Enterprising Stupidity (American Way Mix)

Detail of frame from 'Darker Than Black: Gemini of the Meteor' episode 8, "Twinkling Sun on a Summer Day …"

This is not a joke:

Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector.

The Russian review of ArcSight’s source code, the closely guarded internal instructions of the software, was part of HPE’s effort to win the certification required to sell the product to Russia’s public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.

(Schectman, Volz, and Stubbs)

At some point, words will fail to fail.


Image note: Detail of frame from ‘Darker Than Black: Gemini of the Meteor’ episode 8, “Twinkling Sun on a Summer Day …”.

Schectman, Joel, Dustin Volz, and Jack Stubbs. “Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon”. Reuters. 2 October 2017.

A Note About Software

Detail of frame from 'Darker Than Black: Gemini of the Meteor' episode 8, "Twinkling Sun on a Summer Day …"

It is true I really, really don’t understand the bit about how software gets to decide, arbitrarily, when to function or not.

Obviously, that’s not really the case, but I don’t get why simple functions like writing proper data to files randomly escape various applications’ faculties. It would seem that the basic functions of the software ought to include working properly, but as people I know in the industry remind, that’s just not fair. Making software is really hard, and nothing is written to standard because there are no standards despite the fact that the industry has formal standards.

This is not necessarily, then, a software issue. Rather, it seems a matter of the business model.

Nor am I being fair; not all software is written to the nickel and dime prime directive informing the decisions of the tech sector in general.

Look, if I’m doing something really complicated? Yeah, occasionally the software is going to glitch up. But I’m sorry, while software is really, really hard to do, that line becomes something of a head scratcher when the issue is why saving files properly is somehow too much to ask of software.

Because I don’t understand this. The best work-around at present is stop production and wait for the update. Spending for alternative software is not always feasible.

Honestly, if expecting your application to properly save data is asking too much, look, I’m not going to drive a stake through your heart, or anything, but come on. What’s the problem? You and I both know the answer isn’t to say that software is hard to do. We both know this is a problem has to do with the business model.

The joke used to be, Good enough for government work. These days it is, Good enough for the tech sector.

This is what it comes down to: Creating software is essentially a matter of setting billions of switches properly according to intricate designs. It is not worth the investment to actually do this properly.

Update: It would seem a bug believed fixed seven years ago is once again in play. Workaround: Figure out which non-alphanumeric characters―especially Unicode resolutions like u2026 (ellipsis)―do or don’t write properly to image file comment data. You know, where you might put copyright information. Good luck. [8 Aug. 2016]

Required Nightmare

Detail of image from Still Drinking.

And then there is this:

Imagine joining an engineering team. You’re excited and full of ideas, probably just out of school and a world of clean, beautiful designs, awe-inspiring in their aesthetic unity of purpose, economy, and strength. You start by meeting Mary, project leader for a bridge in a major metropolitan area. Mary introduces you to Fred, after you get through the fifteen security checks installed by Dave because Dave had his sweater stolen off his desk once and Never Again. Fred only works with wood, so you ask why he’s involved because this bridge is supposed to allow rush-hour traffic full of cars full of mortal humans to cross a 200-foot drop over rapids. Don’t worry, says Mary, Fred’s going to handle the walkways. What walkways? Well Fred made a good case for walkways and they’re going to add to the bridge’s appeal. Of course, they’ll have to be built without railings, because there’s a strict no railings rule enforced by Phil, who’s not an engineer. Nobody’s sure what Phil does, but it’s definitely full of synergy and has to do with upper management, whom none of the engineers want to deal with so they just let Phil do what he wants. Sara, meanwhile, has found several hemorrhaging-edge paving techniques, and worked them all into the bridge design, so you’ll have to build around each one as the bridge progresses, since each one means different underlying support and safety concerns. Tom and Harry have been working together for years, but have an ongoing feud over whether to use metric or imperial measurements, and it’s become a case of “whoever got to that part of the design first.” This has been such a headache for the people actually screwing things together, they’ve given up and just forced, hammered, or welded their way through the day with whatever parts were handy. Also, the bridge was designed as a suspension bridge, but nobody actually knew how to build a suspension bridge, so they got halfway through it and then just added extra support columns to keep the thing standing, but they left the suspension cables because they’re still sort of holding up parts of the bridge. Nobody knows which parts, but everybody’s pretty sure they’re important parts. After the introductions are made, you are invited to come up with some new ideas, but you don’t have any because you’re a propulsion engineer and don’t know anything about bridges.

Would you drive across this bridge? No. If it somehow got built, everybody involved would be executed. Yet some version of this dynamic wrote every single program you have ever used, banking software, websites, and a ubiquitously used program that was supposed to protect information on the internet but didn’t.

(Hunt Welch)

Click. Read. You know the drill.


Image Note: Detail of image from Still Drinking, presumably ©2014 Peter Hunt Welch, but we can’t promise that.

Hunt Welch, Peter. “Programming Sucks”. Still Drinking. 27 April 2014.