LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name
Password

Notices

Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

A new approach

Posted 12-18-2012 at 04:58 PM by rocket357

"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - Tony Hoare.

Spend enough time reading security advisories and you can't help but wonder if anyone out there is actually taking Tony's first approach seriously (I'll hold off on the OpenBSD preaching for now).

"Complexity is the enemy of security", thus sayeth Schneier.

And yet, each year software continues to get more complex. We're losing ground, even with all of the shiny new modern gizmos and gadgets that promise improved security.

"Perfection is achieved not when there is nothing more to add, but rather when there is nothing more to take away" - Antoine de Saint-Exupéry.

Do you see a pattern developing here?

How can we possibly hope for security when each year software grows "to make use of modern hardware"? Does it not scare you that nvidia drivers, which run with incredible privileges/access, are typically *hundreds* of megabytes in size AND closed source? Do you trust nvidia?

I'll leave you with one last quote:

"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes" - Theo de Raadt
Posted in Uncategorized
Views 1816 Comments 1
« Prev     Main     Next »
Total Comments 1

Comments

  1. Old Comment
    yuppers
    Posted 12-19-2012 at 12:39 PM by vmccord vmccord is offline
 

  



All times are GMT -5. The time now is 09:02 PM.

Main Menu

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration