Autore: Andreas Messer Data: To: dng Oggetto: Re: [DNG] Nasty Linux systemd security bug revealed
On Sun, Jul 25, 2021 at 07:51:50PM -0400, Steve Litt wrote: > g4sra via Dng said on Sun, 25 Jul 2021 10:26:46 +0000
>
>
> >And this is why ever sice I entered the profession I have maintained
> >that programmers should be vetted and certified in a similar manner to
> >other professions such as doctors and lawyers, carrying a similar
> >social status. Only those with the appropriate qualification and
> >experience should be permitted to work in certain sectors.
>
> I'm glad you said "certain sectors". I'm glad there are other sectors
> (office automation comes to mind) where a guy who gets proficient with
> the computer on his kitchen table can get paid work, and learn there.
> Otherwise, programming would be restricted to folks rich enough for
> their parents to send them to college to learn programming, and then
> a triciary education to learn all the security, defense and engineering
> stuff, and like doctors and lawyers, they wouldn't start making any
> real money until their late 20's.
>
> Programmers would be selected for family wealth, not for desire and
> aptitude.
My feeling is, that you can not simply teach someone how to write safe
software. It is to a great extend a matter of experience and character if
someone is able to do it or not. Experience means, you need to fall into
the traps to understand whats going on and whats a bad design. Maybe kind
of pair programming can help. But in the end all developers are human and
need to start somewhere. Of course there should be continued trainings.
And the second thing, nowadays not only managers but also developers are
exposed to various kind of pressure. You need to resist to go the easy
way or to be pushed in that direction by someone else. And this
every single day: "Can't we just... Customer is waiting!", "Distribution
already sold it, we need to have it (yesterday)...".
No one should think of himself being error-prone - certified or not. We're
all just humans and misdo. I believe most risks can be easily mitigated
with some experienced members in the design phase and highly veteran testers
who qualify the results. I also think, its not a good idea to divide
a software development work across to many different persons, there should
be developers which an understanding of the whole (embedded-)system.
If if would be allowing only highly conscientious people to develop
software and check their work multiple times by others it will still
contain errors. It has just become too complex. Coming back to the sensor
above: 10 years ago it was sufficient to just send the sensor state every
10ms to some central control device. Today the same sensor (often based on
the same hardware, product owners think its just a matter of the
software) should send the data in 250µs intervals and at the same time,
serve complex dynamic webpages with TLS encryption and full certificate
chain and send diagnostic or production related data to some IoT edge
server in order to enjoy management with colorful plots. And during that it
is expected to withstand an DoS attack. But the device is still used in the
same place, doing the same work. All these extra function are not
used in 99% of the cases, but its in the device just in case someone might
need it. And this adds complexity which adds bugs.
Most things today a profit driven, and result is, that management tries to
avoid any (in their eyes) unnecessary work by reusing existing but maybe
much to complex code or designs, have one software for all usecases,
implement "workarounds" or simply omits tests. To be honest, price
pressure is often applied from the outside - e.g. my employer develops
some SoC and although these grow in performance and shrink in size, power
and extra parts. With every new device, customers expect them to become
cheaper and cheaper and get the software for free.