[LINK] Perspective on security! [was: Security efforts hindered by untrained users]

Marghanita da Cruz marghanita at ramin.com.au
Fri Feb 1 09:47:52 AEDT 2008 

Stephen Wilson wrote:
> Jeez ...
> 
>>> it's like their brain just switches off - they've made the decision that
>>> it's too hard or too much effort (or that it's "easier" to get someone
>>> else to do it for them) and they revert to being a pathetic, helpless
>>> child.
>>
>> Yes, noticed this too. I think there must be some fundamental brain
>> mechanism at work here -- the equivalent of rabbits freezing in the
>> headlights, maybe?
> 
> I'm surprised by the naked contempt displayed in many of these comments 
> for regular computing users.  Even the self-evident jokes in this thread 
> drip with sarcasm reflecting an unhelpful air of superiority.
> 
> In many ways, commodity computing today mirrors the state of the 
> automobile industry c. 1900s.  You had to be a technical wizard to get 
> the most out of a car, to operate it safely, to maintain it.  The supply 
> chain was still very complicated, no one-stop-shops back then.  And no 
> traffic rules either, or driver licenses, or road worthy certificates. 
> The "business case" to buy an car instead of a horse was shaky.  But I 
> digress ...
> 
> With regards security and usability, let's retain some perspective. 
> We're in the very early stages of a new technological revolution.  The 
> deep deep knowledge that is required to safely operate computers (to 
> make sense of dialog boxes and security warnings etc etc etc) may well 
> become unnecessary in another decade.  The Internet might adopt the 
> sorts of embedded security mechanisms that are needed to safeguard 
> privacy and security (as opposed to sharing physics papers as the WWW 
> was originally intended to do).  And PCs might adopt proper security 
> firmware (like Trusted Platform Modules) to make them safe enough to 
> double as ATMs (as opposed to playing video games and writing BASIC 
> programs as the Wintel platform was originally designed for).
> 
> [Or maybe things won't get better.  My fear is that software still 
> advances too quickly for hardware and standards to keep up.  Speed of 
> development after all is why we have software, but it takes discipline 
> to engineer the stuff properly, including testing.  I would speculate 
> that if cars were made of software instead of alloy, and took hours to 
> modify instead of years, the auto industry (including its standards and 
> safety regulations) might have never settled down as it has.]
> 
> Meanwhile, let's approach security and usability with a blend of good 
> software design, testing, human factors engineering, education, support 
> services, cryptography and so on.  And stop with the glib blame game, 
> like 'if the bloody users only educated themselves, it would all be OK'.
> 
<snip>
I hate the car analogy, though the elaboration above did address some of the 
usual shortcomings.

However, the reality is that the cost of Automobiles hasn't been addressed
adequately
*pollution/climate change,
*ineffective overall transport in Australian and American cities in particular,
*Infrastructure costs - Sydney cross Sydney Tunnel,
*Medical and care services - Death and Injuries
*Personal/Family Costs
*Business Costs

Individuals and Society still use automobiles irresponsibly with real consequences.

With regard to the Accounting Analagy....it is interesing to note that Tax
returns, particularly the BAS are easier to understand and complete - sales,
purchases, gst collected, gst paid.

These parallels are also useful to draw on and maybe learn some lessons.

Marghanita
-- 
Marghanita da Cruz
http://www.ramin.com.au
Phone: (+61)0414 869202

More information about the Link mailing list