Edward Bartolo writes:
> With a compromised CPU that has questionable smaller cores running a
> HIDDEN OS, I cannot see what advantages anyone gets by installing
> grsecurity. This is worse than having a compromised machine that is
> always connected to your computer.

Bah.

We already know that a CPU can be compromised by changing a single NAND
gate and that it can be done at the fab, without the CPU designer team's
knowledge. In other words, you can raise security requirements so high that
literally no computer builder can satisfy them. This does not mean that
every lower requirement is pointless.

For example, some attack kits must be hoarded. They're very powerful, but
every time they're used they risk disclosure, if the victim notices and
sends the computer off to someone like Citizenlab. The attacker has great
power and is almost unable to use it.

That's a threshold. A useful security threshold.

> With such hardware around, GNU/Linux has just become yet another
> Windows. The only advantage _till_now_ is GNU/Linux still allows
> user-centred configurations and modularity.
>
> There is yet the other uncertainty of what ISPs do with data
> travelling through their systems. Even if users set up completely
> secure systems, their data still has to travel through an ISPs
> infrastructure.

You've just discovered that windows and friends aren't all black and linux
not white. Indeed, both are patchily grey. I personally prefer linux, it
gets the job done and much of it is lightish grey.

Getting the job done goes before "and" and security after, because if the
job isn't done, security protects nothing and is worthless.

> I am starting to believe computer security is an unattainable Utopia.

That's a good book, I recommend reading it, if only for its descriptions of
Utopia and attainability.

Arnt