Thomas Delrue on 17 May 2018 18:54:56 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW


On 05/17/2018 09:42 AM, Michael Leone wrote:
> On Thu, May 17, 2018 at 9:22 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
>> On Thu, May 17, 2018 at 8:59 AM Rich Kulawiec <rsk@gsp.org> wrote:
>>
>>> The moral is: never, EVER, read your email with a web browser.
>>
>> This is impractical
> 
> That's putting it mildly, I'd say ... as I answer this from my Chrome
> web browser ...

That appears to be a conscious choice or set of choices you've made. I
don't think it's impractical. Inconvenient? Maybe... but impractical,
surely not. And I can only fake that much patience for complaints about
this type of 'inconvenience' and subsequent complaints about 'pwnage'
(although I'm not suggesting you are making such complaints).

I find the mentality of blindly following "that's what people want and
we should therefore give it to them" increasingly annoying and, frankly,
ignorant and unproductive; especially if we (as an industry or craft)
then continue to get hammered and blamed for doing exactly that,
delivering them the insecure products or processes/methods they asked
for and for which we now get blamed in return.

When a structural/materials engineer tells his customer that "if you
make me do that, your fancy bridge will collapse the first time 3 trucks
drive over it at the same time", then that customer listens and acquiesces.
But if a software engineers give a customer an equivalent warning about
what they are trying to make them do, the software person is overruled.
Why exactly is that? Is it because the damage is not something they can
wrap their mind around, whereas a collapsing bridge is easily imagined?

As a retort to your "chrome web browser": ... as I answer this from my
Thunderbird e-mail client configured to do text-only and with GPG locked
and loaded.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug