Jan 21, 2010

Avoid your personal "Aurora operation"

I am not a Microsoft Windows user. I was quite indifferent to the latest Microsoft Internet Explorer scandal that causes break in to Google, Adobe and many other major companies (the “Aurora operation”). However posts and articles about this event pop up so often, that they are very hard to ignore.
Yesterday I read a phrase that made me think a lot about the way how we develop software. The source was not in English and it is hard to make a precise translation. The phrase sounds like this: “Software will be always vulnerable while it is written by humans”.
Why did this phrase caught me? For several reasons.
Firsts, I immediately remembered many extensions that I saw in the past with trivial security problems. It is so easy to avoid them and yet people still write it insecurely.

Secondly, I remembered an episode from the TV series called “Terminator: Sarah Connor Chronicles”. There is a scene where the artificial intelligence named John Henry talks to former FBI agent Ellison about a recent hack attempt:
John Henry: I've traced the roving back door that allowed access to my systems. It uploaded itself from one of the main T3 hubs that carry all global internet traffic.
Agent Ellison: It uploaded itself?
John Henry: Yes, Mr. Ellison. It is highly sophisticated. The intelligence who designed it is far beyond you, or Mr. Murch, or any human being.
John Henry was able to resist the attack using its own intellect. I guess it would be able to learn and prevent such attack in future forever.

John Henry talks to agent Ellison.
Unlike John Henry, most of us, humans, learn nothing.
The attack used on the Internet Explorer, is one of the classic ones for this software. Internet Explorer tries to access a method of the object, which is already freed. This is not the first (and surely not the last) time when Internet Explorer does that. Microsoft even built “Data Execution Prevention” feature in Windows trying to guard the system from its own software.
All these facts and thoughts made me think: why we, humans, are so irresponsible? Why can't we write the software like John Henry would: securely, applying our knowledge to every line of code we write? Or, may be, we can?

Computer logic vs human brain

Computers has several unique feature that makes them better than humans in certain areas.
Computers do not forget. Computers always apply techniques they are told to apply.
Humans are different. They are creative from one side, lazy from another (yes, everybody is lazy!) and chaotic from the third side. Humans are not like computers, they like to create and see results faster, even if it their creation is not built well enough (“it works, what else do you need?”).
Can we combine all good features that computers have with all good features that humans have?
I think we can.

Human brain as a CPU

In another episode John Henry said: “The human brain is an amazing computer. It's raw clock speed is 20 billion calculations per second. It's storage is functionally infinite”. That makes 20Ghz CPU plus unlimited memory: far more than modern computer can offer today! The only two things we miss in our wonderful CPU is patients and responsibility.
Both these qualities can be trained. People, who professionally works with computer programming for years, can be self–trained in a very fast way. The unfortunate effect of such training is that their thinking becomes less human and more computer–like (one/zero, white/black, good/bad, secure/insecure, optimal/unoptimal, right/wrong). It is harder to talk with such people but they are far more responsible in any aspect of the life and they are better professionals. Is it worth becoming less human? I cannot answer such question because it is a personal decision for everyone. It is definitely harder to communicate with the rest of the human world when you see how unoptimal they behave. It is harder to forgive yourself for unoptimal behavior or mistakes. But with each mistake you become more clever and learn how not to make the same mistake again. Life becomes easier in certain aspects.

How to become more responsible

So you want to become more responsible? Right... It is very hard at the beginning. Not everyone can. In fact, most people can't.
If you decide to do it, it is a lifelong decision. One you start practicing it, you cannot turn back because it becomes your lifestyle.
You have to stop running first. No, I do not talk about your morning runs around the park. Continue those! I mean: stop running in this life. Stop and see around. Is there anything you do in hurry all the time? Is there anything that deserves a better, more careful look? I bet there is. Think of it.
Start doing it properly, without hurrying. If you do cleaning, do it properly. Clean on the top of that wardrobe, it was not cleaned for ages and have heaps of dust on the top! If you drive the car, follow driving rules precisely. If you write programs, be paranoid and apply security checks and validate your objects everywhere. Just do it all the time regardless of how fast you want to skip it!
You will notice that it pays back. You will not forget to go to a meeting because you read an interesting article. Your mentality changes when you stop running and follow the “right way to do stuff”. It slower than doing it “the fast way” in short term perspective but it is much faster than doing it in long term perspective (you do not have to recover from mistakes made long time ago).
Let me give you a simple example.
I have a daughter. She is six and she goes to school. As many children of this age, she like to make her home work fast and go playing with toys. However fast in her case means inaccurate. Therefore, when we check here home work, she has to redo it. She again does it fast and has to redo it again and again. We tell her every time that she should do it once accurately and then she can play her toys for the rest of the day instead of redoing the same stuff for hours. Once she did it snower and accuratey. It was half an hour longer than her usual “fast” work but she did not have to redo it for hours later. She liked it. But she is too small to have patients to do it well every time.
Are we different from my six year girl? No, we aren't. We always run. We do not escape parameters that we get from users in order to finish that software faster. We do not read bank loan agreements because it may take 10 minutes but we want to get a cheeseburger ASAP. Later we discover catches in that agreement but it is too late. Was the cheeseburger worth it? No, it wasn't. It is our fault that we run for the cheeseburger!
So if you would like to make your life better, than stop running! Do it properly from the first time!
I believe we can do it. I believe we can beat computers in this.


  1. Hey Dmitry,

    Very nice article. Unfortunately it is not appreciated to much in society if you slow down. Fast seems the way to go. Slowing down will make you more responsible, but also more appreciative of the things around you.



    "Slow down, everyone. You're moving too fast." - Jack Johnson

  2. Thanks, Ben! :)

    May be in future human kind will recognize that doing stuff slower and with more quality pays back. We can only hope!

  3. Totally agree with going slow and do somethings properly from the beginning.

    Good article!

  4. Remember your triangle: Time, money, scope.

    If you take more time quality increase but more money is needed if the scope doesn't change...

    More money? You fool. Get the stuff out. We'll adress security later...


  5. @Patrick: Yeah - that's the natural law of capitalism. Doing the less possible while earning the most possible is the goal. This is anything but good - it's the cause of a lot of problems in the world including software issues.

    But lately i feel (don't really know) that some people in society begin to understand that this should not be the main aspect in ones life. Sadly insight does only slowly lead to the realization (if at all).

    Good article!

  6. Hey Dmitry,

    you are living in switzerland? I think they do most things slower but accuratly.

  7. Tom, no, I am not in Switzerland :)

  8. Hey Tom,

    I do live in switzerland, and unfortunately, this article appears to me as a log from a normal workday...

    I'm neither saying that I do all of my stuff accurate, nor that we do it bad all the time. But in my opinion, the main problem is, to get through those people who don't want to listen (that investing 2 hours more now, will save oneself 6 hours a month later).

    I hope someday we, humans, will be able to see such things. For a lot of things will be better, if one can see further than ones own nose.

    Nice article Dmitry!