Story arc: Security Shenanigans
SONAIS 45 - Tuesday, March 19, 2024 link
Comic 45
Max: Is that the latest trend in workstation design, Adil? It looks stylish.
Adil: Shut up. It's Steve's idea of security.
Max: Can't fault him, that brick has a “100% immunity to hacker” stat.

Adil: It also has 0% productivity.
Max: It's the name of the game. Consider a crossroads. There is a way to make it perfectly safe.
Adil: How then?
Max: Fill the intersection with a giant rubber-padded block of concrete, and configure all traffic lights to be eternally red.

Adil: That's the most useless crossroads ever! Nothing can move!
Max: Exactly. What cannot move, cannot collide with anything else. Perfect security!
Adil: The worst thing about your idea, is that sometimes I feel the government is already trying to implement it.
Story arc: Security Shenanigans
SONAIS 46 - Friday, March 22, 2024 link
Comic 46
Max: Adil got his laptop back?
Steve: Yep. For some strange reason, he was not content with his brick.
Max: No fallout from that ransomware thing?
Steve: Nope, I'm always up to date with the latest CVE reports.

Max: Isn't that a never-ending effort?
Steve: It's OK. Many CVEs are purely theoretical anyway. As analogy, suppose your house is vulnerable to an arsonist who exploits a flaw in your TV set, by plugging in a special USB stick that causes the TV to catch fire the night after you watch episode 42 of your favorite show.

Max: Hm, if arson is the sole goal, and the exploit requires physical access anyhow, why not just douse the room with gasoline and light it?
Steve: Indeed, and some CVEs are similarly far-fetched. Theory and practice are not always aligned in the minds of people reporting security exploits…
Story arc: Security Shenanigans
SONAIS 47 - Tuesday, March 26, 2024 link
Comic 47
References: Alanis Morissette - Ironic (containing many bad examples of irony—isn't that ironic?)
Zhang: Captchas are becoming increasingly obnoxious. I wonder how many real people are becoming unable to get past them.
Heidi: Indeed, if I need to solve a certain type of captcha on a regular basis, it becomes really tempting to automate it.

Zhang: But… isn't that exactly what captchas are supposed to prevent?
Heidi: It is, but when solving those annoying puzzles over and over again, enough motivation is being built up to spend effort on whipping up a vision system or training an A.I. model.

Zhang: Seems like captcha designers are fighting a losing battle…
Heidi: Actually they might unwillingly be one of the main driving forces behind a lot of A.I. research.
Zhang: That smells like peak irony. Quite the better example than ten thousand spoons…
Story arc: Security Shenanigans
SONAIS 48 - Friday, March 29, 2024 link
Comic 48
References: cURL, sudo
Max: Installation instructions: “fetch shell script with cURL and pipe directly to sudo.” Why am I feeling extremely uncomfortable every time I encounter this?
Heidi: Because you're basically giving random people on the internet root access on your machine. Is it a HTTPS website?

Max: Not even that, plain HTTP. So, not only should I trust the script not to wipe my disk, I should also hope no man-in-the-middle attacker turns my computer into a botnet drone.
Heidi: I reckon you're going to first download the script and review it?

Max: Hell no, I won't read 1000 lines of Bash with an embedded tarball. I simply trust the hive mind of all previous downloaders to tar and feather this project if it would be malicious.
Heidi: But what if you happen to be the first downloader?
Max: Then I must be prepared to melt that tarball and gather feathers.