In the Twin Cities, there is not a lot of good barbecue, but there is one place that is fantastic, its called Big Daddy's barbecue (thanks Dara!) and its only open on Friday and Saturday afternoon, it operates out of a parking lot in St Paul. I try to get there as often as possible.
We just started to get some snow in Minnesota, and I was planning an outing to Big Daddy's with a fried who is doctor, a hand specialist. So I was asking him what time would work, he said "Well, I should be able to go but I am on call."
So I said, "Well I hope no one hurts their hand on the weekend."
He said,"It just started to snow, so people go out and use their snow blowers, then the snow blowers get jammed on the vent side and the motor is still running, but no snow is blowing out the side. So they stick there hand in the vent and gets chopped by the motor. It happens all the time. They think, well I am pretty quick I can get my hand in and out of there without getting chopped"
To get more secure systems, we need people to understand the risks and then deal with the risks through reducing vulnerabilities, building better countermeasures and so on, but it all starts with some level of risk understanding. If people are willing to take these chances with snowblowers and the risk of losing hands, where does that leave us with communicating risks on something as abstract as software security?
It's like securing these snow blowers that way, that event the most stupid people would not get their hand chopped off. Same with software security: it will newer be enough just to talk about "threats", and "danger" and "risks" because most simply will not listen and stick their hands in it. I think, security must be a easy-to-use-out-of-the-box solution to get widely spread. Besides, I just try this with PHP and MySQL. Let's see if it works.
Posted by: Erich | December 08, 2008 at 09:51 AM
I wouldn't know software security from a snowblower, but I'm glad you got some good BBQ out of the deal!
We've been dealing with people's inability to assess risk in another part of our lives: Turns out a third of our 3 year old's daycare classmates are unvaccinated! We learned this of course due to a Whooping Cough outbreak. I attribute it to the "anecdotes vs data" problem, everyone is so freaked out about anecdotes about kids getting autism from vaccines (disproven numerous times) that they're unable to assess very real risks, like that kids actually do really and truly die from whooping cough, measels, and HIB. One day soon I think there will be a measles outbreak in a highly unvaccinated place (Seward, Uptown, Eugene, OR) and a bunch of kids will die, and that will be the only thing that changes this.
Anecdotes are not data!
Even when it comes to bbq!
Thus ends this rant.
Posted by: Dara | December 08, 2008 at 11:52 AM
I admit that I newer saw a show blower before. I think one can't even buy one here (Berlin). I had to suppose, that there could be a chance to make it more secure.
When talking about vaccines and the outbreak of some disease, the "unvaccinated" PHP-scripts on almost every web server come to my mind. And I am afraid too, that only a huge attack on these, followed by thousands or millions of broken web sites, web software and stolen data, will shake the responsible persons up. Though I don't know, what they'll then do first...
Posted by: Erich | December 09, 2008 at 04:06 AM
Haha! Now I see: you wrote, you don't know "software security" for a show blower! I agree, me neither. I meant some security at all, like automatic power down when warm things (like a hand) are coming close to the vent.
Posted by: Erich | December 09, 2008 at 08:52 AM