Which is very clearly not what I was implying. The really sad thing is reactions like this and people like you.

You forgot the recognized strongest of them all: Stupidity.

Is this a "My freedumbs!!!" thing?

On some (very few) production systems, it is possible to severely restrict root. I have worked in such environments. On debugging a production problem that does not happen in test, you do things like reboot with parameters and a formal exception and a separate 2FA for that. But in most environments that is not something you can realistically do and hence root remains unrestricted.

Indeed. Once you think peak stupid has been reached, something like this comes along.

My take is this will change over the next 10 years or so. Somewhat advanced attacks are now within reach for what used to be script-kiddies because of LLMs. Well-secured environments will be not be impacted much, but the typical ones with half-assed security will be.

I think amateur-hour in software production and system administration is over. I may be subject to wishful thinking here, admittedly.

That one is really not a problem. They want to get their research done. And if they start to hack, they are going to get banned from the very machines they need to do that. One reason why I remind my students that they are subject to quite a few of the same laws as employees are and that on malicious activities they may not only lose their enrollment but may become liable to pay for any and all damage they do.

Most find that quite reasonable. Those that want to hack to learn do it on their own systems or on environments intended to that. The "I am the big hero that can hack all your machines!" type of cretin has fortunately become scarce in academic environments.

Exactly. I mean, actual security experts do not even think the question whether "root" in a container can break out of that container is an interesting question. Actual experts assume it is possible and they are generally correct.

You do not execute code from untrusted sources outside of heavily secured sandboxes made specifically for that purpose, period. There is no reasonable way to secure this in any regular context. That is also why "executable code in non-executable containers" (think word-files, etc.) is and continues to be such a massive problem. As soon as the attacker can run code on your system, they have won (if they are competent).

Also note that what used to be reserved for a medium competency level attacker is now in the hands of all the incompetent ones thanks to LLMs.

Obviously. But we also have a large number of people that cannot deal with any level of complexity beyond "simple problem" -> "simple fix!".

The reality is there are no simple problems with simple fixes left. They have been solved. Everything we are dealing with now is complex. And that means that of 1000 ways to deal with something, 990 will only make things worse. But that is already a complex idea, and hence not accessible to those people.

Incidentally, that is why populist assholes are on the raise globally. They push the simple ideas with the simple fixes and tell people that all others (that actually try to deal with the complexity) are doing it wrong. And the simple minds find themselves comforted and vote for them. This universally has disastrous consequence. It has not worked one single time in human history because it cannot work. But learning from history is also a complex thing, and hence the cycle of self-inflicted decay continues.

My money is on both. The common idiot (and we seem to be dealing with one of those here) thinks that lying about things changes reality. And hence these people try to use lies as a tool to solve problems. Obviously, all that does is make the problems worse.

Basically no real problem is simple these days, because basically all things that are simple to fix have been fixed. But there is a ton of people that cannot deal with complexity and uncertainty. Hence these idiots push that anything is simple because otherwise they would be found shivering in the corner, completely locked up. Obviously, these people have no place in any discussion of actual problems.

Obviously, it will be both. But that idea exceeds the complexity some people can handle.

That statement is not only abysmally stupid, it is _uneducated_. Because iron-deficiency anemia is not "hypothetical" at all and it is a severe problem on the level of not having enough to eat.

Why this person is confident is really simple: "The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt." (Bertrand Russel, ca. 1880)

And in actual reality, effects and causes are usually multiple ones not one simple (or rather simplistic) thing. I get that your mind cannot deal with that level of complexity. That is probably also why you think you are smarter than a lot of scientists that have looked at problems for decades.