- cross-posted to:
- devops@programming.dev
- security@programming.dev
- cross-posted to:
- devops@programming.dev
- security@programming.dev
Brenno, in 2013, predicted that we would only take cyber security seriously once we had the kind of incident where lots of self-driving cars, who can avoid pedestrians, that you flip one bit. And they all start aiming at pedestrians.
Oh Jesus we need to cut their internet access, fuck.
But then I decided, I wrote my own solution, a thing of 1,600 lines of code, which is, yeah, it’s like thousands of times less than the competition.
And it works. It’s very popular. … I got 100 emails from people saying that it’s so nice that someone wrote a small piece of software that is robust, does not have dependencies, you know how it works.
But the depressing thing is, some of the security people in the field, they thought it was a lovely challenge to audit my 1,600 lines of code. And they were very welcome to do that, of course. And they found three major vulnerabilities in there.
He makes a ton of excellent points, but the succinct impact of this little example really hit for me. As someone who often rewrites things so that I can both understand and fully trust in what I’m depending on, it’s always good to be reminded that you literally can’t write 500 lines of code without a good chance of introducing a major vulnerability.
The tech stack is so dizzyingly high today, and with so many interlocking parts, it continually amazes me that anything at all functions even in the absence of hostile actors.
The reason we know about this stuff so well is it turns out there were lots of windmills that also had these modems.
I think you mean wind turbines
This is the sound-powered phone
Anyone got a link for more info on this?