Mountains of Bugs
It is interesting to apply a biologically inspired point of view to programming, as in biological computers, from many distances.
A program is, broadly speaking, a piece of data to specify how a given classical universal computer should behave. How that data is represented and what plays the role of the universal machine are implementation details. What matters is how the end result behaves. The universe we live in provides means of computation, of which biology mainly relies on chemistry. The genome is the program, but what is an individual?
In biology, each unique genome tends to have one instance of it going about, sensing things and doing stuff accordingly. In programs, however, we have relatively few unique genomes, but there are millions of instances of them. In this sense, out of eukaryotes, they most resemble hive insects.
A colony of ants or bees, ignoring some haploid/diploid issues, is genetically one individual. A queen is responsible for instantiating tons of clones of the individual specialized to various tasks. There are chores to be done, because a system living in the universe needs to pay in energy to ensure its continued existence. The queen is also responsible for eventually updating the code and releasing new versions.
Similarly in software development there is typically one entity responsible for maintaining an upstream of the project, from which installations of the software clone the code and build the software for themselves. Installations are needed, because a system living on physical computers currently needs to do something useful for humans, because otherwise we won't pay the time and energy to ensure their continued existence on our computers.
Software generations usually consist of just one offspring, which is the next version after a commit or release, but there can also be multiple ones, in which case we call it a fork.
There is a weakness inherent in this approach. Given a hive with tons of individuals with the same or very similar genome, they will also behave similarly when encountering an attacker. There fore an attack exploiting a vulnerability in how they behave can spread very fast among the similar individuals in close physical proximity.
The same goes with software. Although we have made some attempts to mitigate this with things like ASLR and randomized linking, we still have a huge number of essentially identical individuals vulnerable to the same kinds of attacks. No wonder it's easy for attacks to spread.
The situation in software is like having all the current viruses, fungi and parasites attack just a few massive ant colonies covering most of the earth. There is a reason why we have ant hills rather than ant mountains.
Posted: 21.5.2021 by aoh