How does it follow that there is no point in trying for formal correctness? In many problems there is an interesting subset that is quickly solvable even when the general case is not.
SAT solvers in practice are quick on just about everything.
SAT solvers being programs that solve the original NP-compete problem.
In addition to capabilities, which implemented the principle of least privilege (and keep untrusted code sandboxed by default) there is a need for binary verification.
A check that a whatever is downloaded cannot exceed it's capabilities.
Part of the challenge is that hardware tried and has failed to be trustworthy in implementing security boundaries. The failure appears to be because a misalignment of incentives.
I think the premise of a capability based operating system can help a lot, but for something to work in the long term the incentives need to aligned.
My reasing of the study is children with significant gut issues and diagnosed with autism see a significant reduction in symptoms when the gut issues are treated.
Which leads me to wonder if for some of these children is the root cause just gut issues.
If all they have figured out how to so is treat significant gut issues that sounds very promising.
The notification happen when the fix was shipped. That people would prefer to been spoon fed only serious security issues is understandable, but not realistic.
A large percentage of kernel fixes have the potential to be similarly bad. For some the potential isn't even realized until after the fix has shipped.
Ever stable release GregKH says you must upgrade now, because there is something security relevant in there. This happens at least once a week.
As for shared hosting providers it is my sense that there is always at least one local privilege escalation available to miscreants. Making shared hosting only safe if there is a certain amount of trust.
I remember bugs that were similarly bad from my university days 30+ years ago. Has anything substantially changed?
reply