[LINK] Perspective on security! [was: Security efforts hindered by untrained users]

Craig Sanders cas at taz.net.au
Thu Jan 31 18:46:09 AEDT 2008


On Thu, Jan 31, 2008 at 11:32:49AM +1100, Stephen Wilson wrote:
> Jeez ...
>
>>> it's like their brain just switches off - they've made the decision that
>>> it's too hard or too much effort (or that it's "easier" to get someone
>>> else to do it for them) and they revert to being a pathetic, helpless
>>> child.
>>
>> Yes, noticed this too. I think there must be some fundamental brain
>> mechanism at work here -- the equivalent of rabbits freezing in the
>> headlights, maybe?
>
> I'm surprised by the naked contempt displayed in many of these comments for 
> regular computing users.  Even the self-evident jokes in this thread drip 
> with sarcasm reflecting an unhelpful air of superiority.

you've obviously never worked in tech support. you get to see the
dumbest of the dumb in that job (admittedly, it's a partially
self-selecting sample).

and it's not contempt for the "regular" computer users. it's for the
stupid ones. the kind that *really* do stuff like call their support
dept to complain that their cup holder is broken.


> In many ways, commodity computing today mirrors the state of the automobile 
> industry c. 1900s.  You had to be a technical wizard to get the most out of 
> a car, to operate it safely, to maintain it.  The supply chain was still 
> very complicated, no one-stop-shops back then.  And no traffic rules 
> either, or driver licenses, or road worthy certificates. The "business 
> case" to buy an car instead of a horse was shaky.  But I digress ...

ummm, hate to break it to you but you're describing computing in the the
1970s and early 1980s. that was about 25+ years ago.  the field has come
a very long way since then.


> With regards security and usability, let's retain some perspective. We're 
> in the very early stages of a new technological revolution.  The deep deep 
> knowledge that is required to safely operate computers (to make sense of 
> dialog boxes and security warnings etc etc etc) may well become unnecessary 
> in another decade.  The Internet might adopt the sorts of embedded security 
> mechanisms that are needed to safeguard privacy and security (as opposed to 
> sharing physics papers as the WWW was originally intended to do).  And PCs 
> might adopt proper security firmware (like Trusted Platform Modules) to 
> make them safe enough to double as ATMs (as opposed to playing video games 
> and writing BASIC programs as the Wintel platform was originally designed 
> for).

that's wishful and misguided thinking.

Treacherous Computing[1] has been rejected by the mass market for the
same reason that they are actively rejecting DRM.  they want to run
what they want on *their* computers, not just what Microsoft or the RIAA
or some other corporation tells them they're allowed to run.

[1] http://www.fsf.org/news/treacherous.html

see also http://defectivebydesign.org/ and the links at the bottom of
http://en.wikipedia.org/wiki/Trusted_Computing


"modchips" for the xbox and the ps2 & ps3 show that it's futile, anyway.
if someone has physical access to their machine, they can disable or
work around the restrictions - or pay someone to do it.


> [Or maybe things won't get better.  My fear is that software still
> advances too quickly for hardware and standards to keep up.  Speed of
> development after all is why we have software, but it takes discipline
> to engineer the stuff properly, including testing.  

apart from the obvious statement that discipline is required, that makes
no sense at all.

especially the bit about standards.

the problem with standards is not that they don't keep up, it's that
some software corporations (microsoft in particular) do their utmost to
subvert them by stalling or corrupting standards committees, by their
embrace-and-extend methodology, and by just ignoring existing standards.
they don't want standards. standards = risk of competition. they want
whatever they say or do to be the de-facto standard. and they want to
change it at a whim so that they can screw over any potential competitor
and force them into a doomed catch-up game.


> I would speculate that if cars were made of software instead of
> alloy, and took hours to modify instead of years, the auto industry
> (including its standards and safety regulations) might have never
> settled down as it has.]

wait for 20 or 30 years when we have the 15th+ generation of micro-fabs
like the Rapid Replicating Prototyper[3] coupled with the hardware
design equivalent of the Free Software Foundation then you'll see cars
(and many other things) designed to meet people's needs rather than
corporate needs....and there will be good as well as bad from that kind
of technology being available (which is inevitable, even though there
will be increasingly shrill and desperate legislation trying to outlaw
it over the next few decades)


[3] http://reprap.org/

>
> Meanwhile, let's approach security and usability with a blend of good 
> software design, testing, human factors engineering, education, support 
> services, cryptography and so on.  And stop with the glib blame game, like 
> 'if the bloody users only educated themselves, it would all be OK'.

users are part of the problem, but only a very small part of it.

the bulk of the problem is that the software that most people use (MS
Windows) is complete and utter crap.

craig

-- 
craig sanders <cas at taz.net.au>

BOFH excuse #358:

struck by the Good Times virus



More information about the Link mailing list