| ▲ | thewebguyd 6 hours ago |
| > It is the young people that are growing up conditioned to press accept It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy. It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them. |
|
| ▲ | andsoitis 6 hours ago | parent | next [-] |
| > It's like they just assume that everything on the web is trustworthy. > It's not hard to see why though. They grew up with app stores & locked down devices. When we create a safer world, people’s defense mechanisms naturally atrophy or are never developed in the first place. |
| |
| ▲ | thewebguyd 5 hours ago | parent | next [-] | | The problem is, we haven't really created a safer world. We created an illusion of safety by taking away agency. We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught. Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety. | | |
| ▲ | Forgeties79 5 hours ago | parent [-] | | It’s absolutely safer browsing the internet now than it was when I was a kid. Getting a virus or equivalent on your phone is no small feat | | |
| ▲ | autoexec 4 hours ago | parent | next [-] | | It happens all the time, and its as easy as sending a phone a text, or a packet, or escaping a sandbox, but you'll rarely be aware of it when you're infected because unlike the old days where malware would fill your screen with ads or something today they just silently collect your data or use your internet connection for careful port scans or DDoS attacks. NSO Group spyware (or similar) could be on your phone right now. Hell, cellphones these days ship with spyware pre-installed. Samsung being the one of the worst for filling their phones with their own apps which spy on you constantly. | |
| ▲ | tweetle_beetle 4 hours ago | parent | prev | next [-] | | Is it that much different? In the past if you downloaded the wrong file, you could get ads opening constantly, a new toolbar taking over your browser, data scraped and sent off to a mystery server, or have some process maximise your compute. This accounted for most of the risks on the wild west internet, but the worst case scenario of permanently losing data or having to reinstall Windows was actually rarer than it was made out to be imho. These days the common risks are the same, except they're no longer risks - all of those have been built into the fabric of everyday internet usage and criminals have been replaced by businesses. It's like the cliche about Vegas being better when it was run by the mob. | |
| ▲ | asdfman123 4 hours ago | parent | prev [-] | | The late 90s internet was filled with predators, skeeziness, and viruses that would break your computer and require a reformatting. That stuff is still there if you look for it, but it's not on your social media feeds or in any of the apps provided through app stores. |
|
| |
| ▲ | pants2 4 hours ago | parent | prev | next [-] | | When I joined my last job I noticed that their email settings were misconfigured... EVERYTHING was going straight to the inbox, not even the most basic of spam filters were in place. When I got filtering on observe-only mode I saw users were getting up to a dozen phishing emails every day. We quickly did a hard simulated phishing test and most users opened the email but zero users clicked through. Two years later, after we had excellent email filtering in place, our simulated phishing test had a 30% fail rate. Take from that what you will! | | |
| ▲ | mixmastamyk 2 hours ago | parent [-] | | Immune system exercise, interesting point. At least you’ve kept up the checks. |
| |
| ▲ | robotguy 5 hours ago | parent | prev [-] | | That's the philosophy behind Safety Third. | | |
| ▲ | lexszero_ 4 hours ago | parent [-] | | Just curious, what come first and second in this use of the phrase applied to computer security? I came to know the expression from fire circus performance and adjacent circles, where first and second are safety of the audience and the venue, and third is your own. I use it often when I'm about to knowingly do something sketchy or potentially dangerous without applying safety practices required "by the book", acknowledging the present danger to myself and accepting the risk. I never saw it used in infosec context. | | |
| ▲ | thewebguyd 4 hours ago | parent [-] | | Interesting, I haven't heard of safety third from circus circles, I've always known it as more along the liens of if safety were actually the number one priority, no one would actually do anything because it's too risky. In terms of cybersecurity, I see it as "security first" culture means people rely on the system to keep them safe. "Safety third" (or security third) emphasizes that everyone should already know they are operating in a risky and dangerous environment and take security as a personal responsibility. It's just a reminder that no one cares about your life more than you do, so stay vigilant and take personal responsibility. edit just realized I didn't actually answer your question on the first and second priorities. I suppose First would be the reason the system exists in the first place (buy something online, for example). Second would be the user experience of doing the thing. Security should help you take calculated risks rather than prevent you from taking any risks at all. |
|
|
|
|
| ▲ | darknavi 6 hours ago | parent | prev | next [-] |
| Maybe we should make young learners in primary school use "infected" Windows XP so they can dodge spam popups and learn what and what not to click. |
| |
| ▲ | whywhywhywhy 6 hours ago | parent | next [-] | | They'd just click it away every time, when my nephew got a gaming laptop he'd play mindcraft and the windows sticky keys popup would be firing constantly must have seen him dismiss it 15 times before I offered to show him how to get rid of it. | |
| ▲ | thewebguyd 6 hours ago | parent | prev [-] | | Growing up I had a "computing" class in high school. It's where I learned to type, but also learned the basics of using both macOS(9 at the time) and Windows. It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful. It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home. Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38). |
|
|
| ▲ | chrisjj 5 hours ago | parent | prev | next [-] |
| > They grew up with app stores & locked down devices. No concept of a file or file system I think almost every Android user has thise concepts. But on the trustworthy web assumption, I agree. The only effective remedy is a personal calamity. |
| |
| ▲ | tuetuopay 3 hours ago | parent [-] | | Are you really exposed to those concepts for daily Zoomer usage? I mean, you can spend your whole normie life using an Android phone never going to the file manager. (fwiw it's been a while since iOS also have those concepts) |
|
|
| ▲ | RGamma 5 hours ago | parent | prev | next [-] |
| People are also struggling to think about what is computed or stored where or what different wireless interfaces do. Imagine what sort of data people enter into LLMs! |
| |
|
| ▲ | SkyBelow 2 hours ago | parent | prev | next [-] |
| In some sort of weird sense, it makes me appreciate the 'free armor trimming', 'alt F4 helps block attacks in pvp', and similar people in RuneScape. It gave young me a very low stakes environment to learn about scams, losing only what amounts to a little bit of my time. I wonder if there is an argument that we should encourage a certain level of scamming in video games just for the lessons it teaches at low cost? Alas, this isn't generalizable to society at large. |
|
| ▲ | adventured 6 hours ago | parent | prev [-] |
| That's an exaggeration. Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them. They grew up using Chromebooks or laptops in school, constantly interacting with the local file systems, uploading files to Instagram and TikTok from the file systems on their smartphones, browsing their phones for files constantly. They know what a file is, they use & manage files more than any other generation prior. No other prior generation comes close. Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago. In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low. Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day. |
| |
| ▲ | asr 6 hours ago | parent | next [-] | | I use lights every day, but I know way less about electricity than my grandparents, two of whom who could remember when their town was electrified as children and who therefore treated it as the marvel it truly is. And also because we've worked out a ton of bugs in electricity and it often just works. My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore. | | |
| ▲ | blackcatsec 5 hours ago | parent [-] | | Or in your scenario, understand the concept of 8.3 file names and why they existed, and when they were removed, and how :P | | |
| |
| ▲ | raw_anon_1111 6 hours ago | parent | prev | next [-] | | You don’t upload a “file” in a “folder” to TikTok. You upload a “video” from your “library”. Consumers have been conditioned to stop thinking about files especially when it comes to media since iTunes and the iPod in 2001. | | |
| ▲ | esseph 5 hours ago | parent [-] | | > files especially when it comes to media since iTunes and the iPod in 2001 As a non-Apple user, this is not something that happened to me. I literally have a "Files" app on my Android phone and my laptop/desktop. | | |
| ▲ | integralid 4 hours ago | parent | next [-] | | As a technical person, who only ever used Android, I have no idea how files really work on my phone. I even used adb a few times but still. From my PoV there are no "files", just photos, videos, screenshots, downloads, application data, applications and system data - all completely different kinds of data. In my files app i see "downloads" "images", "videos", "apps", "starred", "safe folder". In "images" i see pictures tagged "downloads", "camera", "DCIM", "screenshots" and one odd "2024-12-03_description_here" that I clearly names myself but don't remember doing that. I have no clue how that maps to a physical phone filesystem, even though I know it's there. I'm sure teenagers don't know that too. | |
| ▲ | raw_anon_1111 5 hours ago | parent | prev | next [-] | | Right as an Android user you don’t have a separate photo library where pictures go to? (yes I know this isn’t true). Yes there has been a Files app on iOS devices for well over a decade | | | |
| ▲ | GuinansEyebrows 3 hours ago | parent | prev | next [-] | | That's what the file browser is called on iOS as well :) | |
| ▲ | jen20 5 hours ago | parent | prev [-] | | Both iPhone and iPad have an app named "Files" too. | | |
| ▲ | dexterdog 4 hours ago | parent | next [-] | | But it gives you access to almost none of your actual files | | |
| ▲ | raw_anon_1111 3 hours ago | parent [-] | | So exactly which of “your actual files” do you need access to? | | |
| ▲ | alpaca128 3 hours ago | parent [-] | | The Files app cannot access images in the Photos app or music in the Music app. The only way to add music to the Music app is to copy the files onto the iPhone from a computer. You can however install VLC player and copy the files into the VLC folder. I guess VLC player is more trustworthy than Apple Music considering it's less isolated. Or Apple really wants you to pay the Music subscription, who knows. Want to give another app access to these files? You'll have to duplicate them, using up more storage space. I get that it's supposedly about security, but this is not the only secure way. It is however the most convenient secure way for Apple, as now the only simple method of backing up and syncing files through all those isolated containers is iCloud. | | |
| ▲ | raw_anon_1111 2 hours ago | parent [-] | | That’s a fair point. I was expecting the typical HN geek answer that you can’t access system files on iOS and you don’t have root access |
|
|
| |
| ▲ | 5 hours ago | parent | prev [-] | | [deleted] |
|
|
| |
| ▲ | amluto 5 hours ago | parent | prev | next [-] | | > They grew up using Chromebooks … in school, constantly interacting with the local file systems While it is possible to interact with the local file system on a school Chromebook, it’s certainly not the default. School interactions with Chromebooks seem to consist of logging with highly secure passwords like “strawberry” and using Google Docs. And playing games with heavy PvP components and paid DLC (paid by parents whose kids beg for it, not by schools) that call themselves “educational” because they interject math problems needed to use those juicy spells, make no effort whatsoever to teach anything, but produce a nicely formatted report correlating scores to numbered elements of the Common Core standards. | |
| ▲ | morleytj 6 hours ago | parent | prev | next [-] | | There may be some demographic groups located between people who were young during the 1980s and people who are young during the 2020s, time periods which are 40 years apart. | |
| ▲ | arvid-lind 6 hours ago | parent | prev | next [-] | | Maybe they do more intuitively think of things as virtual objects, but it seems like the issue is they don't have a deeper understanding of how the mechanisms behind the abstractions work and can easily get fooled into accepting terms they wouldn't if they properly understood. | | |
| ▲ | thewebguyd 5 hours ago | parent [-] | | > easily get fooled into accepting terms they wouldn't if they properly understood. And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage? Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage. |
| |
| ▲ | zahlman 3 hours ago | parent | prev | next [-] | | > Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them. They grew up using Chromebooks or laptops in school, constantly interacting with the local file systems, uploading files to Instagram and TikTok from the file systems on their smartphones, browsing their phones for files constantly. They know what a file is, they use & manage files more than any other generation prior. This argument is like saying you understand nutrition because you eat food every day and haven't died yet. | |
| ▲ | thewebguyd 6 hours ago | parent | prev | next [-] | | And yet, it's the generation that struggles the most with managing files on their work laptops and on SMB shares. They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app. High adoption doesn't equate to high literacy. | | |
| ▲ | c0balt 5 hours ago | parent [-] | | > Ask them how to copy it somewhere else To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions. The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform. (This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it) | | |
| ▲ | thewebguyd 5 hours ago | parent | next [-] | | True, it's all abstracted away and you don't even get access, but that's part of the problem. We (the industry) are teaching people that proprietary formats inside of app silos are the only way to store your data, making the default state being no control over your own stuff. Note taking apps are a prime example of this, using a proprietary localdb for notes, inside of app storage you can't access, forcing you to transact with your own data exclusively through the app (and whatever subscriptions or upcharges that come with it). We've trained out the idea that these could just be local text files in a directory you can access and do with what you want. I've watched discussions around open file formats fade away into obscurity along with the rise of mobile, and now we have to fight on whether we should be so graciously allowed to install software on the devices we own or not. Not everyone needs to be a computer science student, but some basic level of curiosity or education around how tech works should be required in school, at the very least a warning message of "Your data isn't safe if it's not under your control." | | |
| ▲ | theshackleford 2 minutes ago | parent [-] | | > We've trained out the idea that these could just be local text files in a directory you can access and do with what you want. But have you considered that a meaningful number of users actually want functionality that plain text simply can’t provide? I understand files and file systems, I’ve worked in IT for decades, mostly in open source. I still choose a non plaintext note solution because it delivers capabilities that plain text cannot, especially across devices. As long as the data can be exported to open formats, why would I voluntarily limit the value and functionality my tools can provide? |
| |
| ▲ | GJim 5 hours ago | parent | prev | next [-] | | > To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions. That's exactly the point! The file system is hidden from modern users. Kids brought up on this now have no idea or concept of where their data resides. | |
| ▲ | blackcatsec 5 hours ago | parent | prev | next [-] | | I mean on iOS you do have a raw home storage path you can save arbitrary binary data stuff to, although Apple generally just has the option of "Save to Files"--but you have at least some basic folder structure there you can use and have full access to. It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware) | | | |
| ▲ | mftrhu 5 hours ago | parent | prev [-] | | That's exactly the problem. Digital natives have, by and large, grown up with computing devices which try their best to be the opposite of general-purpose: their skills are siloed to the few apps they rely on, and e.g. files, keyboard shortcuts, the command prompt are not part of the "API" they learned. |
|
| |
| ▲ | mhurron 5 hours ago | parent | prev | next [-] | | > drastically greater understanding of what a file No, they do not. First, simply using something does not mean you understand it at all. Secondly, because the devices they've become the most accustomed to work very hard to hide all those details from the user. | |
| ▲ | maverick74 4 hours ago | parent | prev | next [-] | | > Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them. I totally disagree!!!
Yes, everyone works with computer, phone, tablet, whatever, nowdays! But does generation z "knows" about what a computer is? Absolutely not!!! While tech has advanced and graduated IT personal know more than previous generations (obviously!), all the rest, while they do know how to do their jobs, they know nothing about computers!!! They are pretty much like everyone else that didn't know what a computer was in generations x and previous!!! However, contrary to previous generations, because they do interact with the tech, they represent a higher security risc for them and for others! ... Because they know nothing about it!!! It's like giving a box of matches to a neanderthal in the middle of the woods... Almost everyone in the "Gen x and previous" that interacted with the tech, did know what they were doing (past the initial learning phase)!!! This does not happen after gen x! | | |
| ▲ | thewebguyd 4 hours ago | parent [-] | | I agree, but I'd push that to anyone after millennials rather than gen x. I was born in '87 (Millennial) and our generation was the last one to bridge the analog->digital divide, having grew up in both worlds, I think it gave us a kind of unique understanding and relationship with tech that younger folks don't have. |
| |
| ▲ | Terr_ 3 hours ago | parent | prev | next [-] | | To disagree and recycle some past writing: > Yeah, I have a particular rant about this with respect to older generations believing "kids these days know computers." [...] they mistake confidence for competence, and the younger consumers are more confident poking around because they grew up with superior idiot-proofing. The better results are because they dare to fiddle until it works, not because they know what's wrong. | |
| ▲ | mftrhu 5 hours ago | parent | prev | next [-] | | > They know what a file is, they use & manage files more than any other generation prior. Unfortunately, they don't. They might have had a computer in their hand for hours each day, but they barely know anything about it. The ones who do tend to be those who grew up playing on PC, as opposed to console or mobile, because the latter - despite falling under the "digital natives" aegis - are really shockingly ignorant of even basic concepts. | |
| ▲ | fragmede 6 hours ago | parent | prev [-] | | That's also a stereotype. Gen Z (born 1997 to 2012) is roughly 2 billion people. Among them are the technorati, and the tech literate. The influencers and the influenced. It's fair to compare what was available to them growing up, vs yourself (I learned to program before there was Google), but it's hard to say things that are going to be universally true across that many humans that are interesting. Most of them will have two arms and two legs but will most be able to navigate /etc/systemd/user/? Can't say. |
|
