David J Anderson

by @f4p_dja and @az1 "Emotional motivation and brand loyalty can sometimes compensate for a lack of fit-for-purpo... amz.onl/ayiZwjK

@jamesdsteele @trichromacy @SusanneBartel @az1 👍

@trichromacy @SusanneBartel @f4p_dja @az1 Flew across North America to have my copy signed by @az1 today (which he graciously did). Should I now fly to Sri Lanka to have it signed by @f4p_dja!!! 😜

@trichromacy @SusanneBartel @f4p_dja @az1

Recommended book: Fit for Purpose by @f4p_dja & @az1 buff.ly/2FX44vf

Red wine and Fit for Purpose - a perfect fit for a relaxed evening while @SusanneBartel is heading for Cologne, for an on-site KMP I class delivery. #Kanban @f4p_dja @az1

@gsuberland The actual machine code required is incredibly delicate/fragile eg “if you can out run the interrupt” where “if” is the key word. Nevertheless hardware will need to be redesigned

@gsuberland Now that I understand the POC was in Javascript I see how it is possible to disrupt the layers between the script and the machine code to make it hard to predict the code that will be produced. Thanks

@gsuberland The big issue in today’s hyperconnected world is that only a handful of humans out of ~7 billion are required to have knowledge & expertise for something to have global risk implications 🙁

@gsuberland I rarely met C coders who knew how their code compiled or executed on the processor.

@gsuberland That is freakishly impressive given the control required on the assembly instructions. Must have required a lot of knowledge on how the script is compiled & mapped to machine code

@__bbak @JerryWeinberg The Fit For Purpose Framework shines light & transparency onto this issue and improves trust & decision making. #f4p

@gsuberland Can you also explain why vendors are claiming firmware/software patches inoculate against this when it is hard-wired into the processor design?

@gsuberland Nevertheless the architectural redesign of processors to eliminate this vulnerability will take a decade to filter across the broad population of equipment.

@gsuberland Demo exploit code still requiring a delivery vector which is also quite challenging to create

@gsuberland Exceptionally thorough & clear explanation. I,m educated in microprocessor architecture & spent 15 years programming assembly. Your explanation shows how incredibly tricky this is to exploit. Has some build a working demo turning theory into practice?

@__bbak @az1 Thank you so much

@MMahlberg It’s safer is the team pull it rather than have it pushed on them. Sometimes coaching requires risk taking and pushing. Just outside their comfort zone, or too far?

@MMahlberg It’s safe to fail if your org has the maturity to roll it back without destroying anything else of value in the process

Many, perhaps even most companies don't get this: "To understand your customers, you need direct customer interaction. Your frontline staff provide that mechanism." #f4p