Monday, 5 December 2005

Your own idiot savant

I’ve been reading cnet on Spear-Phishing which confirms something I’ve been telling friends for a long time. You computer is an idiot savant and can’t be trusted. Yes, it does some cool things, but you don’t know half of it. And you won’t either! And this is why you can’t delegate the decision of trust to your computer; should you trust your computer when it tells you that something is trusted?

The current computer model of files, and processes sharing a common space is dieing and passing on our closest secrets with each gasp; but what secure model can replace it?

I’d like to suggest something FORTH based; as a self-hosting system the inner core can be a few hundred bytes - small enough to verify manually (plus the bit that can verify everything else). It can then verify and boot up from verified text FORTH libraries to a trusted system (assuming if the hardware is not tampered with). I now have a machine that I can trust. Forth is prone to it’s own problems of careless programmers (who are a big part of the problem) so it’s not a no-brainer solution - in any case it requires someone degree-capable in computing to verify it- most people want a computer whose trust they can take for granted. Is there one?

No comments:

Post a comment