The low calorie, high fibre, high calcium, tech geeks don't have any time cookbook: Sermon - TLIS - 2.1.5

Sermon - TLIS - 2.1.5 - Citizen Programming

2 Kings 19:22

Who is it you have ridiculed and blasphemed? Against whom have you raised your voice and lifted your eyes in pride? Against the Holy One of Israel!

Job 20:6

Though the pride of the godless person reaches to the heavens and his head touches the clouds

Psalm 10:4

In his pride the wicked man does not seek him; in all his thoughts there is no room for God.

It is hard to explain to the uninitiated the very idea of "citizen programming," let alone its dangerous ramifications. (It is also difficult to explain why it is here in access control rather than in application security later on.)

Citizen programming is the term given to programs written by amateurs without any formal training in programming or application development. Both the term and the reality of the problem came to fruition with the production of the Lotus 1-2-3 spreadsheet program. Lotus 1-2-3 provided macros which allowed for those who understood accounting to create complicated formulas and processes in relatively simple forms, without requiring them to actually learn formal programming languages. This doesn't sound like a problem. It sounds like a very useful tool, and it is. However, the functionality provided in Lotus 1-2-3 and subsequent spreadsheet programs allowed people to create enormous utilities, which were very useful, but which, without being formally reviewed for their reliability, came to be very important to the companies in which they were implemented. Thus, the companies were relying on completely untested software, sometimes for extremely important business processes.

We have come a long way since Lotus 1-2-3. Most of you do not know what Lotus 1-2-3 is because it was superseded fairly soon after by Microsoft's Excel. Excel came to be part of the Microsoft Office suite of applications, and all the applications in Microsoft Office started to use a common set of macros. These macros eventually were so powerful that they were able to create email computer viruses that spread around the world in a matter of minutes.

We have created ever more powerful utilities and handed them to users who do not know how powerful they are. It was bad enough with spreadsheets, but now we are handing them the power of artificial intelligence. Not just handing them the power, but encouraging them to use it, sometimes even demanding that they use artificial intelligence, for any and all purposes. Recently, a series of articles in the Manchester Guardian has suggested different things that you can do with artificial intelligence. All of them were rather profoundly silly. And we are flooding social media with artificially created AI slop. As Alan Kay said, "Any medium powerful enough to extend man's reach is powerful enough to topple his world."

We have systems, procedures, and life cycles that truck through the development process. We have formal and semi-formal methods to make sure that software is secure and reliable. However, these processes and procedures are only taught in formal classes on programming and application development. Citizen programmers don't take these courses. Citizen programmers don't know either the importance of making sure that their software is reliable, nor how to do it.

The line between a citizen programmer and a hacker is a fairly fine one. Basically, it turns on the level of knowledge. A citizen programmer and a novice hacker may have about the same level of knowledge. And the knowledge, in either case, may be just as fragmentary. In other words, important pieces tend to be missing.

This is not to say that citizen programmers cannot create amazingly useful utilities. Often they are people who are closer to the actual operations of the business then the IT or development department. The citizen programmer probably has a much better understanding of what people, at the front line, need to do their job. They know what information the front line workers have, and they know what information the front line workers may find difficult to obtain. They also know that permission to access certain information, or certain systems, may be difficult for the front line workers. In other words, in terms of human factors engineering, the citizen programmer may have it all over the actual developer or programmer. But the citizen programmer doesn't understand all the ins and outs of all the systems in the entire company, nor how certain misinformation might create a major problem for important databases within the company.

So we give citizen programmers access to amazing computerized and automated tools. And with these tools, the citizen programmers, working on an ad hoc and as needed basis, sometimes create astoundingly useful programs an applications for the company. So useful, that often these programs and utilities spread throughout the company, and become a necessary part of the business. Without ever having been checked to see if they are secure or reliable.

And the first time the company finds out just how important this utility is to them is when somebody uses it and it produces an answer which costs and destroys ten percent of the company's total capitalization. Nobody is going to be very happy about that.

We are encouraging anyone with a computer and a credit card to use enormously powerful tools to create ... well, anything they want to. Maybe they will create another Tower of Babel.

You remember what happened at the Tower of Babel, don't you?

Starting to turn to the Christian life, let's look at the Tower of Babel story. This is a story which many sermons seemed to indicate represents the sin of pride. Men were proud, and decided that they could build a tower which would reach the heavens. And God decided to do something about that.

Turning more directly to the Christian life, you probably have some theologians in your church. They are frequently among the super Christians. You know, the people who know all the right answers. When you call out "how are we saved," they immediately reply back "by faith through grace." When you call out "and how are we not saved" they call back immediately "through works." And when you call out "why not?" They call back "lest any man should boast!"

You know the ones.

The thing is, these people are the ones who are particularly useful to you. They *do* know all the answers. They have the catechism memorized. They have the liturgy memorized. They don't need the hymnbook, unless they are singing parts in the old hymns.

So they are useful. You can always call upon them for pulpit relief. You can always call upon them for Sunday school lessons. You can always call upon them to lead a Bible study. You can always call upon them to eat a new Christians group. They will have all the answers.

And they may have a few additional answers.

They have studied the Bible. They have really delved into it. Particularly the obscure parts. For example that passage in the Second Book of Hesitations, that puts a whole new spin on the nature of God. And, now that they know it, that's what they are teaching in the pulpit relief sermons, while you're away, and in the Bible studies, and in the youth group, and in the new Christians group.

You remember the tower of Babel? Still thinking of that? Still keeping it in mind?

Now I have to be careful here because I have, elsewhere, noted that this kind of heresy is fairly rare. As I have said, these are usually the super Christians. They know all the answers. In addition to knowing all the right answers, generally speaking they know all the heresies. And heresies, contrary to the firm belief of the heretics, are seldom new ideas. They tend to be the old ones recycled again. One of the extremely effective ways of dealing with heretics of this type is to study the heresies. Study them thoroughly. Know the names. Know why the church decided against them. And then when somebody, bubbling with newfound enthusiasm for some idea that they think nobody has ever had before, comes rushing up to you and explains it, you can say oh, yeah, the Marionites. Yeah, we haven't really heard about them since well about 1700 years ago. And then casually throw in what the Council of Stratford upon Naples had to say about them, and why they were wrong. It's possibly a little bit cruel, and you will notice that it tends to deflate the new enthusiast pretty sharply. But, fortunately, pretty effectively.

You can't argue with a true believer. You have to, carefully and casually, note that this idea has been raised before, and why the church barred it from orthodoxy.

If that doesn't work, you might try suggesting that this person who has found a new interpretation of scripture hidden in a dark corner, read the Bible. The whole Bible. Sometimes you can suggest it under the guise of ensuring that the interpretation that they have found is, in fact, supported by the rest of scripture, rather than being contradicted. As a matter of fact this is a very good way to approach it, and legitimately so. If somebody thinks that they have come up with a new idea, this is what you need to do. Read the whole Bible, the whole of scripture, and carefully maintain a list of scriptures that *support* the new interpretation, and those that *contradict* it, and instead support the orthodoxy. Having them do it themselves, rather than you hitting them over the head with the Bible verses that you prefer, is much more effective. When you attack a true believer, they tend to entrench themselves, and just get deeper into their rut. The rule of holes is, when you find that you are in a hole, stop digging. So give them an opportunity to stop digging. Take a look at the Bible, the whole Bible, and see what it actually does say about this matter.

I have mentioned the story of the Tower of Babel. This story does have to do with pride. But it also comes down to us in another word in the English language: babble. This is what God does to confound the builders of the tower. He confuses their language, and they can't understand each other. And that's what new heresies tend to be: babble.

But don't forget the pride. It's important. CS Lewis points out that it is probably the biggest sin of all. It is instructive to note the movie "The Devil's Advocate," where Al Pacino, in the character of John Milton, is actually playing the Devil. And starts and ends the movie by breaking the fourth wall, and telling us, "Vanity, definitely my favorite sin."

As I was writing this sermon, I received a copy of the newsletter from Trinity Lutheran Church in Delta. It contained "A Prayer for Truth and Direction," a poem from Kenya whose authorship is unfortunately lost. It seems to be a fitting way to finish up:

From the cowardice

that dares not face new truth…

From the laziness

that is content with half-truth…

From the arrogance

that thinks it knows all truth…

Good Lord…

deliver me.

Amen.

Theological Lessons from Information Security

Sermon - TLIS - 0.1.1 - Security is a hindrance with no benefit

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-011-security-is-hindrance.html