Woodpeckers In The Tree House.

(another shameless excerpt from my new book, "Cyber-Security 101" coming soon to Amazon)

Weinberg's Second Law:

"If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization."

~ Gerald Weinberg cited in: Murali Chemuturi (2010) Mastering Software Quality Assurance: Best Practices, Tools and Technique for Software Developers.

I believe we have recently entered a realm of information technology that we know almost nothing about. We claim we do, but we don’t.

We are tripling down on leveraging that technology to exploit advances in computer-controlled environments, by embracing ever-increasing opportunities to apply the Internet and smarter and faster processors and software.

We are seriously considering driver-less cars and smart wearables in the workplace.

We are doing all this in the face of an evolving terrorist threat that is increasing its ability to conduct cyber-warfare within these same technologies. At the same time, our ability to defend ourselves seems to diminish in direct correlation with the bad guys’ improved ability to penetrate. They get better; we get worse.

Our government agencies responsible for our defenses against this class of cyber-threat is either in denial, or is completely unprepared to address any practical solutions or both.

About a hundred years ago, I was a computer programmer. I wrote code that simulated the (San Francisco) Bay Area Rapid Transit System (BARTD) operating at various speeds under differing weather and passenger load and logistics conditions. My programs produced answers that no one wanted to hear and I was quickly promoted to project manager.

But, the other problem with my code was that it resembled spaghetti all the way down and back up again. It is fortuitous that those programs were not part of the system that BARTD depends on today for the safe operation of the trains. The frightening thing is that much of our modern economy and to some extent society as a whole is entirely dependent on systems that were written by people like me.

Does anyone really think that a computer system written by the same kinds of people who wrote those millions of lines of code in MS Windows could write a reliable and safe operating system for cars? Or, airplanes? Or, “safe guns”? The thought of that is freaking terrifying.

But, that is what has happened over the years and continues today and it should be no surprise that cyber-criminals and hacktivists are so easily able to develop work arounds for all of these systems. The idea of transferring the same thought processes and structures to automate machines upon which our lives may depend is brazen and irresponsible and is outright solicitous to disastrous outcomes, yet we continue to do it.

Way back in 1982, the then nascent Microsoft was working on a set of programs they called “Interface Manager” which was the precursor to “Windows”. It was widely considered vapor-ware even back then. Just before Thanksgiving in 1985, Microsoft whipped out the first version of Windows (1.0) and the world changed forever – not for the better.

Processor speed and memory was improving every few months and by 1988, Microsoft had become the world’s largest PC software company based on sales volume and computers had begun to become a part of daily life for many office workers. In subsequent years, entire industries were built on the back of Windows in office productivity, sales performance, enterprise resource planning, accounting, etc.

In an odd turn of timing, one month after 9/11, Windows XP is released with a brand new look and feel that's centered on usability and a new and unified Help and Support services center. It’s also available in 25 languages and at that point in history about 1 billion PCs had been shipped worldwide and the PC industry was leading huge segments of the economy.

For Microsoft, Windows XP became one of its best-selling products. It’s lauded for increased speed, usability and stability. By now, the entire business world was dependent upon Microsoft products. Can you imagine a Boeing ad for their 707 boasting increased “stability”?

While all this was going on, a couple of engineers at Netscape had morphed the World Wide Web into a “user-friendly” browser called Netscape Mosaic and our world was forever transformed. The World Wide Web was becoming a part of everyday business jargon as many people rushed to set up web sites to avoid being disrupted by dis-intermediaries in their segments.

Wwwdotblahblahblahdotcom was the new global linqua franca, and boy, if you didn’t have one you were SOL.

As a result of the Internet, an almost immediate awareness of computer viruses and hackers caused Microsoft to allay users’ fears through the online delivery of what were called security updates. Consumers began to understand warnings about suspicious attachments and viruses for the first time. There was suddenly more emphasis on Help and Support.

Yes, even when Windows was a mere 35 million lines of code, hackers were busy testing the limits of its defenses against worms and viruses and beginning to understand that unpatched modules were welcoming to invaders who could essentially drive up and park their malware inside all that code. “Back doors” became common hacker jargon and cyber-criminals began conceiving attack vectors that targeted these entry points

Windows 10 is estimated by insiders today to contain over 60 million lines of code. Put another way, if you started reading the whole code base and did nothing else for twenty-four hours a day, seven days a week, it would take you over 4 years to finish.

Windows and all of its spawned collateral software products have become the equivalent of building houses in Florida and then having the climate suddenly change to resemble North Dakota. But this is not Microsoft’s, or Oracle’s or SAP’s fault any more than it is the fault of the railroads or steamships that air travel was invented.

If Gates knew the Internet was coming back when he started Microsoft, he would be even richer than he is.

And, we would presumably have much more secure software.