Share this page!

Stephen Diehl Profile picture
Twitter logo
5 Jun, 18 tweets, 3 min read
Let's talk about why the software industry is helpless to do anything about ransomware and why there's no technical solution anytime soon. (1/) 🧵
First let's discuss the scope of all software that exists, and it's nearly unfathomable. Your average Android phone runs on 15 million lines of code dating back to ancient 1970s era Unix toolchain code written by our grandparents generation. (2/)
Windows 10 contains over 50 million lines of code and no one person on Earth even fully understands in its entirety. It contains code from tens of thousands of global companies for running hundreds of thousands of devices all manufactured with different goals and standards. (3/)
Software is an inherently social process that in inexorably linked to the quirky microstructure of our markets, legal systems, and economic incentives that create it. Humans are messy and so is our code. (4/)
And the foundations of our code are creakingly old. Massive castles that are built on foundations of sand that kinda sorta work because of the tireless efforts of people maintaining critical sections that simply can never be allowed to fail. (5/)
xkcd.com/2347/
A good metaphor for software is that in Japan there's a Shinto shrine from 4 BCE that every 20 years gets rebuilt from scratch as a way of passing building techniques down from one generation to the next. Software craftsmanship is not that different. (6/)
en.wikipedia.org/wiki/Ise_Grand…
We're refreshing the foundations of software but incredibly slowly, because in our hyperfinancialized world having broken software that is backwards compatible and partially works is more Pareto optimal for a business than the risk of building anything from scratch. (7/)
When I used to do banking contracts we would regularly see large pieces of legacy COBOL software running on mainframes from 1970s for massive infrastructure for multibillion dollar markets. Everyone who wrote the software had died and no one understood how to rebuild it. (8/)
It's probably not incorrect to predict that in 150 years our children will still be running massive infrastructure written in Python 2.5 ( software from 2006 ) simply because nobody can incur the cost of rewriting it and it mostly still works. (9/)
Very few companies on Earth are capable of allocating resources and hiring enough people to make even a small dent in rewriting portions of our technology stack. We're talking tens of billions of dollars to replace even a small core library or a portion of an OS kernel. (10/)
And there's very little incentive to actually do that unless it impacts the corporate bottom line, so generally there's little reason to do it. Custom software at that level is insanely expensive to write. (11/)
And for most companies the IT department is a small massively underfunded cost centre of a business that have no say or control in their software, and beholden to a patchwork of greedy vendors whose interests are very misaligned. (12/)
A small community bank in Iowa or a fishing company in Nova Scotia just doesn't have budget, expertise, or resources to invest in cybersecurity because that's not how our market allocates resources. And probably never will. (13/)
The software development environment that gives rise to endless 0days and ransomware are a product of capitalism and the economic context that produces software, and there is no solution within that system. (14/)
Building correct or "high assurance software" is an open problem, and is extraordinary hard from a pure computer science perspective. Proving security properties about software is almost as hard as proving theorems in mathematics and is very slow and expensive at scale. (15/)
Now this isn't reason for complete despair. Software absolutely *does* get better on long glacially slow time scales. But it certainly isn't going improve quick enough to stave off the current ransomware crisis. (16/)
The only solution to ransomware is to stymie the darknet market that incentivize malicious actors to exploit new vulnerabilities through unregulated payment channel for extortion.

Fix the dark money payments and you make the crime unprofitable at scale. (17/)
Solving ransomware means cutting banks and payment networks off from crypto exchanges where all this dark money flows. Cryptocoins are nothing but gambling networks and shadow banking for trafficking in human suffering, a net negative for humanity.

They need to be banned.
/fin

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Stephen Diehl

Stephen Diehl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @smdiehl

Stephen Diehl Profile picture
3 Jun
Let's talk about market manipulation and how the cryptocurrency exchange ecosystem is an unregulated cesspit. (1/) 🧵
A exchange business is one that connects buyers with sellers, it maintains what's called an "order book" which matches the price intention of buyers (called the "bid") with the seller (called the "ask"). (2/)
A market maker combines this price information of what a potential buyer is willing to pay with the quantity they will purchase, for that proposed price and quantity from sellers. A match between buyer and seller is called a "fill". (3/)
Read 22 tweets
Stephen Diehl Profile picture
29 May
Lets talk about how pyramid schemes like #bitcoin have historically exploded and the public damage that happens when they do. (1/) 🧵
A pyramid scheme is a type of fraud whereby investments are solicited from the public on the pretense (implicit or explicit) of offering high returns on their investment. Normally returns far beyond that of normal markets. (2/)
The secret sauce that makes it all spin is that returns are paid to the early investors out of the funds received from those who invest later. (3/)
Read 18 tweets
Stephen Diehl Profile picture
23 May
It's always interesting to consider that Madoff employed close to a hundred people. Many of whom absolutely either in on it or basically a turned a blind eye to what they saw.
Just normal people waking up every day, having their coffee, and going to work for a Ponzi scheme. Just like software engineers go to work for cryptocurrency companies.
The nature of the scam has change. The whole crypto investment fraud scheme is a different flavour of financial fraud but it's not significantly different. Promises of insane returns and no questions asked about where they come from.
Read 6 tweets
Stephen Diehl Profile picture
21 May
Let's talk about why cryptocurrency is the single factor that created the ransomware plague that is ravaging our healthcare system and public infrastructure. (1/) 🧵
Malware is not a new phenomenon, it has existed since the 90s and has seen massive proliferation ever since the rise of widespread internet connectivity and home computing. (2/)
What is a new phenomenon is 'ransomware' which is a form of malware which infects a target's computer, encrypting or threatening to delete their files in exchange for a ransom to be paid to the hackers. (3/)
Read 17 tweets
Stephen Diehl Profile picture
19 May
Let's talk about how cryptocurrencies are for all intents and purposes multilevel marketing schemes for tech dudes. 🧵 (1/)
Normal MLM businesses are a type of legal pyramid scheme in which non-salaried workers purchase products (cosmetics, health food, vitamins) out of pocket from a company at a discount to do direct sales to friends and family. They make a small commission on these sales. (2/)
The second revenue stream is by fractional commissions from any other people that one has recruited into the same scheme, called one's "downline distributors". The person who recruits people into the scheme gets a percentage of their sales. (3/)
Read 16 tweets
Stephen Diehl Profile picture
15 May
Let's talk about the Tether scandal, why recent disclosures about it are such a big deal, and why it represents a form of systemic risk for the already shady crypto market. (1/) 🧵
Stablecoins are virtual currencies that are always supposed to have the same real-dollar value. People that day trade cryptocurrencies often want shift their unstable tokens to safe real currencies (like the dollar) because wild market fluctuations make it unsafe to hold. (2/)
However when a company transacts in dollars they have to follow the rules of the bank that holds them and by proxy the rules US govt imposes on the bank. If you're trading crypto, then you probably don't like those rules since you're probably doing something shady. (3/)
Read 26 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @smdiehl has new unrolls!

Check out other threads from @smdiehl!

Read all threads by @smdiehl

:(