<div>I will agree that we have a huge problem. As Jeremy correctly stated, we are relying on years of shoddy programming skills that have been piled upon over 2 decades, and our current batch of programmers are not any more promising. </div>
<div>Talking with th UofM Supercomputer admin, they are having a serious problem finding qualified programmers for their systems (C/Fortran/Multiprocessor). Not many colleges/universities are teaching proper programming skills, C programming, and the sort. Pile upon this the issue of the crappy IT certification industry giving the false sense of accomplishment and skill, and we are head over heels in a pile of excrement.</div>
<div> </div>
<div>The real question to ask: what are you going to do to fix it?<br><br></div>
<div class="gmail_quote">On Tue, Aug 17, 2010 at 09:47, Jeremy <span dir="ltr"><<a href="mailto:jeremy@lizakowski.com">jeremy@lizakowski.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>I think it's fascinating. Software complexity had exceeded our<br>ability to manage it. Sins of software makers have piled ontop each<br>
other and become part of the foundation. And then there's just old<br>fashioned mistakes.<br><br>Our software is swiss cheese. Every time I pull a dozen 'security<br>updates', I realize there were a dozen holes yesterday. And there<br>
will be a dozen holes tomorrow.<br><br>When ssh/ssl had a hole a couple years ago that rendered it<br>ineffective (200k possible keys), that alone meant almost everyone was<br>vulnerable. And it was caused by just a simple programming mistake.<br>
<br>I worked on FAA-certified aviation software for a bit, and that's an<br>example of how you write software to be secure. But it's also crazy<br>expensive. Each if-statement and for-loop has to have a test case.<br>
The tester is independant from the coder.<br><br>The big computer virus bot networks? I doubt they are ran by a<br>swedish tennager from his parents basement. If an IT admin is<br>challenged running a network with 100 desktops, all running the same<br>
software, then how many admins does it take to rum a decentralized<br>network of 10,000,000 nodes in a hostile environment, using custom<br>software, and across diverse platforms?<br><br>Considering the power of bot nets, if they aren't run by governments,<br>
or at least infiltrated by govts, then it is alsmost negligence.<br><br>The plus side: Since robots are now being used in warfare, and<br>carrying live ammo, I'm ok with software being imperfect. That will<br>be how we defeat skynet :)<br>
<br>Jeremy<br><br><br><br><br><br>Sent from my iPod.<br>...because my other device is a BB Storm.<br><br>On Aug 16, 2010, at 12:31 AM, Mike Miller <<a href="mailto:mbmiller%2Bl@gmail.com">mbmiller+l@gmail.com</a>> wrote:<br>
<br>> An 8-minute segment:<br>><br>> <a href="http://www.pbs.org/newshour/bb/science/july-dec10/cybersec_08-10.html" target="_blank">http://www.pbs.org/newshour/bb/science/july-dec10/cybersec_08-10.html</a><br>><br>
> You can watch it or read the transcript. What do you think? I<br>> think we<br>> have a problem that we can fix, but only if we take it seriously and<br>> are<br>> willing to work on it. I'm not sure that we're up to it right now.<br>
><br>> Mike<br>><br>> _______________________________________________<br>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>> <a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br>
> <a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a><br><br>_______________________________________________<br>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>
<a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br><a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a><br></blockquote>
</div><br>