A Cult of Fake Security
HAVING just covered HTTP compared to HTTPS (please support both), let's just quickly revisit the fake "security" industry, which got infiltrated by tasteless people and abusive charlatans [1, 2].
Andy wrote many articles about fake "security", including his latest article (it's about electronic voting). Andy lectured in this area and quit his job because they no longer allowed teaching real security. There was also an ethical breach, e.g. universities profiting by training crackers from overseas. It's almost as if there's a coordinated effort to weed out and drive away people who are passionate about security for the users, as opposed to the financial security of companies like Google and Microsoft.
When I studied Computer Science nearly 25 years ago they still taught us the principles of security; they didn't "train" us in JavaScript (which had already existed for years) or asked us to outsource to Microsoft under the guise of "security".
The only way to get back to real security is to get back to Computer Science.
We must learn our tools and study how they work, not some macros and "solutions" like AWS (nothing other than blackboxes for mass surveillance with buzzwords like "confidential" which pacify critics or help clueless managers discourage/suppress/ignore technical critics). █
