[jandrese]

One of the things I love about that book is how he attacks below their layer of abstraction. This is a pattern you see over and over again in real life, people build a secure system at one layer, but don't consider all of the implications of the layers below. Indeed there is so much complexity hidden in those abstractions that it takes experts years to learn enough about them to understand the attacks. The people who do work in those layers aren't interested in security, they're just trying to get the things to work in the first place.

Spectre/Meltdown are a good example of what happens when (after a couple of decades) the security guys finally understand what the architecture looks like at that level and start looking for vulnerabilities.

This is also why you should be wary of devices and especially device drivers. This is why binary blobs in drivers are such a butt clencher. And then you're talking about drivers that are stupendously large and are more or less attached directly to your web browser.

[AnIdiotOnTheNet]

It isn't as though being open source solves that problem, look at things like Heartbleed.

[pixl97]

They may not solve the problem, but they do you allow you to solve the problem.

[jandrese]

Kind of. One of the problems with being attacked from the lower layers is that it can be outright impossible to defend against in some cases. In other cases the defense involves significant tradeoffs, usually in performance.

[AnIdiotOnTheNet]

Not realistically unless I have a lot of experience with driver programming. After all, I can technically hand-edit the machine code of a binary blob too.

[pixl97]

> After all, I can technically hand-edit the machine code of a binary blob too.

Signed binaries make that a lot harder.

[AnIdiotOnTheNet]

And how does source code help that? I can resign a modified binary just like I can a freshly compiled one.