At Tux Machines, educator and author, Andy Farnell, explores the problem of why we can't teach cybersecurity, whether at universities or trade schools. We've gotten to the point where neither the politicians nor the vendors themselves know or care what they are talking about in regards to device ownership, trust models, updates, conflicting laws, and most of all security theatre.
Big-tech corporations are insinuating themselves into our public education and health systems without any proper discussion around their place. It is left to well educated individuals to opt-out, reject their systems, and insist on secure, interoperable choices. Advisories like the European Interoperability Framework (EIF is part of Communication COM134 of the European Commission March 2017) recognise that tech is set to become a socially divisive equality issue. The technical poverty of the future will not separate into "haves and have-nots", but "will and the will-nots", those who will trade their privacy and freedom for access and those who eschew convenience for digital dignity.
As the word "infrastructure" (really vertical superstructure) has slyly replaced ICT (a horizontal service) battles have raged between tech monopolies and champions of open standards for control of government, education and health. The idea of public code (see the commentary of David A Wheeler and Richard Stallman) as the foundation of an interoperable technological society, has been vigorously attacked by tech giants. Germany fought Microsoft tooth and nail to replace Windows systems with 20,000 Linux PCs in 2015, only to have Microsoft lobby their way back in, replacing 30,000 desktops with Windows 10 in 2017. Now the Germans seem poised to switch again, this time taking back all public services by mandating support for LibreOffice.
He closes by calling out the current computer technology sector as being about power and alliances. It is more a part of the problem than a part of the solution in regards to ransomware, malvertising, and political manipulation.
(Score: 2, Insightful) by Anonymous Coward on Monday November 29 2021, @06:53PM (13 children)
It's not a mystery. Just ask teachers what works. Stop all the top down initiatives and paradigms. For some reason, every bozo in charge seems to want to revolutionize the education system. Go away, you're making it worse.
(Score: 0, Troll) by Anonymous Coward on Monday November 29 2021, @07:02PM (4 children)
Yeah, lets trust the same people that are trying to teach that women are men and men are women and that every white child is a racist. Trusting teachers? I'm struggling to guess whether you intended a /s tag.
(Score: 0, Troll) by Anonymous Coward on Monday November 29 2021, @08:06PM
Found the home-schooled one. Let me guess... 8hr bible studies today?
(Score: 2, Touché) by Anonymous Coward on Monday November 29 2021, @08:15PM (1 child)
Not every white child. Just the ones like you.
(Score: 0) by Anonymous Coward on Wednesday December 01 2021, @02:16PM
This one made me smile
(Score: -1, Troll) by Anonymous Coward on Tuesday November 30 2021, @12:42AM
Found the incel! Whattup loser?
(Score: 4, Insightful) by MostCynical on Monday November 29 2021, @08:44PM (5 children)
this is actually... not going to work
ask Doctors? Simple EMR with no passwords (no time to fill in a user name and password!! just fill in a prescription stat!)
ask Teachers?
If they work in a school with students from wealthy families, technology requests will sound something like "I need a whiteboard I can print and share and ipads that have the same screen display as the white board, plus notes and students can submit work and get feedback..."
If they come from a school with students from poor families, it will be more like "more student meals and free shoes"
Field experts are rarely able to explain their technology needs .. or even think of the 'what ifs'... Tech companies find a product, then look to sell/force it on customers.
Will it be the RIGHT solution? Very unlikely. Is it easy to use (NOTE: this means "no harder than any other [BIGNAME] product", not actually, easy)
Does [LARGECOMPANY] care? No, sales and control of market and monopolization of the 'horizontals' and the 'verticals' is what [LARGECOMPANY] wants.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Monday November 29 2021, @09:12PM (3 children)
Golly, you sound most cynical.
(Score: 5, Insightful) by MostCynical on Monday November 29 2021, @10:25PM (2 children)
Cynicism is just what happens when idealism gets some work and life experience. Still an optimist - but I also have ended up with a career interpreting vague 'wants and needs' into buildable requirements (which developers then misinterpret, thereby ensuring I have more work, 'fixing' implementations)
Users may have a fantastic idea of what they need - but they suck at explaining it.
"Tech people" don't listen. They have a way of working, and they know best - if anyone has seen the promotion process in IT, ego and self-promotion get you to the top - completely separate to any contribution or actual success.
These issues are key contributors causing so many projects to fail (completely, or partially) in achieving the original objectives.. (lack of resourcing (people and money) is the other big cause of failures)
I am a cynic - also known as a realist.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by Mojibake Tengu on Tuesday November 30 2021, @08:48PM (1 child)
Seriously, correct orthodox abbreviation is G.I.T.S., not just GIS. Also, S.A.C. is more common than SAC in this context.
Consider me stickler but once I deeply offended and completely lost an otaku friend because I wrote FF7 instead of (correct form) FFVII.
Cynically yours,
...
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by MostCynical on Tuesday November 30 2021, @11:29PM
blame the character limit.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Interesting) by krishnoid on Monday November 29 2021, @11:15PM
Not to disrespect your cynicism, but they have the cheap shoes [youtu.be] angle covered.
(Score: -1, Flamebait) by Anonymous Coward on Monday November 29 2021, @11:51PM
One of the problems with that idea is that many times teachers don't know what works and what doesn't. If they've been in the field at all, they aren't in it now and have been left behind. I would sooner trust an evening school professor who actually works in the field during the day than an ivory tower professor who's just looking to publish his next paper.
(Score: 2) by driverless on Tuesday November 30 2021, @06:44AM
Yeah, we did a lot of that as students too. Problem is that most of the analysis we did while blotto didn't look so good any more once we'd sobered up again.
(Score: 1) by fustakrakich on Monday November 29 2021, @07:25PM
So, it's just like every other human endeavor, something quite fundamental, universal even. Are we surprised?
La politica e i criminali sono la stessa cosa..
(Score: 5, Interesting) by JoeMerchant on Monday November 29 2021, @10:16PM (6 children)
Well educated how? In technical matters of cybersecurity? Or in business matters of compatibility, mutual benefit - you scratch my back and I'll scratch yours?
Guess which one ends up in charge?
Better to ask forgiveness than permission is a common catch phrase. In this instance, it is better to do a deal with an insecure system and patch it later than to do no deal at all.
It's really going to take the big boys getting burned badly enough for them to insist on security from all their underlings in a meaningful fashion, not just a lipservice policy to enable them to qualify for the next big bid.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by MostCynical on Monday November 29 2021, @10:58PM (4 children)
"educated" people (scientists, engineers, doctors, teachers?) are also busy people.
busy people don't have time to care about this stuff - they just need to get on, doing a job, raising children, doing tax returns, etc etc.
Banks and others use 2FA, so they can show the compliance people they are "taking security seriously" (tick) and "doing something(TM) about security" (tick)
Anything that gets in the way of doing a task is annoying. People will circumvent and shorten any process or procedure, just to get things done - even if it opens their organization to huge risk.
they can be told about the risk - but they don't care, even when it is explained in clear detail, it doesn't effect them, even if it brings down a whole hospital, school district, or whatever
if it gets in the way of doing the job, it will be bypassed or ignored. User names and passwords on sticky notes is just human nature.
Stopping these behaviours is like "teaching" people to breath methane.. perfect systems require perfec
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1) by crotherm on Tuesday November 30 2021, @01:22AM (3 children)
This is why it has to be the responsibility organizations that offer the services to keep things secure. User should not get to decide security policy. Well that's the way it used to be, so long ago, when sysadms were king. :p
(Score: 4, Insightful) by JoeMerchant on Tuesday November 30 2021, @02:24AM (2 children)
In the end, this is what regulations are all about.
CE mark rolled out design controls in the mid 1990s, FDA followed suit for US medical devices shortly thereafter. They did it because the nature of competitive business is to cut corners, take risks, and if the shit hits the fan: file bankruptcy. Not a great standard for making products that put the consumers at risk of death or serious injury when they fail.
We're getting to the point where insecure networks are literally putting people's lives at risk. I'd like to see industry self-regulate and keep their own house in order without mandatory audits, procedural requirements, etc. but if history is any guide, we can expect those kind of regulations to start affecting large swaths of the internet in a few years.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 3, Insightful) by MostCynical on Tuesday November 30 2021, @04:29AM (1 child)
one of the fundamental questions that needs to be answered is "why are so many systems accessible on the internet?"
"Convenience"? Not really much of a reason/excuse//
Banks have to provide web pages and apps or lose customers..
Hospitals?
Medical practices?
Lawyers?
Schools?
A simple web-based client booking system covers most "consumer" interactions for most of these..
"Cloud" isn't a good enough excuse, either.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by JoeMerchant on Tuesday November 30 2021, @12:54PM
For sure... the first step I take in securing a system is to cut off un-necessary attack surfaces, starting with anything exposed to the open internet.
Thing is, inside a hospital the network is so large and uncontrolled, it's almost as hostile as the open internet. Once you get more than about 5 users on a network, you really need to switch it to zero trust footing because one of them will be bringing in a trojan or virus sooner or later. And hospitals do have legitimate needs to communicate internally among hundreds, sometimes thousands, of users / endpoints.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Tuesday November 30 2021, @04:20AM
The problem is that there is no accountability. There needs to be accountability.
If a company gives the same password to all of their interns and that company gets hacked and my user data is spread on the Internet the company's negligence is not victimless. They need to be severely fined for being so negligent. The problem is that they don't get fined and the victims don't get adequately compensated.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday November 30 2021, @01:53PM (2 children)
good read.
the "computer" is just electronics switching "logic".
humans have nothing to do. a factory that used to employee 100, now employees 10 humans 80 robots and 10 computers.
the way to save this dilemna is to " busy" work the 90 humans with excel, word and ... the internet.
i hope, we can be done with "switching logic" (computing for computing sake) and fight the real war with "switching power and energy" in silly-con ... and evovle to owning and producing our own infinite energy, free from having to be enlisted to fight (and real world die(!) for energy-barons energy wars.
long live the mosfet and h-bridge!
(Score: 0) by Anonymous Coward on Tuesday November 30 2021, @02:17PM
picture like this:
a spherical, huge, gleeming steel reactor with view-ports.
inside you see the wonderous world of "modern computing". rainbow-color flares of twitters and puffy clouds of facebook, with golden rays of emails; complex shapes of theortical models giving rise to other complex, even more complex shapes.
the poetry continues.
you look away at the factory floor you're standing on and see a old, stained cord coming from the reactor that plugs into a rusty 'ol oil drum with a mechanical level gauge.
in the background, people who, once in a while, open the reactor and pluck out people to "go behind the shed" to fetch a new oil drum.
all the while, in orbit, aliens in their sun-glared cockpit are frantically discussing why the tech inside the reactor isn't used to power the reactor itself and why some don't return from behind the shed ...
(Score: 2) by canopic jug on Tuesday November 30 2021, @02:51PM
the way to save this dilemna is to " busy" work the 90 humans with excel, word and ... the internet.
That was mentioned a little where the article makes reference to "bullshit jobs" [tuxmachines.org] as defined by the late David Graeber. He did some research into the nature and volume of jobs that add no positive worth to society [vox.com], with many actually having a negative net value to society. Things would simply get better if those jobs vanished, with the improvement being substantial for the removal of a subset.
The movement which has replaced ICT with IT is a far cry from creating a bicycle for the mind [youtu.be] as envisioned by the early leaders. The idea was that ICT was a tool to amplify abilities, especially in the realm of intellect. Furthermore, in the early days, computer science was supposed to be for everyone and not about just getting a job [wordpress.com]. Think of the great heights society could reach if all the bullshitters were somehow converted to activities which provided at least some positive value. For microsofters, though, that contribution might only be through marrow donation followed by rendering for agriculture.
Busywork is only useful for empire builders, and harms society at large. For the same money, those same people could be reassigned to work productively.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Tuesday November 30 2021, @03:07PM (1 child)
This is where I started. Great introduction to Cyber Security.
(Score: 0) by Anonymous Coward on Tuesday November 30 2021, @03:10PM
https://www.crime-research.org/library/grcdos.pdf [crime-research.org]
All the oldies are goldies.
(Score: 0) by Anonymous Coward on Wednesday December 01 2021, @06:04PM
Let me tell you about the real world. In the real world for most people it doesn't really matter as much as the cybersecurity scaremongers make out.
1) Keep backups
2) Keep more backups elsewhere
3) Nobody gives a damn about most people's secrets especially the secrets of people who can't learn cybersecurity.
If cybersecurity matters to you, you learn it.
On a related note - for decades credit card payments have worked just by knowing the number. Yeah there was some fraud but in the real world big picture it didn't matter.