itsablog

The Information Technology Myth
last modified: Monday, December 11, 2006 (10:46:46 AM)
http://news.com.com/Attack+code+out+for+Apple+flaw/2100-1002_3-6089630.html

Note: This has nothing to do with cel collecting.

The article above is a link to an Apple software vulnerability that allows an attacker to take control of a machine.

Someone released some code that demonstrates the flaw. Okay, no big deal. But in the article comments, Apple enthusiasts on the whole simply refuse to believe that their acrylic toteboxes could be anything less than a digital Fort Knox.

Security is *the* dirtiest "legitimate" business in information technology. Why? Because it encourages bottom-feeding. It encourages gross ethical misconduct with regards to splashy press releases and getting your name recognized by breaking some random code widget that happens to be signed by Microsoft or Apple or whoever.

If nuclear physicists behaved in the way that your average computer security "professionals" behaved, we'd be seeing explicit instructions in newspapers around the country on how to build a radioactive "dirty bomb" using things found in an average Home Depot. (No, I'm not making that up, it's quite possible.)

But what drives this idiotic behavior? The Myth.

The Myth leads one to believe that a certain type or lineage of software is better than another. The truth is that -- you might want to sit down -- all software is broken.

Take that article above. Look at the comments. People simply refuse to believe that Macs are just as broken as everything else in the world. Not only is that assumption patently false, it's dangerous. Those stupid commercials don't help. The idea that "it's safe to use the Internet" on a Mac is just wrong, wrong, wrong.

The side observation here is that among actual non-stupid programmers, the code that those groups generate is remarkably similar in terms of quality and security. Are there smarter programmers and dumber programmers? Sure. But they generate the same code. Smarter programmers simply iterate through the same mistakes faster.

So where does that leave you?

Never trust a computer programmer or marketer that says their product inherantly more secure by virtue of better design. Might be true to a point, but it's never the whole story. Unless they mean mathmatical proof (hello, symmetric key encryption) or an ton of people banging on it night and day, day in and day out (hello, tcp/ip) then it's probably no better than anything else.

The only rule of thumb that has ever made any sense is this: "The only good code is old code."

Aren't you glad your long distance calls, stop lights, and ATMs all behave generally as they are supposed to?
re: The Information Technology MythSaturday, July 08, 2006 - 10:45:26 AM
momo

Absolutely agree Jason! Pity though enough people believe that a product is more secure simply due to the design. My eyes roll everytime I hear that a demo. And yes I am glad the little things generally work the way they are suppose to without all the bells and whistles. Cheers!