It's long been a theory of mine that most of the computer viruses (I think it's actually virii, since 'virus' is from the Latin, not the Greek) are written by anti-virus software providers. Note, if you will, how much trouble all the main providers have whenever a new kind of ransomware comes out, and how long it takes them to respond to the problem. Stuxnet, as well, proved to be a uniquely difficult nut for Symantec et al to crack. By contrast, the virii that do nothing but random harm for no understandable purpose are always handled by near-immediate updates that just require the installation of the appropriate software --- fully paid and licensed to the current version, of course.

With that in mind, I'm a bit suspicious about a couple of recent vulnerabilities that seemed to fall lightly or heavily on the so-called open-systems side of the fence: "Heartbleed" and "Shellshock". They launched on the scene almost as if they had marketing support. Catchy names, big publicity campaigns, a lot of "FUD" bundled on from the beginning. Could either or both originate from computer companies with vested interests in a proprietary-software-centric world?

Nah, that's paranoid. Still, it's worth noting that the Heartbleed vulnerability was more effective in a lab set up to demonstrate the Heartbleed vulnerability than it has been in the real world. And Shellshock? Well, for most of us, that's entirely irrelevant.

Yet it was not always so.

It's interesting to see how the social paradigms of computing have changed in the past thirty years, and to contrast the actual direction of that change to the direction one would guess given the stereotypes of computer users throughout history. In the beginning was the mainframe, and the mainframe was designed to be used 24/7 by dozens, even hundreds, of people. It was critical that those people play nice with each other; failing to do so could cause significant trouble for everyone. Thus the arrival of the suspender-wearing, Dennis-Ritchie-bearded sysadmin, with his iron-fisted control of the mainframe/VAX/Unix system.

The media was in love with personal computers from the moment Steve Jobs made them interesting but the real work was always done on a mainframe. Today, about forty years after the beginning of the PC revolution, real work continues to be done on mainframes. Nearly every major corporation in the world that has actual, tangible products uses a mainframe of some sort. If you really need your computing assets to be secure and accessible, you use a mainframe.

But there are no more mainframe users. Not like there used to be. Today you have endless interfaces to the mainframe, but those interfaces are software-based, from PCs and web clients and the like. Very few people have a "terminal screen" as part of their job nowadays. If you have a mainframe login in the year 2014, chances are you're either a mainframe admin or a piece of software.

The same is increasingly true for UNIX and Linux systems. As the use of such computers ballooned, first with the dominance of the Apache webserver and secondly with the Android operating systems, the number of users per system dwindled. Ten years ago, I owned a webserver that had approximately seventy-five users who logged into a shell or through FTP to build their sites, store files, and communicate. Today, I still have the system, but I am the only user left.

As computing became generic and widespread, the community of computer users grew to include nearly everyone, and very few of those people could be counted upon to behave. The literature of early systems is chock-full of stereotypical physics and astronomy students who demanded extra CPU cycles or space in the most arrogant, autism-spectral manner possible, only to be stopped by the wise men with the suspenders and the relaxed potbellies. Yet when everybody got access to a keyboard and mouse, everybody demanded that they have it all --- all the resources, all the space, all the CPU. They demanded five-thousand-dollar Pentium systems that sat idle twenty-two hours a day, they demanded double monitors that were dark most of the time, they demanded resources based on the worst-case scenario.

As did the programmers, who found it much easier to write code that would swallow a single Windows computer whole than they'd found it to write code that could peacefully coexist on a mainframe. This is particularly true in healthcare IT, where every dipshit insurance provider and state agency and peripheral manufacturer requires that you provide a buffed-out Windows desktop customized to their particular specs.

Meanwhile, the "virtualization" people were busy enabling the above mouth-breathers by turning high-power computers into facsimiles of multiple low-power ones. The "blade system" of today could run a Linux system with power and speed to blow your mind, but instead it's used to run fifty VMWare ESX hosts, all stupid and slow and each one carrying a completely and stupidly redundant copy of the operating system.

Every so often, someone tries to centralize computing again. But the modern attempts at centralization, like VDI (virtual desktops) and the like, still maintain the ridiculous visual fiction that each user has his own computer. Many of them create a virtual computer from scratch when the user logs in then destroy it when the user logs off. Because that makes more sense than expecting people to behave on a shared system.

So we come to Shellshock. With the right script, pretty much every UNIX system in recently memory can instantly be "rooted", which is to say that the user can acquire full control over the system. So I've been talking to my clients and customers. Do you have unprivileged users on the systems? Of course they don't. Today's users connect to a UNIX system through a computer that belongs just to them and which sits idle most of the time. And if they ever log on locally, chances are it's to do "root" work anyway.

So Shellshock doesn't matter. It's a way for individual users to usurp common resources --- but nobody has common resources any more. We insist on our own computing. The so-called normal people who aren't introverted geeks and losers can't be trusted to communicate and share the way the nerds could. Nor can they be trusted to communicate without the monitoring of endless firewalls and security programs and nannies.

Shellshock destroys communities on a computer, but those communities are long gone. Think of it this way: there was once a time that you could kill everyone in a village by chaining the church doors on Sunday morning and burning the place down. You couldn't do it today. Come Sunday, we are all doing our own thing and woe betide the person who suggests we don't. Whether in person or through the terminal window, we no longer permit real community, real closeness, real intimacy, real danger.