~jpastuszek/blog

82965dfc97c58ac3e5f3052228defc78fbc4f6a3 — Jakub Pastuszek 4 years ago d206843
dump of post ideas
1 files changed, 77 insertions(+), 0 deletions(-)

A content/future.md
A content/future.md => content/future.md +77 -0
@@ 0,0 1,77 @@
# Main problems we need to solve for the future

## Security

All stuff is connected. All stuff can be attacked by any other stuff.

### What?

We need to address main reasons for CVEs:

* Buffer over/under flow
* Free after use
* Double free
* Type confusion
* Code injection (XSS, SQLi etc.)
* Confused Deputy problems (Cross-site request forgery, priviledge escalation)
* Race conditions
* Large attack surface
* Logic errors

DDoS due to crashes:

* Null pointers
* Concurent access errors

## Spyware

All commercial software is already spayware or will become one thanks to "data is new oil" mentality - thanks ML people!
Advertisement is pushing humanity into consumerism and that will eventually end us due to resource depeletion and environment destructiopn - this needs to stop.

### Why?

You cannot have democracy, freedom of expression, fredom of your onw thought process while being contantly surveiled.
You cannot think for yourself if you are bombarded by highly targeted messages.

### What?

Windows is a spyware - "telemetry" cannot be turned off - it is illegal to do so!
MacOS now does the same as Windows, you cannot turn it off as it uses "hardware root of trust" chain to prevent tempering. iOS is beign like that for many years now.
Anything Google is same, they became evil since they aquired Double Click (?).

# What future do we need

We need new free as in freedom OS that addresses security issues and is not spyware.

## Why?

Linux is based on Unix design. This design was created before networks were a thing. It's security model is broken (Access Control Lists) by design. Any attempt to fix it is a hack that adds to attac surface and complexity (Docker, Nix).

Plan 9 is still written in C (reason for the top CVEs) and is still using ACL security model (although lots of it is accidentally(?) based on object-capabilites thanks to P9 protocol).

## How?

### Programming language

To address top CVE classes we need to stop using programming languages that lead to them.
The "given enough eyeballs, all bugs are shallow" proved to be insufficient. Only mathematically verified models that verify your programs automatically can work for security.

There is only one language currently available that goes far enought to address most of this CVE classes and that is Rust.

So we need OS that is written in Rust and that if free as in freedom and that gets "enough eyballs" to weed out logic errors that Rust only helps to avoid with it's type system.

### OS design

Linux has large attac surface (still tiny compared to Windows). To address this we need better obstractions on OS leve. Plan 9 protocol (P9) does provide an exellent example of such abstraction. Plan 9 has very small set of API primitives that were designed for the networking. This allows it to be much more secure than Linux.

Still Plan 9 will have buffer under/over flow issues, use after free, etc. due to use of C programming language - this is not avoidable!
Alos Plan 9 uses ACLs that lead to Confused Deputy problems and in the end to priviledge escalations. P9 protocol is object-capability based in practice so it does offer way more sofisticated security comparred to Linux making such hacks like Docker and Nix not necessary.

So the new OS apart from being written in Rust needs to be using object-capability based security model from exclusively.

# The future

Free as in freedom, open source OS based on prooven ideas from Plan 9 (P9 ptotocol), with object-capability based security model and written in Rust is the way of the future.
We already live in the world where most population is surviled in 1984 dystopia style where 20 successful ranswmware attacs are performed weekly on companies that loose billions to get their data back or prvent them from beign published (exfiltraion). Internet is a warzone with it's "background radiation" (all the scanning and attac traffic) going strong - just set up WordPress instance and wait few minutes, see what happens.

We must not fail!