(blog.invisiblethings.org)

276 points chei0aiV | 1 comments | 27 Oct 15 14:51 UTC | HN request time: 0.222s | source

Show context

kragen ◴[27 Oct 15 15:35 UTC] No.10458647[source]▶

Probably worth pointing out that the author is the project lead of Qubes, one of the very few promising projects in the vast wasteland of computer security.

replies(2): >>10459513 #>>10459645 #

kachnuv_ocasek ◴[27 Oct 15 17:32 UTC] No.10459645[source]▶

>>10458647 #

Very few? Seriously?

replies(4): >>10459760 #>>10459957 #>>10460536 #>>10461036 #

kragen ◴[27 Oct 15 18:09 UTC] No.10459957[source]▶

>>10459645 #

Seriously. The vast majority of computer security effort is wasted on things like the advisory-and-patch cycle, pen testing, and virus scanning, which can never, by their very nature, provide computer security. That's not to say you don't have to do them — it's just that they're not productive.

replies(2): >>10460620 #>>10488411 #

kachnuv_ocasek ◴[27 Oct 15 19:50 UTC] No.10460620[source]▶

>>10459957 #

Oh, I understand now and I agree wholeheartedly.

There's been some exciting progress in the formal verification department in recent years, though.

replies(1): >>10460717 #

1. kragen ◴[27 Oct 15 20:06 UTC] No.10460717[source]▶

>>10460620 #

I agree!

↑

Intel x86 considered harmful – survey of attacks against x86 over last 10 years