← Back to context

Comment by pferde

6 years ago

"Trust in closed non-auditable complex computer systems is something everyone has learned the hard way we should not have. The news is full each day of zero day bugs and exploits throughout the stack–from applications to operating systems and even down to the very silicon the whole stuff runs on."

If only. I suspect that only tech enthusiasts are aware of these issues. In the meantime, non-technical people only give you weird disbelieving looks when you mention this to them, and then continue ignoring it.

41 comments

pferde

Reply
teddyh  6 years ago

> In the meantime, non-technical people only give you weird disbelieving looks when you mention this to them, and then continue ignoring it.

It’s psychological. People can’t believe things which would make it too hard for them to stay the person they currently are. It’s almost impossible for anyone to do anything but ignore and repress such information. If you ask them later about it, they probably would deny even hearing it or having the conversation, because they wouldn’t actually remember it.

Ask anyone who tried to convince a sweeping societal change based on logical arguments. See what happened to Ignaz Semmelweis. You simply can’t convince people of hard things with logic.

  • Arnt  6 years ago

    How many crackpots have there been there for each Ignaz Semmelweiss, though? Ignoring weird people pays off if it saves having having to spend time on their far-out theories, even if Ignaz was right as well as weird.

    I personally think security has been spoiled by unrealistic advice. "Use PGP" is the worst, but it's not alone. A few years ago a mass-market device (tens of millions sold) asked me to enter my password three times within two minutes in order to carry out one single operation, and it demanded that the password be secure enough that I needed two kinds of mode-shift to enter it on that device's keyboard. Who takes that vendor's ideas about security seriously after experiencing shit like that?

    • teddyh  6 years ago

      Crackpots can be filtered out using logic, though. But people don’t do that; people filter based on how hard it would be to change in the proposed way.

      People might say that they want security, but when some logical person takes this literally and respond “Use PGP”, they might be logically correct (since as bad as it may be, there might not be any secure alternative to PGP), this advice will always be ignored because what people want is not actually security. What people want is to feel secure while not changing anything about what they are doing or how they are doing it.

      4 replies →

  • pas  6 years ago

    They just do the naive cost-benefit analysis: everyone uses it, successful people use these things, yet no bad things happen to them, why should I really care?

    • oblio  6 years ago

      And that behavior is rational. If I have 1 in 1 million chance of dying from a loose brick in a building falling on my head, the rational thing is to completely disregard this risk and live my life as usual, especially if I live in a city.

      8 replies →

  • papermachete  6 years ago

    Have you ever assumed it's not some weird psychological effect but rather that people aren't interested enough in technology? It's like trying to preach GPL to the average programmer; who cares really?

    • gimmeThaBeet  6 years ago

      For real, basically going straight to "their weak human-lizard brains can't handle the weight of reality bearing down on them" seems borderline comically presumptuous.

      15 replies →

  • icebraining  6 years ago

    > make it too hard for them to stay the person they currently are

    Why do you think people's identity is tied to the auditability of complex computer systems?

    • teddyh  6 years ago

      > Why do you think people's identity is tied to the auditability of complex computer systems?

      I don’t think that. I think people tie their identity to all sorts of things, including the obvious Apple and Android fans, but more importantly “user of mainstream apps”. Many people think they can’t be who they are (a.k.a. “can’t live”) without normal mainstream phone apps.

      People don’t have to tie their identity to this, but many do.

  • djsumdog  6 years ago

    I guess it's similar to being fully aware of one's mortality. You can't live in that reality without suffering quite a bit.

    • teddyh  6 years ago

      Yes, I see what you mean, and I agree that it’s a good analogy. But factually, the absolute version of that statement is wrong. You can, in fact, live with your own mortality without suffering. The process of arriving to that state of mind might require some suffering, though.

      I didn’t put you in a prison, Evey. I just showed you the bars.

      […]

      You were in a cell, Evey. They offered you a choice between the death of your principles and the death of your body. You said you’d rather die. You faced the fear of your own death, and you were calm and still. Try to feel now what you felt then…

      I… felt… like… an angel…

      — V for Vendetta, issue 7, 1989

rohansingh  6 years ago

> I suspect that only tech enthusiasts are aware of these issues. In the meantime, non-technical people only give you weird disbelieving looks when you mention this to them, and then continue ignoring it.

I didn't realize how true this was until just last week. My partner was having a conversation with her friends (non-techies) about phones. One person mentioned that they are skeptical about whether Android is secure because it is open source. And that's why they stuck with their iPhone.