Max: Is that the latest trend in workstation design, Adil? It looks stylish. Adil: Shut up. It's Steve's idea of security. Max: Can't fault him, that brick has a “100% immunity to hacker” stat.
Adil: It also has 0% productivity. Max: It's the name of the game. Consider a crossroads. There is a way to make it perfectly safe. Adil: How then? Max: Fill the intersection with a giant rubber-padded block of concrete, and configure all traffic lights to be eternally red.
Adil: That's the most useless crossroads ever! Nothing can move! Max: Exactly. What cannot move, cannot collide with anything else. Perfect security! Adil: The worst thing about your idea, is that sometimes I feel the government is already trying to implement it.
Max: Adil got his laptop back? Steve: Yep. For some strange reason, he was not content with his brick. Max: No fallout from that ransomware thing? Steve: Nope, I'm always up to date with the latest CVE reports.
Max: Isn't that a never-ending effort? Steve: It's OK. Many CVEs are purely theoretical anyway. As analogy, suppose your house is vulnerable to an arsonist who exploits a flaw in your TV set, by plugging in a special USB stick that causes the TV to catch fire the night after you watch episode 42 of your favorite show.
Max: Hm, if arson is the sole goal, and the exploit requires physical access anyhow, why not just douse the room with gasoline and light it? Steve: Indeed, and some CVEs are similarly far-fetched. Theory and practice are not always aligned in the minds of people reporting security exploits…
Story arc: Security Shenanigans
SONAIS 47 - Tuesday, March 26, 2024
References: Alanis Morissette - Ironic (containing many bad examples of irony—isn't that ironic?)
Zhang: Captchas are becoming increasingly obnoxious. I wonder how many real people are becoming unable to get past them. Heidi: Indeed, if I need to solve a certain type of captcha on a regular basis, it becomes really tempting to automate it.
Zhang: But… isn't that exactly what captchas are supposed to prevent? Heidi: It is, but when solving those annoying puzzles over and over again, enough motivation is being built up to spend effort on whipping up a vision system or training an A.I. model.
Zhang: Seems like captcha designers are fighting a losing battle… Heidi: Actually they might unwillingly be one of the main driving forces behind a lot of A.I. research. Zhang: That smells like peak irony. Quite the better example than ten thousand spoons…
Max: Installation instructions: “fetch shell script with cURL and pipe directly to sudo.” Why am I feeling extremely uncomfortable every time I encounter this? Heidi: Because you're basically giving random people on the internet root access on your machine. Is it a HTTPS website?
Max: Not even that, plain HTTP. So, not only should I trust the script not to wipe my disk, I should also hope no man-in-the-middle attacker turns my computer into a botnet drone. Heidi: I reckon you're going to first download the script and review it?
Max: Hell no, I won't read 1000 lines of Bash with an embedded tarball. I simply trust the hive mind of all previous downloaders to tar and feather this project if it would be malicious. Heidi: But what if you happen to be the first downloader? Max: Then I must be prepared to melt that tarball and gather feathers.