This blog contains reflections and thoughts on my work as a software engineer

tirsdag den 18. december 2007

Die Hard 4.0

I have just finished watching the movie Die Hard 4.0. I'm currently sick and it seemed like a nice movie to watch while trying to get your mind away from Immune System vs. The Fly Virus inside my body.

So we rented a movie - and I must admit that while John McClane fought his way through a bunch of evil terrorists while the entire nation of USA were shut down by the mastermind of the evil terrorists I couldn't help myself thinking "yeah right...". The plot is basicly that a former employee of the NSA (or whatever) got fired, found himself pretty mad about the issue and decided to hack himself into all critical infrastructure systems in USA and shut them down in order to get to people's financial information to live as a rich man the rest of his life.

I like a good movie - I really do. I like a good actionmovie too - and it wasn't a bad action movie. But for the last half a year I have undergone a change in the way I percieve my profession so I couldn't help thinking that the plot was ridiculous to the point of being purely naïve. Let's face it:

The evil terrorists ran everything from something similar to a shutdown factory in the suburbs. A few, but dedicated men were able to hack themselves into loads of various systems and control everything from gaspipes to phonelines, from surveillance cameras in elevators to defense communications systems. What would be the preconditions for such an act?

  • All systems in interest of our evil terrorists would be interconnected and online. If they were not online nothing like this could ever take place.

  • All systems should be based on a similar framework and GUI. Otherwise nobody would ever be able to figure their way into all the various subsystems and trigger the needed events. How the hell would anybody ever want to even try to make core frameworks and guidelines for all areas of public IT and expect the various departements to use them? All the same it appeared that all areas such as banking systems, energy sector, transportation departements etc all had state-of-the-art infrastructure and I doubt that will ever happen... There's a reason why COBOL is still used in the banking world and it is not for the UI package. I doubt that it would ever happen that public IT could be build using the same, shared platform the way I have just seen used by both good and bad guys in the movie.

  • All systems would have built-in support for shutting down public, critical infrastructure basicly by pushing a few buttons. I don't fancy thinking of myself as a wise man - but I don't think it would be in the interest of the US of A to create such a system. I didn't mention YAGNI here, did I?

  • You would be able to control systems like traffic lights online - something which I think is possible today but if I was a decent system architect I would never allow somebody from the outside to modify the system in such a way that it could be possible to turn all lights green in a crossing. The simplest of algorithms could prove that command to be invalid - even if it came from a user logging in with SuperGod of SuperGod administrator rights. I would build in checks for evil commands and simply reject them on-site if somebody tried to tamper with the lights in a crossing - I sincerely hope that I'm not the first one to think this one up.

There were loads of misleading information which actually made me loose focus on the fact that I rented an action movie and shouldn't expect to get anything else than action entertainment. However - being a software engineer I can't help myself thinking in terms like "Come on guys - this one is simply too thick..." when the producers of the movie start showing off some technical nonsense to the audience. Maybe it is just me - actually I wouldn't advice anyone to bet against that assumption - but I think that movies like these tend to pretend that they actually know just a tiny bit about the things that you are capable of when sitting in front of a computer.

Ingen kommentarer: