Black Boar Security Inc. | Complexity
Our usual fun is to reinvent the wheel, as if we were in 1969, the early days of Bell Labs and Silicon Valley.
Physics was the same that time, we just did not know about it. 5nm chips, OLED displays could have been a reality by then.
We are in 2024, and NVidia bets big on datacenter hardware. Batch jobs just crank out artificial intelligence models. It is not difficult to say that sooner or later we will have a personal datacenter in our pockets.
Copyright© Schmied Enterprises LLC, 2024.
Moore's law probably applies here as well. Engineers need money. Bankers need assurance that loans will be paid back. Investors want more buyers. Customers want the show. Doubling down on current performance every one or two years is probably an easy bet.
The easiest way to assess security is to compare successful companies to perfect competition. What do they do that anyone else cannot? Amazon, Microsoft, Facebook put services under the same umbrella, a common site, a common brand. Is it only the brand that deters hacker groups?
Should you start your own ecommerce site, you will probably need knowledge of the Domain Name System. It is the result of decades old research by the Pentagon. A hair stylist, a fashion designer probably drops the project quickly. The system is very strict with rules hard to explain. It was designed for a hierarchy. Small businesses are out at this point. They just buy the web service from AWS or Azure.
If they pass through this step, the next one is Transport Layer Security. Most people will realize early that they cannot really figure out what those gigantic numbers do. They just buy the service of a company called the Trusted Certificate Authority. All we can do is to trust the few mathematicians who can explain it all. This bottleneck is a risk. The certificates cost hundreds of dollars a year. Most independent, free blog sites are already out of the game. Facebook and Twitter are born.
Once they pass through these steps, setting up a site is quite straightforward. Calculating local sales taxes for customers is probably the third difficult one to solve without a good database and reporting system. Business engaging in interstate commerce will probably opt for something from Salesforce, Oracle, Shopify, or PayPal. They cannot do it themselves affordably.
If you need to launch your own site, it will probably be the domain system, encryption, and taxes where the barrier is set. Big Tech companies have already solved these for lots of customers. People just choose them instead of dealing with ransomware gangs.
Lots of regulations were enacted since then. People expect to be in control of their data with the help of the likes of GDPR. Companies provide simple networks with net neutrality. Data processing corporations have limited responsibility for the traffic and data processed. National services supervise the cable and satellite systems, and take control, when cyberattacks impact masses. Malicious sites can be disabled, shadow-banned. Cybercrimes are punished in almost all jurisdictions. The use of copyright and private data vs. leaking the data needs more regulation as a recent lawsuit between NYT and OpenAI shows. The app stores help to avoid this complexity. Apple and Google kicks in.
Indeed, these companies exist at scale because, how the technology was standardized. Ironically standardization limited itself. Our imaginary Black Boar Security Inc. probably hits under the belt. Complexity can be handled opting for simple and straightforward solutions. In fact many early patents expired allowing the use of the simple stuff for free like the famous zip compression, or some pdf files. Current patents protect the more complex algorithms of refined video compression, app store details, etc.
Operating systems were built by large organizations grown on the rivalry of the Cold War. Organizations were enormous. The time of unified operating system kernels that give access to anything in a computer in case of a bug is probably the past. Kernel calls, software interrupts that caused so many data breaches will probably become a chapter in history books. Tasks can just communicate using network protocols even within the same physical machine simplifying the software stack.
The Arduino style engineering process is very important. Infrastructure logic can be written in a few hours. Reviewing becomes easy and cheap. Security and reliability is granted. The least amount of vendors to coordinate with, the less likely is the chance of groupthink. You can focus on design and customer value. Think twice before adding more complex features especially for a single government customer.
Tech startups today would probably do some things differently. The domain name system can be replaced by trust providers or app stores that just sign the code like Docker does. Dozens of app stores could be offered to customers with such systems without any containerization. Each company can offer content filtering out of the box. Selection is simple. Trust is given by your provider of choice. You do not need to be afraid of gigantic client trust certificate chains anymore as a small business recycling plant owner, whatever that means.
Multiple trust providers solve the issue of tampering with name services, and client certificates. A simple switch to a different provider requires only a single certificate authority instead of a hard to verify chain across countries at war. You can easily solve redirected website traffic and customers by changing the trust provider. Ransomware gangs, government sponsored hackers thrive on global standards that keep their costs low and target hackee base in the billions.
Encryption is only necessary for private data. Public apps can be downloaded and verified for integrity. Hash signatures can verify public code just like open source software. Open traffic of such systems allow governments to have even more control of the security of edge endpoints and what is running on them without direct access to computers at home. Hashes are the only crypto algorithms that do not require random numbers, a usual first target for hackers.
Private apps should take care of their own encryption individually. Information sharing can get keys from any selected app store or trust provider. Not many organizations need a gigantic international service with hundreds of dollars of setup fees to get a single certificate.
Security companies can be lean by tech being simple and friendly. Data backups can be stored in the office, while cloud apps can scale out and stream back new data seamlessly. Such a system is easy to understand and replace. Edge servers can be replicated to the cloud with the instant press of a button.
Operating systems may not be traditional anymore. Artificial intelligence can replicate the behavior of classic designs. Kernels and drivers are not necessary anymore. Devices as a printer, microphone, or handheld device can just communicate in plain English with your computer. This is GPT age. Keyboards can be replaced with an app on your iPad.
Personal data is best to be stored on removable devices. They can be carried easier, if encryption is properly set. A broken laptop is not an issue in such cases. A new laptop is in use in a few seconds. ♬ You can dump your boyfriend by unplugging your flash storage and leaving for good without a heavy device. ♬ That is also a use case ...
Artificial intelligence will always be the most complex black box that cannot fully be trusted. It will probably have multiple options, and a button to be turned off.
Cars have changed forever, however putting the logic to your personal handheld device makes the most sense. Cars can just be the device that has the power and some screens. Secure self-driving agents can be just like crash test dummies sold by multiple vendors.
We already know how much banking has changed since the original credit card system. Decentralized banking is here to stay. Certifying logs, books, and cash transactions gives way more control to private security. Banks may become a notary, if lending decisions are given to artificial intelligence and statewide domestic product statistics. Demand driven lending may be very simple focused on profits. Pay later is here to stay. Local governments may be allowed to issue municipal range lines of credit to support housing and local consumption.
People secure people, machines secure machines. The asymmetric power will be here forever. People are to verify their own and their direct report's actions with tools like second factor authentication and authorization.
Security providers will suggest robotics should use the same tools as humans, who can take over in case of a break-down saving money.
Machines can do mass checks of machine traffic, but they should be overruled by private human security anytime to keep the company running and people free. The age of annoying elevated password popups is probably gone forever.