Conversation

Financial regulators are going to be faced with an interesting set of audits. "Resilience" is the motto of most European financial regulators I have the pleasure to speak to and EDR is pretty much compulsory to get a banking license.

Following 's successful demonstration of resilience will we be able to open an honest discussion about sekurity theatre and mis-identification of risk? Will we be able to kick out the companies convincing regulators that their tool is an essential part of the sekurity arsenal?

Obviously no, it will not happen, but in a decent world it would.

0
1
0

@buherator remote desktop everywhere - the mainframe model was and still is ideally suited to high-risk environments where distributing risk to endpoints is fundamentally misguided.

Why do banking employees have laptops? Why do they need them? What they need is a screen and a keyboard allowing them to work.

If the endpoints do not carry any data except acting as remote desktops then the need for EDR disappears and defence can be concentrated where it matters.

In effect what happened in the 1980s is that IBM lost the narrative to something which, ironically, they themselves invented. There is clearly a value in private date being on your laptop and everyone being able to work on their own computer but, even there, do they need "a laptop each" in a family? Would it not make more sense to have a family server at home and remote desktop for the family members? Making even phones just portals into a family server?

It is all a perpetration of concepts which overran common sense in the name of marketing. Clearly if you are going to just have a remote desktop you don't need to buy high-end laptops for all staff. It would reduce GPU manufacturers to just gaming rigs, it would reduce CPU manufacturers similarly, etc. etc.

What exactly could we not do when we had a Unix system with serial terminals? Graphics. OK, that was solved with XTerms (not the app, the hardware). What was missing now? The whole X11 protocol is a perfect example of what we should be going back to - now that we have 5G and FTTH what is the need for a laptop/desktop for the vast vast majority of (business) use cases?

I still remember Jerry Pournelle on BYTE advocating "one person one computer" and thinking it was a bad idea. It still is.

2
0
0

@buherator note also that when Olivetti Research Labs in Cambridge (UK, not the MIT one) designed VNC the idea was precisely to have a transparent smart remote desktop for everyone which included telecoms.

The smart badges would follow you and ensure that your phone line would ring on the closest phone (unless you set DND), that the nearest free terminal would automatically log you in and set you up, etc.

We had this, all the way back in the early '90s, it was the right idea, but Microsoft and Intel would have been destroyed (ironically the Intel i960 RISC was a favourite of XTerm hardware builders and was, objectively, a really good processor for other reasons) so marketing went off to tell everyone they needed to have a copy of office on every computer.

Do you remember those companies selling smart license managers which allowed multinationals to "follow the Sun" with their licenses? It was a very smart move because you could buy fewer licenses than seats but… Microsoft hammered it and made it "illegal".

It is clear that the current model was imposed and, as much as I am no fan of IBM shenanigans with the Seven Dwarves and their approach to mainframe monopoly, the idea was not wrong (nor was it wrong in the Sun + XTerm days).

1
0
0

@buherator finally, and please excuse the very long postings, I have an interest in truly distributed operating systems like Plan 9 for a set of good reasons:

1. you could have home servers which offer basic capability to everyone, the "terminal" systems are exactly what a smart remote desktop would be, the "cpu" and "storage" is nothing other than a beefed up NAS except that applications don't need to be told "compute there", they know,

2. you could have CPU servers which are shared amongst multiple users beyond the home, i.e. what they call "the cloud" now, but actually based on a proper distributed and reslient model. The same holds for storage. You'd have to add security and privacy guarantees but I suspect someone is thinking about it already (cf. Apple Private Cloud Compute),

3. companies using the same model could now trivially scale what was needed: cpu servers for computing power (you'd probably extend this to gpu servers for ML but that's not outside the scope of the Plan 9 design), storage servers, backup servers, etc.

What we are seeing is not a VHS vs. Betamax situation but something worse like when they tried shoving Laser Disc down people. It was not the solution, people rejected it because of money. This time money and extreme marketing (think of Microsoft pushing Office into schools everywhere on the planet) turned us to this computing model which makes no sense.

Amongst other things there is a case for "green computing" too: how many of these useless laptops are wasting power and heating the world on the basis of turning Office which they don't need? It would be far far more power efficient to have Arm-based (at the moment the least power hungry viable design) terminals than all these PCs.

cm_2

0
0
0

@buherator well, along with thin clients you also lose “run anything” because you now have a central server with “the software”.

Downloading software becomes what you do on the, separate, development server but there rules change.

The idea is, as usual, minimisation of attack surface and differentiation of risk.

In effect going to a thin client model implies app whitelisting, I’d say.

0
0
1

@cynicalsecurity @buherator this is super interesting, but I think the issue is that people can't even imagine what a remote terminal is, at this point. The closest we know in this day and age is a Chromebook and that is very much a laptop, no matter how much it doesn't work without a connection to the Google mother ship (or isn't supposed to, anyway).

1
0
0
@axx @cynicalsecurity I know of some current networks that are built in a similar fashion. You are right that end users tend to fight it, but fortunately "shadow IT" also becomes limited since most data is not directly accessible.
0
0
1