Laurie Wired - Cybersecurity "Experts" suck at coding. It's a problem.


This is interesting, but it makes me really sad. She is explaining how the whole cyber-security industry works (or doesn't). It's sad because people who have enough talent and technical skill to do this work (even if most of the people in the industry don't!) could be so much more profitably employed if they were working on actually creating something that does something useful, which we desperately need. Instead, this is what they do, presumably because nobody who actually wants to do the stuff we need has any money to pay them to do it. That looks like quite a good driving game, ... 

If you want to see how languages and programming should be done, read the preface and introduction to The Definition of Standard ML (Revised):

Then in the introduction:

The point I'm trying to make is that language definition is a mathematical exercise, and takes the form of a series of mathematical definitions and proofs, and these objects are entirely formal, which means they have a definite well-understood structure which makes them ideally suited to being  rendered in a machine readable form. So another program, perhaps even one written in Standard ML itself, can read those formal definitions and mechanically generate code directly from them. If that code happens to be in some particular machine code, and if there is a formal sprcification of that machine (often there is, especially when the machine is a very simple one explicitly designed with formal verification in mind) then that whole translation process can in principle be formally verified as just another layer in the language specification. Furthermore, testing of the resulting programs can be done by auttomatically generating test systems that efficiently explore the space of possible behaviours of the resulting low-level system. See Volker Barthelmann's compilers in RP2040 - 6502 Emulator - TIM, Tiny Basic, and EHBasic. The mathematics involved in proving correctness is significantly simplified when the languages are designed with this in mind. See for example Total Functional Programming and System F.

Now that process I've described above is not programming, it's the process of developing useful software tools. Programming actual computers is another thing entirely. It requires an enormous amount of technical skill and an encyclopaedic knowledge of all the different hardware systems and peripherals that have been and are being and will be manufactured. Developing software for these devices is a matter of designing Application and Domain Specific Languages at many different levels which provide layers of formal specifications which can be used by tools designed to generate reliable and efficient systems from those formal specifications. Just getting at the necessary information is hard, and there are very few people even trying to do it. See the series "Bare Metal Adventures" by Life With David.

There are a lot of people who have the necessary skills and knowledge, but they are all busy maintaining insecure Operating Systems and Applications Software (see What's an Operating System for?), and none of them have the time to dedicate themselves to doing The Right Thing, because they;re too busy doing the other thing. See Modeling Probability Distributions and Solving Differential Equations and Matt Godbolt and Ben Rady Talking About Data Compression.

Here is Laurie showing how much concrete data is inside an iOS App written in Objective-C:


Man, that is insane! I guess they do it so that people in cyber-security can reverse-engineer the apps easily to see what they actually do?

Subscribe to LaurieWired.

Comments

Post a Comment

Popular posts from this blog

David Hestenes - Tutorial on Geometric Calculus

Image
This is a very high-level overview, and not too technical, for the first fifteen minutes at least. It's about the relationship between mathematics and physics and development of scientific ideas. At 40:11 he shows how Structure and Interpretation of Classical Mechanics should have been written! See Lasenby, Doran & Gull (1998[2004])  Gravity, Gauge Theories and Geometric Algebra   and  David Hestenes - New foundations for classical mechanics . Subscribe to  Nomen Nominandum . GAME2020 - 1. Dr. Leo Dorst. Get Real! (new audio!) See  https://www.jeremyong.com/klein/  in this context SSE stands for  Streaming SIMD Extensions . See also  https://enkimute.github.io/ganja.js . Subscribe to BiVector .
Read more

David Turner Obituary by Sarah Nicholas Fri 24 Nov 2023

Image
This was in The Guardian: David Turner obituary , only eight days after I posted  David Turner Talking About Sixty Years of Functional Programming History : This talk was given in London in 2017: See  Turner, D. A. "Some History of Functional Programming Languages" also  John Hughes - Why Functional Programming Matters  and David MacQueen's talk at ICFP 2015 in  Numberphile - Sophie Maclean on the Catalan Numbers . At 10:30 This whole discussion abut combinator reduction is especially interesting. I didn't know Arthur Norman had tried building hardware for combinator machines. I'll look that up: maybe start here A.C. Norman  Faster combinator reduction using stock hardware  in LFP '88: Proceedings of the 1988 ACM conference on LISP and functional programming. At 26:25 on the ISWIM virtual machine implemented in the PAL compacting garbage collector?! This work Reynolds and others did was at MIT in Masecheusetts and Argonne National Laboratory Illinois. Did
Read more

Modeling Probability Distributions and Solving Differential Equations

Image
See  Spread Polynomials : 27:48 On factorization of spread-polynomials, see  Lewis Carroll - Crocodile Story Subscribe to Norman Wildberger . JPL Orbits & Ephemerides: https://ssd.jpl.nasa.gov/orbits.html See also this very impressive student project, which is a digital orrery that uses the JPL Ephemerides: https://www.robots.ox.ac.uk/~mjc/Papers/3YP_Report.pdf  This seems to be the basis for a way to make a space-flight simulator for planets. See  Trying to Make a Sci-Fi Movie  for the context. See also  Laplace Transform : Algebraic construction The Laplace transform can be alternatively defined in a purely algebraic manner by applying a field of fractions construction to the convolution ring of functions on the positive half-line. The resulting space of abstract operators is exactly equivalent to Laplace space, but in this construction the forward and reverse transforms never need to be explicitly defined (avoiding the related difficulties with proving convergence).  MikusiƄski
Read more