[NTLK] Museum of Failure as Journalists

[Larry Yaeger]

On Jan 26, 2024, at 10:08 PM, Jeff Sheldon <jeffsheldon at gmail.com> wrote:
> Given how permissive the soup approach is (and representative of the time it was designed), how do you think that might have evolved in an emerging world of zero-trust?

It's a challenging, intriguing question, but not being a security specialist I'm not sure my thoughts and opinions will have much merit.  I think I'm usually overly optimistic and, accordingly, feel like data sharing through the soup could be reasonably managed by something like modern trust certificates.  It means you'd need either a closed-wall system like Apple has (so far) used with the iPhone and iPad or, at least, a carefully vetted trust certificate system that could be verified on the fly as is done with apps and secure websites, meaning reliable network access would be required to add a validated app.

With trusted apps, I'd expect the data being shared to be mostly trustable.  However, crackers being crackers and software developers being mere humans, I could imagine buffer overflow attacks and other problems coming from bad data delivered by a trusted app.  Such exploits would presumably be found and fixed as soon as possible.  Especially if combined with a built-in technique for Apple to force a trivially small update just sequestering certain types of data packets from certain apps (preventing such data from being ingested by other apps), it seems to me that security would be no worse than what we have today.

But seriously, if you want a reliable threat estimate you'll need to talk to an expert in the security field and they'd need to look carefully at how the soup managed data.  It's certainly an issue that would have needed addressing if Newton had matured into today's world.

- larryy