On technological illiteracy

Just recently, my dad asked me how to view a file that someone had shared with him through e-mail, some project documents from a colleague. Upon viewing the e-mail it became obvious to me, that not only would he not be able to view this file, but also the other person who sent it really didn't understand how to do so properly.

There was a link embedded within the e-mail, which essentially read like the following:

Link text: F:/some/really/long/path/where/you/find/the-document.docx
Actual link URL: file:///their.company.lv/their-file-sharing-server/some/really/long/path/where/you/find/the-document.docx

Now, i might not necessarily recall the URL down to the last detail, but it should also become apparent to most that are reading this, what had happened: he had been given a link to that other person's local drive, which mapped to a network share (probably) on their company servers, which wasn't publicly accessible to people outside of their network/workgroup/whatever.

So that other person had looked at the file path in their Explorer, had decided to just copy it inside of an e-mail and expected my dad to be able to connect to and read it, which simply isn't the case. And, on the other side of it all, my dad didn't quite understand what was up with that link and why it didn't open, instead asking me to "fix" it.

That got me thinking about the problem of technological illiteracy and its implications.

It's a multi faceted problem

Now, i'm not someone with too deep of an understanding of how computers work. Sure, i develop software as my career. I got both my Bachelor's and Master's degrees in computer science. I run my own homelab and my own little cloud. I also do a bit of programming in the evenings and weekends, as well as am the "go to person" in my current company - doing everything from DevOps stuff, as well as development, mentoring and so on... And yet, i don't know everything that there is to know about networking.

Nor should most people. But it feels to me that perhaps we're missing out on teaching people about the building blocks of computing.

shrug

The people who were taught to use computers in the school, were taught so at a pretty basic level: essentially "Here's a computer, here's the mouse, the keyboard, the monitor and the rest of it. Here's a vague description of how to use some of the more common software on it and browse the web. If you want to learn about protecting yourself against some of the bad actors out there, just listen to warnings on the news without really understanding that much about it." In my eyes, that's where things go wrong. Being taught about what a computer is isn't enough, nor is teaching people to use some of the more common pieces of software in a step-by-step based approach, while making wild leaps over some of the basics.

I'd argue that people should be taught about how web applications work (due to their prevalence), be given a very high level overview of encryption, as well as should be able to tell the difference between a local application, a web application, static/dynamic web content and why they can't always just drag files over from the browser window into their file system using the "Save As" option to preserve webpages for later, or vice versa, by sharing local file paths with someone online. You can't do that without teaching people the very basics of networking and how programs work on a computer. You can't expect people to be competent in regards to a technology that they've no understanding of at a lower level. You don't need to know everything like the back of your hand, but a general understanding of the principles is definitely needed.

simplified web app architecture

Imagine me getting into a car, being taught how to drive in the way that people typically are, and then later having the brilliant idea of downshifting from the 5th gear down to the 1nd gear while going at a speed that's so high that it will definitely mess with the drivetrain and the engine. If i only have been taught some road traffic rules and how the pedals and gear shifter works, it might even seem like it makes sense to me - if i want to go slower, i should just shift down, right? And that's the exact kind of missing knowledge that, whilst being in the zone of proximal development, is dangerous. In case you want to see what that looks like for the car example, here's a YouTube video. And yet, that's the equivalent of what happens when people with only a basic understanding of computers or other computing devices attempt to use them in their daily life, something that's simply inexcusable when our society depends on these devices to function.

Yet, at the same time, as i already said, we can't just point a finger at the people and say that it's their fault for not being able to effectively use computers, or even worse, getting scammed out of their money.

Computers aren't intuitive for humans

Computers should be made for humans. If my dad wants to save a webpage, he should be able to drag it over to the file system and be done with it. If he wants to install an application, he should be able to just drag a binary into a folder and expect it to work (like the older Macs did, or how AppImage works). If he sees some text, he should be able to copy it, instead of realizing that it's just an image or a PDF of a scanned paper document with no OCR. If a link offers him to download a PDF, there should be mechanisms in place that he ends up with said PDF, instead of totally-not-a-virus.pdf.exe. If someone wants to share a file with another person, there should be proper methods to do that, or even just sanity checks that would say: "Hey, it looks like you're attempting to share a local file". If Mozilla Thunderbird could intercept you trying to share attachments directly and can offer its own solution, Mozilla Send, then most other software should be similarly helpful.

But that's not the objective reality that we live in.

Computers weren't made for humans. At least not your everyday Joe. Instead computers have an accumulated 4 or 5 decades of bad technical decisions and leaky abstractions stacked atop of another, to the point where this legacy is so huge that we'll never escape its clutches for a fear of breaking compatibility and getting huge amounts of hate mail by disgruntled users.

Just look at the state of e-mail servers for example: now you have SPF, DKIM and DMARC, all that attempt to do the same general thing ("make e-mails safer"), while introducing more and more cruft, and at the end of the day you still need something like ClamAV or another solution to filter the actual contents of the mail. And even then, if your mail server has all of that, your mail can still be filtered out and dropped or moved to a spam folder because the IP address that you're using doesn't live up to the standards of large corporations that don't care about you.

how email security should be explained

(image shamelessly stolen from the Internet, but serves as a lovely illustration of how to better give a rough overview of overcompicated technologies)

Look at how encryption works and how messed up deploying even simple SSL/TLS can be for a web server - Apache2 needs an intermediate certificate as a separate file (and don't you tell me that that's not the case, because i just tested it today without it and it broke), whereas Nginx doesn't and expects you to concatenate all of the .crt files into one. Except that now that's a lie and recent versions of Apache2 have deprecated that argument and now it's supposed to be more like Nginx. And yet, the link from the answer that i just shared is now also dead and searching for it online only leads to private blogs and such, without first party documentation being available on the subject, as if this very simple thing is not a valid use case. Furthermore, why is Apache2 called that on DEB systems, but httpd on RPM ones? Oh, and look at the overcomplication with all of the formats: .pem, .key, .crt, .p12, .jks, .pfx and so on. Worse yet, the contents of the files actually don't tell you what you're looking at and receiving something like "the_new_ssl_file" in the mail will tell you nothing about it, because it's not like we expect them to have consistent extensions, or even demand it, as an industry. And don't get me started on getting the certification chains right!

cert article example

(if your article starts like this, you know that you're in for quite the ride, are dealing with legacy technologies, or both)

I'd like to posit that one's ability to deal with technology are not only decided by their training or intelligence, but also by their patience of wading through unhelpful information - nowadays it feels like you need to know numerous things that aren't readily and simply explained to you in any capacity whatsoever to do anything. It doesn't matter if you're a software engineer, or just someone trying to get their graphics tablet working on Linux, you'll need to wade through dozens of pages of dated and rotting information to do what you need to, if you don't just decide to give up somewhere along the way.

I most certainly have given up in the past: for example, my Polish but actually rebranded Chinese netbook (not the exact model but close, i had an older one) still doesn't have a working fingerprint scanner to this day. The Wi-Fi drivers didn't work at first and there was no ethernet port, so i had to find a Linux distro that had GCC included out of the box (since of course i cannot just get one fat .deb or .rpm with all of the dependencies that i need to install GCC from another computer with a single command for an air gapped install), so i'd be able to dig through GitHub repos to find working drivers. And then i realized that no matter what i do the fingerprint scanner wasn't detected in any way whatsoever. Maybe it's faulty, or maybe the kernel just doesn't support that particular make - even finding out as much proved to be too great a test of my patience, as opposed to a GUI app like Device Manager that would tell me what's up. Of course, the laptop only had drivers for Windows, but that wasn't an option because when you have 4 GB to work with and 32 GB of storage, you really don't get to use Windows and expect your device to perform well (hey, i needed something to take notes and i'm also poor).

affordable netbook

It's not that computers aren't just intuitive, they're also oftentimes unhelpful or even actively hostile! And yet, this has longer term implications that we cannot ignore.

The implications of technological illiteracy

What happens when there are more and more of these uncomfortable situations that compound and eventually make our pace of everyday life and getting things done slow down to a crawl? What happens when you want to pay your taxes, go to the tax site, yet cannot do so because the site is down, yet you don't really understand who to call? What about situations when things will break and no one else will be there to report these problems to the appropriate parties on your behalf?

My dad recently realized that the e-mail server from one of the companies that employed him (which may or may not be defunct, but the e-mail server of which was still used for some stupid reason) had ceased to exist. And he couldn't find out who to contact, at most just finding the server hosting company - a situation that should have had a long line of red flags that should have alerted anyone somewhere along the way that it's time to export the data and move along. Of course, trying to get him to use a mail client that downloads everything and keeps everything up to date is also useless, because he doesn't quite understand the difference between a web application that has a server somewhere and having stuff stored on his computer (even if i've attempted to calmly explain this about 6 or 7 times).

Of course, there was also a case where he bought a GPS tracker to attach to the collar of our dogs and to locate them during hunting, or if they get lost or something. And when the application showed "Connection Error" he asked me whether the problem lies with the phone or the tracker. When i told him that there's a server that he connects to, as evidenced by the URL, username and password (that was 123456, by the way, something that cannot be changed due to how that particular Chinese company chooses to operate), he was disgruntled. Nor did he seem to understand the difference between using something like MMS or GSM to send pictures from a trail camera, even less so when there was e-mail involved - a setup that i got shouted at numerous times for it breaking down due to a variety of complex and stupid reasons.

If this does sound like a rant, that's because it definitely is one: there are problems on all sides of this, people developing operating systems and code that is hard to use, people not being taught how to use them, yet almost being able to cover typical use cases and coast along until they run into situations that they're unprepared for. At this point, i'm not sure whether i should laugh or cry, though i suggest that you have a brief glance at that presentation, as well as this article, which provides an insight into the state of things.

And this is only funny and humorous while you're not dealing with things that will cause great monetary losses to people, or affect their healthcare. Just look at the Latvian "E-Health" system, which has so far wasted 15 million euros of tax payer money and still doesn't work. And no one is in jail over it. Worse yet, they'll create a new one, probably without having to learnt much about how to avoid another well paid disaster. Where's my public post mortem of the project, government? Where's the official investigation that gives us a day by day timeline of the failure?

e-health disaster

So, what are we to do? I don't think that there's an easy answer, but i'd definitely like to call everyone reading this to action: learn as much as you can about how technologies work and don't just "go with the flow", especially when money is involved. You might not prevent others from writing bad code, or other people from being scammed out of their money by bad actors, or even prevent people from not following the 3-2-1 rule of backups, but you may at least look after yourself!