Hacker News new | ask | show | jobs
by cryptoz 1035 days ago
Software does degrade with age, though. Simply the fact that vulnerabilities are found over time means that our understanding of a piece of software and how it works changes. But it's not just vulnerabilities being found, it's protocols used that may be unsupported etc. That change is a kind of a rot like people call 'bit rot' but it's a specific software rot that does happen. Systems are complicated.
3 comments
kwhitefoot 1035 days ago
Most software used not to be connected to the outside world. It wasn't vulnerable at all unless the attacker already had control of the host.

In the thirty years I spent developing software I spent hardly any time on anything that was accessible through the network and I'm confident that I'm not the only one. The embedded control software that I wrote for 6502s would still work today and would be completely invulnerable to attacks other than from someone standing right in front of the machine pushing buttons.

Of course now that everything has to be networked so that your fridge can advertise special offers to you the situation is changing for the worse.

link
z3t4 1035 days ago
An example is SSL root certificates, which expire by design. Also ABI. But if you use containers or virtual machines you can basically have a program run forever.
link
arter4 1035 days ago
You can, but you shouldn't, because at some point you should patch the vulnerabilities you inevitably find on any non-trivial piece of code after a while.
link
bombcar 1035 days ago
Certain code can run with bugs forever, even vulnerabilities, because it will never interact with anything (see the famous "the missile" bug - a counter would overflow at some point, but by then the warhead would have detonated, so who cares?).
link
JohnFen 1035 days ago
Sure, but none of that applies to non-networked embedded systems.
link
deterministic 1032 days ago
Brand new software made yesterday is full of bugs and will kill or maim you if you try to use it for safety critical systems. I trust 10+ years old code that has been proven in combat. Not crappy new code written by some arrogant young “Ninja” who has no clue on how little he/she/it knows.
link