Conversation

Notices

1. Embed this notice
   pry (pry@raru.re)'s status on Wednesday, 14-Aug-2024 08:58:38 JST pry

   I'm actually so blackpilled on anything cybersecurity related. good practices are a nice thing to have but if we don't fundamentally change how we program computers, nothing's gonna change.

   I really do think formal verification needs to be more encouraged. also ofc it's difficult to push for greatly decreasing attack surface of so many systems be so many nation states have a vested interest in keeping them open for surveillance

   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Wednesday, 14-Aug-2024 08:58:31 JST Sick Sun

     in reply to

     • fiat volvntas tva
     @scathach @pry sel4+genode exists but nobody cares, this is a capitalism problem. Good solution costs more so fuck it.
   • Embed this notice
     fiat volvntas tva (scathach@stereophonic.space)'s status on Wednesday, 14-Aug-2024 08:58:32 JST fiat volvntas tva

     in reply to
     @pry I definitely think it's possible to make provably secure systems, but there's so much momentum from legacy infrastructure that I don't think we'll make the switch anytime soon
     
     Oh well, maybe in the 2100s
   • Embed this notice
     pry (pry@raru.re)'s status on Wednesday, 14-Aug-2024 08:58:34 JST pry

     in reply to

     • fiat volvntas tva

     @scathach yea and it isn't to say that I dislike all things cybersecurity. I just hate marketing and shit around it. I think we literally don't have proper tools to make secure systems yet. and I also think most programmers would have trouble w these more proper tools

   • Embed this notice
     fiat volvntas tva (scathach@stereophonic.space)'s status on Wednesday, 14-Aug-2024 08:58:36 JST fiat volvntas tva

     in reply to
     @pry Yeah cybersecurity is a cargo cult
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Wednesday, 14-Aug-2024 08:59:52 JST Sick Sun

     in reply to

     • fiat volvntas tva
     • Sick Sun
     @scathach @pry even sel4 userland is all in C, can’t even get a safe language on a formally verified base
   • Embed this notice
     fiat volvntas tva (scathach@stereophonic.space)'s status on Wednesday, 14-Aug-2024 09:02:40 JST fiat volvntas tva

     in reply to

     • Sick Sun
     @sun @pry I want to live in a world where formal verification is as easy as satisfying the compiler's type checker
     Sick Sun likes this.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Wednesday, 14-Aug-2024 09:06:24 JST Sick Sun

     in reply to

     • fiat volvntas tva
     @scathach @pry I don’t know what’s better but in a free market where you can’t be informed about important elements they just get lost
   • Embed this notice
     pry (pry@raru.re)'s status on Wednesday, 14-Aug-2024 09:12:36 JST pry

     in reply to

     • fiat volvntas tva
     • Sick Sun

     @scathach @sun one of my research interests is in making formal verification easier... ig I'm more specifically interested in distributed systems but the single machine case is also extremely hard rn. Dafny is a cool language but it's pretty hard to use for most.

     Sick Sun likes this.