A hacker stole $31M of Ether—how it happened and what it means for Ethereum:
The problem is, blockchain programming is fundamentally different from web development.
Let me explain.
Before the age of the client-server web model, most programming was done for packaged consumer software or on embedded systems. This was before the day of automatic software updates. In these programs, a shipped product was final—you released one form of your software every 6 months, and if there was a bug, that bug would have to stand until the next release. Because of this longer development cycle, all software releases were rigorously tested under all conceivable circumstances.
Web development is far more forgiving. When you push bad code to a web server, it's not a big deal if there's a critical mistake—you can just roll back the code, or roll forward with a fix, and all is well because you control the server. Or if the worst happens and there's an active breach or a data leak, you can always stop the bleeding by shutting off your servers and disconnecting yourself from the network.
These two development models are fundamentally different. It's only out of something like web development that you can get the motto "move fast and break things."
Most programmers today are trained on the web development model. Unfortunately, the blockchain security model is more akin to the older model.
'via Blog this'