The spyware scandal in the news today is a chance to reiterate that human beings are incapable of producing defect-free software at any scale. In particular, there is no such thing as a secure online system or a secure mobile platform. This foundational issue won't go away.
-
Show this thread
-
Our main line of defense against malicious software is that human ingenuity is also limited, so we only find a fraction of our errors. And the malefactors go on to make more mistakes coding the malware. Incompetence is the great defensive wall securing most of our infrastructure.
3 replies 26 retweets 87 likesShow this thread -
The phone situation in particular is dire, and I hope we see a future where these all-in-one devices are supplemented by simpler machines that do just one thing (make phone calls, send text messages) and can't be turned into a 24/7 surveillance beacon by hacking an emoji renderer
2 replies 13 retweets 61 likesShow this thread -
There may be defect-free software somewhere (a very simple avionics servo or space probe) but the level of effort required to create it is so many orders of magnitude beyond what goes into commercial software that any programmer's remaining hair stands on end thinking about it
3 replies 13 retweets 50 likesShow this thread -
To give you an idea of how bad the situation is: one of the greatest textbooks in our field had an error in a tiny CS101 algorithm (binary search) for 20 years. This was then fixed, the fix proven to be correct, and then they found a bug in the fix as wellhttps://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html …
2 replies 13 retweets 62 likesShow this thread -
Or there was that time three years ago when every computer more complex than a graphing calculator (and probably that too) was shown to be completely broken.https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) …
1 reply 1 retweet 26 likesShow this thread -
There's a theorem in computer science called CAP which basically says, if you could have network where nothing ever went offline, you could do cool stuff. A lot of people get excited and try to do the cool stuff anyway, then rapidly discover that such a network does not exist.
1 reply 7 retweets 28 likesShow this thread -
We're doing the same thing in online systems. We behave as if creating secure software is possible and wire everything together so we can do cool stuff. There's no mechanism to bring the consequences of this decision back to bite the people who make it. They get externalized.
2 replies 8 retweets 41 likesShow this thread -
Replying to @Pinboard
externalization of costs and consequences is a core axiom of late stage capitalism
1 reply 0 retweets 0 likes
-
-
Replying to @Pinboard
in abstract capitalism should be able to exist while paying for what are now externalities, but postmodern hypercapitalisn doesn't roll like that
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.