falopex wrote:> Speaking as a software person myself, I would not trust any such
> system designed and built during a Crisis era. There is an old
> hacker saying about software: "If it can be written, it can be
> hacked." It is theoretically possible to design such a system to
> be reasonably secure (no computer system is 100%
> tamper-proof). The Boomers might even have been able to make it a
> reality in their day. The problem is that the Gen-X/Nomad
> generation is more or less in control of the tech sector these
> days. Heck, certain companies keep coming out with new electronic
> voting machines that are marketed as "uncrackable" only to see a
> college student with a paperclip and a thumb drive demonstrate how
> to compromise the system in 30 seconds or less. Any such system
> will only be as secure as the competency and ethics of the
> designers and builders permit.
> Really, I'm surprised we don't see more online financial
> institutions getting hacked than we do.
> I think we'll have to get to the other side of the Crisis War
> before online voting can be a trustworthy reality at the national
> level. Even at the local level, I wouldn't call the current online
> voting in some communities as secure right now; it's just that
> most local elections are not controversial enough for people to be
> inclined toward election tampering.
I agree with you completely. Some of the things that I see really
frighten me to death. I also recall your dramatic posting in the
"Generation-X culture vs Boomer culture." The only I would add to
that is that the Boomers are just as incompetent as the Gen-Xers, if
they didn't start as software engineers. I would say that anyone who
didn't start seriously developing software prior to 1985 or so
probably doesn't know what's going on. I remember having serious
discussions with people in the 1970s about software engineering
excellence, what skills you need to be a sw engineer, and how do you
teach those skills. Since the mid-1980s or so, I've heard no such
discussions, and today, once you've designed a web page using
Microsoft Word you consider yourself to be a programmer.
Several months ago I had an experience that really blew my mind. A
company was using a certain tool for Sarbanes-Oxley compliance,
meaning that there were 10-20 employees who were supposed to use it
every day to record the amount of time that they worked on their
different projects. (e.g., "today I worked for 4 hours on project X,
and 4 hours on project Y). It quickly became apparent to me that the
system was a nightmare to use, and that, in fact, almost no one was
using it. But the corporate management had no clue, since they didn't
use it themselves -- only the peons were supposed to use it.
When I told this to my contact, a Boomer, she became abusive,
suggested that I was dishonest and incompetent, and even made a threat
or two. Even though she was a Boomer, she had the same "all Boomers
are full of crap" attitude that Gen-Xers have.
So, I went back to the tool, and produced reports showing that only 11
hours average per month had been logged by all employees for the
preceding four months. For 10-20 employees working 40 hours a week,
there should have been thousands of hours logged each month, but there
were only 11. What was going on was:
* The peons were lying about their usage of the system.
* The IT administrators were either unaware or were also lying or
hiding the truth.
* The Boomer and Gen-X managers just assumed it was being used, or
they were more or less aware but didn't want to admit it, because
that would make them look bad.
* When told it wasn't being used, they became defensive and furious,
and immediately blamed the messenger, assuming that because he's a
Boomer, he must be full of crap.
Anyway, I wrote a lengthy memo about what was going on, and copied it
to all the corporate managers up to the President. In the memo, I
didn't say any of the stuff about lying, or anything negative really,
but I stressed that for Sarbanes-Oxley compliance to work, then the
managers have to use the same system, or it won't be used by anyone.
I'm not sure if anything's happened since then, or if anything is
going to be done. All I know is that the peons are still supposed to
use the same system, and they're using it a little bit more than they
used to, if they use it at all.
This story contains many of the elements that I've been talking about
in the financial industry. You have younger employees who nominally
do their jobs, but have contempt for their incompetent managers, and
do what they want on the margins -- not using the time-tracking system
or creating fraudulent synthetic securities -- and then lie to their
management about it. Their managers are responsible for knowing
what's going on, but they don't, or they do suspect what's going on,
but they're afraid to admit it because it would make them look bad.
There's always a hi-tech element, since the Gen-Xers assume that the
Boomers are too dumb to understand or use high-tech stuff (and they're
often right). I really caught on to this during the 2011 London
riots, where one interviewed rioter said, "I did it because the police
couldn't do anything about it. I just wanted to prove that we could
do anything we wanted, and the police couldn't stop us." The mobs
used specific smartphone software to communicate with each other,
allowing them to make plans without the police being aware.
The managers are equally contemptuous of software engineers, and
presumably the same was true of attitudes towards financial engineers
I would characterize this contempt through an analogy: These managers
have taken a course in college on designing web pages, and they think
that they know all about software engineering. They think of sw
engineers as like ditch diggers. They know how to dig a ditch,
because they took a college course on ditch-digging, but they don't
want to get their hands dirty digging ditches themselves. They leave
that to the ditch-digging peons that they hire.
So when something goes wrong with the ditch-digging project, depending
on how stupid and incompetent they are, they automatically assume that
the ditch-diggers aren't working hard enough, or, if you're a
ditch-digging consultant, they assume that you're purposely making the
ditch-digging project unnecessarily complicated, in order to make more
money. In reality, they don't have the vaguest clue what
ditch-digging is about.
I'll carry this ditch-digging analogy one step further, because in my
experience the place where this manager incompetence is most apparent
is in integration of different software components.
So let's assume that one ditch-digger is digging a ditch that contains
water, and another one is digging a ditch that contains oil. The
final product is a ditch containing both oil and water, but the
incompetent manager doesn't even worry about that, because he assumes
that once the first two ditches are ready, then the last ditch will
just take a day to complete by building tunnels from the other two
What he doesn't realize is that tunnel construction is much more
complicated than ditch construction, because the tunnels can cave in
at any time. Furthermore, the water ditch cannot supply water fast
enough, while the oil ditch supplies oil too fast, so that in the
third ditch, the oil floods the ditch and then pushes back into the
water ditch and contaminates the water. He also doesn't take security
into account, and forgets that hackers can dig a hole and tap into the
oil tunnel and siphone off oil. Or, if the hacker is malicious, he
can feed gasoline into the oil tunnel, which then gets pushed into the
third tunnel, and then back into the water ditch, where the
ditch-digger lights a cigarette and gets himself blown up.
Everything that I've just described is analogous to common problems in
integration of software components, and each of them requires a major
effort to overcome. I always like to quote the old saying about
project implementation time: "The first 95% of the functionality takes
the first 95% of the implementation time, and the last 5% of the
functionality takes the last 95% of the implementation time."
A lot of what's going on is simply because software has become
extremely complex. When I was starting out, I was developing IBM
operating systems on a bare IBM mainframe. I was writing assembler
language for the bare hardware, so it was easy for the Boomer
programmers and the Silent managers to understand everything that was
going on, even if they weren't skilled programmers.
But today, software consists of thousands of components and layers
that no one starting out can reasonably understand. When I run into a
problem developing a software system, very often the problem is in a
deep layer or a foreign component, and I can understand that pretty
quickly, based on decades of experience. But someone just starting
out, even if he has a degree in software engineering, would have only
a vague understanding of what those other layers and components do,
and anyway, he automatically assumes that they always work correctly,
an assumption that I would never make. (Several years ago I was
working on a big C++/Linux project, and I discovered that the GCC C++
compiler was generating rotten code in a particular loop structure.
When I told this to the Gen-X programmers, they told me that it was
impossible, and assumed that I was completely full of shit, like other
I believe that there's an analogy with automobile development. During
the 1950s, car mechanics really understood everything about how a car
works. Today, they understand how major components interact, but I
don't believe that they understand how the components work internally.
This all works out because the components have become extremely
standardized, so that you don't really have to know how a component
works, and when there's a problem, an entire component is simply
replaced. Software is also moving in the direction of standardized
components, but it's still far from achieving that goal.
And yes, I'm just as surprised as you are that we haven't seen more
financial systems hacked, or simply going crazy as happened with the
trading software of Knight Capital Group.