2016-04-04

Technological homogeneity and the impending zombie apocalypse

Recently, there was a post[1] about how there's special hardware components on all x86 platforms that require special binary blobs to function and cannot be open sourced, require a third party to sign the code that runs on your computer in many cases, have unfettered access to the memory of all peripherals, and may be running even when the system is powered down but still has access to power.

This is an interesting topic, I think it's vitally important that we address it now for what it is, a computational hazard the likes of which we've only seen hinted at before.  The reason for this is simple.  Homogeneity is brittle.  Like that sharp kitchen knife that keeps it's edge, it works extremely well, until it breaks, and then it's close to useless.

There are so many parallels to biology that it's worth examining biology's response[2] to the same problem.  First, it's worth noting the difference in goals between biological systems and most computer systems.  Biology, as a whole, is an extremely versatile and resilient system for the survival and propagation of life, but not necessarily the individual, even if individuals are resilient to a degree to further that goal.  Our current technological system, or at least the common computing platforms we use, are good at individual resiliency, and value making each individual system as secure and protected as possible.  The ways in which these two systems differ in how they interact with the larger ecosystem is the point, and in this case, biology is vastly superior in it's approach.

Biology has evolved a strategy to ultimately prevent the eradication of life through a tiered approach where there are many types of organisms, much variation within a single type of organism, and multiple levels of defense within an organism.  There are many separate techniques involved in this at the different levels.  Because of this variation, viruses and diseases rarely affect more than a few species at a time, and within a species rarely affect all members of that species.  The likelihood that something will be deadly to a human is small, due to redundancy, variation and resilience of our internal systems.  Being deadly to the same degree to all humans is less likely.  Being deadly to all species even less so, to the point it's almost impossible.  Nature has evolved a very resilient system to perpetuate life in the face of constant assault, by stopping what it can, and mitigating what it knows will happen at some point anyway.  That is, nature accepts (to anthropomorphize slightly) that there will be diseases that can penetrate it's defenses at various levels, but by using extreme variation in the defenses, it is able to ensure the survival of life overall.  This variation, unfortunately has a downside, which is that it prevents a vastly larger attack surface for diseases.  There are more ways for a disease to affect organisms, even if the chance of that disease affecting all of that type of organism are reduced, and all organisms reduced even more.

Our computer systems, driven mostly by corporate investment and development[3], have been steered with the goal to completely stop intrusion, viruses, and undesired behavior, with the belief that this is possible.  Working with the belief that it's possible to completely prevent these outcomes leads to a different strategy than what biological systems have evolved.  Instead of massive variation, we have tightly engineered and highly efficient systems that do a very good job (and getting better) if blocking undesired behavior.  This fften leads to environments with large swaths of homogeneous systems, as the natural response is to gravitate to the systems that work best for that task. For example, we have Cisco for network security, and Windows for workstations (or replace with your favorite vendor.  Variation in larger environments is rare, at least to the degree seen in nature).  This works well in providing a system highly resilient to any infection, but extremely brittle once an infection finds an entrance.  A remote code execution in Cisco IOS or the Linux kernel's network stack would be devastating to companies that rely on them exclusively, the homogeneity allows the infiltration to quickly bypass many safeguards and reach very deep.

Partly, this is a response to corporate entities risk aversion, and seeing any infiltration as unacceptable.  In some cases, this is because the business is based around hidden information (trade secrets, proprietary data) that if exposed causes irreversible, possible fatal damage to that entity. In others, it's because of industry inertia and "best practices" which may be best practices for some portion of companies, but not all.  Regardless, the end effect is that we have large heterogeneous chunks of the internet, and our technology stack in general well protected until all of a sudden they aren't.

One solution to this is to do as nature has, and invite extreme variation.  It comes with the same downsides though, such as increases breaches and problems, but with the reduced chance that exposures will affect large swaths of our technological infrastructure to a large degree.  This would be, unfortunately, a fairly selfless act for most organizations (those not large enough to have many internal divisions that could easily adopt their own standards and thus variation).  Corporations are not known for being selfless, so that leaves the rest of us to make that in their best interest, or at least provide more options for doing so.  We need to fight homogeneity where we see it, for the good of all of us.

How does this relate to the x86 components we started with?  They present an unprecedented risk.  As present in vast majority of our server and workstation products, they present one of the the single largest risk to our technological infrastructure we've yet encountered.  While not the most likely of scenarios, infection of a subsystem with unfettered local access that is nearly ubiquitous puts our infrastructure in an untenable position.  We should not open ourselves to massive risk just to appease a few special interests.

 1: http://mail.fsfeurope.org/pipermail/discussion/2016-April/010912.html

 2:  Or at least what appears to be biology's response to a layperson.  I'm sure there are many holes in the coming description.  I welcome corrections to my lack of understanding in this area.

 3: Driven in the sense that it spreads mostly in this manner.  Even many OSS projects ultimately relied on a corporate back-end to see widespread exposure.  E.g. Red Hat, Slackware for initial linux spread, and much free software is bases on that, linking them in that way.  Exceptions do exist, and this is changing more so now that there is a base to build on, but widespread distribution has mostly been due to corporate backing in some manner.