::scr tales from the crypto

David Cantrell scr@thegestalt.org
Mon, 22 Apr 2002 18:49:04 +0100


On Mon, Apr 22, 2002 at 06:05:45AM -0700, jonah wrote:

> So, for example, for someone who didn't know how the dual key system
> works, then they wouldn't necessarily know how important it was to keep
> your private key locked up safe in your sock drawer. Okay, they *do* get
> various clues (such as the fact it's called a *private* key) and the
> documentation may SCREAM it at them, but who reads the
> documentation? Especially if it's given a good interface and becomes very
> easy to use and Just Works? So, they may leave their private key somewhere
> over-acessable, or even be tricked into revealing it by a cunning social
> engineer.

There's plenty more ways than that to compromise your key.  For example,
you need to ensure that it and any intermediate working data never get
written to the swap file (so, for example, you should never cut n' paste
your key into another app, and never try to open the file in another app -
that includes automated file viewers, your shell or GUI file manager, ...)

> >>Or should we just set the bar higher for users?
> >
> > Yes, I do think the bar should be set higher.  It shouldn't be a
> > 'hard' bar of course - idiots driving computers can hurt themselves
> > but not others, so we shouldn't ban them altogether.  But I would love
> > to see lack of computer-driving clue become as much of a social stigma
> > as lack of car- driving clue.
> 
> Now as those of you who know me realise, I'm very much of the "computers
> should be universally accessable" school of thought. Let's face it, the
> widespread uptake computers by the public is responsible for the current
> employment of many if not most of us.

No, it's responsible for the current employment of most of us *in our
current jobs*.  If it weren't for widespread uptake of computers, I'd
probably be a happy little engineer somewhere, or maybe I'd have been
assimilated by some nasty consluting firm - but I'd be happy cos I wouldn't
know any better.  The "computer revolution" neither created nor destroyed
jobs, it just shuffled jobs around.

> However, I can see the problems that arise from a lack of understanding of
> the technology all around me. After all, I'm not the only one to have some
> clueless fuck send me 5Mb email attachments when I'm on a dial-up
> connection, or vital information in a proprietary format that I cannot
> read.

They're not clueless fucks, they're ignorant.  Ignorance is a forgivable
sin.  Continued exhibition of clueless behaviour after being educated is
not.

Doing $silly_thing the first time is ascribable to ignorance.  The second
time, it's a mistake and can be forgiven.  The third time, it's enemy
action and LARTs are justified.

>       But as I think, from his post, Dave agrees, it's not a simple
> question of "computers should only be used by the Clued" versus "we should
> put up with the unClued in the name of equality, tolerance and keeping
> ourselves in work". What we really need to do is seriously swell the ranks
> of the Clued.

Yes, and if that means making life unpleasant for the Unclued then so be it.

>                                   I've always had a feeling that computers
> are the new cars (ever since I heard my first Loaded Lad's processor-speed
> bragging match down the pub). 

Hehe.  Yeah, but even if your puter has a 2GHz CPU, my 110MHz machine can
still do a context switch faster.  And it would crush yours flat if it fell
on it :-)

> > Training would of course be a good thing, but everywhere I look,
> > education about computers is turning into mere instruction on how to
> > use whatever the flavour-of-the-month is in crappy office tools.  

Well, that's not *entirely* true.  There's the occasional evening class
for adults, and the occasional dedicated teacher who devotes some of his
own time to teaching gifted children out of school hours.

> > Maybe someone needs to organise a concerted hack on all the schools in
> > the country to persuade them of just how important real understanding
> > of these things is.
> 
> (Loud noises of approval). Yes - for sure. This is why I think that the
> debate usually revolves around "make it easier" vs. "keep out idiots" -
> because making sure that everyone gets the training required to make
> computers universally and *usefully* acessable is a Really Hard
> problem. The trouble with "IT" as I've seen it taught recently is exactly
> the problem Dave mentions here. 
> 
> The thing is, because the government and the bashers of the state
> education system seem to insist that a good ROI for the taxpayer is the
> only yardstick by which the educational merit of a course should be
> judged, all early computer training seems to be vocational. "Here's what
> you need to know to become a good little office drone" and "what use is an
> understanding of how  email attachments actually work to someone who's
> just going to use MS Office?" This is, IMHO, a woefully short-sighted
> view.

I don't think it's short-termism (which would indeed tell us that learning
to use Orifice is a Good Thing and learning about how a machine boots is
not), but is about the difference between rote learning to produce good
little drones vs learning to solve problems, which whilst having a higher
payoff in the long term also, unfortunately, throws up intelligent people
who ask awkward questions.

> Separate specialist classes in computer science might have been
> appropriate when computers were specialist things separate from day-to-day
> life, but if the gubbermint, business, the hacker community (and everyone
> else who stands to benefit from a wide take-up of computer use) want
> computers to be useful in day to day life then we really *need* to
> instigate a program to address this. I think that starting them early is
> an excellent idea and that general Computer Literacy (not MS Office
> training or at the other extreme CompSci) should be as important a subject
> as literacy and numeracy.

And I still maintain that everyone should learn an assembler (maybe even
as their first computer language), and that everyone should write their
own operating system and their own language.  Some of that does require
specialist CS teaching.  There's nowt wrong with that - we have specialist
Physics teaching, despite being surrounded by physics, so why not have
specialist CS teaching, despite being surrounded by computers.

-- 
David Cantrell | Benevolent Dictator | http://www.cantrell.org.uk/david

    This is a signature.  There are many like it but this one is mine.