And violating [an app’s] terms of service puts you in jeopardy under the Computer Fraud and Abuse Act of 1986, which is the law that Ronald Reagan signed in a panic after watching Wargames (seriously!).
I watched it two days ago, that’s tragicomic.
I know, right? Like how the hell do you get worried from such a silly movie… Unless he knew the us military defense systems were in fact that weak, against people and their telephones.
Nah, Reagan was just a wuss.
Of all the things that happen in the movie, the thought that someone will have hooked a top-secret defense computer up to a modem is the one that is the absolute most believable.
Like, it’s entirely going to have happened at some point.
I kind of expect it to be required, SCADA has had plenty of ancestry. But you’d expect the NSA to have been consulted on how to prevent interaction with the general public…
for several years in the early 00’s, the process for getting security clearance involved no background check, just knowing who to ask. they literally rubber stamped it.
getting a fed job or something still did, but just security clearance, on its own, for anyone? just ask. not even nicely.
I did a security clearance interview for someone a while ago, and the agent they sent was very polite and the whole conversation ended up being about if my friend pirated media.
I was very confused and had no idea what his media acquisition methods were, and no idea why that was literally the only thing I was asked during the interview.
it WAS dealt with pretty quick, but yeah I bet it’s still pretty absurd, even if they at least ask… some questions?
I love Star Wars EU mostly for correctly showing how societies work in such regards.
When something happens there (unconnected to ancient magic), it usually involves a few pretty mundane snafus, and even if descriptions used make tech people and engineers cringe, the general situation just makes sense.
TCW and Disney era, on the other hand - ugh.
The story goes that, after watching the film, Reagan asked the chairman of the joint chiefs of staff ”Could something like this really happen? Could someone break into our most sensitive computers?”, and, after looking into it for a week, the general came back with the reply “Mr. president, the problem is much worse than you think.”, which prompted Reagan into setting off a series of interagency memos and studies that led to the signing of classified national security decision directive NSDD-145, “National Policy on Telecommunications and Automated Information Systems Security.”.
So… yeah, things probably actually were that bad, or even worse (except for the AI bit, of course).
Has there ever, once, been an infosec issue that doesn’t result in an investigation and someone then going ‘oh my god, this is worse than anyone could have imagined’?
Teaching rocks to do math was a terrible, terrible idea.
If it wasn’t an infosec issue (because no math rocks), it would be an opsec or comsec issue. We’re the weak link unfortunately.
also, just imagine the threat was that defense systems could be invaded by your average citizen.
Let’s put resources to making them secure then, right? Nah, let’s just make it illegal to guess passwords. That will surely prevent bad things from happening.
That’s how I feel about it as well. Better to upgrade the safe than to add warning posters.
basic state logic.
they’re incapable of sucking less. their whole episteme is about centralizing, about reducing thought the farther it gets from the central authority (whether that’s one guy, a class, or a building like the pentagon), but you CAN increase violence, threaten, flatten, disable, basically wherever.
The nuclear codes for decades was 00000000. That’s all you needed to launch nukes.
Our cyber security was atrocious
At least now it’s 00000000!123
Maybe it’s my ADHD, but I actually feel much better (very light and easy) reading such things. Nukes with zero launch codes, laws being made after watching movies for teens, Soviet caliber differences intended to make Soviet ammunition just a bit too large to be usable by the potential enemy, BTR-1 being basically a transport so that infantry wouldn’t die while traversing nuked land, thus with no real protection against anything, and so on.
I mean, nuking another country by mistake is better than not nuking it when necessarily, or so someone judged. But some other people wanted some protection against fools, so theoretically they had that.
The last time Congress managed to pass a federal consumer privacy law was in 1988: The Video Privacy Protection Act. That’s a law that bans video-store clerks from telling newspapers what VHS cassettes you take home. In other words, it regulates three things that have effectively ceased to exist.
Corey Doctorow always hits so hard
And even though it’s being labeled as a “consumer privacy law” it was actually spurred by a politician getting upset that people might find out what he was renting. It was a self-serving law that had the side effect of also helping consumers.
Wasn’t it because a couple of anti-porn politicians were outed as having renting porn tapes (yet another thing that doesn’t really exist anymore)
IIRC that was what happened.
That’s exactly right. It’s called the bork tapes, and it gives rise to the eponymous phrase, “getting borked.”
I wonder if there’s any case law that could support applying that law to other media, such as preventing streaming sites from handing watch history over to the media.
Okay. I’ll allow it.
Great read. Great summation of the last 30+ years.
Longer than I wanted to keep reading, not dissatisfied that I kept reading.
Thanks for your comment, it encouraged me to actually read the article and I completely agree. Long but worth the read
And your comment encouraged me to immediately read the entire thing haha
Always sweet to see folks incentivize each other to engage with content!
For anyone still daunted by the article, I expect the DEFCON channel will upload this talk soon, which might be more up your alley.
Let me save you the time and summarize the blog post - internet got worse, big tech is bad and the author is just ranting how bad it is nowadays. Nothing new, no idea how to fix it, just complaining about the modern world.
I’m not saying the author is wrong. It’s just I heard this many times before.
You didn’t read it. Also why is it when someone takes time to address an issue like this, there is guarantee a post like this to dismiss it in favor of basically doing fuck all. Like the implication here is that you’re trying to diminish the effort for what? What’s the reason when you didn’t even read it.
deleted by creator
The entire second half of the column is literally how to fix it.
I think we have read a different blog post. There was something about Google’s antitrust thingy and that all big tech should be regulated but no straight solution were given.
Again, I agree withe the thesis but honestly, anyone who’s focused on privacy would tell you the same but in way fewer words.
BTW, similar issue was raised in The Age of Surveillance Capitalism. Pretty good read.
You think Cory Doctorow isn’t focused on privacy?
anyone who’s focused on privacy would tell you the same but in way fewer words.
Corey Doctorow literally wrote the books on privacy. He coined the term Enshitification. He’s even been portrayed as a guest character in a couple of XKCD comics. Generally he’s someone to listen to on anything security, privacy or tech policy related
No, fart_pickle knows all.
There was 2,177 words in the “how to fix” portion of the blog post, you dumbass.
The author of this post, Cory Doctorow, literally coined the term “enshittification” in a prior blog post. I think he of all people is allowed to continue talking about the topic as much as he wants.
The article proposes restoring competition, regulation, interoperability and tech worker power as response; in case anyone was wondering.
And the solution for world hunger is to distribute food from rich countries into the poor countries. Here, I’ve fixed the famine issue. Do you get my point? It’s easy to say what to do but when it comes to the details, all those preachers fail short in giving the real solution to the real problem. As I said before, this is just a rant about how bad modern world is.
These are problems that require legislative action to fix, which is why he is encouraging the nerds and hackers who will be most affected by tech policy and understand the tech the most to start meeting with their legislators to discuss tech policy as it comes up for votes
When software changes in a way the user dislikes there’s often no choice but to put up with it or stop using it, because it’s proprietary. I think this could be fixed if people were to adopt the value of free software and began to ditch proprietary software.
It starts small.
Use FOSS. If you have a few spare ducats, throw it the way of the developers who make the software you use.
Encourage the use of FOSS at your work. Be a gentle evangelist for FOSS when it is appropriate and useful.
Everyone doesn’t have to use Arch and hand code their own kernels to win. All that has to happen is for Microsoft and Apple to realize that their current superiority is under siege and that if they do not comply with the desires of their users they will eventually be ousted.
Hopefully more people will start to use Linux. When there are more Linux users than Apple users that will be a good start, and with all of the enshittification Microsoft is adding to their flagship os, it has never been easier or more convenient to try a Linux.
If you would like to show people a great and easy way to try out some free and open source software on windows, I highly recommend ruckzuck.
It’s an all-in-one downloadable portable that lets you browse through a large variety of the various FOSS programs that are available for Windows, conveniently sorted into their general use purpose and then with a quick easy blurb explaining what the software does and allowing you to install it with a couple of clicks.
Further, if you already have some of this software installed, it will scan your system and if there is an update available it allows you to apply all of the updates with a single click.
It has become my go-to software for setting up new computers, and I cannot recommend it enough.
Everyone doesn’t have to use Arch and hand code their own kernels to win.
Why do people write as if using Arch were hard. It’s just messy. Stuff breaks and it’s considered normal.
LFS maybe.
Just because it seems daunting, that’s all. I’ve done the arch thing, it was fun, somewhat laborious though.
I vastly prefer Mint or Debian so far.
I’m using Linux and other Unix-like systems for 12 years, and at this point I suspect I’d be fine with something like Debian too, if the hardware is not too new.
Slackware was always the coziest of Linux, but its kind of stability causes security issues in the modern world. And if you think Arch is laborious, while it has package management with dependency resolution, AUR and so on, then Slackware is even more of that. And I’d need multilib for Wine, which takes some manual actions and version tracking.
Using Void now, it works, but I guess some change wouldn’t be bad. If I need pkgsrc, it works on any distribution.
There’s nothing wrong with proprietary software as long as it’s respects user’s privacy and doesn’t do crazy licensing stuff.
It is very difficult to tell if a program is respecting user’s privacy without the source code to verify what it’s actually doing. When you can’t see or change what it does then the developer is the one in control of the computing, and even a good intentioned dev will have to resist the temptation to gain at the user’s expense.
VSCode is open source and yet Microsoft still pushes telemetry crap into it.
One advantage of FOSS is that you can fork it! VSCodium (presumably, I never really checked) takes all of the crapware out of VSCode.
Being open source doesn’t prevent the software being made with features one may dislike. It does mean you can actually investigate what data is being collected and decide if it shouldn’t be doing that.
When I have installed Windows I’ve clicked “no” many questions asking if I was X feature on, and I could only hope it was respecting my wishes. It was probably still collecting data it didn’t even ask me if I could turn off.
Just ratted on yourself and dipped, huh?
I’m waiting until someone invents antidisenshittificationism
I think you just did. Good job, you get a cookie 🍪
Is this a third party cookie?
of course.
Yes, we are monitoring
The telephone jumped the shark a few years ago. Now no one expects using the phone for legit business. Now it’s email.
I ask everyone I give my number to to text me first so I can verify
The solution is to reject any monetization of anything online. Anti advertise. If a content creator has ads take a minute to talk about how the product is the worst. Maybe it started a fire from a friend of a friend basement and killed their whole family. Maybe it made someone you know infertile. If a marketing team acts like a celebrity to promote rampart, you do what we all did in the rampart ama no matter what it is. Reject anyone trying to monetize and capitalize on the internet until all the assholes that running ever other medium leaves.
If we all collectively did that (not happening), we’d remove the main funding for content hosting, which means we’d get more paywalls. That’s not what I want at all. Information should be freely available, we just need to make options to avoid the advertising. For example, I pay for Nebula, because I find enough content there that I enjoy, and my understanding is that the creators get a larger chunk per watch vs YouTube. That works for me, but it probably doesn’t work for the average person.
I would like to see pay-per-watch become mainstream. So I could, for example, load a balance into my browser and press a button to view content w/o ads by paying a small fee (like a couple pennies here and there). The browser would ensure that transaction isn’t traceable to me (protects my privacy), and they’d pay the content creator on some schedule to reduce transaction fees. The cost to me is whatever the creator would make from ads, and I can choose which content to pay for or not. It would also make it really easy to add a tip if I found a particular piece of content particularly engaging.
Amazon used to sell products, not Shein-grade self-destructing dropshipped garbage from all-consonant brands.
I knew it wasn’t just my imagination. Amazon has been filled with cheap Chinese knock-off brands in recent years, to the point where I may as well be using Temu or Wish for a bargain.
If you went from the internet’s storefront to an upmarket AliExpress, that’s not a good sign.
Just my last two orders:
- expensive quality Covid test -> get the cheapest, which stopped working properly at Alpha / Beta
- 3M respirators for $ 4 a piece -> a literal fake, hard to see, but it breaks already when putting on. 1 hour in support chat to convince them that something is wrong, but only got my money back, no investigation into the seller or product
I will stay there for now though, because it’s still a great software, easy to use
I remember the “big movement” when Twitter turned into a right wing cesspool.
At first, the biggest problem was that there were TWO main alternatives: Mastodon and Bluesky. So those who left split into two groups, ending up with a dead timeline, missing out on news. (I and my “bubble” use it to keep up with Covid vaccines, politics, safety etc.)
I joined the Mastodon group, because it solves the problem of a single crazy billionaire potentially buying & enshittifying it. But I fully admit that it is not user friendly at all. People who are not in IT just want it to WORK, like Twitter used to. They don’t want to “educate themselves” about servers, fediverse and networks. The user experience clearly hasn’t even been a thing. It’s techies writing software for themselves. What it needs is a full analysis of the experience from the start: Who are you, user, why are you considering Mastodon, what are your expectations, what are the experiences in the first 30 seconds after entering “mastadon” (oh, you misspelled it?) or “twitter alternative” into a search engine, etc. “pick an instance” is already the passive-aggressive demand nobody wants to hear.
In the end, my instance was shut down without a fair warning, all the reconnected and new contacts lost, no option to move. Trying Bluesky now, but many stayed at Twitter (now X), moved to Mastodon with or without success (most onto my dead instance), or gave up on microblogging.
I think we need something simple again. I remember what SUSE did for Linux in the 90s. Linux users were all like: Only debian is even somewhat useable, but if you should really do LFS. Non-techies willing to switch for “political” or other reasons were hit in the face with “Pick a distro!!!”. SUSE has been called “the Windows among the Linux distros” by those people, but it did the right thing. It provided exactly the simplification we needed: “This is Linux, you simply buy it on CD in a retail store like your other software, you run the installer.” It was a good thing.
IRC is the one good old thing that still works great. When they tried to enshittify freenode, we just moved, collectively. Many non-IT channels & servers died after 2010, though.
Five giant websites featuring screenshots of the other four.
Holy shit.
