Everything is Broken by Quinn Norton

Long read about how basically we're all totally vulnerable to malware and hackers.  He goes on and on a little – but it's worth a quick scan at the very least and he is kinda funny.

A quote from the article: 

"Computers don’t serve the needs of both privacy and coordination not because it’s somehow mathematically impossible. There are plenty of schemes that could federate or safely encrypt our data, plenty of ways we could regain privacy and make our computers work better by default. It isn’t happening now because we haven’t demanded that it should, not because no one is clever enough to make that happen."

Perhaps we should be demanding.  My guess is it will take a catastrophic breach to make anyone care.

Embedded Link

Everything Is Broken
Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piec…

Google+: Reshared 9 times
Google+: View post on Google+

10 thoughts on “Everything is Broken by Quinn Norton

  1. I guess so, too. Both users, government and companies still don't care enough about this. Fighting cyber crime is still new to the police, and then you have odd things like armed SWAT teams arresting geeky kids. Or detention orders for some Chinese army officers somewhere in China.

  2. Excuse me, but there are loads of tools in GNU/Linux which are great for security and there are more coming very soon.

    Also OpenBSD is the most secure OS because all the code goes through strict testing.

  3. I am afraid it will take a lot more effort than everyone running OpenBSD to take care of this mess.

    I have a funny analogy, here it is:

    I think Almo Nature is the best cat food due to strict quality control and only using quality food components and therefore all cats are well fed because mine eat it.

    I just felt like making a statement that is my deep conviction but nevertheless really off, so basically like that of James. Sorry, please don't take it negatively! I :)

    Let's assume that FreeBSD and OpenBSD are perfect forever. They are still not widespread enough that it helps the world as a whole at all. Windows, iOS, Android is what is more common and servers running on Unix/Linux are not safe from hacking either, unfortunately. And those are usually run by people more savvy in those matters than the average.

  4. +Michael Birke Sorry if I came off as rude. I see your point. I just think people could learn a lot from *nix in general. It baffles me as to why OS X and Windows are still very insecure.

    Also, the blame is not entirely on the software manufacturers, sometimes it's on the Hardware Manufacturers too, I don't think that security is the first thought there, just make it run, get the firmware working and forget about it.

  5. This article was almost entirely hyperbole and exaggeration as well as misleading comparisons. Sure there are bugs and exploits, however most of them require some user interaction to actually start. 

    There certainly is an issue, but its no-where near the degree that this guy makes out it is and he shows in the article he doesn't really understand the issues with his comments about C.

  6. The truth is, there is no such thing as an unbreakable encryption. No matter how well you think you encrypt something, it can always be decrypted. Here's an explanation of why. Right now, in 2014, most encryption schemas use AES.

    AES has been around since 2001 and originally used 128-bit keys. Computers back in 2001, trying to hack a 128-bit encryption key, could take 10+ years to hack. However, new computer processor improve about every 6 months and eventually, computers improved to the point where it could hack a 128-bit key in days rather than years.

    So what happened next? AES moved their encryption key length from 128-bit to 192-bit. So that fixed the problem. This was around 2006. So now, with 192-bit key lengths, modern computers of 2006 were back to taking a decade or more to hacking 192-bit keys.

    That was great till about 2011. Then the modern computers of 2011 were able to hack 192-bit keys in days again. So then AES came out with 256-bit keys (which is what we use today). A modern computer today would take a decade or more time to hack a 256-bit key. A few years from now though, a 256-bit key will be able to be hacked in days, then we will most likely move to a 320-bit key or a 512-bit key.

    So my point in explaining all this is to let everyone know that anything can be decrypted. We got the software technology to do it. Our limiting factor is our hardware technology. I hope my explanations were clear to everybody!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>