Make Stage 0 the stages index: reader lands on 'now' with the full roadmap at a glance
- Merge stage-0-now.org content into stages/_index.org (now titled 'Stage 0: Now') - Delete stage-0-now.org - Add stage overview table to the top of the page (8 stages, what changes, threat eliminated) - Update all cross-references from old stage-0 UUID to stages _index UUID - Regenerate ID map to reflect the deletion - Also fix page-list shortcode: .ByTitle -> .ByWeight so subpage listing matches sidebar order - Rebuild: 147 files, 0 errors
This commit is contained in:
Hermes
@@ -1,4 +1,5 @@
|
||||
:PROPERTIES:
|
||||
:ID: 89f592aa-9c46-42db-a6c7-54dc91fe2172
|
||||
:CREATED: [2026-06-03 Tue]
|
||||
:ID: 971cd9e7-2cc5-4743-8042-2469dbe4078f
|
||||
:END:
|
||||
|
||||
@@ -56,4 +56,4 @@ Passepartout creates a new category: verified infrastructure. Not a safer operat
|
||||
|
||||
- [[id:1c3ec48b-446c-50d2-b53e-126a81f5143f][Architecture]] — the system in detail
|
||||
- [[id:b9fa4b7b-bc61-4d7f-918d-ff687b80f2ba][Systemic Effects]] — what verification cascades into
|
||||
- [[id:4a1f23b0-abc1-4def-9876-543210abcdef][Staged Roadmap]] — from today to Stage 7
|
||||
- [[id:8cb760e2-37c6-4a78-af4d-f89f69d1678b][Staged Roadmap]] — from today to Stage 7
|
||||
|
||||
@@ -3,9 +3,62 @@
|
||||
:WEIGHT: 10
|
||||
:ID: 8cb760e2-37c6-4a78-af4d-f89f69d1678b
|
||||
:END:
|
||||
#+title: Stages
|
||||
#+title: Stage 0: Now
|
||||
#+filetags: :passepartout:architecture:stages:roadmap:
|
||||
|
||||
The staged roadmap for Passepartout — from current conventional computing through the full self-improving Lisp machine vision.
|
||||
The staged roadmap for Passepartout — from current conventional computing through the full self-improving Lisp machine vision. Each stage is independently useful and the migration is progressive component swap, not a cut-over.
|
||||
|
||||
{{< page-list >}}
|
||||
**The stages at a glance:**
|
||||
|
||||
| Stage | What changes | Threat eliminated |
|
||||
|---|---|---|
|
||||
| 0 | Linux + Python agent + SQLite (current) | None — starting point |
|
||||
| 1 | Social protocol: DID identity, encrypted messaging, data stores | Unauthenticated communication |
|
||||
| 2 | The gate as software over host OS | Root as attack path |
|
||||
| 3 | Bare-metal Lisp image, one address space | MMU boundary, process isolation |
|
||||
| 4 | In-process LLM inference | API call interception |
|
||||
| 5 | Neural weights as plist-native data | Symbolic/neural representation gap |
|
||||
| 6 | Verified fine-tuning, gate-checked weight updates | Unsanctioned model mutation |
|
||||
| 7 | What remains — physical, political, oracular limits | (No computational threat remains) |
|
||||
|
||||
*Summary: The conventional stack as it exists today. Not a design — the starting point.*
|
||||
|
||||
This is the baseline we inherit. Linux on x86, C/Rust toolchain,
|
||||
web-based applications, GPU compute for AI, TCP/IP networking. Every layer
|
||||
is independently built and independently untrusted.
|
||||
|
||||
The conventional stack spans every layer:
|
||||
|
||||
| Layer | Threats |
|
||||
|-------+---------|
|
||||
| [[id:84a537b4-4256-50c8-91f5-dd5b4538418f][Hardware]] | silicon trojan, rowhammer, speculation side channels (spectre/meltdown), physical theft |
|
||||
| Firmware | UEFI implants, SMM rootkits, ME backdoor — unaccountable opaque processors |
|
||||
| OS kernel | privilege escalation, syscall bugs, driver exploits — CVEs weekly |
|
||||
| Compiler | Ken Thompson's "Trusting Trust" — compiler backdoors invisible at source level |
|
||||
| Runtime | heap corruption, use-after-free, buffer overflow — the dominant malware vector |
|
||||
| Network | MITM, TLS state machine bugs, DNS poisoning, routing attacks |
|
||||
| Application | XSS, SQLi, RCE, dependency chain attacks, supply chain |
|
||||
| User | phishing, social engineering, credential theft |
|
||||
| LLM (if present) | jailbreaks, prompt injection (unbounded space), data leakage in outputs, probabilistic unreliability |
|
||||
| Empirical provenance | No systematic model validity checking. Parameters lack provenance, validity envelopes absent, neural networks treated as black boxes with no distribution match |
|
||||
|
||||
**Key property:** Every layer is independent and untrusted. No layer can vouch
|
||||
for any other. Security is *empirical* — "no bugs found in this release" — not
|
||||
deductive.
|
||||
|
||||
**What is eliminated:** Nothing. Every threat that has ever existed in computing exists at Stage 0.
|
||||
|
||||
**What does this cost:**
|
||||
- Patching treadmill — the industry spends uncountable hours applying CVEs. Every OS update risks regressions.
|
||||
- Incident response — breaches are expected, not exceptional. Average dwell time is measured in months.
|
||||
- Bug bounties — a market failure tax: pay researchers to find the bugs your toolchain inevitably produces.
|
||||
- Complexity tax — every OS, driver, library, and daemon is a potential entry point.
|
||||
- No deductive guarantees — security is empirical. "No bugs found in this release" does not mean no bugs exist.
|
||||
|
||||
**What does this enable:** Everything we have. The entire software ecosystem, all hardware, every network. The cost and the capability are the same thing — maximum flexibility, minimum provable trust.
|
||||
|
||||
**When is this viable:** Today. This is where we are.
|
||||
|
||||
**In practice:** We have normalized reactive security because the alternative — building a provably secure stack — is considered too expensive. Every company of meaningful size has a security team whose job is to detect when they've been breached, not to prevent it. The average dwell time is measured in months. This is treated as normal because the alternative — a provably secure stack — is seen as prohibitively expensive. This roadmap is the argument that the provable alternative is not only possible, but the inevitable destination. The question is not whether to build it, but at what pace.
|
||||
|
||||
See the remaining stage pages below for the path forward.
|
||||
|
||||
@@ -1,86 +0,0 @@
|
||||
---
|
||||
title: Stage 0
|
||||
type: reference
|
||||
tags: :passepartout:roadmap:
|
||||
created: 2026-05-24
|
||||
---
|
||||
|
||||
← [[id:329a30cd-55fb-496d-a60b-91388c211bba][Passepartout]] → [[id:4a1f23b0-abc2-4def-9876-543210abcdef][Stage 1 — Social Protocol]]
|
||||
|
||||
# Stage 0: Now
|
||||
|
||||
*Summary: The conventional stack as it exists today. Not a design — the starting point.*
|
||||
|
||||
This is the baseline we inherit. Linux on x86, C/Rust toolchain,
|
||||
web-based applications, GPU compute for AI, TCP/IP networking. Every layer
|
||||
is independently built and independently untrusted.
|
||||
|
||||
The conventional stack spans every layer:
|
||||
|
||||
| Layer | Threats |
|
||||
|-------+---------|
|
||||
| [[id:84a537b4-4256-50c8-91f5-dd5b4538418f][Hardware]] | silicon trojan, rowhammer, speculation side channels (spectre/meltdown), physical theft |
|
||||
| Firmware | UEFI implants, SMM rootkits, ME backdoor — unaccountable opaque processors |
|
||||
| OS kernel | privilege escalation, syscall bugs, driver exploits — CVEs weekly |
|
||||
| Compiler | Ken Thompson's "Trusting Trust" — compiler backdoors invisible at source level |
|
||||
| Runtime | heap corruption, use-after-free, buffer overflow — the dominant malware vector |
|
||||
| Network | MITM, TLS state machine bugs, DNS poisoning, routing attacks |
|
||||
| Application | XSS, SQLi, RCE, dependency chain attacks, supply chain |
|
||||
| User | phishing, social engineering, credential theft |
|
||||
| LLM (if present) | jailbreaks, prompt injection (unbounded space), data leakage in outputs, probabilistic unreliability |
|
||||
| Empirical provenance | No systematic model validity checking. Parameters lack provenance, validity envelopes absent, neural networks treated as black boxes with no distribution match |
|
||||
|
||||
**Key property:** Every layer is independent and untrusted. No layer can vouch
|
||||
for any other. Security is *empirical* — "no bugs found in this release" — not
|
||||
deductive.
|
||||
|
||||
## What is eliminated
|
||||
|
||||
Nothing. Every threat that has ever existed in computing exists at Stage 0.
|
||||
|
||||
## What does this cost?
|
||||
|
||||
- **Patching treadmill** — the industry spends uncountable hours applying CVEs.
|
||||
Every OS update risks regressions. Security teams are measured by mean time
|
||||
to detect, not mean time to prevent.
|
||||
- **Incident response** — breaches are expected, not exceptional. The average
|
||||
dwell time (attacker inside system before detection) is months.
|
||||
- **Bug bounties** — a market failure tax: pay researchers to find the bugs
|
||||
your toolchain inevitably produces.
|
||||
- **Complexity tax** — every OS, driver, library, and daemon is a potential
|
||||
entry point. The attack surface is unknowable because no layer can vouch
|
||||
for any other.
|
||||
- **No deductive guarantees** — security is empirical. "No bugs found in this
|
||||
release" does not mean no bugs exist.
|
||||
|
||||
Even with all this spending, the system is not provably secure. You can't
|
||||
audit your way to deductive guarantees on a conventional stack.
|
||||
|
||||
## What does this enable?
|
||||
|
||||
Everything we have. The entire software ecosystem, all hardware, every network.
|
||||
The cost and the capability are the same thing — maximum flexibility, minimum
|
||||
provable trust.
|
||||
|
||||
## When is this viable?
|
||||
|
||||
Today. This is where we are.
|
||||
|
||||
## In practice
|
||||
|
||||
We have normalized reactive security because the alternative — building a
|
||||
provably secure stack — is considered too expensive. Every company of
|
||||
meaningful size has a security team whose job is to detect when they've been
|
||||
breached, not to prevent it. The average dwell time is measured in months.
|
||||
This is treated as normal because the alternative — a provably secure stack —
|
||||
is seen as prohibitively expensive. This roadmap is the argument that the
|
||||
provable alternative is not only possible, but the inevitable destination.
|
||||
The question is not whether to build it, but at what pace.
|
||||
|
||||
← [[id:329a30cd-55fb-496d-a60b-91388c211bba][Passepartout]] → [[id:4a1f23b0-abc2-4def-9876-543210abcdef][Stage 1 — Social Protocol]]
|
||||
|
||||
:PROPERTIES:
|
||||
:CREATED: [2026-05-24 Sun]
|
||||
:WEIGHT: 11
|
||||
:ID: 4a1f23b0-abc1-4def-9876-543210abcdef
|
||||
:END:
|
||||
@@ -5,7 +5,7 @@ tags: :passepartout:roadmap:social-protocol:
|
||||
created: 2026-05-24
|
||||
---
|
||||
|
||||
← [[id:4a1f23b0-abc1-4def-9876-543210abcdef][Stage 0 — Now]] → [[id:4a1f23b0-abc3-4def-9876-543210abcdef][Stage 2 — Verification]]
|
||||
← [[id:8cb760e2-37c6-4a78-af4d-f89f69d1678b][Stage 0 — Now]] → [[id:4a1f23b0-abc3-4def-9876-543210abcdef][Stage 2 — Verification]]
|
||||
|
||||
# Stage 1: [[id:1d074690-a279-59cb-b91d-e9a22ae104ad][Social Protocol]]
|
||||
|
||||
@@ -111,7 +111,7 @@ sparse knowledge). As the instance count grows, contradiction frequency
|
||||
increases and quality converges. This is Cyc's pump-priming problem solved
|
||||
through network effects instead of hand-curation.
|
||||
|
||||
← [[id:4a1f23b0-abc1-4def-9876-543210abcdef][Stage 0 — Now]] → [[id:4a1f23b0-abc3-4def-9876-543210abcdef][Stage 2 — Verification]]
|
||||
← [[id:8cb760e2-37c6-4a78-af4d-f89f69d1678b][Stage 0 — Now]] → [[id:4a1f23b0-abc3-4def-9876-543210abcdef][Stage 2 — Verification]]
|
||||
|
||||
:PROPERTIES:
|
||||
:CREATED: [2026-05-24 Sun]
|
||||
|
||||
Reference in New Issue
Block a user