Bart, a question for you if I may, as your network expertise far surpassed the little I have: is the fact that the internet continues to function despite all the glitches due to fault-tolerance and workarounds designed into the software? If so, or something of that nature, how much better could it be (pipe dream) if the software wasn't buggy to begin with?
My meager experiments in writing code to produce menu screens and such clearly demonstrated to me the need for debugging and more debugging, every time a single bit is changed.
That's a very interesting question, let me try my best to address it, but I need to give you some background first.
The internet has it's origins in the cold war era, and it was designed and developed as a military network, so from day 1 it was designed to be able to work around vast chunks of it's infrastructure literally vanishing in a mushroom cloud!
So, at it's heart, it has a certain kind of resiliency designed into it.
Now - something else to understand about computer code is that old code is the most stable kind, the more time you have to beat bugs out of code the more stable it gets. New code is scary, old code is reasuring!
So, the internet was designed to be robust in a certain way, and the code at the heart of it is very old and well matured, so, it is fair to say that the core of the internet behaves as designed.
HOWEVER, the design has two fundamental flaws:
1) it was never intended to scale to this size
2) security was IGNORED in the design
So, all the security we have has been crudely bolted on after the fact. It is, for want of a better word, a hack, all of it!
If you care about the details, you can read the long detailed description of the very worst of the flaws with the design of the internet below, if not, here's a quick summing up:
The internet protocols are very stable because the code is old, it does work as designed. However, although the design is very resilient to hardware failures, security was not even considered in the design, so there is ZERO support for it at the lowest levels! We have crudely tried to layer some security over the insecure core, but that really is a hack, and it's just as buggy as you'd expect any hack to be!
B.
-----------------------------------------
Nerdy details:
The way the internet works is that it's a layered protocol, with each layer providing different functionality, and all higher layers building on the ones below. The very lowest layer, the so-called Physical layer deals with the simple task of getting one packet of data from one computer to another computer directly connected to it. At that level, there are no IP addresses, they do not exist. The most common Layer 1 protocol is ethernet (wifi is the same protocol but over radio waves instead of copper wire), and the ethernet protocol only uses MAC addresses to refer to machines.
Layer 2 deals with getting a single packet of data from any machine to any other machine on the internet, and that's where IP addresses come in, the protocol use in Layer 2 is the Internet Protocol (or IP). IP works by stringing together a number of uses of Layer 1 protocols into a full path from point A to point B. The packets will cross each 'hop' from one router to the next to the next using layer 1, and each time it will have a different MAC address that is only valid on the one link it is passing through at that time.
Thinking about this, it soon becomes clear that you need a protocol to translate between MAC addresses in Layer 1, and IP addresses in Layer 2, that protocol is ARP, and it's probably the most used protocol on the entire internet. The bad news it has ZERO security. It was designed with the assumption that there would be no rogue machines on the network. All you have to do to listen in to everyone's traffic who is on the same network as you is to send out a fake ARP packet advertising your MAC address as the one that matches the IP address for the router, suddenly, all traffic that tries to go to the internet goes to your machine! You can read it, edit it, what ever, and then pass it on to the real MAC address of the router to let it out onto the network. If you also send out a few more spoofed ARP packets pretending to be every IP address on the LAN, then all traffic coming in from the internet to anyone on the network is sent to you, where you can read it, edit it, what ever, and then pass it on to their real MAC address. This is how people can sniff your traffic at Star Bucks!
The problem is that ARP is a trusting protocol, all ARP packets are taken at face value by the protocol, so a nefarious person can really muck things up!
Lets take things up a level, Layer 1 gets you from one computer to another that is directly connected to it, Layer 2 gets one single packet from any point on the internet to any other point, so that brings us to Layer 3, which allows us to get a stream of data from one point on the internet to any other. Packets are tiny, we're talking KBs not MBs, and let alone GBs, so to send any amount of data at all you need to break it into lots of packets that need to get re-assembled on the far side. Each packet fends for itself on the internet, and there is no guarantee that any one packet that is sent ever arrives, and each packet can take a different route through the internet, so they won't arrive in the same order they were sent either. Layer 3 deals with these problems. The two most common Layer 3 protocols are TCP and UDP. (this is why our internet protocol stack as a whole is called the TCP/IP network stack). Again, like Layer 1 and Layer 2, there is ZERO security built into Layer 3, so all data is un-encrypted, and can be tampered with as it passes through the internet.
The last of the three mega-flaws is the DNS system. The internet works on IP addresses for all communication, but humans do not, they use nice easy to remember names instead. We don't go to 74.125.230.112 when we want to search the web, we instead go to
www.google.com! There has to be a mapping from IP addresses to names, and from names to IP addresses, and that's what DNS does. Again, like ARP and TCP/UDP, DNS was also designed without ANY concept of security, so again, it is possible to intercept and modify DNS packets on the network, and when you do that you can redirect people to go to your server instead of where they wanted to go. This kind of attack is very dangerous because if you combine it with a phising email telling peopel to go to say paypal.com, then when they type paypal.com into their browser they will NOT go to the real paypal servers, but to the attacker's servers instead. The address bar will look right, but you won't be where you think you are!
We have tried to fix, or at least mitigate all these shortcoming using hacks since, but we haven't gotten very far. If you buy VERY expensive managed switches for a few grand each then you can have the switches lock physical ethernet ports to particular MAC addresses, preventing ARP spoofing. This is not cheap, not easy to manage, and more often than not, not done! We have protocols like SSL & TLS that allow us to secure TCP connections. It's SSL/TLS that makes HTTPS, SSH, VPNs, secure IMAP/POP/SMTP, and much more, possible. But, even SSL & TLS is imperfect. We're also scrambling to fix the DNS system by using something called DNSSEC, but the rollout has been REALLY slow. Then you have the fact that the internet is bigger than it was designed to be, so we have run out of IPv4 addressees, and need to move to IPv6, but that's proving difficult and slow.
When I say the internet is fragile it's these kinds of things I mean, and I haven't even looked at website security issues, that's a whole other kettle of fish that happens in the so-called Application Layer, which is the 4th and final layer of the TCP/IP networking model.
B.
far away in Canada. In a snap I can turn off a computer and turn it back on just by pressing a single button. 
entary... do you immediately believe what's being unfold in the the doc or you will take each discussed point of the do
