undefined | Better HN

0 pointstptacek4y ago0 comments

There is no evidence at all that computer science and information technology actually knows how to solve the underlying security problems without forcing untenable compromises on the economy. We can produce secure software, but only at a level of expense and time that would preclude most commercial software development.

0 comments

Dah00n4y ago

That may be but that doesn't change that fact that the underlying problem isn't cryptocurrency. Lashing out at other technologies because of lack of accountability in software development won't solve anything. At best it will move it somewhere else but in the end the problem stil haven't been solved.

Besides, software could absolutely be made much safer without destroying the economy. We all know that the systems that get hit are often a mess a twelve year old could "hack" by using specific search engines or kiddy scripts. Laws punishing those that run software with known vulnerabilities that end up causing society problems like these ransomware attacks do should have been made decades ago.

tptacekOP4y ago

The whole point of the article is that you could have said the same thing about Viagra spam, but financial system interventions did shut that down.

There is, again, no evidence that we know how to make commercially deployed software meaningfully safer at the scale we need to do it at to stop ransomware attacks from disrupting society.

jude-4y ago

I kinda feel like this is something DARPA and the NSF should really be working on. Like, why can't we have an OS and programming environment where it's straightforward to prove basic end-to-end security properties before runtime, like "this data has a `sensitive` type, and thus cannot be written to any potentially-persistent I/O facility?". I'd love it if that was something that my command shell could statically verify for me before running a job, for example.

JoeyBananas4y ago

This is just a terrible argument. Often times, systems are compromised through social engineering so it's not even remotely possible to solve this issue by software engineering alone. But more importantly, think about the morality of what you are saying. It is absolutely not ethical to rob someone just because they are an easy target.

I despise this sort of "technological nihilism." Just because something can be done with technology doesn't mean that it should be done. The fact that bitcoin exists does not mean we should revert back to the stone age. Anarchy is obviously a very bad idea, but I guess some people are determined to learn this lesson the hard way.

tptacekOP4y ago

I think you're reading a lot of stuff out of my comment that isn't there. I've spent most of my career doing software security, if that helps with context.

JoeyBananas4y ago

Yeah I replied to the wrong post

quanticle4y ago

Then perhaps we shouldn't produce software.

If the costs to mitigate the negative externalities of a certain product or service outweigh the net benefits of said product or service, the creation of that product or service is a net negative on society, and we should cease that activity.

It's like arguing that a coal-fired power plant isn't profitable if it has to pay for all the carbon that it's producing.

tptacekOP4y ago

"We should stop producing software" is a take, and I support it! But I also recognize that the societal cost of ceasing all software development would be huge, and the cost of stopping all cryptocurrency is small and would be felt mostly by speculators. As the saying goes: first you couldn't use Bitcoin to buy a pizza, then you could use Bitcoin to buy a pizza, and now you can't use Bitcoin to buy a pizza.

Coal power plants aren't profitable if they have to pay for their externalities, and should be shut down.

j / k navigate · click thread line to collapse

0 comments

Dah00n4y ago

tptacekOP4y ago

The whole point of the article is that you could have said the same thing about Viagra spam, but financial system interventions did shut that down.

There is, again, no evidence that we know how to make commercially deployed software meaningfully safer at the scale we need to do it at to stop ransomware attacks from disrupting society.

jude-4y ago

JoeyBananas4y ago

tptacekOP4y ago

I think you're reading a lot of stuff out of my comment that isn't there. I've spent most of my career doing software security, if that helps with context.

JoeyBananas4y ago

Yeah I replied to the wrong post

quanticle4y ago

Then perhaps we shouldn't produce software.

It's like arguing that a coal-fired power plant isn't profitable if it has to pay for all the carbon that it's producing.

tptacekOP4y ago

Coal power plants aren't profitable if they have to pay for their externalities, and should be shut down.

j / k navigate · click thread line to collapse