It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.
Computers, and computing, are broken.
The NSA is doing so well because software is bullshit.
Computers have gotten incredibly complex, while people have remained the same gray mud with pretensions of godhood.
Now imagine billions of little unknowable boxes within boxes constantly trying to talk and coordinate tasks at around the same time, sharing bits of data and passing commands around from the smallest little program to something huge, like a browser - that’s the internet. All of that has to happen nearly simultaneously and smoothly, or you throw a hissy fit because the shopping cart forgot about your movie tickets.
We often point out that the phone you mostly play casual games on and keep dropping in the toilet at bars is more powerful than all the computing we used to go to space for decades.
NASA had a huge staff of geniuses to understand and care for their software. Your phone has you.
The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when.
This is because all computers are reliably this bad: the ones in hospitals and governments and banks, the ones in your phone, the ones that control light switches and smart meters and air traffic control systems. Industrial computers that maintain infrastructure and manufacturing are even worse. I don’t know all the details, but those who do are the most alcoholic and nihilistic people in computer security. Another friend of mine accidentally shut down a factory with a malformed ping at the beginning of a pen test. For those of you who don’t know, a ping is just about the smallest request you can send to another computer on the network. It took them a day to turn everything back on.
When we tell you to apply updates we are not telling you to mend your ship. We are telling you to keep bailing before the water gets to your neck.
Executable mail attachments (which includes things like Word, Excel, and PDFs) you get just about everyday could be from anyone - people can write anything they want in that From: field of emails, and any of those attachments could take over your computer as handily as an 0day. This is probably how your grandmother ended up working for Russian criminals, and why your competitors anticipate all your product plans. But if you refuse to open attachments you aren’t going to be able to keep an office job in the modern world. There’s your choice: constantly risk clicking on dangerous malware, or live under an overpass, leaving notes on the lawn of your former house telling your children you love them and miss them.
“We’re finally getting the stage where a large portion of the population can’t really ignore the fact that they’re using free services in return for pervasive and always-on surveillance.”
School sends a lot of proprietary formats our way. Instead of publishing text directly to the open web, Word docs & slides & images & other unnecessary convolutions that harm readability, accessibility, & security are published. Just blog. Let plain text be plain.