Slashdot Mirror
Ask Slashdot: Is the World Better Or Worse Because of Security Tech?
Slashdot reader krisdickie is a developer for embedded devices (and many other systems), and spends a lot of time being proactive about security.
This is obviously important, and I don't necessarily see it as a distraction, but rather a complex problem that has some added thrill to being solved. I can't help but wonder though if I (and my team) would have been X times more productive or have come up with some amazing new concept or feature, if we didn't have to deal with implementing security measures.
In a utopian world, where there are no bad actors, we would have likely forfeited many of the systems and ideas that have been put into place to prevent bad things from happening. So my question is -- are we more technically advanced because of the thoughtfulness that has gone into creating these systems?
Or are we just losing precious resources and time dealing with the necessity of protecting ourselves from the perilous few?
Share your own thoughts in the comments. Is the world better or worse off because of our ongoing development of security tech?
In a utopian world, where there are no bad actors, we would have likely forfeited many of the systems and ideas that have been put into place to prevent bad things from happening. So my question is -- are we more technically advanced because of the thoughtfulness that has gone into creating these systems?
Or are we just losing precious resources and time dealing with the necessity of protecting ourselves from the perilous few?
Share your own thoughts in the comments. Is the world better or worse off because of our ongoing development of security tech?
What an asinine question.
Of course we're worse off because there are bad people in the world. If everyone was a magical completely altruistic person who did nothing but make the world a better place, the world would be a better place.
Keep on knockin'
https://robbiecrash.me
Fucked. Intellectual property and Monsanto. Your previously possibly-idyllic way of life? Fucked. Apply technology to CONSUMERISM and you eat yourselves from the inside out. Now socialize the losses, bitch.
Yes.
admin/admin passwords, not rolling out patches, leaving anonymous FTP open... what can go wrong? this article was written by a dumbass
This is not a one-case-fits-all item.
What kinds of measures specifically are being spoken of? Does it help or hinder end users doing what they wish? Are end users even a consideration or is this solely to keep a stranglehold on the device from a manufacturers perspective?
As with many things there will never be a single answer, what is presented is a set of varying trade-offs whose value will change depending on the desired goals and whose perspective it is desired from.
Human 'bad actors' are only one source of adverse conditions for computing. Many security features double as stability and error-checking features. I think that the author's question is ultimately a silly one because of Hanlon's Razor - "Never attribute to malice that which is adequately explained by stupidity". I think most people have seen terrifically destructive users who had no malicious intent behind their actions. Even in a utopia, humans are still human.
What happens when we conquer all adversaries? Well, we're seeing that now. We are eating our own.
Not better or worse, but as it should be.
Sadly, because we, somehow, have allowed this great infrastructure we call "the internet" to be as filled with (security) holes as a collander.
At this point, we re just imitating the Dutch boy quickly plugging holes in the dike while at the same time realizing that we'll run out of fingers long before all of the holes are plugged.
Of course... one couldn't even being to dream of such a world if that world also supported that which make's the huge gap between the rich and the poor possible.
The choice people have to make is if it frees us or enslaves us.
My ism, it's full of beliefs.
Lack of regulation means there is a lack of quality while companies compete to minimize labor costs. We get the trash we pay for, in the form of a lack of security and stability, which is more noticeable in areas that affect large sums of money and human life. Those are the areas where people notice a lack of quality, but obviously that recognition is slow, since we can't even get a dependable 911 service though we have landlines with 5x9s quality-of-service. With no support for future regulation, everything should only get worse, as we compete to get the best facade on stealing user data in an undependable and untrustworthy way.
In the 1980s and 1990s, there was a turning point where security was considered something that should be baked into an OS and product, be it an operating system (thus the C2/C3/B1/etc. levels), MAC/DAC controls, security as part of the kernel, and part of a module, and so on.
However, what happened is that companies took the easy route. Windows had no innate security so the whole firewall/castle model of company security was formed, where security was done by the network fabric, and not the endpoints. This worked for a while, until malvertising and Trojans allowed malware to attack anywhere.
These days, security is pathetic in general. I have heard "security has no ROI", "the hackers will always win, so why waste money?" and other claptrap for over a decade. In fact, because there is no real criminal penalty, an egregious security breach makes the top levels of a company a lot of money because they can short their stock before making the announcement public, especially if they can keep the breach under wraps for six months.
IoT devices come to mind as a specific example. Why even bother with meaningful security when customers are forced to buy your version 1.1 of a doodad because version 1.0 will get their stuff hacked, and cannot be upgraded? Especially because the money with IoT is the analytics coming in, not the actual purchase of the device.
It probably increases usability in the same way that car safety measures increase usability of cars. As someone already mentioned, it forces systems to be designed in such a way that they are also proofed against users "shooting themselves in the foot" at a moment of even a tiniest incompetence.
Any guest worker system is indistinguishable from indentured servitude.
I know that when I first started hacking around with Linux in the mid 1990s that I had an easy time experimenting with networking compared to somebody just trying things out today.
Samba was out and all the security in it, and in Microsoft products that used SMB, were loose and easy to use. NFS was a breeze to use, so you could boot up a machine with an NFS install floppy diskette and put a whole freenix (I like NetBSD) on a system quickly.
A lot of that has changed now. It's even a hassle now just to get two 'doze computers to talk to each other's shares these days. This is bad when it's a closed network and finding the server drive or accessing the printer is no longer just a matter of clicking the 'Network Neighborhood' icon on the desktop.
Security is, obviously, necessary. But my way of thinking is that the security should be incorporated at gateways. Home networks should be protected by hardened gateways and firewall appliances. People should have traffic monitoring equipment built into their local networks. Gateways to the 'whole internet' are usually done through NAT these days, so security should be lax within local networks and tight at points where they connect to the world.
Security only matters when there is an intruder about. I live in an area where if I forget my tablet out on the back porch it will always be there the next morning. The most risky intruders are coyotes out in the field.
For 99%, it's worse. Unless you like Moon River.
Ben Dover
Aka "both". But by and large, worse, and this will worsen until we fix two things:
The atrocious state of our technology, IOW the "hyoooooooge" technical debt. That mountain is so big we don't know where to start looking at it. But it's still there. It's become so big it has its own abyss, staring at you. That makes it even harder to look at.
Our willingness to be oppressed by technology. It doesn't matter if it's because of some "security" threat or other ("for the childrun", "terrists", you name it), government convenience (e.g. face recognition, not just China but the US and Europe already as well, but also SSNs and many other tricks, many seemingly innocuous), "user friendlyness" (yes, think about that one for a bit), faux-"security" ("secure boot" isn't about security), or any other reason. It always comes down to "who is in control?" and if it's not you, it's someone else. And if it's someone else, then the tech doesn't exist to empower you, but to empower them and by extension it becomes a temptation to use it against you, IOW a tool of oppression waiting to happen. Not because of any ideology, but because it's there, it's easy to use, it's powerful, and power corrupts.
So yeah, by and large the net effect is negative, will remain negative for the time being, and the people to do something about it, well, that's squarely us. So get to it, you slackers.
The logical value of (A or (not A)) is always True.
I am simplifying somewhat here because "better" is not the opposite of "worse" (we must also consider "equal"), however the probability of the situation being exactly equal is zero, so you get the same result.
You could also ask if it is better AND worse, and the answer would still be yes. Just as you could say Slashdot is both bad and good. There are plenty annoyances, but hey - after 20+ years I am still here reading, so it can't be all bad.
Some of these polarizing yes-or-no questions are just dumb.
Well, then let's talk about the entertainment industry in general, including movies or professional sports.
Or maybe being entertained is not really a "waste" for human beings.
As a local comedian said once "the youth is better at home playing videogames than in the streets committing crimes" :-)
First we have to ask ourselves, what is security?
Security, as in locked doors, encrypted drives, encrypted mail and digital wallets?
Or...
Security as in personal security (the rights to roam free and pursue our own dreams), free from oppressors, freedom of speech, information freedom.
In a time of fake news where it's possible to manipulate another country just by doctoring the news and opinions of the masses, this is certainly not good.
Another bad is that if we take away our freedom of speech, we get less say - and the power handed to a privileged few, aka "your" chosen government.
Internet gave us a lot of freedom. We could exchange information faster than ever before, play games with our friends overseas, book travels and earn money no matter were you where in the world.
But it also blinded us, with information this fast, there was no time for peer reviews of the news, what source can you truly trust? "Likes" almost became the new "law". Getting likes was almost like the new religion, and nevermind the reliability of the actual sources, just as long as a bunch of likes came along, and the rest thought "meh...might as well join the crowd", and what crowd? These are just numbers. A very real but dangerous development.
Time to take a step back - and understand that we should keep this technology free, putting too many locks on it also censors our freedom of speech, but security starts with us, we need to educate ourselves and not trust everything blindly. Turn off the net, breathe - go out there, say hi to your neighbor once in a while, talk amongst yourselves.
What this world is coming to - is for you and me to decide.
Time spent protecting operating systems from possible bad behaviour of applications is time wasted.
The current state of Operating Systems is akin to having only single phase AC power, but no fuses or circuit breakers anywhere in the system. Because applications are trusted with everything, any bug can result in the wholesale mis-direction of everything down the wrong path. Most (but not all) of our problems with security result from this misplaced trust.
It's probably going to be another decade before capability based security becomes mainstream, but I hope discussions of it in places like ../ can help bring it forward sooner.
The problem is that the intruder doesnâ(TM)t have to come from outside, but most likely will be a naive user on your own network who clicks something they shouldnâ(TM)t have on a poorly secured computer. So: The basic protocols are still around, so you can still learn the basics of how to set up network services within a lab environment; nothing has really changed there. But donâ(TM)t stop learning once you know the basics; thatâ(TM)s the main lesson here. When you can reliably create a file share, learn how to manage user accounts and groups, and how to apply the principle of least necessary privilege.
Security mainly boils down to âthink about the consequences before implementing somethingâ, and âclean up your own mess to avoid introducing accidental consequencesâ. If a developer lacks these habits, they will write broken software from more perspectives than just security.
All I read was BRA! :-)
Much of the internet is built on a model of reasonably open trust. This proved to not be a mistake, but a particularly galling one, which has required patch after patch.
The problem, as I see it, occurred starting in about the mid 90s. At this point, what the internet actually was, was clear to all. Making assumptions of trustworthiness in 1985 was still quite reasonable: it was possible that all meaningful internet connections were to continue to be monitored for bad behavior manually and actioned when appropriate. It wasn't what was happening, but it wasn't lunacy.
In the mid to late 90s, once the majority of the really gullible things were beaten out of everything, things appeared to be kinda looking up- we were at least on the correct trajectory. Queue another massive overdose of functionality. The early versions of IE would just run any link as appropriate. You could provide a link to C:\windows\notepad.exe, and clicking it would run notepad. Or a deltree on your C drive. Unix land, while not as degenerate, was still busy taking URLs as commands, browsing all over the root filesystem, and generally behaving like amateur hour. Every new tech that got added was riddled with security problems that were reasonable obvious, and they were still adopted at absolute lightning speed.
Technologies were obsoleted almost as fast as it took them to hammer out their bugs. The idea of passing code from server to client caught on, but unlike the prior iterations of this, there was no reason to actually TRUST the server- sure, you might trust microsoft.com, but do you trust $RANDOM_ADDRESS.net?
Something like SPECTRE wouldn't even be that interesting if the underlying assumption wasn't that you were downloading and running code everywhere you pointed a browser to.
The security overlay on all of this can be heavy at times. It is also frequently misguided, which makes much of the ire. See pretty much anything related to passwords for a great example of something that doesn't buy much security at the cost of a massive amount of usability (and goes backwards if it starts asking what school you went to, and then gives access to anyone who can guess that, a fact you cannot change). Even automated systems like SSL can ultimately be mangled by someone dedicated to the task.
Overall, much of the security burden is based around some bad choices early on, but almost everything that weighs us down now is a result of continuing to make bad choices.
As a cybersec professional of many years tenure (and now an exec at one of the major firms), I have to admit I've asked this same question many many times. If we didn't need to put so much effort into security, and instead put it into features with direct customer benefits, wouldn't we all be better off?
I think the OP approaches the answer to his question when he refers to preventing bad things from happening. A basic part of engineering is system robustness, resiliency and safety. We don't question the effort we put into assuring those things. We manage, in a variety of ways, the potential impacts arising from possible system failures.
With cybersecurity, we manage in a variety of ways the potential impacts arising from system vulnerabilities exploitable by bad actors. It's work we'd be doing anyway.
anonymity and security,
can't have both
if criminals know they will be identified and caught they will be less likely to offend.
Go well
It's a rather open ended question, but here's an anecdote to consider. A lot of free and open-source software is written in Java. However, our security administrator set an aggressive policy on Java because of past Java security holes. Java-based applications run about 20x slower than they would without the aggressive scanning done on it by our security software. It makes such software virtually useless. We either pay more for alternatives or go without. (I personally believe the security scanning software that starts with an "M" is poorly designed, but that's another topic.)
I cannot reliably say if our org's policy is too aggressive, because not getting things done may be just as bad as being hacked in the longer run.
Another oddity is that Microsoft is also leaky, but because we need some software to avoid going back to paper and pencils, Microsoft gets a pass that Java doesn't. It's crazy. Sometimes it feels the 90's were more productive because we didn't have consider security stuff. (That and stupid Web "UI" (non) standards.)
Table-ized A.I.
Everyone has failed so hard at the first three levels of OSI through shitty programming that they rely upon several more layers of OSI to cover up for even shittier programming now.
Security comes through good programming practices, thorough testing, and sticking to KISS ideas.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The problem with security is that it's used as a pretext for surveillance and spying. We get backdoored CPUs so our data and devices are no longer under our control. All in the name of security.
I'll choose freedom over security any day.
Knowledge is power; knowledge shared is power lost.
This is obviously important, and I don't necessarily see it as a distraction, but rather a complex problem that has some added thrill to being solved. I can't help but wonder though if I (and my species) would have been X times more productive or have come up with some amazing new culture or technology, if we didn't have to deal with obtaining agricultural products.
In a utopian world, where there are no metabolic processes, we would have likely forfeited many of the farms and fisheries that have been put into place to prevent starvation from happening. So my question is -- are we more technically advanced because of the thoughtfulness that has gone into creating these systems?
Or are we just losing precious resources and time dealing with the necessity of fending off starvation?
Point being: OP is a euphoric tard. Security is a natural consequence of game theory, you might as well stop coding if you don't want to deal with it. It's no different than food or water for base survival - it's a result of existence.
... that's for sure.
https://youtu.be/0rR9IaXH1M0
We suffer more in our imagination than in reality. - Seneca
Cares would totally be much cheaper if we could make them from cardboard or something and like do away with brakes and all that shit.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Entertainment is absolutely a waste. It's only possible because pampered first worlders don't have to bother with things like mending their shoes, making clothes, gathering resources, or growing food, thanks to the enormous flow of resources and outsourcing of labour from the third world.
Fuck pampered first worlders.
No. And in this case "no" means you really shouldn't be asking this kind of question. The world is not better or worse, a specific application is, a specific scenario is.
Exactly.
It's also making stuff harder to repair, because new vulnerabilities mean you lose the ability to fix it yourself.
Think about a fingerprint reader. In days gone by, they were simply cameras and you got an image from them, then run your algorithms on them. But nowadays it's such a big deal that fingerprint data must be encrypted and if your hardware supports it, sent over a secure bus to a secure processor, using PKI encryption to ensure both endpoints haven't been compromised.
All this because a bad actor can replace a fingerprint reader with a compromised version that perhaps either stores an image of a fingerprint for later replay attacks, or transmits it to a third party (via RF or other means - fingerprint readers are large chips). So now the device itself needs to tell the other end that it hasn't been changed out with a malicious version. But as we see, it breaks repairs - you cannot replace anything the fingerprint assembly is bound to anymore.
You're bound to see this with other things like recognition cameras, touch screens and other things eventually too. Touch screens and displays are next - soon you'd want authentication functionality done in a "secure mode" where the user OS no longer authenticates or locks the system - it simply calls out to a "secure OS" that verifies everything is in order (no security-critical hardware was been replaced or otherwise tampered with) then pops up the lock screen. And until the secure software releases the display and touchscreen, the user OS cannot display or get input. But again, it means break your screen, you need to get an authorized repair (can't have screens transmit everything you see to a third party, or selectively take screenshots when they recognize something being displayed).
And why would you do this? Well, it would make those grey box things no longer functional - if the secure OS has the screen and touch locked out, it makes it hard to break into the user OS - you're at the mercy of whatever the user OS may give you over that one port - without the code, the user OS can display a "do you trust this device" dialog that never can be shown or interacted with because the secure software has taken control of the display and touch hardware, and thus the user OS prevents access to user data.
All this means though, the inability to change screens.
"I can't help but wonder though if I (and my team) would have been X times more productive or have come up with some amazing new concept or feature, if we didn't have to deal with implementing security measures."
No, security has to be baked in at the design stage and would have no deleterious effect on the implementation of amazing new concepts or features. It's patently obvious that in the rush to get out new features the innovators failed to come up with a design that can't tell the difference between executables and data and don't run executables downloaded over the Internet through opening an email attachment or clicking on a malicious URL.
It doesn't matter.
If everyone was altruistic, we wouldn't have time to entertain ourselves.
Entertainment is literately the commercialization of "timesinking" , and with it, typically opportunities to drain you of wealth.
Do I need Cable to live? No. I could buy a soccer ball and get 20 years out of it playing soccer against the wall of my house when I'm bored, but that doesn't entertain me more than a few minutes at a time.
Where we have a real problem is that there is too much "bad" entertainment, and thus the people who are paid to produce this bad entertainment don't learn to not make bad entertainment.
Warner Bros and Disney will keep pumping out movies while the people who work on it are slowly drained of their time and wealth by the companies they work for, and the people who buy the worst of their products will keep producing "a market" for that slop.
If we really value our time and money, don't see films at the theater. Wait for it to come out on Netflix, and only subscribe to Netflix for the month needed to watch it. Netflix use directly correlates with people who are actually entertained by the content, unlike the theater which counts ticket revenue, but people avoid going to the theater because it's a bad experience ever since everything became "3D" and 20$ boxes of popcorn.
There are plenty of non software products where designers must incorporate elements of design that to protect users. For example: durable goods, small appliances, bridges, stairs. Vehicles, etc. Software should be no different.
The tendency with sophisticated hi-tech security, is to rely too heavily on hi-tech security, and to rely less and less on human intel.
The world is undergoing a profound revolution in self learning artificial intelligence. In the future, AI bots have to do a better job in distinguishing bad actors from good actors. We recognize that AI bots are smarter than humans in many tasks, and those tasks are becoming more and more numerous. Our expectations for smarter hi-tech security will increase in the future. But after every invasion of personal privacy, and after every new attack on innocent lives along with collateral damage, we will realize how great is the importance of human intel supplementing AI bots in hi-tech security.
And NOWHERE is there a lack of bad actors.
What a spectacularly stupid question.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The world needs an entirely new protocol to replace the outdated protocol of TCP/IP. As the internet of things becomes more widespread, the need for a better and safer protocol will become increasingly evident for greater security.
A new protocol replacing TCP/IP will have to insure greater and more reliable privacy for good, innocent, neutral actors. The new protocol will have to make all devices, including computers, impregnable from outside attack. The new protocol will have to solve the problem of man-in-the-middle attacks.
Intelligence gathering in the future will rely on gnat sized devices that leave bad actors no room for escape. Man-in-the-middle spying by governmental agencies over the internet will be rendered irrelevant, as a result of tiny new devices that will gather intel beyond the internet highway.
With these new devices, Vladimir Putin will be spying on Donald Trump directly, and Donald Trump will be spying on Vladimir Putin directly, while Xi Jinping will be counting his renminbi and planning his next silk road circling the (Chinese) globe.
See subject: Grow up & get over your butthurt weasel - impersonating me is an obvious sign you're butthurt.
APK
P.S.=> Whatever the cause of your butthurt is, you caused it for yourself - grow up... apk
developers like this are a part of the problem. CS should be working on ways to address this from ground up, and yet too many pursue bolt on solutions. Maybe cause that's where the money is.
You hone your skills by writing secure code and thinking in terms of security or the black hats will hone _their_ skills by hacking your naive butt from here to div/0.
Warner Bros and Disney will keep pumping out movies while the people who work on it are slowly drained of their time and wealth by the companies they work for, and the people who buy the worst of their products will keep producing "a market" for that slop.
Worse than that, disney keep selling the same movies again every few years, each time targeting new kids with the same old crap rather than making any effort to create any new content.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Is the "world better" because our bodies have the ability to detect and defend against threats?
It's the same question, and I think the answer is yes, we could not have complex life without complex defenses.
NOTHING can tell the difference between
1> a program deliberately written to do something bad,
2> a program that does something bad by mistake
To make this determination requires solving the halting problem. You can not pre-determine the intent of a non-trivial program. This is the root cause of most computer security issues.
What you can do, is to pre-determine which side effects of running the program you are willing to allow. Most systems place NO limits on side effects of a program, however capability based systems do exactly this thing.
Bull. Music, art, dance, board games - these things exist in practically every culture in the the world, and have for at least several thousand years. Poverty is no great impediment to entertainment. Even in our hunter-gather days it's estimated that the average person only spent a few hours a day in survival-oriented activities. Abject poverty, along with the idea that anyone should spend more than half their waking life at work, are purely modern constructs of greed-oriented society.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Sure it's a timesink - but there's no need for constant labor, it'd be a complete waste. We could give every person on the planet adequate food, shelter, and medical care using only a small fraction of the current global productivity. After that, pretty much everything else is about either increasing future potential or entertainment.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
The fact that you had time to post that waste-of-space comment of yours proves that you are one of the "pampered first worlders".
We want to make the world a better place, but so far most attempts have failed. The alternative was to create weapons, including but not limited to, sticks and stones, bows and arrows, blow pipes, knives and guns. We assume that security means organisatiions and procedures for protecting our loved ones. Security improves out chances or survival a bit by making it harder to harm us. However, the other side has arms, tactics and strategies designed to harm us, which loads to an arms race and lowers the effectiveness of security. In the extreme case of nuclear weapons, our defences may actually increase the amount of harm we suffer from conflicts up to the extinction of our species and many others.
Now we assume the Asker of the Question is interested in automated security....
- weapons: passive objects which a human wields for protection
- obstacles: things like walls that improve security without human intervention
- automation: devices that will respond to events. Firstly you think about automation in the form of snares, tripwires, pitfalls, etc. But then you can extend it to machines that can killl, but also devices like car alarms that merely signal a danger.
The term security may be extended to cover any aspect of the design of electronic, electro-optical, electro-mechanical and computer-controlled devices with the purpose of making exploitation of the device harder for non-legitimate users and uses. This usually has limited effectiveness as the abuser is always more intelligent than a machine can be, even if the attacker is a machine.
Does the works of Melkor and the ensuing struggle against the Valar make Arda stronger for the Second Music? Would the second music be as beautiful without the struggle?
I am sure trying to upheld computer security is always costing a lot money and effort, (and it seems bad guys keep winning and keep getting more successful), but is that means we should just give up? :-)
Is computer security an unsolvable problem, so any attempts are a waste?
I think that is quitter talk!
Our tough situation just means we need to get tougher, or else!
I think compilers and OSs which were designed/created before the internet are the problem!
I think sandboxed VM OS (like Android/iOS), must be made standard (and mandatory!), for ALL computers connected to internet!
I agree with your point "computer security is a necessary response to the realities of a more interconnected world." That said, in many cases, I feel the deeper issue is, as in my sig, the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
I write about those ironies in regards to militarism here: http://pdfernhout.net/recogniz...
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing."
But if we think about computer network security and bad actors, many (not all) bad actors are in it for the money. The ironic aspect is that the power of computing tools make is easy for a few people to make a lot of trouble for many people. So, a few people send spam email to make money for themselves which then makes it hard for others to use email to create abundance for all. Or a few people spam wikis to make money for themselves in turn making wikis harder to use by others to create abundance for all. Or a few people crack into other types of knowledge sharing sites again to make money for themselves making it harder for scientists and engineers to do collaborative work. Or a few people inject malware into ads to make money for themselves which makes it harder for other people to learn new information from the web they might use to build a better world.
These sorts of socially costly bad actions reflect a narrow view of self (selfishness) and/or also short-term thinking.
I just started reading Vernor Vinge's "Rainbow's End" novel that touches on some of these ideas of technology as an amplifier: https://en.wikipedia.org/wiki/...
I forget where I first read this, but an economist wrote that the cost of doing business goes up greatly when there is less trust. If we had to harden all the power lines and phone lines and then armor all our cars and bar all our windows and so on, daily life would get a lot more expensive. One can see those sorts of costs rising in places where social order breaks down.
In physical day-to-day dealings in, say, much of the USA or Western Europe, we don't worry too much about copper thieves stealing power lines or stealing phone lines or doing other similar sorts of behavior because there is a certain level of trust making relatively insecure installations possible. That level of trust has arisen from a level of shared abundance. Trust also comes indirectly because there are also laws (backed by police and courts), norms (backed by neighbors), and effort costs that discourage most people from being anti-social in such ways. Lessig in Code 2.0 writes on ways human behavior is shaped by a mix of such rules, norms, and prices.
Or, as in the example you provide, trust may be more feasible in smaller groups where everyone knows each other and can see fairly easily what is going on.
So, I can wonder if computer networks will not settle down until we have better laws, norms, and prices governing their use. That is harder given, as with "interconnected", the fact that human actions across networks typically cross multiple legal jurisdictions and cultures and identity of actors is often hard to assess. Broad trust on the internet encouraged by laws, norms, and prices may be harder to foster these days -- even though in the early days of the internet, where most internet nodes were academic or military or government and reflected institutional norms, and where network connectio
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
If only that were true.
A very small portion of global spending goes to entertainment.
Simple objectives don't meet simple methods to obtain them. You know how much time is wasted handling paper records? Well electronic ones solve that, but require industry to support them. It's actually a net positive but it diversifies the workforce.
We no longer spend most of our time farming, but to say the extra work is unnessecary is too simple minded.
Everything beyond food, shelter and (arguably) medical care is by its nature unnecessary. *Desirable* maybe, but not necessary - and thus I would group it into some form of entertainment - science (satisfying intellectual curiosity = entertainment), dining out (spending less time cooking, more time focused on company = entertainment),etc. And of course, lots and lots of busywork that produces very little of value other than jobs to keep people fed, and could be eliminated without any loss so long as the Puritan/capitalist idea of jobs determining self- and social-worth (and wealth distribution) went with them.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Since then, technology and its security systems have evolved dramatically. But so has hacking. Tools stolen from the NSA are now in the hands of those they were fighting. One has to be pretty adroit to keep up with what's coming down the pike and find the right strategies and techniques to protect their stuff.
I see all this as technological Darwinism, an evolutionary fight for the survival of the fittest information systems, networks and telecommunications, ensuring all those proficient in IT security, which not so ironically includes hackers, a very comfortable living.
There is some truth in that. Sometimes there is a trade-off between certain types of security and convenience.
Also, it's VERY inconvenient when the system goes down entirely because it wasn't secured. The easiest attacks are generally denial of service attacks, so if you pay no mind to security you can expect the service to be unavailable frequently. A bit of security would make things a lot more convenient.
It's also pretty darn inconvenient when the system gives wrong results, such as when your bank balance is $10,000 less than it should be, because of a security problem.
Also, as others have pointed out, the definition of security is:
A secure system continues to operate properly, even when under attack.*
That implies that a secure system operates properly when NOT under attack. A system designed based on security principles doesn't crash, doesn't give wrong results, etc - even when it's under attack, and especially when it's not. A secure system is one that won't screw up *even if you try to make it screw up*, which means it's reliable when you're not trying to make it screw up.
Security has three parts, abbreviated CIA. A secure system provides confidentiality, which is the first thing most laymen think of. The I and A are also important. Integrity means the system provides correct results. Databases designed by application programmers rather than database architects often at this, especially load, when concurrency causes issues. Availability means the system doesn't go down. Earlier today we saw yet again how poorly Slashdot does in this regard, as the site was down AGAIN for several hours.
* That's the Morris definition of security - a secure system is one which continues to operate properly, giving correct results, even when under attack.
Dreaming of a world where developers can (continue to) be irresponsible and ignore security is a wasted effort. Stop the mental masturbation and procrastination, and just accept that you need to take security in mind.
Wishing that bad people don't exist is stupid and a waste of time. Unless you're running a campaign, then it's a great tactic.
See subject (lol) & the viral hit by "The SoyBoyz": ''If you're going to TransManCisco? Be sure you wear your jimmyhats + bring Preparation H there. If you're going, to TransManCisco... You're going to meet a lot of transtesticle monsters and soyboy not men there. All across the nation: Surgical sawblade vibrations! Surgeons in motion, Sawing peckers + ball off tossing them into the SF Bay Ocean...'
/. ... apk
* They're playing YOUR SONG again - hahahaha classic!
(Only way "your kind" would EVER get any notice &/or notoriety...)
APK
P.S.=> Quit projecting your own mental issues onto me as you cut & paste MY posts all over
Abject poverty, along with the idea that anyone should spend more than half their waking life at work, are purely modern constructs of greed-oriented society.
I was with you until that sentence. Abject poverty and spending more than half your waking life at "work" tasks long, LONG predates modernity.
I work for a medium-sized, niche-industry software company that's listed on the NYSE. Due to compliance reasons, they "must" implement Web filters, but choose to use a canned product, which misidentifies sites like StackExchange, mit.edu and other coding forums as "marketing/merchandising" or "personal blogs." They also make heavy use of open source (read "free") to keep costs down. And finally, they feel more secure using jamming devices to prevent cell connections inside the building. At any given moment, two dozen engineers are standing outside, trying to use their phones to access needed forum posts or debugging info. The company's stance is that, "engineers should already know all that stuff!!"
The upshot is that coding takes five to ten times as long, and often entails arguing with some senior executive about why we're standing in the parking lot at 9:15 in the morning. This company is located in a non-tech city, but Amazon and Apple are both about to open tech facilities. Part of the "security practice" that's been recently added are new NDAs that imply you can't write code any more if you leave this company. In short, the security tech is being used as an excuse to promote slavery. I wish it would go away.
I'll admit I use "modern" in a somewhat long-viewed sense. But estimates are that our hunter-gatherer ancestors averaged about 3-4 hours per day on survival-oriented tasks - we were truly the kings of the animal world. Agriculture changed that considerably - but even agriculture involves long months of relatively idle time to counterbalance the crunch of planting and harvest.
--- Most topics have many sides worth arguing, allow me to take one opposite you.