all software sucks

July 22nd, 2015

The only thing that surprises me in this article is that the attack took until mid-2015 to happen:

[…] The attack […] can compromise those Uconnect computers—an optional upgrade feature that doesn’t come standard in the Chrysler vehicles—through their cellular Internet connection to tamper with dashboard functions and track their GPS coordinates.

For 2014 Jeep Cherokees in particular, [the attack extends] to the vehicle’s CAN bus, the network that controls functions like steering, brakes, and transmission.

Attacks like this become a safety critical issue — rather than just an annoyance — due to two factors.

First, all software sucks, with consumers failing to demand the kind of qualities in software that they now routinely expect in hardware (mostly, to be fair, because consumers don’t know to ask — or how to ask).

Worse, most engineering reliability analyses don’t know how to model software reliability, so it gets neatly tuned out of a hardware failure modes analysis — meaning that it’s then easy to make the incorrect assumption that the software can’t fail, let alone take hardware out with it.

Engineers and other technical types might not make that assumption, but they’re not the ones generally making the decisions on what and where to cut the budget. Which brings us to the second factor: businesses are attuned to looking for maximum profit at minimum cost.

That means in turn that obvious safety considerations, such as not having any form of physical link between safety critical systems and online entertainment systems, are foregone because it’s an easy way to cut costs. One set of connectivity is cheaper than two, particularly when the safety critical systems already have sensors and the like which the entertainment systems can then utilise.

on alternative government

July 22nd, 2015

It doesn’t matter which “side” of politics is best represented by this essay; true democracy comes from truly alternate viewpoints being correctly represented in government:

The Overton window — it’s the political theory that, at any point, there are policy ideas within the window that are seen as acceptable. Mainstream. Anything outside that particular window is seen as mad, bad, or dangerous. Not acceptable. Not to be taken seriously.

It’s my opinion that the Overton window has been significantly pushed to the right over the past couple of years. […] There is a sense that what were once overly punitive ideas are now meat and potatoes.

You know the kind of thing — punishing immigrants, demonising them, even. Cutting benefits from those who need them most, dismantling the NHS, shackling the unions — that kind of stuff. The kind of policies that would have previously raised eyebrows — and blood pressure — are now greeted with a nod and a muttered ‘quite right’.

[…]

You need brave people. Unselfish people. Ready to stand outside, prepared to be mocked. Passionate, committed and determined. I don’t see that in many of our politicians.

Last night, I heard a lettuce-fuelled Labour leadership hopeful tell a TV reporter that he is re-evaluating the ‘core values’ in the eyes of the electorate, as if by merely saying those words with his mouth, then the answer will turn up in a taxi.

Let me tell you the core values, sunshine. They are to stand up to inequality, punch hard for those who cannot, and REFUSE to be bowed in the face of battle. Save yourself the money you were going to spend on shiny leaflets. You won’t need them. Just stand up, charge forward and bloody fight.

Labor — the Australian one, that is — was and is wrestling with this same issue; I infer it’s a common problem in all “western” democracies at the present. They still haven’t figured it out, and they started struggling with this so-called problem while they were nominally in charge. Now they’re trying to be functionally the same as the current government, which for all intents and purposes means we’ve got a one-party system.

Thing is, I’m fairly sure that the average voter, when not being told what to think by the media establishments, would be quite happy to see a genuinely alternate viewpoint represented by an opposition party with significant size to it.

Without it, we’re heading well down the path toward an entirely less compassionate society.

defective thinking

July 15th, 2015

Software sucks for many reasons, all of which go deep, are entangled, and expensive to fix.

This isn’t a new problem. Not even remotely. Moreover, the tools to improve the state of play have been around in various forms for at least three decades: Carnegie Mellon University, among others, has been trying treat software development more like an engineering discipline since the 80s.

It’s a problem that’s getting worse with time, too: we’re increasingly dependent on complex systems underpinned by software, and increasingly unable to circumvent these systems when they do fail. Case in point: Toyota, as recently as 2010, were using outdated software development processes, while simultaneously building cars ever more dependent on reliable software. It’s clear how their approach to software design hasn’t worked out for them — and while their problems are now public knowledge, I don’t believe any other manufacturer would be any better off.

The problem is thus: it’s not sexy to fix software issues before they arise, no matter how critical the software is. Further, the “invisible hand” of the market will tend toward minimising costs, and designing systems for safety is a costly exercise with no obvious (to management) payoff.

Instead, it’s better to pretend problems don’t exist — for example, many failure modes analysis tools treat software as having no failure modes, while making no such assumption about the hardware platforms on which the software runs — and instead spend time hand-wringing when, inevitably, the house of cards collapses.

Open source software is argued by many to be the panacea to this problem. It isn’t, and the many recently uncovered issues with OpenSSL demonstrate this conclusively.

Nothing short of treating software development to the same rigour applied to any engineering field will consistently improve the state of play.

on debt and economics

July 6th, 2015

Two, related, articles today of note; worth reading if only to trigger reflection.

In Europe it has frozen Germany into a fixed position in relation to fiscally stricken countries such as Greece over what is reasonable behaviour in relation to debt. In much of the Anglosphere the concept of persuadable political adversaries risks being supplanted by that of implacable enemies engaged in brutal winner-takes-all politics.

In Australia, too; this essay more than accounts for this.

While enthusiasm for Keynesian stimulus is by no means universal among economists, almost none of them think that cutting government spending when the economy is slowing is a good idea. […] Two other Nobel Prize–winning economists, Joseph Stiglitz and Paul Krugman, have argued repeatedly that cutting spending while the economy is slowing is proven to increase unemployment. They have also pointed out that policies increasing inequality rarely produce long-term social or economic benefits.

This last point — emphasis mine — is important: someone who is selfish enough to believe the winner-take-all, fuck-the-poor approach to social services is the right one, is ultimately doing themselves no service whatsoever.

commoditisation

June 26th, 2015

On hardware commoditisation:

The IT industry has turned into a commodity business of high volume, lower margin products and services. The days of selling a $250,000 system for $1,000,000 and passing around big commission checks are gone.

True; now, particularly in the communications space, it’s a $25,000 system — including any R&D costs, and more on those later — for $90,000. (Look up the major listed vendors’ margins, all of which are public.)

Even these 60% to 70% margins are soon to be a thing of the past. When all you’re doing is, bluntly, a form of assembly, claiming high-value, high-margin is disingenuous at best.

As the market moves to Intel servers, anyone can become a big player. […] The quality of “services” is so terrible right now the market is hungry for a better provider.

Substitute Intel for, say, Broadcom or Marvell, and you’ve got the trending state of play in the Ethernet world. Even ‘specialist’ switching platforms — the ones that supposedly have a lot of R&D baked into them, justifying higher pricing — are getting to a point where they’re all based on the same merchant silicon, implying that any point of differentiation relies on either having something smarter above the hardware (i.e. software), or providing some service that others cannot.

And with open source software — OpenDaylight for example, as one of the reasons vendors give for relying on merchant silicon — this means that services alone become the differentiator.

The “good” thing about this is that it reduces RRPs of the tin, as there’s less R&D to justify a higher price; the bad being that it means one vendor’s black box is basically the same as everyone else’s. Which, of course, is the very definition of a commodity.

Even though, in the networking world, we’re only part-way there, customers already realise this trend is underway, which is why — in the absence of any real value-add — they invariably ask for (often steep) discounts. And they know they’ll get them, because if they don’t, they’ll go to the next vendor down the road who will oblige.

bigotry and government

June 25th, 2015

We’ve had legislation that equates to the racist bogan bumper sticker, “Fuck off, we’re full,” for some years now.

It occurs to me that the proposed amendments to the Citizenship Act equate roughly to that other favourite for the back of V8 Holden utilities (generally found on those with Chevrolet badges replacing the Holden insignia): “Love it or leave.”

law of unintended consequences

June 24th, 2015

More bad law amendments.

This one — without recourse to natural justice or judicial oversight — strips dual citizens of their Australian nationality, for the simple act of vandalism of Commonwealth owned assets.

Or, for possessing a ‘thing’ connected to terrorism. No definition of ‘thing’ in this context, exists in the amendment.

Any revocation can only be appealed after the fact; a fact that the affected person may not even be aware of.

Given that this Government includes people who would strip citizenship from someone acquitted by the courts, now does not seem to be a good time to be a dual national.