On Wed, Jun 29, 2016 at 07:02:21PM +0000, Bruce  Johnson wrote:
> Wonder how a TL15 society manages the endless Hacker vs Hacker
> war….this is a gargantuan gap in the Traveller Canon, since it
> pretty much all predates the internet...

I figure that this is pretty much a solved problem by Traveller's
timeframe, and that automated verification has rendered remote
software exploits irrelevant; a distant memory of the infancy of
computing.

In contrast to movies and television, these sorts of exploits aren't a
result of some genius finding a way around carefully crafted and
near-impregnable security measures.

In our rush to get computers into everything in (largely) just a
decade or two, virtually all of our software is riddled with blatant
errors from top to bottom.  Almost all of the hacking stories one
might read about are based on people exploiting these abundant errors.
They are so common that a whole black market industry revolves around
automated tools to find and abuse them en masse.

Most of the errors are there because some rushed programmers on tight
deadlines had to write something that mostly met a haphazard design in
a programming language they didn't actually understand that well,
using weak and faulty tools.  They probably ignored what few warnings
the system did give them because it was organizational policy to get
something out as fast as possible: when you're opening up totally new
markets, being first is better than being good.  Especially when there
is no liability for faults no matter how severe their consequences.

In contrast, Traveller's civilizations have relied on computers longer
than we've had writing.  There hasn't been a first-mover advantage in
software for millennia.  The types of errors that lead to exploitable
holes will have been categorized and dealt with in the first few
centuries at most.  Software will almost certainly still have errors,
but they will be in the higher-level specifications of what it is
supposed to do, not fundamental problems that give control of the
whole system to anyone who sends the wrong sequence of bits to a
faulty program.

That doesn't mean that computer security is absolute, of course.
Direct hardware access will continue to be able to override software
safeguards.  Likewise social engineering will continue to be effective
for as long as people have the final say over what a computer does.

- Tim