[By Nic Lindh on Sunday, 19 October 2014]
The state of technology these days is incredible—we have a world-wide instant communications network accessible to the majority of people living in developed countries (and spreading fast to the rest of the world); we are able to carry devices in our pockets that connect to the global network and sense where we are and what we are doing; we have covered the sky in satellites. Think about that: We put man-made objects in orbit and they perform duties for us all day every day. It’s mind-boggling.
It’s all duct tape, bailing wire and custom code all the way down.
Hardly a day goes by without some security vulnerability hitting one of the pieces of software we depend on. Target, Home Depot and who knows who else have leaked customer credit cards. Heartbleed, Poodle and Shellshock have exploited old, old bugs lurking in the foundations of the code that runs our entire online civilization. Flash and Microsoft Word—just to provide high-profile examples—keep releasing security updates for horrific vulnerabilities that would allow anybody to control your computer and see all your data from anywhere in the connected world.
That’s a plugin that plays videos and a word processor. They are leaky enough that somebody could use their flaws to control your computer. You should be asking yourself why either of these programs have enough access to your computer this is even possible.
Massive vulnerabilities are just background noise at this point.
Back in a previous life I worked with a bunch of electrical engineers who explained to me at a very high level suitable for a dummy how a computer actually works. Ever since, I’m slightly gratified any time one of them actually boots and works. The complexity is mind-blowing. It really is. Seriously, if you’re physically close to a university, roll by and buy a few engineering students some coffee and/or beer and have them explain this stuff to you. You will never believe your phone will work right again.
Now think about software. Whether you have an Android or iOS device, you probably enjoy using it. The software is nice and lets you do what you want with a minimum of headaches. Now think about your job. If you work for any kind of large or specialized organization, you get to use custom software.
How is that going for you?
Most likely it’s terrible. Turns out, writing software is really hard and the big companies like Adobe, Apple, Google and Microsoft expend an incredible amount of effort and spend a ton of money hiring the smartest people possible to make that happen.
Most companies do not have that kind of talent pool or that kind of resources. They still write software. And most of it is terrible. Because, again, software is hard and most people will do a terrible job of writing it.
That’s the custom order system that makes you want to stab somebody at work every day.
But not only can’t “normal” people write good software: The exploits that are coming out all the time are against the best code we, as a species, can write. The smartest people with the most experience are writing code with horrible vulnerabilities. Not because they’re not good at their jobs—they are. But because we humans are not capable of explaining things to computers, at least not the way we’re doing it now.
This whole problem used to not be that big a deal when it was mostly nerds talking about Star Trek on the Global Network, but now it’s tied in to everything, including the status of your retirement account and how much money is owed on your credit card.
And soon, your house, your refrigerator, the power grid and your car will be controlled by a system that is full of holes.
Do you enjoy knowing that soon your car will be vulnerable to some sociopathic griefer taking out the brakes for lulz?
So apart from fear mongering, what can be done? We really, really need to make it a priority to shore up our basic infrastructure and to realize that humans just can’t write safe C and assembly code. We don’t have the wiring for it. No matter how smart you are, you will screw up. And then some hacker will take control of a nuclear power plant and things go from bad to horrible.
We have to get away from C and assembly. But that would mean a lot of billion-dollar companies stopping what they’re doing and ignoring Wall Street for as long as it takes to retool from the ground up. Odds of that happening? Well, Ghostrider, that would be a zero.
It’s going to get worse, much worse, before it’s done.
Hope you have a diesel generator.
Oh, and you should totally invest in a hockey mask.