I’m guessing this is a joke.

Rust only fixes the memory safety issues. It doesn’t fix bad software design, the problem where we have to trust other companies to keep their security issues under control (eg. Cisco), and it can’t undo bad decisions that have become industry standards (eg. SS7)

SS7, to summarize charitably, was built assuming trust exists. Some of the vulnerabilites aren't vunerabilities, they're features!

Do you believe this statement refutes my claim that SS7 was badly designed?

Yes, given the SS7 design started in the 1970s when telecommunications was either the purview of a government agency or a state granted monopoly (depending on where you were in the world. in which case it is perfectly rational to assume that your counterparties are trusted.

SS7 wasn't a bad decision.

Allowing any random bozo to connect to the network's trusted center was a bad decision.

If the regulatory mandate to allow interconnection had also mandated the development and usage of a secure protocol for that interconnection, we'd be fine. But it mandated the opposite. Politicians got us into this mess, not programmers.

I would argue it’s the managers of the programmers who failed to foresee this as a future requirement, hence they didn’t tell the programmers to make it resilient to reasonably foreseeable changes to the operating environment.

It was not reasonably foreseeable. The Bell system had been a government-blessed monopoly since its inception. Pigs would fly before scammers were allowed to connect to raw SS7.

> (eg. SS7)

I don't have a lock on my mailbox. It is bad that the "low trust" internet overflows into my everyday life. I would rather that there was some separation of telephone calls, local community and banking etc from the lawless voids, than normalizing all these scams.

Telephone scam calls are mostly an internet problem.

I don’t get how your anecdote relates to SS7. SS7 is available country-wide (I’m assuming it doesn’t directly cross national borders) and the surface area of all of the cell towers and data centers they connect to is very large. Even larger if you consider all of the software that runs on the devices that are legitimately connected to that network. This isn’t even remotely comparable to some fictional high trust small rural town where everyone knows everyone.

I do have a lock on my mailbox, but it has to adhere to the USPS skeleton keys (which have been leaked and are exploited by thieves). Another example of bad design, or at least design that wasn’t able to withstand reasonably foreseeable changes to the operating environment.