Paul Vixie On the Unevenly Distributed Intelligence of Internet Infrastructure

CowboyRobot writes "Writing for ACM's Queue magazine, Paul Vixie argues, "The edge of the Internet is an unruly place." By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills and budgets that something the size of the Internet deserves. Furthermore, the resiliency of the Internet means that a device or program that gets something importantly wrong about Internet communication stands a pretty good chance of working "well enough" in spite of this. Witness the endless stream of patches and vulnerability announcements from the vendors of literally every smartphone, laptop, or desktop operating system and application. Bad guys have the time, skills, and motivation to study edge devices for weaknesses, and they are finding as many weaknesses as they need to inject malicious code into our precious devices where they can then copy our data, modify our installed software, spy on us, and steal our identities."

Classic Slashdot

[dknj]

I'm sorry, this is off topic, but I was getting a warning at the top of Slashdot that classic is going to be going away soon (looks like in 6 months).

How many readers are going to leave if slashdot classic is cut off completely?

Re:Classic Slashdot

[umafuckit]

How many readers are going to leave if slashdot classic is cut off completely?

Good question. Maybe Timothy should set a poll?

Dumb systems can't be hacked

[Karmashock]

Complexity is a vulnerability. Simplicity is a strength.

If something is just too simple to be modified or hacked or manipulated by anyone including the rightful owners then its too simple to be perverted by a hostile agent. Simplicity is frequently a virtue.

Re:Dumb systems can't be hacked

[Karmashock]

Wrong. It isn't impossible to hack it. And therefore it will be hacked.

Systems too simple to be hacked can't be hacked. They are secure. Everything else is second class.

People need to stop cutting security corners. This chicken shit security no longer an option.

Perfect security is possible. It requires sacrifice. You need to limit complexity. You need to limit what can and cannot be done. Do that and you leave little wiggle room for hackers to exploit. Anything short of that and you're better that you are smarter then the hacker. Which is hubris.

Re:It's TCP/IP, baby.

[fuzzyfuzzyfungus]

Probably more than resilience, moving the intelligence to the edges of the network allowed for innovation. It's not as though POTS is a quagmire of reliability issues (indeed, it stacks up pretty well compared to any internet connection not expensive enough to have a proper SLA); but it's an ossified wasteland because essentially any change had to run the gauntlet of "Is it worth making the necessary modifications and upgrades to the intelligence at the center of the network and will doing it make AT&T more money?" If something new couldn't be squeezed through the network as though it were a voice call, or officially blessed by Ma Bell (as with 1-900 numbers and billing for them), it just didn't happen. Even with the introduction of mobile phones, and the opportunity to hammer out huge swaths of new spec, they added what, SMS? Virtually all the features of today's "phones", with the exception of voice calls and maximum-compatibility SMS snippets have gone IP because that is where the versatility is.

With intelligence at the edges, if you want something done, all you need is two or more endpoints with the right software and there you are. This goes for malice as well, of course, which is part of why the internet is kind of a rough neighborhood; but it's also why IP-based capabilities have changed so radically, while systems with more centralized intelligence have largely stagnated(even more impressive 'dumb endpoint' arrangements, like Minitel, have been eclipsed).

Not Just Bad Guys

[Jane+Q.+Public]

"Bad guys have the time, skills, and motivation to study edge devices for weaknesses..."

But you know, it's funny... I would have thought the giant corporations that are behind manufacturing these devices (and in many cases the software for them) have just as much skill to look at these things from the other end.

Apparently what they have lacked is the motivation to do so. That should change.

Re:It is largely humans these days

[fuzzyfuzzyfungus]

Some aspects of software security have improved; but the decline in 'just put a computer on the internet and it gets rooted in about 15 seconds' attacks, at a population level, probably owes more to the prolific spread of nasty little plastic NAT boxes.

Those things are hardly real security(and more than a few have shipped with nasty flaws of their own); but they do tend to eat unsolicited inbound traffic pretty enthusiastically, which has really cut down on the number of totally helpless computers that end up being given a brutal taste of the open internet before they've even had time to patch.

Re:Benner madnes on slashban

[rudy_wayne]

I made the mistake of trying the Slashdot Beta. What horrid shit.

Seriously. What kind of retarded fuckwad thinks that it is a good design.