Re: truth is for Admins

[chris () blask org]

--- On Mon, 10/26/09, Nick FitzGerald <nick () virus-l demon co uk> wrote:

> Is that really any kind of an excuse for the perpetrators of what is 
> increasingly, and laughingly, called "software engineering" to continue 
> to execute the extremely crappy "art" that is still their stock-in-
> trade, despite decades of "whoops, we should have seen that
> coming"  history?

> "No-one gets killed by our shite software so it's pretty much OK".

I'm fairly certain that's exactly not what I said.  

Look, designing a security system for a given large network that at all times accounts for every single possible 
combination of the manifest imperfections of both users and non-security engineering activities would require - in my 
estimation - systemic advances akin to those required to fully automate and render accident-proof (not 
"accident-resistant") the national highway system.  That would mean: rendering each vehicle (end device) redundantly 
independently fail-safe from accidental, intentional and incompetently dangerous behavior; making each road and 
intersection (network segment and connectivity device) fully aware of all contingent traffic conditions and their 
implications and able to communicate with and enforce behavior of all pertinent vehicles; management systems 
(management systems) that are both holistically capable of comprehending the totality of the past and present states of 
the highway system and simultaneously incapable of issuing any
 incorrect directive to any part of the system at any time, even when compromised.

Such traffic systems will, in the end, come into existence.  I just wouldn't hold my breath (or anything else) waiting 
for them.

The point is not that it is OK to build shite cars (or software), the point is that we will have to do the best with 
what we have despite the shortcomings we are presented with at any time.  That will include engineering the best 
solutions we can, providing the best training we can, putting anti-phishing slogans on coffee mugs and doing whatever 
else we can think of.

Finally, I specifically did not say "No-one gets killed by our shite software", or that that would be "pretty much OK". 
Shite software does in fact kill people in some rare cases even today, and we are more and more moving into a world 
where shite software (and shite implementations) will increase the risk of - as well as the actual occurrence of - 
people being killed by computers.  There is specifically nothing "OK" about that.  However, there is nothing "OK" about 
people dying in cars, either (including the cars that will increasingly kill people due to shite software in them).  
But until the aforementioned flawless cybernetic traffic system is completed (after I am well dead and buried) those 
who choose to attempt to limit death in motion will have to live with the fact that they will be experiencing non-zero 
failure rates.

So will we.

-chris


      
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.