mailing list archives
Re: User Insecurity
From: gadgeteer () elegantinnovations org
Date: Fri, 19 Mar 2004 11:39:19 -0700
On Thu, Mar 18, 2004 at 11:48:45AM -0600, Earl Keyser (Earl.Keyser () wayzata k12 mn us) wrote:
I think you folks miss the point.
My VISA card doesn't have any bells and whistles to turn on or off -just
a PIN to remember. My car is serviced by my mechanic. I don't know
what's under the hood except where to put washer fluid. To ask me to
make my own Visa card or tune my engine is an impossibility. My Dad is
an MD - but he can't set the time on the VCR.
Until the whole paradigm changes, we will live in an insecure world.
Most home users are clueless - they want to remain that way. It's up to
our industry (PC makers, OS makers, techies and researchers to build a
better, safer mousetrap.
Railing at the "clueless lusers" is both stupid and counter-productive.
What you describe regarding you and your mechanic is "blind trust".
You are trusting his abilities as a mechanic based on you preception
of him as a person.
OTOH, I learned the theory behind the design of the various systems that
comprise an automobile and got some hands on experience rebuilding
engines in high school auto shop. While I do not pretend to have the
working skills and knowledge to actually diagnose and repair a modern
auto I do have domain-specific knowledge which allows me to make informed
judgements of my mechanic's abilities by engaging him in conversation
Likewise I have some interest in biology and expect the MD to explain
sufficiently so that I can fit what she is saying into my knowledge-base
Knowing proper food handling I can make reasonable judgement regarding a
restaurant and chances of food poisoning.
Just as "folk physics" and "folk psychology" can lead to erroneous
conclusions so too can limited knowledge-based judgements. However,
willful ignorance is simply a "kick me" sign hung on one's forehead
to a malicious social engineering attack.
Willful ignorance is "both stupid and counter-productive". Demands
for protection of the "clueless lusers" is merely shifting the burden
from those too f*****g lazy to be curious to the rest of us.
"Making something safe for idiots means only idiots will use it."
(It also makes it much more costly.)
Full-Disclosure - We believe in it.