i might go on a rant for a bit here, so my apologies for your mentions.
the way i think of it is there are a number of places within any given system that give rise to opportunity
this came to me from watching a Moxie Marlinspike talk way back in college. i’m not good at articulating it. vertically, computers, and systems in general, are built on layers upon layers of abstraction. as a developer, you only really need to understand the layer you’re working with
ALT
but as a hacker, you want to understand the layer below that so you can find where assumptions and generalizations are made. this is where errors are also made, where you may very well have the opportunity to influence a small part of a system that dominoes into a greater effect
horizontally, with most things, there are standards governing how they should look or behave for interoperability’s sake. the easy analog with human systems are written policies. these standards are often written by people who are not beholden to the realities of trying to implement such a system
so one potential place for error or opportunity is the difference between the standard and what the developer believes the standard to be. the next place is the difference between what the developer believes they are implementing and what they actually are implementing.
