A sense of urgency

I have a feeling today that there is something crucial in the sense of urgency. I can feel comfortable and cozy, this feeling being opposite to the sense of urgency. When I feel comfortable, I am stuck in that feeling, I want to keep it and I become inert and unwilling to change anything. A sense of urgency can be entertained in an opposite manner – by withdrawing yourself from the lure of comfort. The sense of urgency is important somehow, it makes me move, it makes me think, it makes me do things that I expect to be beneficial in the long run. It imparts on me this contradiction of now and after. The understanding, the logical thinking of the consequences in the future does not help to start moving, does not help to get you out of your cozy “now” and does not implant a firm boot in your behind. But the sense of urgency, once obtained, does exactly that. It helps to get things moving and without any outright struggle. The struggle is to get the sense of urgency and to keep it.… -->

continue reading →

Plato’s parable of the State

Reading this excellent book called “The Republic” written by Plato reportedly in circa 380 b.c. amuses me to no end. This passage is simply irresistible:

I perceive, I said, that you are vastly amused at having plunged me into such a hopeless discussion; but now hear the parable, and then you will be still more amused at the meagreness of my imagination: for the manner in which the best men are treated in their own States is so grievous that no single thing on earth is comparable to it; and therefore, if I am to plead their cause, I must have recourse to fiction, and put together a figure made up of many things, like the fabulous unions of goats and stags which are found in pictures.  Imagine then a fleet or a ship in which there is a captain who is taller and stronger than any of the crew, but he is a little deaf and has a similar infirmity in sight, and his knowledge of navigation is not much better. The sailors are quarrelling with one another about the steering –every one is of opinion that he has a right to steer, though he has never learned the art of navigation and cannot tell who taught him or when he learned, and will further assert that it cannot be taught, and they are ready to cut in pieces any one who says the contrary. They throng about the captain, begging and praying him to commit the helm to them; and if at any time they do not prevail, but others are preferred to them, they kill the others or throw them overboard, and having first chained up the noble captain’s senses with drink or some narcotic drug, they mutiny and take possession of the ship and make free with the stores; thus, eating and drinking, they proceed on their voyage in such a manner as might be expected of them. Him who is their partisan and cleverly aids them in their plot for getting the ship out of the captain’s hands into their own whether by force or persuasion, they compliment with the name of sailor, pilot, able seaman, and abuse the other sort of man, whom they call a good-for-nothing; but that the true pilot must pay attention to the year and seasons and sky and stars and winds, and whatever else belongs to his art, if he intends to be really qualified for the command of a ship, and that he must and will be the steerer, whether other people like or not-the possibility of this union of authority with the steerer’s art has never seriously entered into their thoughts or been made part

--> continue reading →

Stainless Steel Rat

It is refreshing to hear someone speak out for the necessity of crime. Last time I heard that was from James Bolivar DiGriz, “The Stainless Steel Rat” of Harry Harrison. This time it comes from nobody else than Whitfield Diffie, speaking at the Australian Information Security Association’s National Conference 2012 in Sydney this week. I remember I always sympathized DiGriz and I am apparently not alone there as Whitfield Diffie speaks out about the philosophy of crime’s usefulness:

“I’m inclined to think that society needs crime,” he said, explaining that in the event of a crime taking place offline, such as a home robbery, it creates jobs for police, judges, lawyers, insurance companies.

Yeah, all right, as long as we do not get caught!… -->

continue reading →

Conceptual integrity

I always admire people that can summarize your thinking into a simple and elegant phrase. This is akin to software design, reflecting the beautiful harmony. Behold:

“I will contend that conceptual integrity is the most important consideration in system design. It is better to have a system omit certain anomalous features and improvements, but to reflect one set of design ideas, than to have one that contains many good but independent and uncoordinated ideas.”

–- Frederick P. Brooks, Jr, “The Mythical Man-Month”

--> continue reading →

Agile philosophy is flawed

I am convinced that agile software development methods the way they are used now do not work. They are actually a prescription for failure. The problem is that Agile philosophy fails even before starting.

Agile is described in many different ways but when you think about what it tries to achieve you must come to the unavoidable conclusion that it tries to provide a method to develop software with cheaper workforce. That’s the whole idea behind it. The business expects to get the software developed with not-so-brilliant programmers who can be paid a fraction of what the really good people would be paid. And then the good programmers can be also pressured into accepting lower pay for their work.

Well, it does not work. Oh, it does work to pressure the salaries of programmers, that it does. But the software becomes developed in a piecemeal fashion and it becomes really difficult to keep to a single encompassing coherent design. You must use really brilliant programmers to be able to keep the system well-designed, sleek and coherent. Unfortunately, this contradicts the original goal of not using brilliant programmers. And thus the system turns into a patchwork of vaguely connected functions and pieces.

To make a parallel, I think when I see a mechanical product labeled “Made in China” I hardly can expect some brilliant German engineering in it. The same goes here, when I see something coming out of Agile, I do not expect any brilliant engineering either. Agile is the source of cheap, faulty and disposable software.… -->

continue reading →

Why do they write insecure code?

First of all, nobody teaches engineers to write secure code. When people study mechanical engineering, they spend an awful lot of time calculating the designs for reliability and safety. They learn that the bridges must be redundantly safe, that there is a plethora of things that may go wrong with an elevator and so on. Do they learn anything like that in computer classes? No, far from it. People learn the computer programming languages and sometimes about cryptographic protocols. But they never learn how to make the systems stable, safe and secure. They never learn what may happen to a computer system in real life. They do not practice taking preventive measures the way any other engineering specialists would.

Many programmers are then lured into the fake safe heavens of firewalls, safe languages that “take care of things for them” and the proclaimed security of frameworks. Guess what, none of that is true, no language is “safe”, no firewall helps and no framework is perfect. But people are inherently lazy and they prefer to blame someone else instead of taking the responsibility.

And on top of all that comes the cost. Software is a form of art. The good, really professional programmers cost a lot of money. The good designs and their implementations take a lot of resources, read money. Security features are costly, security measures are even more costly. And companies are not willing to pay, customers are not willing to pay, everybody just bitches about poor security and the world moves on, selecting the lowest bidder for security critical infrastructure implementation.

We’re sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder.
— “Rockhound” in the movie “Armageddon”

Do you really think anything will change to the better if none of the above changes?… -->

continue reading →

Quote of the day

Deep understanding of politics from the author of The Chronicles of Narnia:

Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron‘s cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their consciences.
— C. S. Lewis

--> continue reading →

Interstate 60

I just watched again for the umpteenth time Interstate 60: Episodes of the Road. It’s an absolute marvel that wraps deep insights into a very entertaining story and wakes the longing. An absolute recommendation for all and everyone either as an entertainment and relaxation or as a not-so-subtle guidance in the moment of doubt.… -->

continue reading →

Orwell’s rules in security

I came across the “six rules of English language” set forth by George Orwell in his essay “Politics and the English Language” in one of the posts on Jordan Bortz’s Software Architecture Blog. They are:

  1. Never use a metaphor, simile, or other figure of speech which you are used to seeing in print.
  2. Never use a long word where a short one will do.
  3. If it is possible to cut a word out, always cut it out.
  4. Never use the passive where you can use the active.
  5. Never use a foreign phrase, a scientific word, or a jargon word if you can think of an everyday English equivalent.
  6. Break any of these rules sooner than say anything outright barbarous.

These rules are absolutely essential for good system or application security. All too often we have the situation where the real target is to provide an insecure system and it is obfuscated by the use of this “political language”. To turn the words of Orwell to our subject, the great enemy of software security is insincerity. When there is a gap between one’s real and one’s declared aims, one does not get proper security.… -->

continue reading →