Re: [TML] Every day it seems we're closer to Cyberpunk 2020... Tim 30 Jun 2016 02:40 UTC
On Wed, Jun 29, 2016 at 07:02:21PM +0000, Bruce Johnson wrote: > Wonder how a TL15 society manages the endless Hacker vs Hacker > war….this is a gargantuan gap in the Traveller Canon, since it > pretty much all predates the internet... I figure that this is pretty much a solved problem by Traveller's timeframe, and that automated verification has rendered remote software exploits irrelevant; a distant memory of the infancy of computing. In contrast to movies and television, these sorts of exploits aren't a result of some genius finding a way around carefully crafted and near-impregnable security measures. In our rush to get computers into everything in (largely) just a decade or two, virtually all of our software is riddled with blatant errors from top to bottom. Almost all of the hacking stories one might read about are based on people exploiting these abundant errors. They are so common that a whole black market industry revolves around automated tools to find and abuse them en masse. Most of the errors are there because some rushed programmers on tight deadlines had to write something that mostly met a haphazard design in a programming language they didn't actually understand that well, using weak and faulty tools. They probably ignored what few warnings the system did give them because it was organizational policy to get something out as fast as possible: when you're opening up totally new markets, being first is better than being good. Especially when there is no liability for faults no matter how severe their consequences. In contrast, Traveller's civilizations have relied on computers longer than we've had writing. There hasn't been a first-mover advantage in software for millennia. The types of errors that lead to exploitable holes will have been categorized and dealt with in the first few centuries at most. Software will almost certainly still have errors, but they will be in the higher-level specifications of what it is supposed to do, not fundamental problems that give control of the whole system to anyone who sends the wrong sequence of bits to a faulty program. That doesn't mean that computer security is absolute, of course. Direct hardware access will continue to be able to override software safeguards. Likewise social engineering will continue to be effective for as long as people have the final say over what a computer does. - Tim