"Physicalizing" the operating system: a solution to Matt Honan's woes

"Physicalizing" the operating system: a solution to Matt Honan's woes

by Rodrigo Fernós

Matt Honan was massively hacked in August 2012 [1], whereby his email and social networking accounts were compromised, ultimately leading to the loss of years of precious family photos, including that of a new born child.  Honan is now proposing that we get rid of passwords altogether, suggesting a turn to biometric markers: fingerprint,  facial recognition, etc.[2]  The notion behind this suggestion is that since they are unique, they will provide an unsurmountable wall to the hacker.[3]   

This is a most gravely mistaken proposal.  

Not only would it eliminate the inherent benefits of password uses--its sheer flexibility and range of variability--but more egregiously, it would raise the specter of true identity theft.  If your most intimate data was stolen and digitally replicated, it would be a hundred times harder to restore your information than it already is. At least everyone today knows that passwords can be hacked, and view it understandable when such things occur and claims for their repair are made.  (It takes months and even years, as it now is, to recuperate from identity theft.)  However, if only a few individuals knew that on'e s  biological digital-data could also be compromised, it would make it all that much harder to restore  the most important social details of your civic life.   The solution, in this case, would turn out to be worse than the problem it tried to deal with. It would also have been 'unnecessary', according to Steve Gibson. [4]

Yet the problem with computers is not necessarily the password schemata that is used, but simply that they are infinitely moldable.  The rules and regulations that guide how a computer operates today can be easily bypassed with what is known as a 'root kit'-- a program that places itself as 'root', hence providing it with the ability to modify any part of the operating system it wishes to modify.[5]  To be compromised by a root kit in the flash of a moment, is to turn an expensive computer to a pile of trash; and computers are compromised thusly on a daily basis, in some form or other.[6]  It is as if God had the ability to alter at will the physical properties of any object in the world: reducing a hammer's hardness to the softness of water, or a concrete wall's opaqueness to the transparency of glass.  While these suggestions might sound brilliant in a magic show or a science fiction movie,  the real world fortunately does not 'change at will'.  It is what gives it constancy and consistency, and what makes it 'sane'.  

It is clear that the current woes in the computing environment are principally due to the simple fact that operating systems are mainly software, thereby allowing for its infinite manipulation.  It is equally clear that those involved in the computer industry could have solved the problem a long time ago simply by 'physicalizing' the operating system, by turning the OS into ROM instead of RAM.  

That is to say, the entire computing industry could have solved a large percent of the current woes afflicting all exist computers simply by hardwiring the operating system direct into a computer's logic board.  Once the operating system had been hard wired into the computer, it would obviously have been impossible for an external actor to invisibly install a root kit, and thereby compromising a computer's 'constitution'.  Even if one's  password[s] were stolen, the ability of a hacker to alter and affect the internals of your computer would be next to impossible--without physically removing and replacing such hardware. 

While this might sound strange or impossible to many, it should be noted that all video games of the 1980s that opened the computing world to the general public operated in this manner.  They were not computers with software "installed" into them, either via ethernet or physical storage mediums (i.e. CDs).  Rather, they were simple machines whose instructions were embedded directly into 'read-only memory' (ROM) chips, as opposed to its 'random access- memory' (RAM) used to manipulate information computers are fed with.  When all computers are turned off, all information in RAM is immediately erased; whereas ROM retains it simply because it has been hard-wired with them. (This is why the operating system must always be read from the hard drive every time you turn it on, and hence their vulnerability.)

It is somewhat curious how the computer industry has allowed itself the right to change at will all the rules and regulations which guide its internal components--which in legal terms would be akin to letting the constitution be re-written every year or every sixth months, depending on the needs of the moment.  While this computational trait was certainly due in part to the nascent and quickly changing character of the industry, creating and improving new technologies of immense social benefit, it did bring with it a great amount of instability in the social relations that were affected and determined by this technology.  Facebook, as we all know, has regularly written and rewritten its contractual obligations with users on the smallest of whims.  The 'right' to modify contracts at will is pervasive in the computer industry, and seems to occur on a regular basis without any apparent legal implications.  After all, nobody reads their contracts when they first purchase these social machines.

Yet two of the key benefits of a constitution are its 'open' character and its 'durability/stability'.  Constitutions are fundamentally the agreed upon rules of all social interactions in a community: the police do not have a right to search one's home without due cause, and one has a right to express oneself about an outcome that might adversely affect one's well being.  We all agree to these rules because of the golden rule: we should treat others as we would like to treat ourselves.  They form an enduring and binding contract between its members that allow such societies to flourish and thrive.  When constitutions are not writ in stone but rather sand, social chaos and upheaval becomes the norm.[7]  

The same goes for operating systems, which form an implicit social contract between the end user and the world its presents; it provides a key set of guidelines and parameters as to what actions will or will not be admissible in such social relations.  

It is certainly the case that 'physicalizing' the operating system would have drastic implications in the character and form of the computer industry.  The ability for a company to induce a constant and never-ending increase in the power and capacity of computers would be diminished, a trait which has been characterized by some scholars as arbitrary and unnecessary.  As Sherry Turkle has noted, operating systems and computer software become more complex, which induce the need for new and more sophisticated hardware--generating an pattern of 'infinite ascension' and increased consumer spending.[8]  Were operating systems to be rigidly fixed in ROM, this ever ascending spiral would be certainly slowed down. This in turn would certainly affect the economics of computers, as well as their durability.  Imagine that.  A computer that actually lasts a decade.

Before members of the computer industry start shaking their heads at the proposed scheme, one thing should be noted.  The scheme is not implausible when it is considered that software and hardware cycles often coincide with regard to time periods--as observed particularly in the case of Microsoft OS and 'PCs' they run on.  One might observe that Microsoft operating systems often appear every 5 years or so, whereas computer hardware is usually replaced in approximately that same timeframe.  One might thus suggest that tying the operating system to the ROM would not be that different from what actually occurs in practice at the moment, though certainly now hardware-software upgrade do not coincide chronologically. (You keep the same hardware while upgrading its OS, and eventually buying a new computer with the same OS you had installed on your previous system.)

It is also to be noted that the proposed solution is not an 'eternal fix' but simply an effort to change the point of equilibrium of the existing system.  Any computer's logic board can always be replaced and physically modified. However, this act (in contrast to a digital root kit) would have various important implications, for to do so, an actual person would have to physical invade the premise in which such computer reside.  Rather than being able to 'operate from afar' through a complicated network of compromised computers, a hacker would have to personally invade a private space, thereby immediately bringing into action existing criminal laws pertaining to home security, trespassing, and invasion of privacy. In other words, by 'physicalizing' the operation system, you also 'physicalize' the criminal act, which now occurs 'invisibly' in the digital world, thereby reducing its scope and breadth of action.

Simply put, placing of the OS into the ROM would raise the cost of the criminal act to such a point that it would drastically reduce the amount of hacking that occurs now days.  Companies will not be able to as easily snoop on their employees, but at the same time they will be saved the possibility of receiving an infinite amount of DDOS attacks via botnets.  Inversely, hackers will simply be unable to 'hack', altering everyone else's computing experience to suite whatever wishes, criminal or otherwise, they desire to embark upon.  This would obviously apply not just to individuals, but also to nation states which might wish to manipulate computers to their own advantage.

Making the operation system that much harder to modify  will drastically reduce the cost of security for everyone who uses a computer, be they a university student humbly trying to get on with their studies, a corporation providing a public good to the community, or a government trying to protect its citizens from unnecessary harm.

Finally, since its rate of modification would be greatly reduced, it would promote a much higher quality and standards in the computing industry--as well as promote the public evaluation of operating systems and the social relations these imply.  Given that the OS would be 'permanent' as well as costly to repair--requiring the user to take the computer to the store instead of updating through an insecure internet connection-- computer manufacturers would have a very strong incentive to produce the best available experience.  To do otherwise, would have severely negative repercussions in the marketplace.


1 See "How Apple and Amazon Security Flaws Led to My Epic Hacking" by Matt Honan.  http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

2. See "Mat Honan leading you out of digital hell". http://www.zdnet.com/mat-honan-leading-you-out-of-digital-hell-7000007624/

3. It is clear that Honan is also partially responsible two reasons. 1) In the world of computing, convenience and security tend to be mutually exclusive; Honan picked the former by tying all of his data to a single email account. 2) Honan did not do regularly scheduled, automatic backups on media that was physically separate from his computer. As a technology writer, he certainly 'should have known better'. We might also note that there were third party 'tried and tested' weaknesses as well at Amazon and Apple, that have since been corrected. 

4. Steve Gibson has pointed out that elliptic curve encryption is much more robust than primer-number encryption--which is the main basis for all current encryption.  http://www.grc.com/sn/sn-374.txt

5.  There are many other problems such as tracking and sniffing communications, but these are intimately tied to the problems we are pointing out.

6. Though the OS can just as easily be 'brought back' to its original state, it would only happen if the breach had been detected.  It is often the case that root access goes on undetected, and hence will not be repaired before severe 'damage' is done.  

7. Ironically, one of the biggest historical criticism of latin american governments were the ease with which they modified their constitutions according to the whims or needs of the moment.  "Two term limits?!  Nahh, just get rid of them.", might declare a new born dictator--akin to what seems to unfortunately be happening in Egypt nowadays.  

8. Sherry Turkle, The Second Self: Computers and the Human Spirit (Cambridge, MA: MIT Press, 1995); Life on the Screen: Identity in the Age of the Internet (New York: Simon and Schuster, 1995).

© 2014 Rodrigo fernos riddick