The spyware scandal in the news today is a chance to reiterate that human beings are incapable of producing defect-free software at any scale. In particular, there is no such thing as a secure online system or a secure mobile platform. This foundational issue won't go away.
-
Show this thread
-
Our main line of defense against malicious software is that human ingenuity is also limited, so we only find a fraction of our errors. And the malefactors go on to make more mistakes coding the malware. Incompetence is the great defensive wall securing most of our infrastructure.
3 replies 26 retweets 87 likesShow this thread -
The phone situation in particular is dire, and I hope we see a future where these all-in-one devices are supplemented by simpler machines that do just one thing (make phone calls, send text messages) and can't be turned into a 24/7 surveillance beacon by hacking an emoji renderer
2 replies 13 retweets 61 likesShow this thread -
There may be defect-free software somewhere (a very simple avionics servo or space probe) but the level of effort required to create it is so many orders of magnitude beyond what goes into commercial software that any programmer's remaining hair stands on end thinking about it
3 replies 13 retweets 50 likesShow this thread -
Replying to @Pinboard
The defect free avionics servo or space probe also, most likely, do not exist in my experience. Spent four years testing and building these types of things. The code might be defect free, but the system the code creates always has bugs.
1 reply 0 retweets 1 like -
Replying to @afarnham
That's a really good point, that the system under consideration is not just the code but its instantiation. What language did you work in creating this stuff? The level of process and attention to detail around it fascinates me.
1 reply 0 retweets 1 like -
Replying to @Pinboard
The abstract here has an unusual amount of detail about my exact job, including the building I worked in: https://ieeexplore.ieee.org/document/741486 .. as far as I know, this is still how they do it for the ISS. I was specifically involved with the external active thermal control system.
1 reply 0 retweets 1 like
Pfft, thermal control in space, how hard could it be? Thank you for the link!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.