Certainly, which is why the social interaction OP described makes sense.
But OP was specific in the loud things they mentioned, and that list very much does not directly imply carpentry. So to then make it about OP's lack of tact by explicitly calling out the OP for focusing on their profession? It strains credulity as a good faith reading of OP's story.
> Go ahead and lock down specific purpose computing devices, like ATMs, fridge, mouse firmware.
There are at least a few grey areas of such a carve-out that I'd like to ask about, but I wonder if it's even necessary. What if there simply weren't any exceptions?
The ATM would still be locked down - the owner would possess the keys. Business as usual.
The fridge and mouse either wouldn't be locked down or the keys might be physically present somewhere on them. Probably either neutral or a win for the consumer depending on the specific circumstances.
Something like a fridge should either be running a proper OS (and thus fully under the control of the user) or else shouldn't be connected to the network in the first place. Unpatchable proprietary network connected black boxes expected to have a service life of well over a decade are a recipe for disaster after all.
This is a very important point if the tool is used by millions of people. All you need to do is waste a few 10s of seconds with some weird quirk that doesn’t act as expected, and BAM, collectively easily a year of human life was wasted.
I love python, have used it for years. I hate the dependency and multiple interpreter situation.
A great PL should stand on its own without the need for external tooling.
At this point I have given up on python except for if it’s a little script that only uses standard libraries. Otherwise I’m choosing a compiled language.
I use python without any dependencies on web servers. Pip is cool, but you don't need to get pulled into the node-like dependecy hell.
For example instead of requests, you can use http.client, instead of flask, http.server, or socket.tcpserver, or just socket. If you want sqlite, don't jump to pip install sqlite or whatever, use sockets to talk to it.
If you had to use sqlite without library, you can trivially call the c api from python directly with the ctypes builtin (or compile a python module with c api)
Computer usage and consequently threat landscape went through a crazy change from 40/50 years ago. Desktops are a minority of devices. If you take personal devices even more so. Most people in the world with a computer have just a pocket one. Especially in WANA countries discussed
If you talk to regular non IT savvy people many of them don't bother and correctly assume that at some point it will "get a virus" or something. And it is fine for them because almost no one uses desktop for critical stuff like payment or finance. But majority do use phones for that. They jumped from cash straight to phones and now it's a lucrative attack vector.
Edit to reply because throttled by downvotes: yea I'm in your boat, we live in a bubble. It's hard to believe. But now I'm using a payment system that literally has "get app" on its site and no other way to manage money or even sign up. And apps like that can be the only way for many people to get some sort of plastic card to pay cashless
And I see how it happened. Many people have no personal desktop computers. Many payment vendors don't trust desktop computers because an ordinary person's windows machine is a malware breeder.
So many people in the world depend on mobile security (especially underprivileged people). Anyone who wants them all to get fucked for own libertarian ideal of "hardware ownership" is basically a psychopath to me. Especially considering that he is literally free to root his device and not make it a problem for others.
Worked on some financial stuff before, and dashboards showed the opposite of your experience, if I’ll be honest. An average user is very different from us.
Financially savvy people are much more likely to have a desktop, I would think.
Mu mother-in-law does not have a laptop or desktop. She barely uses her iPad. If it’s not on the phone, it might as well not exist. My father-in-law has a PC at work and a Mac laptop, but he uses them only for work - his casual internet use is entirely on the phone. My wife uses multiple iPads and her phone, but only uses a desktop at work or when working at home.
Most people I know don’t actually own personal computers other than their phone or tablet.
> almost no one uses desktop for critical stuff like payment or finance
What? This makes no sense. For something where security matters, using the desktop is the only rational choice. I never, ever, allow any sensitive information through the phone since it is not a trusted device.
It’s a psychological problem. Going from $0 to $1 is a mountain.
Starting a product or service at $30 / month sets expectations up front (no ad supported free tier)
This is an incompatible strategy with venture backed “get all the market share possible by offering services for free to crush competitors so we can have a monopoly to exploit later” mindset
