[cookiecaper]

> I'm happy because it's gonna have to change. Whole stack revisited. Eventually.

I used to believe this kind of thing, but now I think you greatly underestimate human indifference and interest in effort conservation (uncharitably called "laziness").

Look at Intel's response to Spectre/Meltdown. Are they going back and redesigning their microarchitecture with new hardware-enforced safety rings [that actually enforce, lol] and new ways to block timing attacks without sacrificing performance? Seriously doubt it. From LKML it sounds like they're just going to hardware-accelerate IBRS/IBPB to make it faster to shut down branch prediction in risky situations and leave the rest of the shebang as-is.

Even when the forecasted apocalyptic events occur, it's amazing how little anyone cares, or how little gets recognized. Surely there are people who've speculated (ha!) attacks like Spectre/Meltdown, given the knife's edge nature of hardware virtualization on x86, and advised against multi-tenancy. Surely there are people who have paid attention over the last ten years to the dozens of sandbox escape attacks that already exist without exploiting the microarchitecture! Are they getting their due? Is anyone asking why people didn't consider these possibilities or listen to the people who warned them? Nope, because they just don't want to hear that. It's all "Oh gee how could Intel have done this to us?!" when "How could you have acted like this was safe" is an at least equally valid question.

TPMs, again, are another example of exactly the same thing. Major exploits in them are 100% routine by now. Does anyone care? Google is quietly working to remove them from their own machines but it doesn't seem like anyone is going to get any real headway outside of that. Do freedom advocates like RMS get their due? Nope, they just get told "Bugger off with your 'I told you so'."

Have you ever spent months or years warning your bosses about something, only to have that thing happen, and watch them hand-wave it away and get extremely irritable after you mention that they had fair warning? Most semi-aware engineers probably have, because this happens constantly.

Admitting, realizing, and honestly correcting our mistakes is just not a thing that people do, unless they feel substantial direct and personal pain that the brain decides greatly exceeds the forecasted effort expenditure to correct the issue. Such negative force cannot be applied over an industry at large unless there is a very specific and coordinated demand from the handful of people at the tippy-top, as in the case of Spectre/Meltdown, since in the age of cloud computing, those exploits fundamentally jeopardize the profitability of every major tech company.

[candiodari]

> Does anyone care?

Let me answer that for you. In the period of the last 10 years, the world has all but switched to mobile devices. Mobile devices that make windows look like a secure operating system. In theory vendors promise 2 years of "safe" operation, and I am unaware of a single case where they actually shipped phones without major security vulnerabilities (and known, to at least some of their development team).

Internationally, iPhones do not matter. They're like 10% of the market, so I'm focusing on android phones here. And it's not like iPhones don't have exploits for them, it just means a few more years, something more like 4 year, until they're exploitable.

It is regularly reported that 40% of all android phones are vulnerable to individual vulnerabilities. At least half of all active android phones do not receive security updates, even in the case of serious vulnerabilities (and that patched "half" technically is described as anyone who ever got at least a single security update). How many of the total amount of android phones are trivially hackable if you run an app on them ? I'm going to say at least 75%, and at least including all phones more than 2 years since they were released.

So no. Nobody cares. We all know how bad the wintel situation is, and android is worse.

We need a global security disaster to happen so totally that regulators intervene and hold these vendors accountable.

[guy98238710]

If we want to understand why users do what they do, perhaps we should ask the UX people. Alan Cooper in his book "The Inmates are Running the Asylum" says that one of the differences between programmers and ordinary people is that programmers worry a lot about what-if scenarios while ordinary people just hope for the best and then handle surprises as they arise.

If we are to change behavior of consumers, we have to work with their natural motivation. I think the most realistic plan is to subsidize core infrastructure with enough high-quality opensource software and hardware to drive commercial interest out of all security-sensitive components.

It's like when Wikipedia is subsidized by its editors to provide the common good of education. Opensource can be similarly subsidized by developers to provide the common good of security.

[transpute]

> TPMs ... Google is quietly working to remove them from their own machines

Are you referring to Chromebooks or Google's cloud server hardware? Are the TPMs being replaced with a proprietary hardware enclave?

[eat_veggies]

It looks like they built their own chips for their servers:

https://cloudplatform.googleblog.com/2017/08/Titan-in-depth-...

Notable quote:

"Google designed Titan's hardware logic in-house to reduce the chances of hardware backdoors. The Titan ecosystem ensures that production infrastructure boots securely using authorized and verifiable code."

This is what we need. Authorized and verifiable code, none of this opaque binary blob BS.

[ENOTTY]

Google's code/hardware logic is an opaque binary blob to you. What difference does it make whether the binary blob is a Google chip or a TPM?

[eat_veggies]

Sorry, what I meant to say was that we need those types of verifiable and transparent chips in our own computers rather than ME and PSP