If you are really worried about this, then advocate better computer security. No execute bits and address space layout randomisation are doing good things for computer security, but there is more that could be done.
Code signing on the IPhone has made exploiting it a lot harder than normal computers, if it had ASLR it would be harder again.
I’m actually brainstorming how to create meta data for code while compiling it, so it can be made sort of metamorphic (bits of code being added and removed) at run time. This would make return-oriented code harder to pull off. If this was done to JIT compiled code as well it would also make JIT spraying less likely to work.
While you can never make an unhackable bit of software with these techniques you can make it more computationally expensive to replicate as it would no longer be write once pwn everywhere, reducing the exponent of any spread and making spreads more noisy, so that they are harder to get by intrusion detection.
The current state of software security is not set in stone.
I am concerned about it, and I do advocate better computer security—there are good reasons for it regardless of whether human-level AI is around the corner. The macro-scale trends still don’t look good (iOS is a tiny fraction of the internet’s install base), but things do seem to be improving slowly. I still expect a huge number of networked computers to remain soft targets for at least the next decade, probably two. I agree that once that changes, this Obviously Scary Scenario will be much less scary (though the “Hannibal Lecter running orders of magnitude faster than realtime” scenario remains obviously scary, and I personally find the more general Foom arguments to be compelling).
If you are really worried about this, then advocate better computer security. No execute bits and address space layout randomisation are doing good things for computer security, but there is more that could be done.
Code signing on the IPhone has made exploiting it a lot harder than normal computers, if it had ASLR it would be harder again.
I’m actually brainstorming how to create meta data for code while compiling it, so it can be made sort of metamorphic (bits of code being added and removed) at run time. This would make return-oriented code harder to pull off. If this was done to JIT compiled code as well it would also make JIT spraying less likely to work.
While you can never make an unhackable bit of software with these techniques you can make it more computationally expensive to replicate as it would no longer be write once pwn everywhere, reducing the exponent of any spread and making spreads more noisy, so that they are harder to get by intrusion detection.
The current state of software security is not set in stone.
If you want to run yourself on the iPhone, you turn your graphical frontend into a free game.
Of course it will be easier to get yourself into the Android app store.
I am concerned about it, and I do advocate better computer security—there are good reasons for it regardless of whether human-level AI is around the corner. The macro-scale trends still don’t look good (iOS is a tiny fraction of the internet’s install base), but things do seem to be improving slowly. I still expect a huge number of networked computers to remain soft targets for at least the next decade, probably two. I agree that once that changes, this Obviously Scary Scenario will be much less scary (though the “Hannibal Lecter running orders of magnitude faster than realtime” scenario remains obviously scary, and I personally find the more general Foom arguments to be compelling).