đž Archived View for splint.rs âş chess_doss.gmi captured on 2024-08-18 at 17:40:13. Gemini links have been rewritten to link to archived content
âŹ ď¸ Previous capture (2024-07-08)
-=-=-=-=-=-=-
The Fediverse has just suffered from an all-out spam attack from some script kiddies, and the moralizing tones Iâve heard from some people tell me that some people have the wrong attitude about cybersecurity, and the internet.
The only right attitude is that of a chess player.
Every few decades, someone announces a new strategy in chess. Perhaps people once read chess strategy books about the âKaspersky pirate-bate openingâ (or whatever), and then the three counter-moves, and so on. Then the new opening comes out, which annihilates the Kespersky pirate-bate opening, forcing check-mate within 15 turns, with near-Mathematical certainty.
At this point, chess players will give a little smile, and think âinterestingâ, then burn their old books at the chess club for good luck (I donât play chess, but thatâs not the point here).
This is also the attitude that sysadmins must have (although you canât burn manpages without printing them, which isnât currently possibly on Linux).
Of course I know what moralizing people would say.
âWeâre communicating online, not playing some game to defeat an opponentâ (while shrieking hysterically).
And thatâs where theyâre wrong. Once youâre online, youâre playing a defensive game. You can talk all you like about how people shouldnât do this, and how theyâre bad, but you are still on the battlefield, and the opponents are putting down more moves.
Of course, I have some sympathy for the sysadmins who (while recognizing the poor defences they had) wasted two days clearing up the crap left by some kidâs shell-script. Itâs genuinely worse than cleaning up peopleâs crap (this time I speak from experience).
But for anyone whoâs not a sysadmin, they get to play an easy game, and the worst thing most people endured was seeing a jpeg of a tin of spam, with some Japanese characters.
This place will always be chess-first. The moralizing move - whether itâs posting a virtual âtutâ, or trying to make laws - fails miserably. And thereâs nothing as dangerous as a false safety net.
So like the chess players, we shouldnât waste half a thought on moralizing. We should give a little smile, burn the old books, and enjoy the interesting new problem of how we keep things open to humans, without opening the door to script-kiddies.
Because if a kid beats your Kaspersky, itâs not the kidâs fault, itâs yours.