Sure, they're inconsistent, oddly constructed and don't support polymorphism (which describes many programmers too, for that matter). Nevertheless, you can get something *done* in jig time and move on with your life.
Spoken like a true developer, and not the IT guy who has to support your little... gem... fifteen years after you "got on with your life" and left it running the corporate accounts receivable on Visual Basic 1.0 on the Windows 3.1 server in the broom closet.
The AV companies were out of their depth, as the article says; the OS team are also out of their depth here. But is that really a surprise? Is this really something that it's reasonable to expect them to be able to cope with?
Yes, because software is mathematics - the only vulnerabilities it contains are the ones we put into it. The vulnerabilities are only there because the product, fundamentally, does not do what it is specified to do. (Although strictly speaking, for security, it's usually the case of does what it is specified not to do). And that means one of several things:
1. Software companies are not bothering to test that their product meets specifications (including basic "is the product safe for sale" - the equivalent of food safety or airline safety) 2. Software companies are not bothering to even have correctly defined specifications to test against 3. Software companies are actually UNABLE to test that their products meet specification 4. Software companies are actually UNABLE to create testable specifications
therefore one of these two deeper problems must be true:
5. Software companies are fundamentally corrupt and do not do the basic due diligence required to ship Internet-connected software
or an even worse possibility:
6. Not only software companies but the entire software industry is actually, at a deep mathematical level, unable to tell a working program from a dangerously unsafe failing one.
Personally, I doubt #6 since the hackers seem to be detecting vulnerabilities just fine. So I think it's #5 and that tools and techniques exist, should we choose to use them, that can prevent security errors. But we would have to redesign our software from the language and OS on down, because we've not built using the knowledge we currently possess.
We built this mess. We can unbuild it. Who's going to care enough to fix it?
The only thing you can do is NOT MAKE VULNERABILITIES. And actually FIX the ones you find.
But... but that's unpossible! It would require developing an industrial software development infrastructure actually capable of telling the difference between a product that meets its design specification and a damp herring before the product was was shipped! This is known to be an absolutely zero-chance mathematically unsolveable problem!!! Nobody can test or prove anything about software because magic and the Halting Problem! Also C++ is the best language ever and automatic range checks are for sillies!
I really don't understand the software industry. We're in the business of automating things. We know that programmers are making mistakes. Therefore, the sensible thing is to automate away the things that programmers make mistakes at. But anytime someone suggests doing the obvious right thing and improving our tools, all the programmers scream like children forced to put their toys away and go to bed on time.
I'm glad to see that mankind is condemned to live upon this poor excuse of a rock called Earth.
A new life awaits you in the offworld colonies! All the dry vacuum you can suck, and all the nickel-iron ore you can chew. Plus a bonus daily bath of fresh, invigorating ionising radiation. It's all yours for a low, low, price of $500 million (one way) per passenger. Send us your starving, huddled masses yearning to breathe through a dirty CO2 scrubber and drink urine recyc. I lift my lamp beside the golden pressure hatch.
(Lamp may be extinguished if fuel cell main bus voltage is low. Pressure hatch may vent to vacuum without warning. Station control corporate body is not liable for death, personal injury or brain damage due to oxygen starvation. Paying work is not guaranteed. Return transit to Earth requires pre-payment in full. Children of long-term residents may be required to pay any station infrastructure debts incurred by parents. All posts on social networks are monitored and defaming the good name of station control corporate body will be vigorously prosecuted subject to nondisclosure agreement. By removing your suit helmet and inhaling you indicate that you accept these conditions.)
America's main industrial engine, the automotive industry.
Yikes. America is depending on its automotive industry to do... much of anything? From this side of the world (New Zealand), Japan has been the only place making decent cars since the 1980s.
If your statement is true, America is in pretty deep trouble.
No two (relatively) liberal democracies have ever waged a war against each other.
I seem to remember the previous form of that statement being "no two democracies". Interesting how extra disclaimers have had to be added. Seems a little "no true Scotsman" to me.
They tried that with physicists, but they could only get it to work for spherical physicists in a vacuum.
[GladOS] However empirical testing has discovered that if you put a physicist (*) in a vacuum, their shape does briefly approach spherical. Before exploding. So it's still a pretty good approximation. [/GladOS]
* This technique probably only works with Bad Movie Physicists.
Gamma emitters are moderately dangerous, but alpha emitters can safely be stored under your bed
Not quite. IANA health physicist, but from my reading of Wikipedia, alpha emitters can be the most dangerous of all if they get into your body, because then they dump all their energetic payload into a tissue-paper-width of actual tissue.
So: safe to store under your bed only if they are a solid block of metal. Not at all safe if they are breathable aerosol particles, less safe if they are particles which fall out of the sky onto your food crops or fish, even less safe if they are functional analogues of chemicals that living tissue stores and concentrates long-term, such as strontium, potassium or iodine.
Radioisotopes of potassium seem to hit the sweet spot of maximum bio-damage. Light enough to carry on the wind and fall out on crops kilometres away from the leak site, half-life in the years rather than days, and incorporated into the body and potentially can be concentrated up the food chain (though not for as long as strontium, I believe). And the cancer rate from them will definitely not be measured in bananas.
I don't get why "stop bitching and start coding" is good advice.
Indeed. Especially since that sentiment usually translates as "stop giving intelligent feedback about the fundamental needs of the user and jump straight to implementing a poorly-thought-out solution to the wrong problem." It seems like it should be obvious that user requirements feedback is also a form of code.
Users are not subhuman creatures. We have intelligent contributions to make. But low-level C/C++ is entirely the wrong language in which to describe the design goals of a piece of software. If you jump straight to submitting a source code patch, you're not going to communicating the why of what you're trying to do. At the moment, English is the right language to describe the higher-level layers.
Personally, I think the answer lies in rethinking our OS and software architecture, and giving users the ability to modify their own environment (as the creators of Unix and Smalltalk originally intended) in clean and safe ways. Changing the look and feel of a user interface shouldn't involve, as it does now, ripping the guts out of a dozen daemon subsystems. It shouldn't be possible to introduce subtle security or timing bugs just by trying to change an icon, or rewire a button. But neither should a UI designer just plow ahead with their grand vision in the face of a thousand frustrated users saying "Hey, this doesn't work".
Or one could feed and educate the poor. Just a thought.
Why in the world would we do that?
Because well-fed and educated brains are much tastier, and they're a sutainable food source if we manage them correctly.
Regarding Mars, you're obviously one of the recent nursery hatchlings - podded sometime in the seventeenth century AD, perhaps? What heady years those were. Every few millenia one of us inevitably raises the question, "Why don't we return to the Old Planet?" And cooler, wiser brain-tentacles wave back the same old answer: because we foolishly drank all the blood from the bipedal races of Barsoom: too fast, too greedily, and without proper attention to farming practices. That's why we migrated here, and that's why we plan to stay, and that's why our atmosphere conversion stacks are busy raising the CO2 percentage as fast as the humans will allow.
Relax. The Crimson Octo-Squid Empress is well aware of your impatience, and finds potential challengers make a nice between-meals snack.
Sure, technically fossil fuels will run out one day. Technically, so will solar power.
Yes, if by "technically" you mean "with a difference of about six or seven orders of magnitude". We've already passed the Hubbert Peak" so oil shocks are ramping up within the next few decades. The sun won't be a problem for millions to billions of years.
If oil does start to become scarce, the trillions to be made by finding a good alternative will be obvious to anyone who'd like to make a buck.
Obvious, certainly. But achievable is not the same thing as obvious. It's obvious that trillions could be made curing cancer or exceeding the speed of light, but it doesn't mean that we've got the ability currently to do either. Once we run out of oil, all the angry speeches in the world about burning down life's house with a combustible lemon won't mean we can actually create an alternative.
That's why we should be changing things now, while we still can, rather than just planning to outsource the problem to the magic future market fairies.
Agreed. I tend to logical positivism in that it doesn't matter if it's real or not if you can't tell the difference. I think the big problem is with the definition of "real" and "exists".
A good working definition of a "real thing" for me is "A doesn't stop observing/changing the universe connected to it, when I stop observing/changing A". That would be true both of "real reality" and the "simulated reality" of this thought experiment.
For example, the persistent shared universe of Eve Online is more "real" for its avatars than an offline game of Elite in the sense that you can't simply enable cheats on your workstation and be able to fly through walls. You don't get the change the rules; only the people running the shared simulation get to do that. Therefore, the simulation may not be "physically" in the sense that it can be kicked, but the electrons and magnetic domains that comprise the data of that simulation in the server very much are real, and exist whether I'm logged in or out. And if Jita gets burned, I as a player can't just restore from a backup and go off into my own private version of the universe.
Seriously, anyone who's arguing that data isn't "real" might be okay in philosophy or computer science, but probably hasn't done much IT work, and found themselves staring at a missing backup tape which very definitely physically isn't there.
If no observation, experiment, or set of experiments, exists that can prove which is real, then you cannot prove what is "real"
Nonsense. It would be easy to determine if you're running in a simulation - as your measurements approached an arbitrary physical limit, you'd find a "pixelization" effect. Sufficiently small physical measurements would start taking on discrete integer rather than real values. Some calculations might be deferred by the simulation framework, so that their value was in a sense "undetermined" until you measured it. This sort of simulation artifact would lead to measurable differences which we don't see in our universe: for instance, passing a single photon through two slits could lead to.... and the energy of ultraviolet light would diverge from.... hmmmmmm......
Oh, crap.
Quick, plan B: everyone act as cute as possible so that the programmers don't turn our power off!
Slashdot Mirror
"R one liners"?
Pirate jokes?
Sure, they're inconsistent, oddly constructed and don't support polymorphism (which describes many programmers too, for that matter). Nevertheless, you can get something *done* in jig time and move on with your life.
Spoken like a true developer, and not the IT guy who has to support your little... gem... fifteen years after you "got on with your life" and left it running the corporate accounts receivable on Visual Basic 1.0 on the Windows 3.1 server in the broom closet.
.
The AV companies were out of their depth, as the article says; the OS team are also out of their depth here. But is that really a surprise? Is this really something that it's reasonable to expect them to be able to cope with?
Yes, because software is mathematics - the only vulnerabilities it contains are the ones we put into it. The vulnerabilities are only there because the product, fundamentally, does not do what it is specified to do. (Although strictly speaking, for security, it's usually the case of does what it is specified not to do). And that means one of several things:
1. Software companies are not bothering to test that their product meets specifications (including basic "is the product safe for sale" - the equivalent of food safety or airline safety)
2. Software companies are not bothering to even have correctly defined specifications to test against
3. Software companies are actually UNABLE to test that their products meet specification
4. Software companies are actually UNABLE to create testable specifications
therefore one of these two deeper problems must be true:
5. Software companies are fundamentally corrupt and do not do the basic due diligence required to ship Internet-connected software
or an even worse possibility:
6. Not only software companies but the entire software industry is actually, at a deep mathematical level, unable to tell a working program from a dangerously unsafe failing one.
Personally, I doubt #6 since the hackers seem to be detecting vulnerabilities just fine. So I think it's #5 and that tools and techniques exist, should we choose to use them, that can prevent security errors. But we would have to redesign our software from the language and OS on down, because we've not built using the knowledge we currently possess.
We built this mess. We can unbuild it. Who's going to care enough to fix it?
The only thing you can do is NOT MAKE VULNERABILITIES. And actually FIX the ones you find.
But... but that's unpossible! It would require developing an industrial software development infrastructure actually capable of telling the difference between a product that meets its design specification and a damp herring before the product was was shipped! This is known to be an absolutely zero-chance mathematically unsolveable problem!!! Nobody can test or prove anything about software because magic and the Halting Problem! Also C++ is the best language ever and automatic range checks are for sillies!
I really don't understand the software industry. We're in the business of automating things. We know that programmers are making mistakes. Therefore, the sensible thing is to automate away the things that programmers make mistakes at. But anytime someone suggests doing the obvious right thing and improving our tools, all the programmers scream like children forced to put their toys away and go to bed on time.
Why are programmers so allergic to automation?
I'm glad to see that mankind is condemned to live upon this poor excuse of a rock called Earth.
A new life awaits you in the offworld colonies! All the dry vacuum you can suck, and all the nickel-iron ore you can chew. Plus a bonus daily bath of fresh, invigorating ionising radiation. It's all yours for a low, low, price of $500 million (one way) per passenger. Send us your starving, huddled masses yearning to breathe through a dirty CO2 scrubber and drink urine recyc. I lift my lamp beside the golden pressure hatch.
(Lamp may be extinguished if fuel cell main bus voltage is low. Pressure hatch may vent to vacuum without warning. Station control corporate body is not liable for death, personal injury or brain damage due to oxygen starvation. Paying work is not guaranteed. Return transit to Earth requires pre-payment in full. Children of long-term residents may be required to pay any station infrastructure debts incurred by parents. All posts on social networks are monitored and defaming the good name of station control corporate body will be vigorously prosecuted subject to nondisclosure agreement. By removing your suit helmet and inhaling you indicate that you accept these conditions.)
America's main industrial engine, the automotive industry.
Yikes. America is depending on its automotive industry to do... much of anything? From this side of the world (New Zealand), Japan has been the only place making decent cars since the 1980s.
If your statement is true, America is in pretty deep trouble.
"Stark Trek Luminaries?"
Good lord, I hope nobody lets Tony build a starship. That's the last thing his ego needs.
Besides, S.W.O.R.D. might have something to say about S.H.I.E.L.D. muscling in on their turf.
No two (relatively) liberal democracies have ever waged a war against each other.
I seem to remember the previous form of that statement being "no two democracies". Interesting how extra disclaimers have had to be added. Seems a little "no true Scotsman" to me.
Bob's School of Bioethics and Croissant Making.
Mas non! Only evil bioethicists learn croissant making! Do you have any idea how much saturated fat is in one of those things?
Now witness the delicious French destruction your failure of scientific morality and standardised curriculum assessment has wrought upon the world!
You fools! You puffed the pastry up! You puffed it all up!
They tried that with physicists, but they could only get it to work for spherical physicists in a vacuum.
[GladOS] However empirical testing has discovered that if you put a physicist (*) in a vacuum, their shape does briefly approach spherical. Before exploding. So it's still a pretty good approximation. [/GladOS]
* This technique probably only works with Bad Movie Physicists.
The U.S.A.P.A.T.R.I.O.T. Act
You know, I always wondered why they named a key piece of legislation "U Sap at Riot".
Gamma emitters are moderately dangerous, but alpha emitters can safely be stored under your bed
Not quite. IANA health physicist, but from my reading of Wikipedia, alpha emitters can be the most dangerous of all if they get into your body, because then they dump all their energetic payload into a tissue-paper-width of actual tissue.
So: safe to store under your bed only if they are a solid block of metal. Not at all safe if they are breathable aerosol particles, less safe if they are particles which fall out of the sky onto your food crops or fish, even less safe if they are functional analogues of chemicals that living tissue stores and concentrates long-term, such as strontium, potassium or iodine.
Radioisotopes of potassium seem to hit the sweet spot of maximum bio-damage. Light enough to carry on the wind and fall out on crops kilometres away from the leak site, half-life in the years rather than days, and incorporated into the body and potentially can be concentrated up the food chain (though not for as long as strontium, I believe). And the cancer rate from them will definitely not be measured in bananas.
Does that seem like a correct assessment to you?
Wait, I meant plurality. Darn. Elections are hard.
For example you can have a 1% majority
I think that word does not mean what you think it means.
Sure it does, if you have more than 100 competing choices.
A programmer should realize majority is a binary state, either a 1 (it is) or 0 (it is not).
A politician would realise that you don't even need a majority, just a plurality.
I don't get why "stop bitching and start coding" is good advice.
Indeed. Especially since that sentiment usually translates as "stop giving intelligent feedback about the fundamental needs of the user and jump straight to implementing a poorly-thought-out solution to the wrong problem." It seems like it should be obvious that user requirements feedback is also a form of code.
Users are not subhuman creatures. We have intelligent contributions to make. But low-level C/C++ is entirely the wrong language in which to describe the design goals of a piece of software. If you jump straight to submitting a source code patch, you're not going to communicating the why of what you're trying to do. At the moment, English is the right language to describe the higher-level layers.
Personally, I think the answer lies in rethinking our OS and software architecture, and giving users the ability to modify their own environment (as the creators of Unix and Smalltalk originally intended) in clean and safe ways. Changing the look and feel of a user interface shouldn't involve, as it does now, ripping the guts out of a dozen daemon subsystems. It shouldn't be possible to introduce subtle security or timing bugs just by trying to change an icon, or rewire a button. But neither should a UI designer just plow ahead with their grand vision in the face of a thousand frustrated users saying "Hey, this doesn't work".
If I were starting over in my teens, I'd be expending a *lot* more effort on aural sex
It doesn't have to be that loud, you know.
Or one could feed and educate the poor. Just a thought.
Why in the world would we do that?
Because well-fed and educated brains are much tastier, and they're a sutainable food source if we manage them correctly.
Regarding Mars, you're obviously one of the recent nursery hatchlings - podded sometime in the seventeenth century AD, perhaps? What heady years those were. Every few millenia one of us inevitably raises the question, "Why don't we return to the Old Planet?" And cooler, wiser brain-tentacles wave back the same old answer: because we foolishly drank all the blood from the bipedal races of Barsoom: too fast, too greedily, and without proper attention to farming practices. That's why we migrated here, and that's why we plan to stay, and that's why our atmosphere conversion stacks are busy raising the CO2 percentage as fast as the humans will allow.
Relax. The Crimson Octo-Squid Empress is well aware of your impatience, and finds potential challengers make a nice between-meals snack.
Sure, technically fossil fuels will run out one day. Technically, so will solar power.
Yes, if by "technically" you mean "with a difference of about six or seven orders of magnitude". We've already passed the Hubbert Peak" so oil shocks are ramping up within the next few decades. The sun won't be a problem for millions to billions of years.
If oil does start to become scarce, the trillions to be made by finding a good alternative will be obvious to anyone who'd like to make a buck.
Obvious, certainly. But achievable is not the same thing as obvious. It's obvious that trillions could be made curing cancer or exceeding the speed of light, but it doesn't mean that we've got the ability currently to do either. Once we run out of oil, all the angry speeches in the world about burning down life's house with a combustible lemon won't mean we can actually create an alternative.
That's why we should be changing things now, while we still can, rather than just planning to outsource the problem to the magic future market fairies.
Actually it could be built for a lot less in my opinion. Much of the cost of these things is just lifting stuff up there,
A sufficient quantity of guncotton and the exigent development of a large-bore cannon could resolve this issue post-haste.
-- Jules Verne, 1865
Orbital cannons are still perfectly safe, if a rather low-budget way of getting into space.
Agreed. I tend to logical positivism in that it doesn't matter if it's real or not if you can't tell the difference. I think the big problem is with the definition of "real" and "exists".
A good working definition of a "real thing" for me is "A doesn't stop observing/changing the universe connected to it, when I stop observing/changing A". That would be true both of "real reality" and the "simulated reality" of this thought experiment.
For example, the persistent shared universe of Eve Online is more "real" for its avatars than an offline game of Elite in the sense that you can't simply enable cheats on your workstation and be able to fly through walls. You don't get the change the rules; only the people running the shared simulation get to do that. Therefore, the simulation may not be "physically" in the sense that it can be kicked, but the electrons and magnetic domains that comprise the data of that simulation in the server very much are real, and exist whether I'm logged in or out. And if Jita gets burned, I as a player can't just restore from a backup and go off into my own private version of the universe.
Seriously, anyone who's arguing that data isn't "real" might be okay in philosophy or computer science, but probably hasn't done much IT work, and found themselves staring at a missing backup tape which very definitely physically isn't there.
If no observation, experiment, or set of experiments, exists that can prove which is real, then you cannot prove what is "real"
Nonsense. It would be easy to determine if you're running in a simulation - as your measurements approached an arbitrary physical limit, you'd find a "pixelization" effect. Sufficiently small physical measurements would start taking on discrete integer rather than real values. Some calculations might be deferred by the simulation framework, so that their value was in a sense "undetermined" until you measured it. This sort of simulation artifact would lead to measurable differences which we don't see in our universe: for instance, passing a single photon through two slits could lead to.... and the energy of ultraviolet light would diverge from.... hmmmmmm......
Oh, crap.
Quick, plan B: everyone act as cute as possible so that the programmers don't turn our power off!
With magic and woo, all things are possible.
With John Woo, all things are also possible, as long as they involve kicking people in the face.
Plus you get bonus slow-motion doves.
Darmok and Jalad at Tanagra?
Chell, with a potato.
I don't think anyone would code anything in something that is an anagram for meat froth.
Vocalise for yourself, ugly bag of mostly water.