The spyware scandal in the news today is a chance to reiterate that human beings are incapable of producing defect-free software at any scale. In particular, there is no such thing as a secure online system or a secure mobile platform. This foundational issue won't go away.
-
-
To give you an idea of how bad the situation is: one of the greatest textbooks in our field had an error in a tiny CS101 algorithm (binary search) for 20 years. This was then fixed, the fix proven to be correct, and then they found a bug in the fix as wellhttps://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html …
Show this thread -
Or there was that time three years ago when every computer more complex than a graphing calculator (and probably that too) was shown to be completely broken.https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) …
Show this thread -
There's a theorem in computer science called CAP which basically says, if you could have network where nothing ever went offline, you could do cool stuff. A lot of people get excited and try to do the cool stuff anyway, then rapidly discover that such a network does not exist.
Show this thread -
We're doing the same thing in online systems. We behave as if creating secure software is possible and wire everything together so we can do cool stuff. There's no mechanism to bring the consequences of this decision back to bite the people who make it. They get externalized.
Show this thread -
The one thing the software industry excels at is convincing people that computer bugs are a fact of life, and that the solution for them is even more complex software.
Show this thread -
New conversation -
-
-
Writing defect-free software is conceivable for moderate sized systems. What is inconceivable at any reasonable cost is iterative development and adaptation of defect-free software.
-
Okay for rockets where the hardware and requirements are static for system lifetime.
End of conversation
New conversation -
-
-
The defect free avionics servo or space probe also, most likely, do not exist in my experience. Spent four years testing and building these types of things. The code might be defect free, but the system the code creates always has bugs.
-
That's a really good point, that the system under consideration is not just the code but its instantiation. What language did you work in creating this stuff? The level of process and attention to detail around it fascinates me.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.