
Ask HN: What has not changed in the Tech industry within past 10 years? - cryptozeus
Change within the Tech industry is rapid. Many business concepts, software stack, programming languages, hardware have changed quite a bit.<p>What are the things that have not changed and will continue to be stable?<p>i.e. People would always want faster software
======
ksaj
Infosec tooling.

Why Meterpreter isn't controlled by an AI or achieving some other autonomous
state, I'll never know. Its like hackers forgot that viruses and worms were
ever a thing, and yet therein lies the next big leap... lateral movement
without c&c. Anyway, Metasploit has been with us a long time, and is a good
example.

Other much earlier tools like nmap have lived through Y2K and are still in
regular use to this day.

While the software itself has progressed a lot, their initial purposes have
not left us. The same names always crop up when looking through decades-worth
of hacker tools.

Everything about firewalls today, other than new lingo (like clouds) is pretty
much the same. That is surely a stable technology that remains ubiquitous.

Look how old ISO2700x and 17799 standards are. They (one is really an
"upgrade" of the other) are here to stay for a while.

~~~
world32
> Why Meterpreter isn't controlled by an AI or achieving some other autonomous
> state, I'll never know

How do you think meterpreter would be controlled by an AI? Do you think there
should be an AI that will automatically figure out a way to hack into a system
or escalate privileges?

Regarding other tools like nmap and metasploit - they are frameworks which let
you run modules specific to certain exploits. Metasploit has countless of new
modules being developed all the time. And nmap has its own scripts to target
new kinds of attacks.

Though the basic functionality of nmap will not change anytime soon because
network protocols are largely the same since 10 years ago.

~~~
ksaj
I see it doing the standard recon and working the appropriate exploit that
would likely provide the most leverage with the least noise, but from within
the target environment. So, yea, you've provided some good examples.

Once behind the firewall, outbound connections to a c&c could set off alarms.
Especially if the connections are sourced from multiple internal systems to a
single external one. So let an ai decide what to do once lateral movement
options become available, then report back findings at a more appropriate time
and method that is also less likely to ring bells.

That's just a quick synopsis. There is a lot more that could be done, but the
secondary exploitation/invasion stages would probably see the biggest gains.

~~~
world32
I don't see how will ever be possible? There are just way way too many
parameters to code an AI to do lateral movement or escalation once inside a
system.

For example, even trying to exploit a famous vuln like dirtycow still often
requires small tweaks to the exploit script in order to get it to work. There
is no way an AI will be able to do that.

Though if you are talking about an "AI" that checks processes running,
versions installed etc. and runs the appropriate exploits scripts metasploit
already has that in the getsystem command. Though I wouldn't really consider
that AI.

[https://www.offensive-security.com/metasploit-
unleashed/priv...](https://www.offensive-security.com/metasploit-
unleashed/privilege-escalation/)

------
jxub
Terminal text editors.

Aside from incremental improvements like async plugins Vim and Emacs have
largely stayed the same.

------
diehunde
\- programming language paradigms

\- data storage techniques have evolved but the essentials are still the same

~~~
ksaj
The fact that so much "new" stuff comes from Lisp proves you are right.
Instead of 2 steps forward, one back, it seems with programming languages we
keep returning to the start.

Lisp is one of those languages that rarely gets an upgrade, but everyone else
keeps coming back to emulate it.

~~~
mattmanser
Well, bits of it.

Otherwise by now we'd all be using it by now, right?

------
usgroup
I think paradigmatically nothing has changed about the craft of software
development since the 80s IMO; we’ve just changed about where efforts are
weighted.

Business models, consumers and hardware have undergone the most change.

------
sidcool
Managers. Seriously. Each new wave of Managers bring the same old mindset.

------
paulcole
Hubris.

------
sngz
bad ways to interview people

------
rudyrupak
The ability to share a contact from one mobile phone to another. Blackberry
could not do it without sending a text and neither can iOS and Android.

------
backscatter
Ask jeff bezos.

