The fastest fix is new motherboard designs using at least 2 CPUs. Existing mainboards are fucked, though.
But even with this, all available software platforms are like Swiss cheese.
>what openbsd did with the netbsd platform.
Based on your wording here, you're not aware of some of the scarier issues. This runs very, very deep and OpenBSD isn't safe either.
We need to rebuild the tech industry (hardware and software) from the ground up. The reason I mentioned 2 CPUs is because even with compromised hardware, you can use simple hardware firewalling to separate smart peripherals from the 'inside/secure' CPU (and you should probably put the inside/secure CPU in a Faraday shield. I intend to start making computing platforms like this in the near future.
Next stop - secure distributed platform with common database. Open source and, more importantly, OPEN SPECIFICATION. Also self-testing for security primitives so new implementations can be tested against known-good implementations.
>I merely used the openbsd protocol of ongoing audits as an example of not assuming things are ok because some appeal to authority figure "says so".
We're agreeing. I was hinting at other (scarier) exploits that I believe are in all of the *NIX variants. Look into Multics in the late '60's and what USAF did with those machines. There's a partially unredacted USAF report out there detailing that USAF knew all about everything exploit-related, including compiler trojans. After Multics, Bell Labs / AT&T developed UNIX and then just gave it to the world. For free. Imagine that. I believe everything 'open source' is already compromised at a software level with compiler trojans. You have to install these things with executable code that hides them. Only way to find it is with hardware core dump with manual process of elimination of all parts of memory - not trivial - state-level endeavor.
We agree on the perma-comped hardware. Anything with access to RAM bus must be assumed to be compromised (and probably is.) Interestingly, check out the CTOs of all of the western companies who make Ethernet interface chips. They're all the same guys out of Silicon Valley from the 80's. Good ol' boys.
Nothing to do with IP networks. If US cuts them off, then they don't get NSA data. They can't afford to go against US.
These guys operate the transnational fiber truncs. They can do whatever they want and the IP networks any of us could ever see won't be involved.
Yeah, the economic damage of cutting off the normal IP traffic would be far more damaging than leaving it up. Their economy would instantly suffer and their population would shit their depends.