Insecure Software's Real Cost: Software and Cement

David Rice offers an excerpt from his book 'Geekonomics', arguing that software has become so necessary to the infrastrcture of our society, that unsecured software holds a terrible cost for all of us.

Share

"The value of a thing sometimes lies not in what one attains with it, but in what one pays for it, what it costs us."

- Frederick Nietzsche

For the city of London, 1854 was a dreadful year. An outbreak of cholera, the third in 20 years, claimed over ten thousand lives. Six previous city Commissions failed to adequately address London's growing sewage problem, leaving the entire metropolitan area, more than one million people, subject to the vagaries of overflowing cesspools, ill-constructed sewers, contaminated groundwater, and a dangerously polluted Thames River. Considering London was one of the most populated cities at the time and depended heavily on the Thames River, inaction had unfortunate consequences. Sadly, thousands of deaths could not properly motivate Parliament to overcome numerous bureaucratic and political obstacles required to address the crisis.

Excerpt from Geekonomics: The Real Cost of Insecure Software

By David Rice
Published by Addison Wesley Professional
ISBN-10: 0-321-47789-8 ISBN-13: 978-0-321-47789-7
Buy This Book!

It was not until an inordinately hot summer in 1858 that the stench of the Thames so overwhelmed all those in close proximity to the river, particularly members of Parliament, many of whom still believed cholera to be an airborne rather than a waterborne pathogen, that resistance finally subsided. The "Great Stink" served as impetus to the largest civic works project London had ever seen.

For the next ten years, Joseph Bazalgette, Chief Engineer of the Metropolitan Board of Works, constructed London's newer and larger sewer network against imposing odds. Despite Parliament's hard-won support and a remarkable design by Bazalgette himself, building a new sewer network in an active and sprawling city raised significant technical and engineering challenges.

Most obvious among these challenges was excavating sewer lines while minimizing disruption to local businesses and the city's necessary daily activities. Less obvious, but no less important, was selecting contracting methods and building materials for such an enormous project. Modern public works projects such as the California Aqueduct, the US Interstate highway system, or China's Three Gorges Dam elicit images of enormous quantities of coordination and concrete. Initially, Bazalgette enjoyed neither.

Selecting suitable building materials was an especially important engineering decision, one that Bazalgette did not take lightly. Building materials needed to bear considerable strain from overhead traffic and buildings as well as survive prolonged exposure to and immersion in water. Traditionally, engineers at the time would have selected Roman cement, a common and inexpensive material used since the fourteenth century, to construct the extensive underground brickworks required for the new sewer system. Roman cement gets its name from its extensive use by the Romans to construct the infrastructure for their republic and empire. The "recipe" for Roman cement was lost during the Dark Ages only to be rediscovered during the Renaissance. This bit of history aside, Bazalgette chose to avoid Roman cement for laying the sewer's brickwork and instead opted in favour of a newer, stronger, but more expensive type of cement called Portland cement.

Portland cement was invented in the kitchen of a bricklayer named Joseph Aspdin in 1824. What Aspdin discovered during his experimentation that the Romans did not (or were not aware of) was that by first heating some of the ingredients of cement, finely ground limestone and clay, the silica in the clay bonded with the calcium in the limestone, creating a far more durable concrete, one that chemically interacted with any aggregates such as stone or sand added to the cement mixture. Roman cement, in comparison, does not chemically interact with aggregates and therefore simply holds them in suspension. This makes Roman cement weaker in comparison to Portland cement but only in relative, not absolute terms. Many substantial Roman structures including roadways, buildings, and seaports survived nearly 2,000 years to the present.

It is the chemical reaction discovered by Aspdin that gives Portland cement its amazing durability and strength over Roman cement. This chemical reaction also gives Portland cement the interesting characteristic of gaining in strength with both age and immersion in water. If traditional cement sets in one day, Portland cement will be more than four times as hard after a week and over eight times as hard in five years. In choosing a material for such a massive and important project as the London sewer, Portland cement might have rightly appeared to Bazalgette as the obvious choice. There was only one problem: Portland cement is unreliable if the production process varies even slightly.

The strength and therefore the reliability of Portland cement is significantly diminished by what would appear to the average observer as minuscule, almost trivial changes in mixture ratios, kiln temperature, or grinding process. In the mid-nineteenth century, quality control processes were largely non-existent, and where they did exist were inconsistently employed, based more on personal opinion rather than objective criteria. The "state of the art" in nineteenth century quality control meant that while Portland cement was promising, it was a risky choice on the part of Bazalgette. To mitigate any inconsistencies in producing Portland cement for the sewer project, Bazalgette created rigorous, objective, and some would say draconian testing procedures to ensure each batch of Portland cement afforded the necessary resiliency and strength. His reputation as an engineer and the success of the project depended on it.

Bazalgette enforced the following regimen: Delivered cement sat at the construction site for at least three weeks to acclimate to local environmental conditions. After the elapsed time, samples were taken from every tenth sack and made into moulds that were immediately dropped into water where the concrete would remain for seven days. Afterward, samples were tested for strength. If any sample failed to bear weight of at least five hundred pounds (more than twice that of Roman cement), the entire delivery was rejected.

Find your next job with computerworld UK jobs