I will agree that we have a huge problem. As Jeremy correctly stated, we are
relying on years of shoddy programming skills that have been piled upon over
2 decades, and our current batch of programmers are not any more promising.
Talking with th UofM Supercomputer admin, they are having a serious problem
finding qualified programmers for their systems (C/Fortran/Multiprocessor).
Not many colleges/universities are teaching proper programming skills, C
programming, and the sort. Pile upon this the issue of the crappy IT
certification industry giving the false sense of accomplishment and skill,
and we are head over heels in a pile of excrement.

The real question to ask: what are you going to do to fix it?

On Tue, Aug 17, 2010 at 09:47, Jeremy <jeremy at lizakowski.com> wrote:

>
> I think it's fascinating.  Software complexity had exceeded our
> ability to manage it.  Sins of software makers have piled ontop each
> other and become part of the foundation.  And then there's just old
> fashioned mistakes.
>
> Our software is swiss cheese.  Every time I pull a dozen 'security
> updates', I realize there were a dozen holes yesterday.  And there
> will be a dozen holes tomorrow.
>
> When ssh/ssl had a hole a couple years ago that rendered it
> ineffective (200k possible keys), that alone meant almost everyone was
> vulnerable.  And it was caused by just a simple programming mistake.
>
> I worked on FAA-certified aviation software for a bit, and that's an
> example of how you write software to be secure.  But it's also crazy
> expensive.  Each if-statement and for-loop has to have a test case.
> The tester is independant from the coder.
>
> The big computer virus bot networks?  I doubt they are ran by a
> swedish tennager from his parents basement.  If an IT admin is
> challenged running a network with 100 desktops, all running the same
> software, then how many admins does it take to rum a decentralized
> network of 10,000,000 nodes in a hostile environment, using custom
> software, and across diverse platforms?
>
> Considering the power of bot nets, if they aren't run by governments,
> or at least infiltrated by govts, then it is alsmost negligence.
>
> The plus side:  Since robots are now being used in warfare, and
> carrying live ammo, I'm ok with software being imperfect.  That will
> be how we defeat skynet :)
>
> Jeremy
>
>
>
>
>
> Sent from my iPod.
> ...because my other device is a BB Storm.
>
> On Aug 16, 2010, at 12:31 AM, Mike Miller <mbmiller+l at gmail.com<mbmiller%2Bl at gmail.com>>
> wrote:
>
> > An 8-minute segment:
> >
> > http://www.pbs.org/newshour/bb/science/july-dec10/cybersec_08-10.html
> >
> > You can watch it or read the transcript.  What do you think?  I
> > think we
> > have a problem that we can fix, but only if we take it seriously and
> > are
> > willing to work on it.  I'm not sure that we're up to it right now.
> >
> > Mike
> >
> > _______________________________________________
> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > tclug-list at mn-linux.org
> > http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100819/24fb0df5/attachment.htm