ANYthing that reduces costs, enhances productivity, or makes life easier is a "fraud enabler."
Cell phone SIMs are the "Encryption Castle", really? From a practical perspective, they are essentially plaintext, since everything gets fully decrypted at each hop.
Maybe I will start calling my previous car a "Dining Palace" in honor of the epic glorious time that I once ate a chili dog while driving, shifting and making a left turn (alas, this was before I had a cell phone) without getting any chili on my shirt.
If a breach happens, just change your medical history.
The hacker community is primarily a male dominated space, therefore it must be hostile and problematic, shitlord!
Perhaps we should start marketing the term "hackette", and include a pen-test ISO image with every Barbie Thumb Drive.
Seems to be the desperate approach in CS-land.
Those Barbie thumb drives already have them. Not my fault you haven't discovered it yet.
Go work for a contractor. Get to know the feds. Then your resume magically moves to the top in usajobs.gov.
Rubber hoses are weak. You never get threatened with a rubber hose or a $5 wrench, without knowing it happened and your enemy revealing himself. It takes irrevocable commitment and admission of guilt on their part, and therefore risk of consequences, to take things to that level.
When they bring that stuff out, comply. Sing like a bird. They get the data they want, and then you call the media and your lawyer (or the cops, if your adversary with the hose/wrench doesn't happen to be the cops), and the TRUE bitchslapping (to whatever degree is possible, at least) may then commence.
Crypto is good. Sure, you can still find some bad things within that scenario: your privacy was still violated rather than protected. Maybe they're going to "disappear" you so that you never get to tell anyone about the threat or torture. Maybe they're going to torture you anyway after you give up your keys. But all those possibilities also exist in the plaintext scenario too! If they want to murder you, they'll do it. If they want to torture you, they'll do it. Psychopaths are going to do whatever they're going to to. But they slip up and get caught sometimes, and if you confront them with crypto, there's also the chance they'll do what many other criminals usually do: pick an easier target.
So, should any developer know this? That is debatable. I've had very competent developers who had next to no clue about how DNS works. They could do their job just fine with that. Me? Personally, I'm not up to snuff with the finer points of SQL queries and all the joins that exists and when it makes sense to create an index, etc. Could I find out? Most likely, but I haven't had the need to recently.
The problem is, that you are mapping your knowlegde to "what people must know". I used to do that too, and I probably still do often enough. The DNS example above didn't come from nowhere: I had the case, and I was really thinking "how could such a competent person not know this", but then this person could probably enlighten me about dozens of things I don't know well enough.
It all comes down to what you define as "general knowgledge" for a developer should be and that is highly subjective.
TL;DR Hiring people is hard. Especially, technical people.
The bug doesn't happen in that context:
root@minimal:~# ssh root@othermachine "dd if=/dev/vg0/remote-lv" | dd of=/dev/xvdb1
root@hammerhead's password:
31457280+0 records in
31457280+0 records out
16106127360 bytes (16 GB) copied, 2156,62 s, 7,5 MB/s
31457280+0 records in
31457280+0 records out
16106127360 bytes (16 GB) copied, 2164.91 s, 7.4 MB/s
root@minimal:~# uname -a
Linux minimal 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64 GNU/Linux
Of course, the situation is not exactly the same in a virtualized environment.
The hardest part of climbing the ladder of success is getting through the crowd at the bottom.