From RationalWiki

Computing woo refers to a range of pseudoscientific practices and urban legends associated with computing, especially computer security.

Technical support [ edit ]

The world of technical support is a magical place. User[Who?] beliefs include:

IT watches everything. [1] [ better source needed ]

IT watches nothing. [2] A weirdly large number of people think it's ok to access porn on their work computers, for instance. [3]

A weirdly large number of people think it's ok to access porn on their work computers, for instance. Users control their computers and tech support has no responsibility. [4] It's common for tech support and software companies to blame users for how their computers are configured or customised ("The user broke it"), but research shows this is largely the fault of brittle software design (where even the slightest difference from developers' or adminstrators' ideal systems causes disaster) that causes significant problems for businesses. [5]

It's common for tech support and software companies to blame users for how their computers are configured or customised ("The user broke it"), but research shows this is largely the fault of brittle software design (where even the slightest difference from developers' or adminstrators' ideal systems causes disaster) that causes significant problems for businesses. Users do not control their computers, most likely because Russian botnets or IT does. Research has shown users are often excessively paranoid about viruses, hacking, and other attacks on their computers, and will blame innocuous computer behavior on external attacks ("It's running a bit slow, it must have been hacked!"). A 2019 study found that in many cases users and experts were in agreement about causes of common computer problems, but "when users perceived attacks, experts were often likely to disagree". [6]

Technicians can understand user requests via telepathy. To be fair, IT often has advanced background information gathering tools and supporting data that is indistinguishable from magic to many users. [ more detail please ] But often users and IT departments are painfully unable to communicate.

But often users and IT departments are painfully unable to communicate. Apple Inc. products don't need technical support because they're so easy to use and so reliable.[7]

Programming [ edit ]

Technicians and software developers, many of whom consider themselves rational logical thinkers, are not immune from all kinds of sloppy thinking and superstitions. And among most people there is little conception what's involved in programming, to the point that the moviegoing public can accept the idea that a sufficiently good programmer can write a virus for a completely alien operating system, in a completely alien language, and have it work right the first time.[note 1]

Heisenbugs [ edit ]

Heisenbugs are issues that never seem the same when you attempt to study them. Often it appears that the computer is doing this to spite the programmer or simply following Murphy's Law, but there are sound reasons why sometimes programs work differently in the wild than they do when a programmer is attempting to analyse or debug them: subtle changes in timing caused by software or hardware debuggers, differences between debug and release builds, differences between test systems and the computers onto which the end product is deployed, even changes in the electrical characteristics of hardware when a debugger is attached.[8]

Cargo cult programming [ edit ]

Cargo cult programming is the style of programming where you do something that worked before without understanding why it worked or indeed any real understanding of programming, software, systems, or technology.[9] In the olden days people built cathedrals by a variety of informal techniques including rules of thumb, copying existing buildings, and trial and error (rebuilding if the product fell down), but these days we have civil engineers. Sadly software is still often developed according to 14th century principles.

"It works on my machine" [ edit ]

Some programmers and IT have a tendency to assume that because code will run on one computer, that if it doesn't run on another one, that the other one is broken. It's usually the opposite. If you have code that runs on your personal computer but not on other machines, it is probably doing something dangerous that should cause segmentation faults or similar, but somehow is being allowed to do it. Alternatively, it may be set up in a way that is peculiar to the settings and file system on your machine.

Internationalization [ edit ]

There are numerous cases where misconceptions about names, time, addresses, maps, gender and more can cause problems.[10] There are many reasons why something which seems reasonable to a white, male, English-speaking programmer near the Greenwich meridian might not work for other people. On the other hand, of course, certain of these supposed "misconceptions" are hard requirements in the context of the software. For example, Icelandic government software may require that Icelandic names are used, as the Icelandic government has that requirement as well, and absolutely reject strings with characters foreign to Icelandic from being used as names.

Names. Not everybody has two names, for instance in Indonesia where mononyms are common. [11] Even in western Europe, not everybody has a middle name, while other people have lots. Some names consist of multiple words (Lloyd George, Anne Marie), or start with a lower-case letter (de Witt), or have internal capitals (MacGregor). In many countries family names come before personal names (e.g. Hungary, Japan, China). For the reasons given, sorting names is really hard, and different languages have different alphabetization rules (regarding non-Latin characters, particles like "von" and "de", and which name to sort by). Many names aren't written in the standard Latin alphabet or the official character set of whatever country you're programming in. Some people have two different names (professional and personal, or different names in different languages - even in the UK where some people may use both English and Gaelic forms of their name) or no canonical name. People have commonly-used nicknames. People may be known by a middle name rather than their first name. Some people have really long names but others have single-letter names. Two different people can have exactly the same name. People change names (and this isn't unusual, particularly for women). Parents don't always have the same surname as their children. Any of these is a potential problem with any system that requires you to enter a name in a specific format, which processes names, or which attempts to judge what is a valid name. [12]

Even in western Europe, not everybody has a middle name, while other people have lots. Some names consist of multiple words (Lloyd George, Anne Marie), or start with a lower-case letter (de Witt), or have internal capitals (MacGregor). In many countries family names come before personal names (e.g. Hungary, Japan, China). For the reasons given, sorting names is really hard, and different languages have different alphabetization rules (regarding non-Latin characters, particles like "von" and "de", and which name to sort by). Many names aren't written in the standard Latin alphabet or the official character set of whatever country you're programming in. Some people have two different names (professional and personal, or different names in different languages - even in the UK where some people may use both English and Gaelic forms of their name) or no canonical name. People have commonly-used nicknames. People may be known by a middle name rather than their first name. Some people have really long names but others have single-letter names. Two different people can have exactly the same name. People change names (and this isn't unusual, particularly for women). Parents don't always have the same surname as their children. Any of these is a potential problem with any system that requires you to enter a name in a specific format, which processes names, or which attempts to judge what is a valid name. Gender. These days a binary choice between male and female just won't cut it. And some people even change their gender, which causes problems for systems that were built on the assumption that everybody continues with one of 2 options from birth. It also doesn't pay to make assumptions about sexuality, although this might be limited to crappy dating applications which don't recognise that bisexual people exist.

It helps if software can handle multiple time zones, and cases where people move between time zones, as well as daylight saving time (which starts and ends at different dates in different places ). Some nations have timezones that aren't a whole number of hours off from GMT (e.g. India). [13] Also leap years and maybe even leap seconds (not important in a diary but more crucial in GPS). And what happens when your program is running when daylight savings time begins or ends? Surely nobody will be using software at 1 in the morning? And tell your grandchildren to remember the Y2K bug in the 2090s.

). Some nations have timezones that aren't a whole number of hours off from GMT (e.g. India). Also leap years and maybe even leap seconds (not important in a diary but more crucial in GPS). And what happens when your program is running when daylight savings time begins or ends? Surely nobody will be using software at 1 in the morning? And tell your grandchildren to remember the Y2K bug in the 2090s. Some organisations such as the US Postal Service attempt to rigidly enforce street address formats. [14] However in other parts of the world there is little standardization, so software which assumes a particular address structure will die horribly. Even in the UK, some houses have only a name not a number or don't have a street (e.g. a farm or other rural property), not all flats (apartments) have numbers (in Scotland elaborate descriptors such as 1F2 for first floor flat 2 can be used), units on industrial estates often have a unit number and a street number, multiple towns have the same name or almost the same name [15] , different sides of the same road have different names, sometimes you get 2 neighbouring villages with the same street, and some addresses have lots of parts or are really long. In other countries where many properties don't have a number or street name it's even worse. And what happens when a new house or postcode district is built?

However in other parts of the world there is little standardization, so software which assumes a particular address structure will die horribly. Even in the UK, some houses have only a name not a number or don't have a street (e.g. a farm or other rural property), not all flats (apartments) have numbers (in Scotland elaborate descriptors such as 1F2 for first floor flat 2 can be used), units on industrial estates often have a unit number a street number, multiple towns have the same name or the same name , different sides of the same road have different names, sometimes you get 2 neighbouring villages with the same street, and some addresses have lots of parts or are really long. In other countries where many properties don't have a number or street name it's even worse. And what happens when a new house or postcode district is built? Some people, particularly those born in poorer or war-torn countries, may not know their age or date of birth. [16] This will cause problems if you try to use dates of birth to disambiguate between different people (you have 5 Muhammed Alis all born on Jan 1st?) Not everybody has a social security number or National Insurance number or whatever else you want to use to uniquely identify people; and social security numbers don't map 1:1 with people. [17]

This will cause problems if you try to use dates of birth to disambiguate between different people (you have 5 Muhammed Alis all born on Jan 1st?) Not everybody has a social security number or National Insurance number or whatever else you want to use to uniquely identify people; and social security numbers don't map 1:1 with people. Language. Some countries use multiple languages. Conversely, the same language may differ between countries (e.g. UK vs US English), or be written in different ways (multiple rounds of Chinese character simplification in the PRC ignored in Taiwan and elsewhere).[18] Different speakers of the same language have different accents and dialects, which causes problems for speech recognition.[19] The same text translated into a different language is often a different length, a mundane problem that can be a nightmare for programmers and user interface designers. Characters in different languages can be confused for each other and general-purpose international character encoding schemes like Unicode are so complicated that it's pretty much impossible to avoid vulnerabilities, which is a particular problem in URLs where you may end up going to the wrong website and give all your personal information to hackers.[20]

BadBIOS [ edit ]

BadBIOS is firmware malware that was created by Ruiu ... in his head. Individuals like Ruiu are extremely concerned about malicious firmware from hackers and the NSA to the point of literal paranoia.

Origin [ edit ]

According to Ruiu (@dragosr on twitter), BadBIOS is a rootkit that can infect computers without bluetooth, ethernet, or Wi-Fi. Instead it can infect other computers by emitting "ultrasonic sound [...] from the device's loudspeakers". Computers nearby somehow pick up the sound via the speakers and thus get infected. Ruiu suspected his computers were infected with BadBIOS once his computers were acting strange.[21] Ruiu later provided data dumps of his BIOS only to have experts reveal it was normal data. Ruiu then countered stating that the malware probably erased itself whenever he tried to make a data dump.[22] While these claims are not outside the realm of science fiction, Ruiu has not provided a silver bullet, only speculation. Despite this, his reputation seems to be intact somehow.

Years later, Ruiu came to the conclusion that BadBIOS can also contaminate USB , through some way of knowing...[23]

The subreddit [ edit ]

Yep, /r/badBIOS/ is a subreddit for a malware that probably never existed! Unsurprisingly, it's inhabited by some users who think that one weird thing in a computer means infected malware. These people are generally paranoid, judging by the threads:

User thinks hackers infected his ... mp4 file because it got corrupted. [24] OP blatantly states they used a dirty electricity filter to evade hacking. Ironically, his means to evade being hacked is the reason why he thinks he got hacked — having poor connection to an external device can disconnect a device when it's not ready, resulting in corrupted file. [ citation needed ]

OP blatantly states they used a dirty electricity filter to evade hacking. Ironically, his means to evade being hacked is the reason why he thinks he got hacked — having poor connection to an external device can disconnect a device when it's not ready, resulting in corrupted file. A user claims that they're picking up ultrasonic sound ... must be badBIOS! [25] Ultrasonic sound is just high-frequency sound above the human hearing range. There are other (plausible) sources of such frequencies such as bats or some electric appliances, like certain kinds of TV.

Ultrasonic sound is just high-frequency sound above the human hearing range. There are other (plausible) sources of such frequencies such as bats or some electric appliances, like certain kinds of TV. "Neuroimaging tech will soon be able to decode our thoughts"[26] An example of just how paranoid this subreddit is.

Truth to it [ edit ]

Despite Ruiu's paranoia, there is truth to the madness:

Through an "internal NSA catalog", the NSA performs firmware attacks through backdoors thus confirming proof that such attacks do exist. Unlike BadBIOS, these attacks are actually detectable and actually have documentation; however, certain tools in the catalog require tools priced as high as 250,000$USD, something not to be wasted on the average Joe. Despite this discovery, it doesn't confirm Ruiu's brain fart that has no evidence. [27] [28] [29] [22]

In the paper Journal of Communication , Michael Hanspach and Michael Goetz showed that BadBIOS is possible but only at 20 bps. [30]

, Michael Hanspach and Michael Goetz showed that BadBIOS is possible but only at 20 bps. It is possible for computers to communicate data via ultrasound. For example, the Cisco Proximity videoconferencing software uses ultrasound to coordinate computers and VTC equipment in conference rooms. [31]

Deep web [ edit ]

See the main article on this topic: Deep web

Cargo cult paranoid computer security practices are often advocated by naive internet denizens and trolls towards even more naive newcomers. High profile attacks aimed at Tor hidden services Operation Onymous as well as large attacks on users such as the FBI's legally dubious network investigation malware[32] has created an association of insecurity and surveillance associated with what is in fact one of the most secure and surveillance-resistant networks ever created.

Prospective explorers often ask if they should put tape over their webcam or use Tails in order to 'safely' explore the dark web. They will fixate on how technological configurations can secure their machines, but are entirely clueless about vectors such as password reuse, identity segregation or how to verify safety of file downloads.

Such common misconceptions stem from limited public understanding of threat modelling , privacy and practical computer security. As such, there is a massive market for bloggers and YouTube charlatans such as Takedownman to offer off-the-shelf tips which increase the user's feeling of security.

Every day, an intrepid dark web explorer will read that the US Navy funded the initial creation of the Tor network and fancy themselves the next Edward Snowden by disseminating this information.[33]

Hackers and viruses [ edit ]

[34] Or maybe to keep their missiles from crashing into the Firmament. Russian Orthodox Leader Sprays Holy Water on Government Computers to Magically Stop WannaCry Attack.Or maybe to keep their missiles from crashing into the Firmament.

[citation NOT needed] Criminal hackers don't wear balaclavas except when it's cold or they are being ironic. Also, typing with gloves on is really annoying.

Due to the low understanding of what hackers do and how viruses and malware works, it has been a relatively accepted trope for someone to claim their account was hacked as a get-out-jail-free card in the event of certain drug-fuelled rants and dramas.[35]

Some computer users will attribute changes to their computer to malevolent forces in a method comparable to astrology when it comes to rationalising changing and intermittent issues.

Of course, in a video gaming context, anyone who is better than you is a hacker.

There is a small number of 'anti-updaters', an anti-vaccination movement-like contingent of people arguing against automatically updating applications due to the misplaced belief that significant numbers of people care to manually review and install all patches.[36][37] Patches and updates are generally good, except maybe if you're working with the CIA.[38] Yes, there are occasions where an update breaks something that was working before or causes other mischief, but by and large updates are something you want: they fix problems and improve the security of your system.

Cryptography [ edit ]

See the main article on this topic: Cryptography

Depending on who you ask, encryption can be anything from the largest piece of social good modern mathematics has ever produced to a dangerous weapon utilised by terrorists[39] and child abusers[39] in order to evade justice which must be carefully controlled.

In the early days of strong cryptography, the US government attempted to issue export bans, classifying the technology as akin of munitions.[40] While such bans were overturned in 1992, it wasn't until the rise of ubiquitous personal computing that governments would once again characterize mathematics as a dangerous tool.

The 2010s saw an increased call from politicians[Who?] around the world to backdoor common encryption software.[41] From the encrypted-by-default iPhone[42] through to bans on WhatsApp [43] in Brazil[44] and proposed and later withdrawn in the UK,[45] governments around the world remain convinced they can create a secure back door into software to counter criminals; however, it's not like backdoors are only exclusive to government agencies.

Said statements could be considered rhetoric to coerce tech giants deeper into mass surveillance programs, and less charitably as mathematical denialism from senior elected officials.

Monitoring your Internet usage [ edit ]

How much do your teachers, coworkers, employers, or other people really know about what you do online?

"The Internet" is really an inter-network, or a network of networks.[note 2] Your home Internet, the free WiFi at a coffee shop, your campus or work networks, etc. are all networks that talk to other networks. When you view a website, check your email, or chat with your friends, your computer achieves that by sending traffic from your network to someone else's, and routing it through every network in between.

Anyone with control of the network can try to figure out what kind of traffic you're sending, where it's going, and what's in it. The modern Internet is moving toward HTTPS by default, which is an attempt to make things more secure. If your browser reports that your connection is "secure" or "insecure", it's talking about HTTPS specifically. It doesn't mean that there's no chance that anyone can intercept what you're doing. By analogy, you're writing letters to a friend, and passing them through the hands of a series of strangers. By agreement, everyone has agreed not to tamper with the contents of the letter. HTTPS lets you seal the letter from (most) prying eyes, but does nothing to hide which friend you're mailing.

It's important to remember that there are good reasons for network administrators to monitor what goes into or out of their networks. If someone downloads and runs malware from an unsafe site, it puts the whole network at risk. If an employee does something illegal with their computers, their employer might be implicated. Few admins should have any kind of interest in spying on individual users, but every good admin has an interest in a safe and healthy network.

Email security [ edit ]

Who can read your email? Whoever provides you with email services, for starters. Microsoft read a blogger's Hotmail inbox in 2012, suspecting a software leak.[46] Ironically, around this same time, Microsoft was running the Scroogled ad campaign, attacking Gmail for using inbox contents to serve up targeted ads. It also defended its own right to read your mail.[47]

Email alternatives such as Slack might also expose even direct messages to your boss.[48]

Secure email and instant-messaging tools do exist, but no security system is absolute.

Web filtering [ edit ]

Web filtering is a magical solution to all the world's problems. Simply by stopping people (particularly children, but also library patrons) reaching the wrong website you can prevent sexual depravity bringing about the fall of modern civilisation, and prevent terrorism. Companies including Impero, Future Digital, and Securus sell "anti-radicalisation software" which prevents children reading about Islamist terrorism'.[49] According to online security company Akamai, British law requires schools and universities to consider the use of such software.[50] Whether Akamai is an unbiased source of legal advice is for you to judge.

The traditional use of such software is to block access to pornography online, but such filters are pathetically useless. A British newspaper report complained that one filter blocked searches for "sex education" but allowed explicit searches in Spanish; it concluded they provide false security and could be easily circumvented (as anybody who knows anything about children could tell you). More seriously, anti-porn filters may discourage children from talking to their parents and actually promote porn addiction: "Filters can also encourage secrecy, deception and shame – key conditions for nurturing dependency or even potential addiction."[51] Because the naughtiness is half the reason why porn is appealing.

Web filters also rarely if ever consider the blocking of pornography or jihadism to be their first priority. The majority of their efforts go to the blocking of websites offering alternative proxies and websites offering translation software. The former because it allows people to easily and perhaps even unintentionally bypass these filters and the latter because they often allow for diverse translations of the thing that people want to be censored and thus increase exponentially the work required to censor everything. Even more worrying is that some have them by default, meaning that no matter what you do, you won't be able to access Babelfish.[52]

You'll be glad to know that the best in the business who have a firm place in the international market are currently selling their software to dictatorships that want to avoid their citizens reading about any information that might potentially harm the way the government is perceived by its citizens. [53] On the plus side, since these governments are spending their time with censoring internet traffic and they will never be able to fully do so anyway, this is often accompanied with a more uncensored traditional press and television. However, one might still question why democratic governments support something that is partially marketed to dictators.

CVE misuse [ edit ]

CVE (Common Vulnerabilities and Exposures) is a system developed to create unique identifier codes to facilitate exact communications about vulnerabilities and to enable the synchronization of different vulnerability databases, as well as to evaluate the interoperability of vulnerability database tools and services.[54] While CVEs are an useful tool for their intended purpose, some laymen sometimes confuse it for a some kind of statistic while arguing for their favorite or against their disfavored software. Some security experts have written public postings against that kind of misuse, citing the heavy reporting bias of the non-statistic[55][56].

Password strength and bad mathematics [ edit ]

Misc [ edit ]

Things that are not computing woo [ edit ]

Whilst common computing misconceptions are numerous, often too many serious issues are written off[citation needed][Who?] as such including:

Government mass surveillance capabilities [ edit ]

Government mass surveillance capabilities have been revealed by the likes of Edward Snowden, particularly with regards to the NSA in the US and GCHQ in Britain.[63] The US government has incorporated backdoors and vulnerabilities in servers and routers exported from the US overseas, while warning about the danger in products from Chinese tech companies.[64] Multiple backdoors allowing access by government agencies have been found in Cisco networking products, some apparently put in place at the request of the CIA, some allegedly (according to Cisco) without Cisco's knowledge.[65]

However not all these stories are true. There is a lot of paranoia about what Chinese companies ZTE and Huawei might do to hack or monitor western telecoms networks, but little evidence that they have done anything (although there is legitimate concern that their programmers are idiots).[66] In 2018 financial news service Bloomberg ran a series of stories about Chinese companies putting a tiny secret hacking chip on computer mother boards, but these stories rapidly unraveled with no evidence of any specific product that was actually affected.[67][68]

Backdoors [ edit ]

Insecure backdoors into software and operating systems pose a serious threat.[69] Some politicians, particularly in the UK Conservative Party, have repeatedly called for communications software such as WhatsApp to include a backdoor that allows governments to decrypt and view all communication for porposes of fighting terrorism and other crimes, despite warnings from civil liberties and computer securities experts that this is a very dangerous thing to do.[70] Such schemes risk introducing vulnerabilities due to their complexity, and there is also the danger that an encryption key meant for trusted governments could become available to criminals or foreign states.[71] If a repressive government was able to read all communications it would allow a massive crackdown on dissent and free speech.

The debate is complicated by erroneous claims that software such as WhatsApp already incorporates backdoors (in reality it generally incorporates bugs rather than intentional backdoors).[72]

Financial based cybercrime [ edit ]

For example Carding , online banking fraud, and much more.[more detail please]

Child pornography [ edit ]

The online trade in child pornography, which unfortunately is very real.

Sextortion [ edit ]

Sextortion based cybercrime, where users are blackmailed based on explicit photographs, which can be obtained by hacking computers to gain control of webcams[73]; stealing existing photos from computers, secure online file storage sites, or email services; or social engineering (e.g. pretending to be a sexy person of the appropriate sex and getting someone to send nudes or do things on webcam).[74] This has been the subject of myths about surveillance and calls for everybody to tape over their webcams, but the government and other people can't access your camera remotely assuming you follow good computer security practices. You have to actually do something stupid like visit a dodgy website or download questionable software, but sometimes there is reason to cover your webcam.[62]

Passwords [ edit ]

The dangers of password reuse, a mundane but fundamental flaw with password-based computer security. A 2018 report suggested business employees in some sectors could have up to 191 passwords needed for different services, and if they reuse them across multiple services, then if one system is compromised, all the rest with the same password are compromised too. The problem is, people can't remember 191 different passwords.[75]

Doxing [ edit ]

See the main article on this topic: Doxing

Darknet [ edit ]

Darknet commercial operations selling a large amount of drugs, a lot of stolen data and a small amount of weapons.[citation needed]

Smart appliances listening in [ edit ]

Your 'smart' TV[76], Barbie[77], console[78] smart phone assistant[79] recording your conversations.

Ransomware [ edit ]

Ransomware , where hackers take control of a computer system and claim they will release it upon receipt of a ransom (often in the form of Bitcoins), is an increasing problem, even for US state governments.[80]

Data privacy [ edit ]

Tech giants selling your data to advertisers[81]

Cyberwarfare and cyber espionage [ edit ]

Cyberwarfare and cyber espionage see military operations, spycraft, and propaganda carried out online rather than through traditional channels. Russia is a pioneer but other countries are trying hard to catch up.[82] Including:

See Also [ edit ]

/r/itsaunixsystem on Reddit - dedicated making fun of Hollywood hacking

willusingtheprefixcybermakemelooklikeanidiot.com - You should always be cautious with the about mainstream media reporting of cyber-anything. If in doubt, be sure to check

Snopes Technology Archives - one of the best places for debunking rumors

Notes [ edit ]

↑ As seen for instance in Independence Day ↑ Hence the abbreviation of "Inter-net(work)".