Pricing laziness

Laziness is priced in

  When I was a kid, playing with Windows 3.11, I quickly found out that network drive sharing was on by default. This means that anyone on your local network could read almost any file in your C: drive unless you did something about it. And also, all of your passwords - including the user and password of your Internet connection - were saved into a single file that was poorly encrypted, so that meant that anyone in your local network, with a silly little program that would crack that file in minutes, could have all of your passwords.

  But I wasn't "a hacker" knowing this anymore than a person would be a thief if they found some money on the ground. Why would the premier operating system on the planet be this dumb? Well, the answer was simple: people didn't really do local networks in the age of the modem, people didn't read the technical documentation of operating systems like I did and people weren't aware of what would be going on to complain about it even if it happened. In reality, anyone connecting to any ISP would have their user and password visible to any other person connecting there. Not only that, but any and all personal files on their computer.

  I like to call this "the price of laziness". If it apparently costs more to fix than to ignore, it will never get fixed. This particular issue was trivial to be solved by any ISP, they just chose not to.

  Remember movies like Hackers or WarGames, where kids were routinely entering secure systems to the chagrin of "the man"? It wasn't because they were smart and cool like in the movies, it was because no one was bothering to protect their clients. Did you know that for more than 20 years the nuclear safety codes for U.S. rockets was 00000000? When something awful happens to you and people knew about the cause of your problem way before you had it, it means just that not enough consequential people had that problem before you that someone would be bothered to fix it.

  And now, when I am NOT a kid, I see the same stupid stuff. The official YouTube TV application is punishing me for every video with tens of seconds of ads every time I start one and sometimes smack in its middle anyway. But if you close the video two or three times, it just goes through. This only means they calculated the price of the average person watching videos pressing Back and OK a few times is larger than the price it takes them to passively endure minutes of ads.

  One might say that in this case everybody's happy: Google reports people have watched the ads, smart people get around them, lazy people don't, money flows. But there are people who are paying for those ads to be displayed and even if I find no real sympathy for them, their service provider should!

  Same thing with JavaScript paywalls on major news websites. You open one article or two and they slap you with "You've read the last free article for today". Or... you could just disable JavaScript for the site and read ALL of their articles. And I know there is a feeling of smugness when you do this, but again, it was right there. No one actually cared enough to prevent you to read the article! The SEO score was more important. Most people are paying.

  Piracy is the perfect example. There are today simple ways of watching any movie or series, listening to any song, reading any book, without paying a dime. And while authors are crying about it, no one actually does anything because most people find those ways more complicated than paying tens of dollars monthly for streaming services. Streaming services that will increase the price or bring back ads for the cheap tiers or cancel any show as long as they got people excited enough to subscribe to the service with the first season and so on. There was a time when streaming was considered "the solution to piracy" because piracy dropped sharply once people had a comfortable experience devoid of guilt and priced reasonably. But piracy went back up, because the price did not stay reasonable and the experience got increasingly less comfortable as corporations felt they had you locked in.

  In all the companies I worked for as a software developer, I was routinely denied when trying to fix bugs if "it wasn't planned". So when you use some software or app or web site and it fails in the most stupid ways, remember to not curse the developers, they actually wanted to solve those issues, in their free time, and were denied because there was no money in it!

And then they blame you

  This post is not about software or the Internet, it's about everything! The curse of "Good enough" is what led us to this. The laws that only work for some, the way everything seems to get more and more complicated by the day for no reason, the "security" that everyone shoves does your throat even if you don't want it, because they need your data or identity or shopping patterns, the sad predatory state of human relations. Ah, it's good enough! What could possibly go wrong?

  But it gets worse. When people inevitably start taking advantage of these blatant holes, the answer of the authorities is to heavily punish the people that do it rather than the people that leave those in. That's why when I was a kid I could find tons of documentation on how to do all kind of fun stuff in libraries maintained by groups of dedicated people, but then you just couldn't, because it had become very very illegal. That meant that yes, it was harder to find the simple ways in which you could circumvent systems, but also that it was a lot harder to train to harden systems. If you meet security experts nowadays, they are all paranoid as fuck, not only because they know how easy it is to get somewhere and cause harm, but of how random and stupid authorities treat people with such knowledge.

  It had become routine for companies that are approached by people who found security holes in their systems to sue them for hacking, rather than thank them, reward them and fix the hole. And even if it's evil, it's also partially understandable, because in the idiotic legal systems of today, rewarding someone for finding a security hole means admitting you had one, so you can be sued!

  If Hackers and WarGames were pure entertaining fantasies, something like Takedown - also heavily dramatized - is closer to the truth. There is a scene where the hacker laments that he could do any number of evil deeds, crash systems, steal millions, but he choses not to, yet all law enforcement is after him. Ironically, the movie is based on the demonstrably self-aggrandizing book written by the guy who caught Kevin Mitnick, not on Kevin Mitnick's book.

Other thoughts

  I wrote this post because I remembered the Takedown movie, perhaps Skeet Ulrich's best role ever. Mitnick was a slightly annoying personality for me, but I was sad to hear he died of pancreatic cancer three years ago.

  For a long time I thought of how to create a web site that would allow people to pay for what they stole, if that thing turned to be as good as advertised and people would afford it. For example you would download a movie off the Internet, watch it, enjoy it, then go and pay the company anything for the movie. If someone would get to sue you for pirating content, you could use proof of that payment to justify a reduced punishment. But of course it wouldn't work. Who would be stupid enough to declare they have stolen something knowing full well that some asshole would find a way to use that against them?

  But maybe it would work as a kind of donation system, a delayed Kickstarter, where you just send a tip of appreciation to authors. But it doesn't work like that, either. You would want to send the money to the author of the book you liked, not to the publishing house which essentially owns the book. They would immediately find a way to stop or leech off the money you send like that.

  And final nail in the coffin (quoting ChatGPT here) "Financial systems generally require consent and identification on the recipient side. There’s no standard “send money to this person by name only” system for privacy, fraud, and compliance reasons."

  In conclusion, you pay for "just good enough" and get worse, you are villainized for finding ways to abuse that, even if you don't actually use them and report them for fixing and trying to retroactively fix/pay for your abuse doesn't work either. Meanwhile anything better than "good enough" is altered to be more expensive until it becomes "good enough for what I am paying". Some might call it equilibrium of demand and offer, I call it paying to stay lazy.