This Atlantic piece has a pretty alarming title — The Coming Software Apocalypse — but, well, it’s not entirely wrong.

Thirty years ago, we wrote (mostly) to the bare metal. The whole system was plausibly knowable. Now, software is built on software that’s built on software; it’s turtles all the way down, and it’s impossible to understand the entirety of ANY modern effort — because even if you have perfect knowledge of YOUR code (or your organization’s code), you’re dependent on libraries and systems running below you that are opaque.

If all this was just about controlling your VCR or your favorite Office app, it might not matter as much, but we are insanely cavalier about software quality in places where lives are at stake — in 911 systems, in cars, and especially in avionics. But think also about power plants, or other critical areas of infrastructure. Software quality (avoidance of bugs, from the benign to the catastrophic) and software security (keeping others from exploiting the code) are quite often afterthoughts, if they’re thought of AT ALL.

(Incidentally, this is why most software people stay far, far away from “internet of things” gadgets controlled via apps and the cloud. They’re AWFUL from a security POV. And so is your car, most likely. And so is your so-called SmartTV. At our house, the Samsung isn’t even on the network — we use it as a dumb display panel, because we do not, and should not, trust Samsung’s code.)

The piece goes into some ways we might be able to ameliorate this in the future, and some of the steps are very technical and some honestly involve a bit of magical thinking. But a key aspect is taking these things seriously from the getgo, and not being cavalier about any of them (as, say, Jeep and Toyota have been).

Scientists renamed human genes to stop Microsoft Excel from misreading them as dates.

I swear to god, the most common thing said to an Office product MUST be “goddammit STOP HELPING ME.”

Somehow I missed it — well, not somehow; I know how — but about 2 years ago, Microsoft introduced something they call “Window S Mode” on new non-professional editions of Windows.

If you’re in S mode, you literally cannot install any software that doesn’t come from the (hamstrung, poorly populated, very limited) Microsoft Store. I only ran into this today because we’re trying to get a new consultant up and running on the double, so we dropshipped a consumer grade laptop to him when Dell couldn’t get him a “real” one before December (about which: WTF?), and it came with Windows Home.

The new guy needed some help getting software installed, and so as is our usual approach I got him on a GoToMeeting session intending to use the meeting’s remote control features to get things rolling quickly. Except now GTM kinda of biases its web app, which doesn’t allow remote control.

No problem; I’m used to walking folks through switching to the desktop app, which does support remote control.

Except the steps that usually result in downloading and running the GTM desktop installer kept shunting him into the Windows Store, in which there is no GTM app. WTF?

Oh yeah. S mode.

As an aside, let me say this: I know what they’re doing here. S Mode is an attempt to copy what Apple did several years ago. New Macs ship with an option set so that they’ll only run software from the Mac App Store. Superficially, this is the same, except:

1. On a Mac, changing the setting is dead easy; it’s just an option in the Mac version of the Control Panel. On Windows, you have to follow a much more complex path that requires you to have a sign-in with Microsoft.

2. On a Mac, you can just turn this setting back the other way any time you want. On Windows, it’s a one-way change. You can’t return to S mode later.

So even when Redmond copies, they fuck it up. I mean, I’m supportive of machines coming configured more for Aunt Millie than the likes of me, but the pathway out of this more limited mode has to be much, much more transparent and simple. Don’t get in my fucking way and tell me it’s for my own good. And for the love of Christ don’t do it on a computer where adults are trying to work.

How to remove ham from your disk drive.

Truly, God’s work.

This is a sentence that will make zero sense to most people, and cause jaws to drop for those that understand it: Microsoft will purchase Bethesda for north of $7B.

This is the biggest game deal ever. It means MSFT will now own top-tier properties like Fallout.

The new bill, called the Lawful Access to Encrypted Data Act, essentially outlaws end to end encryption that does not feature a back door, which means it outlaws any secure encryption at all.

It is not possible to create a secure encryption scheme that includes a back door. The existence of the back door means the existence of some sort of master key that will inevitably be leaked and misused. Insisting “but we’ll require a warrant” is cold comfort in light of that, and never mind that the whole warrant process for surveillance has been shown repeatedly to be rife with abuse itself.

This isn’t just about encrypted communication in WhatsApp. This touches every financial transaction online — every payroll deposit, every mortgage payment, every credit card charge. All of these things use secure encryption. And all of them will be made materially weaker and far, far easy to compromise by this bill.

Ars lays it out:

Encryption doesn’t work that way

Providing the sort of backdoor Graham and company keep asking for means, among other things, providing the service provider itself access to “encrypted” data. This, in turn, opens that provider’s customers up to privacy violations from the service provider—or rogue employees of the service provider—themselves, which in turn would break much of the security model of modern cloud services. This would gravely impact not only end consumer privacy but enterprise business security as well.

In recent years, large cloud providers such as Amazon, Microsoft, and Google have made big and successful pushes to convince large businesses to host increasingly confidential business data in their data centers. This is only feasible because of secure encryption using keys inaccessible to the cloud provider itself. Without provider-opaque encryption, those businesses would return to storing critically confidential data only in self-managed and controlled private data centers—increasing cost and decreasing scalability for those businesses.

This, of course, only scratches the surface of the true impact of such a misguided effort. Secure encryption is an already widely available technology, and it doesn’t require massive infrastructure to implement. There is no reason to assume that the very terrorists Graham, Cotton, and Blackburn invoke wouldn’t simply revert to privately managed software without holes poked in it were such a bill to pass.

There’s also no reason to assume that the service providers themselves would be the only ones able to access the critical loopholes LAEDA would require. It’s difficult to imagine that such vulnerabilities would not rapidly become widely known and be exploited by garden-variety criminals, foreign and domestic business espionage units, and foreign nations.

The advocacy group Fight for the Future issued the following statement (also in the Ars article):

Politicians who don’t understand how technology works need to stop introducing legislation like this. It’s embarrassing at this point. Encryption protects our hospitals, airports, and the water treatment facilities our children drink from. Security experts have warned over and over again that weakening encryption or installing back doors will make everyone less safe, not more safe. Full stop. Lawmakers need to reject the Lawful Access to Encrypted Data act along with the EARN IT act. These bills would enable mass government surveillance while doing nothing to make children, or anyone else, any safer.