[LINK] Perspective on security! [was: Security efforts hindered by
swilson at lockstep.com.au
Thu Jan 31 11:32:49 EST 2008
>> it's like their brain just switches off - they've made the decision that
>> it's too hard or too much effort (or that it's "easier" to get someone
>> else to do it for them) and they revert to being a pathetic, helpless
> Yes, noticed this too. I think there must be some fundamental brain
> mechanism at work here -- the equivalent of rabbits freezing in the
> headlights, maybe?
I'm surprised by the naked contempt displayed in many of these comments
for regular computing users. Even the self-evident jokes in this thread
drip with sarcasm reflecting an unhelpful air of superiority.
In many ways, commodity computing today mirrors the state of the
automobile industry c. 1900s. You had to be a technical wizard to get
the most out of a car, to operate it safely, to maintain it. The supply
chain was still very complicated, no one-stop-shops back then. And no
traffic rules either, or driver licenses, or road worthy certificates.
The "business case" to buy an car instead of a horse was shaky. But I
With regards security and usability, let's retain some perspective.
We're in the very early stages of a new technological revolution. The
deep deep knowledge that is required to safely operate computers (to
make sense of dialog boxes and security warnings etc etc etc) may well
become unnecessary in another decade. The Internet might adopt the
sorts of embedded security mechanisms that are needed to safeguard
privacy and security (as opposed to sharing physics papers as the WWW
was originally intended to do). And PCs might adopt proper security
firmware (like Trusted Platform Modules) to make them safe enough to
double as ATMs (as opposed to playing video games and writing BASIC
programs as the Wintel platform was originally designed for).
[Or maybe things won't get better. My fear is that software still
advances too quickly for hardware and standards to keep up. Speed of
development after all is why we have software, but it takes discipline
to engineer the stuff properly, including testing. I would speculate
that if cars were made of software instead of alloy, and took hours to
modify instead of years, the auto industry (including its standards and
safety regulations) might have never settled down as it has.]
Meanwhile, let's approach security and usability with a blend of good
software design, testing, human factors engineering, education, support
services, cryptography and so on. And stop with the glib blame game,
like 'if the bloody users only educated themselves, it would all be OK'.
Phone +61 (0)414 488 851
* Lockstep Technologies: ICT Secrets of Innovation Finalist 2007
* Lockstep Technologies: Anthill / PwC Cool Company Finalist 2007
Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards. Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy.
More information about the Link