Ken, I made a small mistake in my comment to your analogy with cars - the word isn't irrelevant, it's more along the lines of mistaken. Consider how advanced the car industry was after 40 years. Not very. And 70+ years after that it's still not "safe". Computing is more complex, and will take even more time to get to a "safe" state, if it's even possible, which to my mind is an open question.
Kurt On Sat, Aug 25, 2012 at 9:32 AM, Kurt Buff <[email protected]> wrote: > On Fri, Aug 24, 2012 at 10:35 PM, Ken Schaefer <[email protected]> wrote: >> I disagree. >> >> Car manufacturers have been constantly finding ways to make our driving >> experience >> safer, and less stressful. Whilst it still requires some level of >> co-ordination, skill and >> concentration to drive a car, it is far safer and far easier to drive a car >> now than at >> any time in the past. And companies are working on ways to make it even more >> so. > > And yet deaths via car crash remain perhaps the most frequent form of > death not due to disease. It's still dangerous. And your comment is > irrelevant, because any activity that a) requires human interaction > and b) has the possibility of harm to humans, financially or > physically requires vigilance and care on the part of those > potentially affected, no matter well understood and technologically > developed. > >> Likewise the IT industry has to find better ways to keep things secure >> rather than >> relying on changing the entire human race's behaviour. Because the latter is >> a losing >> proposition - it always has been and always will be. >> >> Constant whinging by *IT Professionals* has done nothing to change that fact >> in the past 40 years. > > It could be argued that man's natural state is illiterate, > disease-riddled and violent. Before we could overcome that with better > technology, we had to change the culture, i.e., man's nature, and it > wasn't easy. Computing is a very new phenomenon, and 40 years is a > very short period of time to introduce a new culture. > >> Passwords may have worked when users only had to remember 5. >> These days it's starting to break down. > > And printed words only work when you have to recognize 40 or 50 and > maybe type your name. > >> So, what do to? Microsoft tried CardSpace, and building password memory >> systems in Windows >> and IE. Wasn't entirely successful. Some companies are trying federated >> identity systems >> (e.g. "login with your Facebook account"). Maybe the government should just >> issue people >> with smart cards (whether or not they are tied to your actual identity - at >> least they would be >> relatively impossible to duplicate, with today's technology). > > Tell that to the vendor of ORCA cards. And no, I don't want federated > identities - they will be abused. Check that - they are already being > abused. > >> The constant whinging about programmers, users and everyone else, on this >> list, is so tiring. >> No one is discussing solutions. Telling the entire population of the >> developed world to "suck it up" is >> not a solution IMHO. > > It's what we have. When you come up with something that is less > dangerous (and federation isn't it, nor are any government-mandated > solutions) and easier, I'll listen. I doubt it will come soon. > >> FWIW IT admins here seem to have no compunction re. posting the products >> they use, >> the configuration they have, the AV they have installed, their password >> complexity rules, their >> administration techniques, and the companies they work for and when they are >> out-of-the-office >> etc. It's rank hypocrisy. > > Uh, you're going to have to connect those dots for me. Aside from the > last two (revealing your company on-list is a big security mistake, > IMHO, and OOFs are a form of moronity, regardless if they're imposed > by corporate rules), I consider those part of the community education > process, which is what we're trying to do with users. Of course, when > some of our community state to users that passwords are passe without > giving real alternatives, that would be hypocrisy... > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
