from the oldest-degree-granting-CS-department dept.
Last week, Professor Eugene "spaf" Spafford published an article, Reflecting on the Internet Worm at 35, on the Morris Internet worm which hit the net back on November 2, 1988 back when there were likely fewer than 100k systems connected to the Internet, though maybe even as few as 60k. Some estimates suggest that around 1 out of 10 of those systems were infected, due to several holes in the target systems. Those which were infected ground to a halt due to a mistake in the worm itself.
Nonetheless, the event and its aftermath were profound for those who lived through it. No major security incident had ever occurred on such a scale before. The Worm was the top news story in international media for days. The events retold in Cliff Stoll's Cuckoo's Egg were only a few years earlier but had affected far fewer systems. However, that tale of computer espionage heightened concern by authorities in the days following the Worm's deployment regarding its origin and purpose. It seeded significant changes in law enforcement, defense funding and planning, and how we all looked at interconnectivity. In the following years, malware (and especially non-virus malware) became an increasing problem, from Code Red and Nimda to today's botnets and ransomware. All of that eventually led to a boom in add-on security measures, resulting in what is now a multi-billion dollar cybersecurity industry.
[...] The Worm provided us with an object lesson about many issues that, unfortunately, were not heeded in full to this day. That multi-billion dollar cybersecurity industry is still failing to protect far too many of our systems. Among those lessons: [...]
(Score: 3, Insightful) by Rosco P. Coltrane on Friday November 10 2023, @02:45AM (5 children)
That's because it's a multi-billion dollar industry. Just like Big Pharma is happier to sell in a lifelong course of pills rather than a one-time cure.
If this was a problem that didn't generate so much money for everybody, the problem would have been tackled properly a long time ago: at the source, by criminalizing poor software development process, reckless releases and generally snuff out the stupid "move fast and break things" ethos.
Or said another way: if Bill Gates and his top honchos had risked jail each time they released a gaping security hole in Windows and they couldn't prove they did everything they could to prevent it with a robust and properly implemented software quality assurance program - as oppposed to deliberately get this shit out, it's good enough - you can bet Microsoft would have released much safer OSes over the decades.
(Score: 2, Touché) by Anonymous Coward on Friday November 10 2023, @06:06AM (4 children)
I think the more likely result of such a policy would have been that the PC revolution would have simply never happened (or more specifically: it would not have happened in the USA) because they would have been too expensive. It would still be normal for a single workstation to cost more than a new car.
(Score: 4, Interesting) by pTamok on Friday November 10 2023, @08:26AM (3 children)
Speaking as an IT nerd...would that have been a bad thing?
I fully agree that more needs to be done around the issue of liability for software bugs.
There's a fair amount of research going on at the moment trying to find out the cause of the 'productivity paradox': that despite the heavy use of 'computerisaton' (for want of a better term), actual productivity, as measured by economists, has not increased by that much. In other words, operating by physical post, phone calls, telexes and telegrams, and having paper-based processes in offices is not hugely less productive than using all the modern digital panoply of services. Some argue that we simply don't know how to measure digital productivity - in other words, our measures are missing the value-add of the computerised processes.
Certainly, required good software engineering practices in industry wouldn't stop hobbyists from doing their own stuff. there are people with lathes, pillar drills, and saw-tables in their backyard sheds and garages. People do self-build houses, and restore old cars and build kit cars. Doing similar stuff with microprocessors did kick off the personal computer revolution on Z80s, 6502s, 68000s, 8088s and so on.
However, the cat is out of the bag, the genie is out of the bottle, and Pandora's box has been opened. 'We are where we are', and it would take years of sustained effort to de-computerise. So we are stuck with low-quality software, poorly designed, and full of bugs.
Having a single workstation cost more than a new car would mean that they get used where they can give the most benefit. Even when breathtakingly expensive, computers still got bought and used. There are productivity gains to be had. But throwing a PC at someone and magically expecting it to increase their economic productivity by a material amount: I think that's not proven.
I also think that human society is more broken than computer software, and many problems boil down to the faults in humans rather than the computers. Fixing the computers won't solve that. Rent-seeking behaviour, taking short cuts, exploiting ignorance for economic gain, externalising costs for personal gain - all of that does not help.
Sigh, Another rant over.
(Score: 1) by pTamok on Friday November 10 2023, @08:36AM
And on the other site, reading about the state of Maine's data loss, one of the comments reads:
Do we need to put people in prison for software bugs? That's a reasonably extreme position to take: but requiring some for of accountability also appears reasonable, and not being able to hide behind a phrase like "this software is not guaranteed to be merchantable or fit for purpose". Doing a bad job needs to be measurable, and have consequences.
(Score: 1) by pTamok on Friday November 10 2023, @10:53AM
Some links for the 'Productivity Paradox'
Wikipedia: Productivity Paradox [wikipedia.org]
Stanford University: The IT Productivity Paradox [stanford.edu]
Brookings: The Solow Productivity Paradox: What Do Computers Do to Productivity? [brookings.edu] (Download the linked PDF on the page for the full article from 1999)
(Score: 2) by Joe Desertrat on Sunday November 12 2023, @01:31AM
That is because the people using these computers have not changed mindsets from when people were using physical post, phone calls, telexes and telegrams, and having paper-based processes. People will print out an Excel spreadsheet, then type the data into another spreadsheet when a few moments reformatting the data in the original to fit so it could be pasted into the new spreadsheet would save them much time and effort. I was always annoyed by an extremely loud office mate who conducted almost all her business by phone. When I suggested she send emails she complained that they usually only answered the first question in the email. That was probably true, but whatever business she conducted by phone usually had to be revisited in another call as things discussed were forgotten or ignored, and with no physical record to back her up would often become a he said, she said scenario. Most people only want to learn the very minimum required about the tools at their disposal to make it appear they are doing their job, despite the fact that they could make their jobs much, much easier and be much more productive if they learned more.
(Score: 4, Interesting) by KritonK on Friday November 10 2023, @11:14AM
I'm old enough, to remember the evening when the worm infected the computer that I was using at the CS department back then. I was trying to connect from home (via 1200 baud modem!) and I was either unable to connect at all, or the login process would time out (I no longer remember), which was something that I had never seen before. Next morning, I learned that we had been hit by the worm.
There may have been fewer than 100k systems connected to the Internet, but these were multi-user machines (e.g., VAXes [wikipedia.org]), so a lot more than 100k people were affected.
(Score: 2) by jelizondo on Saturday November 11 2023, @02:18AM (1 child)
I mostly remember Spaf for his mailing list of unsual items called Yucks [purdue.edu]
I think that was more important than some stupid worm
(Score: 0) by Anonymous Coward on Saturday November 11 2023, @03:35AM
Thanks for that link. That brings me back to the fun days of the Internet, particularly the mid-90s ones and earlier.