Comment by johnsmith1840
17 hours ago
I'm not a crypto expert but how would that have solved this?
1. Make a website 2. Website has trusted code 3. Code update adds a virus
How do your suggestions fix those? Not trying to be dismissive I work on zero trust security perhaps I'm missing something crypto has to offer here?
You don’t need to be a crypto expert, blockchain is just to avoid the double-spend problem for the currency that is needed in the ecosystem.
If you want everything to be free, you don’t need it.
If you want everything to be centralized, you don’t need it. But being centralized, you introduce a massive single point of failure: the sysadmin of the network. Just look at how many attacks there have been, eg trying to backdoor SSH for instance.
Anyway… the answer to what you asked lies in the approach to updates. Why did you choose to run this update that had a virus?
Remember I mentioned pinned versions and M of N auditors signing off on each update? Start there. Why can’t these corporations with billions of dollars hire auditors to certify the next versions of critical widely used packages?
Or how about the community does these audits instead of just npm requiring two-factor authentication for the author? Even better — these days you could have a growing battery of automated tests writen by AI that operates an auditor and signs off on the result as one of the auditors.
This should be obvious. A city of people should have a gate, and the guards shouldn’t just import a trojan horse through a gate anytime at 3am. What is this LOL
Finally, I would recommend running untrusted apps and plugins on completely other machines than the trusted core. Just communicate via iframes. You can have postMessage and the protocol can even require human approval for some things. In that case byebye to worries about MELTDOWN and SPECTRE and other side-channel and timing attacks too.
I could go on and on… the rabbithole goes deep. I built https://safebots.ai in case you are curious to discuss more — get in touch via my profile.