[oopsyDoodl]

I think this illustrates the cloud is unacceptable for anything more than storage and retrieval.

All computed results from data science must include steps and code to verify locally.

It calls into question privacy on federated networks and crypto networks; any node can be manipulated locally to change payload outputs on delivery, reveal secrets, disrupt workloads.

This makes sense to a lot of folks in computer engineering and physics, versus abstract software. No physical theory I know of offers any guarantee our arbitrary computing machines will ever be securable. We put fart pipes on Hondas.

Science proves it’s titillating smoke and mirrors once again. Still waiting for nuclear rocket cars.

I think this proves further as well why general computing chips need to be replaced with workload specific designs, where the anticipated inputs are well known and no vague logic paths to intentionally allow software monkey patching ever ship.

[cheschire]

Security doesn’t scale at a price point that private sector companies could typically afford.

Perhaps we fail at pricing security into the value of a company, or maybe that’s what risk appetite is about.

[Sebb767]

The problem is that you can get away with minimal security for a long time. Sure, if you get hit, shit hits the fan. But by then, it's quite likely that all competitors that spend money and time on security and good infrastructure are long gone.

This is worsened by the fact that it's very hard for laypeople to assess the security of a specific application and that, by now, "cyberattack" has become common enough that it's easily accepted as an excuse.

[dredmorbius]

Which is why certifications, audits, and minimum mandated standards are critically important.

The market just yawns at this stuff, until it gets fragged. Then it forgets and the cycle repeats.

[tatersolid]

> Which is why certifications, audits, and minimum mandated standards are critically important.

Not sure about that. All the security standards want me to run software written in an unsafe language as root on every device, intentionally parsing malicious inputs continuously.

That’s not making anything safer.

[dredmorbius]

Pretty clearly, the standards have to be effective and well-designed. And yes, there are problems with that.

But the point remains that markets do very poorly at rare and/or cumulative risks. And that's the comparison I'm making. The market of and by itself will give you a race to the bottom in standards.

A longer-term view, whether through government regulation and oversight, social suasion, religious morality and ethics, or (possibly) insurance-oriented risk management (yes, a market mechanism, though something of an exception to the rule), will typically operate by the mechanisms I've described above. That there may be poor implementations doesn't obviate the fact that there can also be good ones, and that that's the goal we're aiming for.

[passerby1]

Probably, at least some part of a modern financial sector including startups has many things in common to pyramid schemes.

[Ysraes]

> I think this illustrates the cloud is unacceptable for anything more than storage and retrieval.

You can run in dedicated tenancy where you have the whole machine or a metal configuration where you also have the whole machine.

[frankzinger]

That would ruin providers' user:hardware ratios, one of the foundational principals of cloud computing.

[Terretta]

On the contrary, certain CSPs did this already (quietly) and further, had already developed hardware mitigations for things like meltdown, spectre and rowhammer.

[frankzinger]

But did they manage to keep their prices low?

(And those who employed hardware mitigations wouldn't have a problem with user:hardware ratios, would they?)