Tuesday, June 22, 2010

general purpose, what's it good for? absolutely too much

here's a blast from the past. over at tenable security blog this article from january by marcus ranum discusses the possibility of developing special purpose computers for the sake of online banking.

he comes to an interesting conclusion that we may be seeing a market develop for non-general purpose computers but what we have to keep in mind is that it is not the operating system that determines whether a machine is general purpose or not - if we want special purpose machines we have to start at the hardware layer. i know some people find it hard to believe that it's not the operating system that enables malware to be a problem but to demonstrate that that is indeed a fact let's look back to the old bootsector infectors: viral malware which executes and infects before the operating system is even loaded into memory, using nothing but the hardware API's. clearly, generality transcends the OS.

in order to produce a machine which is guaranteed malware free (in order to use as a trusted endpoint in online banking) we have to address either the generality of interpretation (which most people don't really understand, but which is the cornerstone of general purpose computing) or the sharing of data (which would be counter to the design requirements of any system that needs to communicate with another system - such as an online banking dumb terminal). those are the 2 key elements of general purpose computing that enable malware to exist, and since we can't really get rid of sharing for the application in question that just leaves getting rid of the generality of interpretation in favour of fixed first order functionality.

the consequence of doing this (creating a radically different hardware architecture that only allows for fixed first order functionality) means that we can no longer use commodity hardware. that means we would no longer enjoy the benefits of commodity hardware pricing. that in turn means that the cost of ownership of one of these dumb terminals will be rather high compared to commodity computing counterparts. i don't know if the theoretical market for such special purpose computers can withstand the practical realities such a device would entail.


john said...

So, in essence, we're re-developing the 1970's business driven PDP-10s utilizing dedicated landline links. hmm. lets re-develop the wheel, except we'll use something other than COBAL hopefully.