[ExI] Holy cow!

Jason Resch jasonresch at gmail.com
Sun Apr 12 16:20:53 UTC 2026 

To add some context I think is missing from the conversation:

To John's point:

The halting problem implications are more severe than whether or not a task
will finish, it includes not being able to know whether or not why block of
code will ever be reached or not.

So it is not just whether a task finishes or not, but whether some function
will be invoked or not, whether or not the machine will accept arbitrary
inputs and test them as code, etc.

To Adrian's point:

There is much that can be done to minimize an attack surface, such as only
connecting to trusted machines, validating input, using firewalls,
activating the NX (no execute bit) to prevent arbitrary code execution, etc.

As to the halting problem implications, note that it is not the general
case (any arbitrary programs cannot all be predicted), but the key word is
general. There are software validation tools that can for limited specific
cases, prove correctness, by brute force iterating over every possible
program state.


That said, any modern operating system is far too complex a beat to run
correctness provers against. Even if you were to only run one piece of
proven software on some server, how do you know there is not an exploitable
bug in the DNS, NTP, TCP/IP stack, firewall, TLS library, SSH, or any of
the hundreds of other software libraries on which the server software and
operating system depend?

I think the Battlestar Galactica remake gets this right. They learned their
machine enemy could remotely hack and disable their military ships. To
counteract this tactic, the humans had to strip all networking from their
computers.

Jason


On Sun, Apr 12, 2026, 10:52 AM Adrian Tymes via extropy-chat <
extropy-chat at lists.extropy.org> wrote:

> On Sun, Apr 12, 2026 at 7:31 AM John Clark <johnkclark at gmail.com> wrote:
> > On Sat, Apr 11, 2026 at 6:43 PM Adrian Tymes via extropy-chat <
> extropy-chat at lists.extropy.org> wrote:
> >>>> >>> It is possible to connect to the Internet without presenting an
> attack surface. I could go on in depth about how, but ....
> >>
> >>> >> No you could not!  If you could, you'd be world-famous as the
> greatest security expert the world has ever known.
> >>
> >> > Tch.  It may be a grossly underappreciated set of tricks that few
> people know how to use, but I'm not the only one who knows them.
> >
> > So we can all relax because you and a few other "grossly
> underappreciated" geniuses know how to completely solve the problem of
> computer security? Baloney!
>
> 1) I never said my solution was complete, as in applicable for
> everyone.  My solution suffices for me, with my limited needs and
> uses.  It wouldn't scale to everyone.
>
> 2) As you recognized, it's a few.  Not nearly enough to protect everyone.
>
> 3) I said "It is possible".  "Possible" != "done".
>
> >>> >> And Alan Turing claimed to have proven that in general there's no
> way to know if your computer program has a bug such that it will run
> forever without ever stopping and producing an answer, but according to you
> Gödel was not the only one who was wrong, Turing must've been wrong too.
> >>
> >> >  It is possible that some pages simply take forever to load. I cut
> them off when they do.  Granted, they fail to load as a result.
> >
> > The trouble with that is that Alan Turing proved in general there's no
> way to know if a computer program will take "forever to load", perhaps if
> you had been just a little more patient and had waited one more second
> before you cut it off the program would've finished loading. As I said
> before, in general there's no way to know if your computer program has a
> bug such that it will run forever without ever completing its assigned task
> and stopping.
>
> Yeah.  So it's possible, even likely, that my security practices have
> cut off some content that would otherwise have successfully run - and
> I'll never know precisely what.
>
> It is also possible, even likely, that some of the cut-offs I have
> done have halted what would otherwise have run forever (or at least
> until I shut off the computer in question) - and I'll never know
> precisely which ones.
>
> I do observe that I have never yet permanently lost a computer that I
> was operating to cyberattack.  Whether that's just because none have
> ever seriously been attacked is not completely provable, though I do
> have logs showing that at least some classes of attack have been
> attempted (in large volume) against some of my systems.  For example,
> the error logs of my Web sites contain a great many entries of people
> attempting to access common unsecured scripts - which simply don't
> exist on my Web sites.
>
> But to continue that example, there's a timeout on connections - call
> it X seconds.  Have there been cases where a connection could have
> completed if I'd allowed X+1 seconds?  Possibly, and I'll never know.
> But no attacker has yet been able to hold open a connection
> indefinitely, thus indefinitely denying the system the resources
> associated with that connection - again, whether or not that's just
> because no attacker has ever tried, and I may never know if that's the
> case.
>
> _______________________________________________
> extropy-chat mailing list
> extropy-chat at lists.extropy.org
> http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20260412/4ec267a7/attachment.htm>

More information about the extropy-chat mailing list