RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly

From: Christopher F. Herot (cherot_at_appliedmessaging.com)
Date: 09/30/03

  • Next message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:291-01] Updated OpenSSL packages fix vulnerabilities" 
    To: "Michael Smith" <mike@sane.com>, <full-disclosure@lists.netsys.com>
Date: Tue, 30 Sep 2003 12:13:31 -0400

    Actually, the average person doesn't now squat about how to DRIVE a car
    either. The result is that 40,000+ people die every year in this
    country from car "accidents." I'd say the computer industry is doing
    pretty well by that standard.
     
     

    > -----Original Message-----
    > From: Michael Smith [mailto:mike@sane.com]
    > Sent: Tuesday, September 30, 2003 10:54 AM
    > To: full-disclosure@lists.netsys.com
    >
    >
    > >> Do you really think you could convince the average user that they
    need to
    > >> know this much about security? I mean, most users see their
    computers
    > >>(and
    > >> the network, servers, phones, faxes, etc...) as a tool to do
    business
    > >>with.
    > >> Nothing else. The computers are there to do a job, or help get a
    job
    > done,
    > >> and nothing else. It is not so much that they don't know, it is
    that they
    > >> don't need to know.
    > >
    > >This argument is a total crock. Most people manage to drive cars
    that
    > >remain operational, because they either learn how to do the
    maintenance
    > >themselves, or they outsource it to a guy called a "mechanic".
    > >
    >
    > I think the point is that most people expect their cars to be
    operational
    > and do NOT do the maintenance themselves... they DO outsource it to a
    > mechanic. The average user has A LOT less control over their car than
    their
    > computer. A car is basically a single function unit, point A to point
    B.
    > Computers never have been nor ever will be that one dimensional. At
    the
    > most, I think we could hope for users who learn to know better than to
    try
    > to do the 'maintenance' on their computers themselves.
    >
    >
    > >Here.. let's do a s/computer/cars/ on that paragraph:
    > >
    > >> Do you really think you could convince the average person that they
    need
    > >>to
    > >> know this much about fuel injectors? I mean, most people see their
    cars
    > >>(and
    > >> the network, servers, phones, faxes, etc...) as a tool to do
    business
    > >>with.
    > >> Nothing else. The cars are there to do a job, or help get a job
    done,
    > >> and nothing else. It is not so much that they don't know, it is
    that they
    > >> don't need to know.
    >
    > >I'll point out that the average car no longer comes with a crank to
    start
    > >it, or a manual choke button that you have to remember to push back
    in.
    > >The average car no longer needs major maintenance every few hundred
    miles.
    > >
    > >So why are we tolerating computers that have cranks and choke buttons
    and
    > >need major maintenance every few hundred hours?
    >
    > Let's see.... cars have been available to the general public for
    about,
    > what, (at least) 75 years? And computers? Maybe 25? I think if you
    look
    > at the progression the computer industry has made in that time, it FAR
    > outweighs the manual choke or crank start...
    >
    > I think your paragraph above proves the point perfectly.... You'll
    NEVER
    > convince the average person that they need to know about fuel
    injectors.
    > I'll bet 5$ right now that half the people don't even know if their
    car HAS
    > fuel injectors or not.
    >
    > ~mike
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:291-01] Updated OpenSSL packages fix vulnerabilities"