Fragile Software

On my personal computer I use a somewhat unusual suite of software. Right now my operating system of choice is OpenBSD, and lately I've been using a degoogled chromium fork for browsing the web.

Almost all websites work fine (because why wouldn't they?) and the few issues I run into are because the website or web app I'm trying to use deliberately blocks me. Cloudflare notably does this with its anti-scraper checkbox ("Verifying you are human. This may take a few seconds") which spins indefinitely when I check the box; and I've also been unable to use Slack for similar reasons.

Slack makes it clear that they block older browsers: Slack support lifecycle for operating systems etc. etc. etc.

When a web browser is no longer supported you'll be BLOCKED [emphasis added] from using Slack in the browser, signing in, creating new workspaces, and managing settings for your workspace or Enterprise Grid organization. You can continue these activities by upgrading to a supported browser.

While I don't know their true reason for doing this, it's absurd. Cloudflare seems to do something similar with their anti-scraper measures, and in a way it's worse, because almost every website (even on the "indieweb") uses Cloudflare these days. This allows Cloudflare to surveil and control access to most of the internet. So much for decentralization!

I think a harmful and poorly conceived notion of "safety" has spread among software developers over the past several years[^1]. It can be described as over-validating and introducing encumbrances to create an illusion of safety: creating software that's fragile, prone to fail when its inputs aren't 100% as expected. An example is 2-factor authentication, or 2FA. It makes the login process more secure, but also more delicate. Suppose you get your 2FA codes from a smartphone. What if your phone runs out of battery, or you're locked out, or it was stolen, or you forgot it at home? This is exacerbated by the fact that developers incorporate 2FA where that level of security is unnecessary, perhaps out of a misguided impulse to do things "the right way".

Making software more fragile is one way to secure it, but this inconveniences the user and reduces the software's reliability. Instead, software should be robust, capable of enduring a variety of mildly off-nominal conditions while still executing its function.

Another cause of this problem is the tyranny of the majority. If 99% of users have an up-to-date browser and use a more "normal" operating system like Windows, Mac OS, or Linux, then you can get away with sloppy security practices that block out the remaining 1% of users. Oh, you use a niche privacy-focused OS or a forked browser? Too bad. Why can't you just be normal like everyone else?

[^1] Related is a similar meme of overengineering, where people use fancy solutions like Nix, Rust, Anaconda, and Docker, and a thousand other pieces of bloated infrastructure, when they aren't actually necessary.