Daily Archives: 2022-08-26

Americans Will Soon Be Able to Renew Passports Online

Source: Hacker News

Article note: The old process is an enormous, unnecessary, frustrating pain in the ass. I had my last renewal get kicked back because the picture - that I took on a digital camera, printed, stapled to a form that was filled out on a computer (and even generated a computer-readable version of the data down the side of the page), snail-mailed it, then they scanned both back in to a different computer - was printed on the wrong grade of paper. None of that paper and snail-mail loops needed to be involved.
Posted in News | Leave a comment

Security and Cheap Complexity

Source: Schneier on Security

Article note: I'm not sure why it's doing the rounds this week, but it's a really good observation.

I’ve been saying that complexity is the worst enemy of security for a long time now. (Here’s me in 1999.) And it’s been true for a long time.

In 2018, Thomas Dullien of Google’s Project Zero talked about “cheap complexity.” Andrew Appel summarizes:

The anomaly of cheap complexity. For most of human history, a more complex device was more expensive to build than a simpler device. This is not the case in modern computing. It is often more cost-effective to take a very complicated device, and make it simulate simplicity, than to make a simpler device. This is because of economies of scale: complex general-purpose CPUs are cheap. On the other hand, custom-designed, simpler, application-specific devices, which could in principle be much more secure, are very expensive.

This is driven by two fundamental principles in computing: Universal computation, meaning that any computer can simulate any other; and Moore’s law, predicting that each year the number of transistors on a chip will grow exponentially. ARM Cortex-M0 CPUs cost pennies, though they are more powerful than some supercomputers of the 20th century.

The same is true in the software layers. A (huge and complex) general-purpose operating system is free, but a simpler, custom-designed, perhaps more secure OS would be very expensive to build. Or as Dullien asks, “How did this research code someone wrote in two weeks 20 years ago end up in a billion devices?”

This is correct. Today, it’s easier to build complex systems than it is to build simple ones. As recently as twenty years ago, if you wanted to build a refrigerator you would create custom refrigerator controller hardware and embedded software. Today, you just grab some standard microcontroller off the shelf and write a software application for it. And that microcontroller already comes with an IP stack, a microphone, a video port, Bluetooth, and a whole lot more. And since those features are there, engineers use them.

Posted in News | Leave a comment