Re: Maybe we dodged a bullet?
I think NSA told me to avoid side-channels back in the 1980s.
14 posts • joined 25 Feb 2017
I had an early DEC 3000 Alpha 400/400S AXP workstation. It had a C compiler that did extremely deep/wide source parallelism analysis across an entire application, what EPIC later promised. I experimented and found that the degree of "hidden" parallelism discovered in no way compensated for the inconvenience and time required to recompile the entire application from source just to edit one module. Yes, I conducted detailed, controlled studies at (then) DCRT at the NIH. Around late 1992 or early 1993. Oh, yes, you could do EPIC on an Alpha in 1992! Just pick the right compiler options and compile the whole source at once.
This whole disaster could have easily been avoided had someone at HP or Intel simply repeated what I did a decade earlier with that Alpha.
Yet IBM decided I didn't deserve to have a job selling HP Itanics to Mickey Mouse (he evidently likes HP-UX better than IBM POWER with the COBOL like AIX OS) so I was RA'd.
Hewlett and Packard wanted to make the best quality engineering kit possible. It was costly but generally worth it if you could afford it.
When I visited a large HP facility around 1999 or so I asked about their quality assurance testing. Once the laughter subsided I was told: "If it powers on, it ships!"
I think I also vaguely recall a time when employers saw critical minded, skilled employees as a valuable resource. By the 1990s they were a disposable asset. Now they're just a cost to be cut.
A significant issue is the prevailing social problem of complete lack of ethics that has overtaken nearly everything. When the people in control of doing things have no interest in quality or potential risks, it really doesn't matter. Private sector or public, big or small, if there's no intent to do good to begin with, neither regulations nor market selection pressure will matter.
From reading the descriptions of most Windows related vulnerabilities, the developers would only have needed to type, size, bounds and sanity check inbound data. All incoming data, every time. This is hardly news, and is certainly less difficult than the time some suits at a former unnamed employer decided it would be a nifty idea to mix big and little endian app servers in a n-tier SAP environment. "Well, the marketing rep SAID it would work..."
This was always the old selling point when Cisco produced that white paper nearly two decades ago about "at will" employees being able to pick and choose the best compensation. Unfortunately when everyone is going down the H-1B route there aren't many "opportunities" to choose.
Biting the hand that feeds IT © 1998–2020