A confounding problem here is our inability to write error-free software. These places have to defend against state actors and only the very largest can field capable security teams. This leaves no room for medium-sized middle ground, there's just giants and pipsqueaks like me
-
-
Bruce Schneier described it at one point as a feudal system, where you need to bend the knee to some sufficiently powerful lord or you are toast. This extreme vulnerability to malicious actors is another driver of concentration in tech, and a really tough tradeoff
1 reply 0 retweets 12 likes -
I'm not sure it's right, though. Giants are hugely concentrated targets. I'd presume that AWS/MS/Goog are as thoroughly inflitrated as Twitter, which keeps leaking private data to low-rent state actor Saudi Arabia. I think the trade-offs are a bit complicated and uncertain.
1 reply 0 retweets 1 like -
Replying to @interfluidity @LucaVJ85
I really think there's a qualitative difference. It's important to compare like with like here, too—Twitter doesn't offer document storage, cloud services, a mobile device operating system or web browser. There's maybe a half dozen companies that can defend that kind of thing.
2 replies 0 retweets 5 likes -
I'd invite
@tqbf to give a more qualified opinion than mine on this topic. But I agree the tradeoffs are not simple or easy to analyze. The one point I'd insist on is that there's a defect-driven centralizing force in software and hardware that doesn't exist in other industries.2 replies 0 retweets 4 likes -
Replying to @Pinboard @interfluidity and
My proposed nomenclature for the fact that all software is born defective and only enormous companies can afford a security team skilled enough to find and paper over egregious vulnerabilities is "economies of fail"
1 reply 1 retweet 12 likes -
i do think the jury is still out about all this. claims for special economies among behemoths often seem unassailable for a while, until the behemoth breaks and the supposed economy is revealed a bit of a fraud or bezzle. 1/
1 reply 0 retweets 1 like -
Replying to @interfluidity @Pinboard and
it’s obviously possible these enormous companies break in some awful way. i consider it likely that they are “broken”: the security model here is really that entities capable of breaking them don’t wish to undermine the value of their assets by revealing their capabilities. 2/
2 replies 0 retweets 0 likes -
A metaphor I find useful for the status quo in cloud service security is a dark warehouse. Adversaries can poke around with a flashlight, but they likely don't have the power to turn on the lights and see all. That's the best we can achieve and it requires billion dollar budgets.
1 reply 0 retweets 1 like -
I think “poke around but can’t turn on the lights” is more likely in a (hypothetical) world of smaller security-serious entities than among the behemoths. at the behemoths, there are people whose suborning scales very massively.
1 reply 0 retweets 0 likes
Very strongly disagree with you on this.
-
-
fair enough. i don’t think we’ll be able to resolve the difference. as in so many domains, we’ll have to see what this unlovely world next delivers.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.