual problems. Unfortunately, everything above routing is crap. TCP solved the wrong problem, RTP isn't really a protocol, HTTP and HTML are ... well, mind-bogglingly amateurish. And piecewise enhancement cannot fix things that are broken in core efficiency and extensibility.... So one is left with the option of laying down a parallel system with interoperation strategies, and making sure that it is much superior, in particular with respect to the 'it just works' property and support for ubiquity (TCP is just crap over distances less than a metre or beyond ten megametres, not that it's ever what you want).

Re: Internet II?

[swestrup]

Possibly my fault for the misunderstanding. I used the word 'Internet' as a stand-in for 'mose things currently carried over IP', since we are proposing to replace DNS, file transfer, p2p, Mail, web, news, and sound- and video-casting protocols, at the very least.

Re: Internet II?

[sps.livejournal.com]

It's just such a common problem that I feel the need to be extra clear; journalists nowadays invariably infuriate me by talking about 'TCP/IP, the Internet Protocol'.

CALLING ALL DIMWITS! IP is the Internet Protocol, that's why it's called IP, using, you know, the letters I and P, which stand for Internet and Protocol. Oddly enough, TCP is the Transmission Control Protocol, transparently bone-headed (with the benefit of hindsight) because it is the traffic and link models, not the protocol, that should control transmission....

Of course, you know that and he knows that and everyone knows that but there's a conspiracy to all confuse each other or something.

The Internet stays. The crap goes. Simple! :)

Re: Internet II?

[joenotcharles.livejournal.com]

Oh, that's the layer you're talking about - I had assumed you meant the content-delivery level. Well, I'm certainly not interested in rewriting TCP - it works well enough for me.

Re: Internet II?

[swestrup]

Well, that layer and all the layers on top. When you strip down a house and rebuild, you keep going till you find something that is still solid, and work back up from there. That layer was IP. Everything above gets replaced.

Now, YOU may not have a use for something better than TCP, but then, none of your current apps depend on anything better, do they? If you want apps that can do things today's can't, then you need a transmission protocol that can do things that TCP can't.

Re: Internet II?

[joenotcharles.livejournal.com]

Why must everything on top be replaced? You should be able to drop it in without changing too much in most applications. Just some new parameters to socket(), no? (Or some parallel calls.) Hell, you could probably switch to a new protocol using LD_PRELOAD. However, I don't generally work at a low enough level to know what TCP does so terribly, so I'll just shut up now.

Re: Internet II?

[joenotcharles.livejournal.com]

(Er, meant to note that of course the stack with one layer different is not the same stack, so that does count as replacing all the upper layers, but that's not what I picture when I think of "rebuilding".)

Re: Internet II?

[sps.livejournal.com]

But even very 'classic' applications like http would benefit from, say, massive parallelism and dynamic failover. I can do that, but the TCP interface can't....

Re: Internet II?

[sps.livejournal.com]

It does? You don't lose downloads from spuriously lost connections? You don't havce trouble with sites you want to use going down under load? You're not annoyed by the fact that bittorrent and http aren't one and the same service? You never have trouble caused by dynamic IP number assignment? You think it's just fine that there's no coherent, simple-to-programme mechanism for streaming content delivery? It doesn't bother you that resuming broken transfers has to be handled at the application level? Security doesn't concern you? You don't want to use the second half of the bandwidth you're paying for? You wouldn't prefer websites that recover from server failure in milliseconds?

You astound me! ;)

But of course it extends up to content. Actually, my proposals for low-level protocols are pretty much complete (not that they don't need a full-scale implementation and much testing, but...). Lots of interesting stuff at the top remains.

Re: Internet II?

[joenotcharles.livejournal.com]

> You don't lose downloads from spuriously lost connections?

Uh, no? The problems I have with downloads are finding worthwhile things to download, which is a UI/indexing problem.

> You don't havce trouble with sites you want to use going down under load?

Small sites, yeah. Large ones seem to be able to cope with anything short of a DDoS just fine by throwing more hardware at the problem.

> You never have trouble caused by dynamic IP number assignment?

How is that TCP's fault? IP numbers are in the IP layer, which you just said was good!

> You think it's just fine that there's no coherent, simple-to-programme mechanism for streaming content delivery?

So write one! That's not what TCP is for - TCP is for guaranteed but not necessarily timely delivery.

> It doesn't bother you that resuming broken transfers has to be handled at the application level?

But that's the correct place for it! Different applications will need to deal with it differently.

> Security doesn't concern you?

I'm wary of attempts to put security into such low levels, because bloat in the guts of your system makes the whole thing unstable. Look at the mess that's IPsec (although that's probably because it was designed by comittee, and not inherantly due to the complexity of the problem).

But I didn't mean that I think TCP's perfect - I'm perfectly happy to see you replace it. It's just not something I'm particularly interested in working on.