[ExI] Holy cow!

Sun Apr 12 14:51:31 UTC 2026

On Sun, Apr 12, 2026 at 7:31 AM John Clark <johnkclark at gmail.com> wrote:
> On Sat, Apr 11, 2026 at 6:43 PM Adrian Tymes via extropy-chat <extropy-chat at lists.extropy.org> wrote:
>>>> >>> It is possible to connect to the Internet without presenting an attack surface. I could go on in depth about how, but ....
>>
>>> >> No you could not!  If you could, you'd be world-famous as the greatest security expert the world has ever known.
>>
>> > Tch.  It may be a grossly underappreciated set of tricks that few people know how to use, but I'm not the only one who knows them.
>
> So we can all relax because you and a few other "grossly underappreciated" geniuses know how to completely solve the problem of computer security? Baloney!

1) I never said my solution was complete, as in applicable for
everyone.  My solution suffices for me, with my limited needs and
uses.  It wouldn't scale to everyone.

2) As you recognized, it's a few.  Not nearly enough to protect everyone.

3) I said "It is possible".  "Possible" != "done".

>>> >> And Alan Turing claimed to have proven that in general there's no way to know if your computer program has a bug such that it will run forever without ever stopping and producing an answer, but according to you Gödel was not the only one who was wrong, Turing must've been wrong too.
>>
>> >  It is possible that some pages simply take forever to load. I cut them off when they do.  Granted, they fail to load as a result.
>
> The trouble with that is that Alan Turing proved in general there's no way to know if a computer program will take "forever to load", perhaps if you had been just a little more patient and had waited one more second before you cut it off the program would've finished loading. As I said before, in general there's no way to know if your computer program has a bug such that it will run forever without ever completing its assigned task and stopping.

Yeah.  So it's possible, even likely, that my security practices have
cut off some content that would otherwise have successfully run - and
I'll never know precisely what.

It is also possible, even likely, that some of the cut-offs I have
done have halted what would otherwise have run forever (or at least
until I shut off the computer in question) - and I'll never know
precisely which ones.

I do observe that I have never yet permanently lost a computer that I
was operating to cyberattack.  Whether that's just because none have
ever seriously been attacked is not completely provable, though I do
have logs showing that at least some classes of attack have been
attempted (in large volume) against some of my systems.  For example,
the error logs of my Web sites contain a great many entries of people
attempting to access common unsecured scripts - which simply don't
exist on my Web sites.

But to continue that example, there's a timeout on connections - call
it X seconds.  Have there been cases where a connection could have
completed if I'd allowed X+1 seconds?  Possibly, and I'll never know.
But no attacker has yet been able to hold open a connection
indefinitely, thus indefinitely denying the system the resources
associated with that connection - again, whether or not that's just
because no attacker has ever tried, and I may never know if that's the
case.