[ale] Strong home wireless router?

Solomon Peachy pizza at shaftnet.org
Mon Jun 5 10:27:33 EDT 2023 

On Mon, Jun 05, 2023 at 09:06:24AM -0400, DJPfulio--- via Ale wrote:
> I'm using actual statistics from that 30 yr software program. It isn't 
> a made up number.  This was a CMMI-5 software development program, so 
> I find the "pfft" a little offensive.  We were writing the most bug 
> free, non-trivial, software in the world.

I don't doubt the accuracy of that number; I'm just saying that it's 
effectively meaningless.

At this point I have twenty years of systems & embedded development 
experience, including several at a medical device manufacturer.  In that 
space, for the highest tier of safety/life-critical software, you have 
to submit formal proofs of the software's functionality, including test 
evindence that every concievable failure has been anticipated and 
handled.

But you can hold up tests and proofs until you're blue in the face; as 
Donald Knuth put it, "Beware of bugs in the above code; I have only 
proved it correct, not tried it."  It turns out that in the real world, 
even with inense levels of scruitny and testing, bugs and failures 
_will_ happen, and there has to be a method of of handling/fixing them.

For medical devices, the regulations are written with that in mind; you 
have to provide at least a decade of post-sale support, including 
mandatory reporting of failures and issues to the FDA, with potential 
_criminal_ penalties on top of pretty hairy civil penalties for covering 
stuff up.

(In fact, I'm currently doing some consulting on an wifi bug in a 
 medical device I tangentally worked on in 2012.  The bug only happens 
 at a single, but large, hospital)

But I digress. It turns out it's rarely prosaic implementation-level 
issues (buffer overflows, unsanitized input) that cause issues; instead 
what gets you is stuff that was never captured in the specifications, 
and thus never tested for. That's what brought down the 737MAX -- The 
MCAS software was provably correct to the spec it was coded against, but 
the spec itself didn't capture the safety-critical nature of that 
subsystem, allowing for only a single sensor to be used for input and 
the warning light of system failure to be a customer-selectable option.

It was a similar failure that led to KRACK -- the formal proof of WPA's 
key exchange was rock-solid, but the process of _installing_ the keys 
wasn't captured in that proof, becuse it lay outside the realm of 
cryptography.  That, combined with a couple of reliability-focused 
features of wifi (eg retransmitting failed packets), meant that there 
was a grey area that wasn't considered.  Once discovered and reported, 
it was pretty easy to fix.  Deploying that fix everywhere, on the other 
hand...welcome to the dumpster fire of I(o)T.

> Wifi and any VPN can be setup to be very usable for normal people on 
> multiple devices.  I've seen 20+k people using it just fine with 2FA.  

2FA to just get onto the Wifi network and/or VPNs are not "usable for 
normal people".  ("normal people" don't have a large IT organization 
setting things up and providing ongoing support..)

> We know they used it because without it, they couldn't patch their 
> systems AND have the success reported.  Turns out that reporting of 
> patching is just as large a problem as actually doing the patching 
> inside a corporation.

I've also witnessed plenty of "I'm at a customer site, the VPN won't let 
me connect because I'm not updated, and I can't update my software 
without the VPN!" situations.  Turns out that effective IT policy can 
only occur when pissing off VPs is acceptable.

It also turns out that this mandatory securtiy software meant that folks 
end up having to deploy shadow IT infrastructure to get their actual 
work done.

(This was the case at that medical device gig.  My R&D group even paid 
 for its own internet connection -- a connection that was faster and 
 considerably more reliable than the corporate one.  We also used our 
 own systems for actual work as we all needed Linux and minor things 
 like non-locked-down-unless-you-get-VP-signature-every-quarter USB 
 ports.  The corporate-supplied systems only ever got used for filling 
 out timesheets and official training.)

 - Solomon
-- 
Solomon Peachy			      pizza at shaftnet dot org (email&xmpp)
                                      @pizza:shaftnet dot org   (matrix)
Dowling Park, FL                      speachy (libra.chat)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mail.ale.org/pipermail/ale/attachments/20230605/8d54e110/attachment.sig>

More information about the Ale mailing list