Just as there can be appsec truths, there can be appsec laws.
Any sufficiently advanced technology is indistinguishable from magic.
Witchcraft to the ignorant . . . Simple science to the learned.
With those formulations as our departure point, we can now turn towards crypto, browser technologies, and privacy.
The Latinate Lex Cryptobellum:
Any sufficiently advanced cryptographic escrow system is indistinguishable from ROT13.
Or in Leigh Brackett’s formulation:
Cryptographic escrow to the ignorant . . . Simple plaintext to the learned.
A few Laws of Browser Plugins:
Any sufficiently patched Flash is indistinguishable from a critical update.
Any sufficiently patched Java is indistinguishable from Flash.
A few Laws of Browsers:
Any insufficiently patched browser is indistinguishable from malware.
Any sufficiently patched browser remains distinguishable from a privacy-enhancing one.
For what are browsers but thralls to Laws of Ads:
Any sufficiently targeted ad is indistinguishable from chance.
Any sufficiently distinguishable person’s browser has tracking cookies.
Any insufficiently distinguishable person has privacy.
Mike’s Law of Writing on Schedule:
Any sufficiently delivered manuscript is indistinguishable from overdue.
Which leads us to the foundational Zeroth Law of Content:
Any sufficiently popular post is indistinguishable from truth.