Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday October 03 2016, @07:29PM   Printer-friendly
from the inherently-broken dept.

Arthur T Knackerbracket has found the following story from Bruce Schneier's blog:

Every few years, a researcher replicates a security study by littering USB sticks around an organization's grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security aware and had more security training," they say, "the Internet would be a much safer place."

Enough of that. The problem isn't the users: it's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things. Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?

Traditionally, we've thought about security and usability as a trade-off: a more secure system is less functional and more annoying, and a more capable, flexible, and powerful system is less secure. This "either/or" thinking results in systems that are neither usable nor secure.

[...] We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without­ -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it­ -- "stress of mind, or knowledge of a long series of rules."

[...] "Blame the victim" thinking is older than the Internet, of course. But that doesn't make it right. We owe it to our users to make the Information Age a safe place for everyone -- ­not just those with "security awareness."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by The Mighty Buzzard on Monday October 03 2016, @09:24PM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday October 03 2016, @09:24PM (#409666) Homepage Journal

    It keeps your shitstain employees from spending an hour creating a playlist on company time. Also, music is a distraction. Yes, even to you. When you can end up lost and not turn the car radio down, I might buy that line of bullshit; not until.

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Monday October 03 2016, @09:31PM

    by Anonymous Coward on Monday October 03 2016, @09:31PM (#409671)

    If your employees are really that unproductive then fire them. If this is a recurring problem then perhaps look in a different direction for the cause....

    If we ever make it to the post scarcity economy I thin people like you will be the first to achieve so-called enlightenment. Once your brain gets to drop all the cruft that goes along with work/bootstraps/anxiety/fear/anger it will have the perfect example of the insanity of reality. Poof, you'll be lighter than air and happier than ever.

    Either that or your brain won't let go and you'll be one of the most miserable people mad at everyone for becoming happier overall.

    • (Score: 1, Funny) by Anonymous Coward on Monday October 03 2016, @09:45PM

      by Anonymous Coward on Monday October 03 2016, @09:45PM (#409679)

      You're one of the shitstain employees. Do yourself a favor and just resign now. If you insist on staying, know that if the building ever catches fire, you will be held personally responsible. Why do you want to work here anyway.

      • (Score: 0) by Anonymous Coward on Monday October 03 2016, @10:12PM

        by Anonymous Coward on Monday October 03 2016, @10:12PM (#409700)

        Awww, po' baby got twiggard!

    • (Score: 2) by The Mighty Buzzard on Tuesday October 04 2016, @12:02AM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday October 04 2016, @12:02AM (#409742) Homepage Journal

      Good luck with that post-scarcity thing. I keep hearing it but I highly doubt it will ever materialize. Human ingenuity will always be a scarce commodity.

      --
      My rights don't end where your fear begins.
      • (Score: 2) by Zz9zZ on Tuesday October 04 2016, @12:21AM

        by Zz9zZ (1348) on Tuesday October 04 2016, @12:21AM (#409750)

        We are already in a post scarcity world for most countries, or could be if we made decisions along that vein. However, greed has kept us locked into a class system. The people at the top don't want anything to change, and the people that want to BE at the top don't want it to change either. They dream of being the king.

        Energy is the last big hurdle, and if we had actually invested in solar and other renewables a long time ago we would be done with that problem too. But again, the oil barons wanted to keep their empire rolling... Your last sentence is actually quite the kicker, in the post scarcity world human ingenuity will be much more available (fewer people ticking boxes and sleeping through meetings) and also more valuable.

        Its not a simple change, but I think its one worth striving for instead of going round and round the already sold out Monopoly board.

        --
        ~Tilting at windmills~
        • (Score: 2) by The Mighty Buzzard on Tuesday October 04 2016, @12:41AM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday October 04 2016, @12:41AM (#409756) Homepage Journal

          Nah, as long as human ingenuity is valuable there will be no post-scarcity world. Nothing will change. Since the first currency was invented, it was never about the resources and always about human ingenuity.

          --
          My rights don't end where your fear begins.
        • (Score: 2) by Scruffy Beard 2 on Tuesday October 04 2016, @01:22AM

          by Scruffy Beard 2 (6030) on Tuesday October 04 2016, @01:22AM (#409763)

          Solar and renewables are chump change compared to nuclear power.

          It just sucks that our current nuke plants use so little of their fuel. (If 95% of the fuel was used up, there would be no waste problem).

  • (Score: 4, Insightful) by Anonymous Coward on Tuesday October 04 2016, @12:13AM

    by Anonymous Coward on Tuesday October 04 2016, @12:13AM (#409748)
    My employees can listen to music if they want to. They can even spend an hour (representing an astounding 1/2080 of a work year) putting together their playlist, because I know that if we have a looming project deadline that we'll all put in the extra time to make sure it gets done correctly and on time. Our relationship is built on a foundation of mutual trust and respect. Your employees probably work, poorly, for exactly 40 hours a week, and call you fuck-face behind your back.
    • (Score: 3, Interesting) by The Mighty Buzzard on Tuesday October 04 2016, @12:31AM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday October 04 2016, @12:31AM (#409755) Homepage Journal

      Our relationship is built on a foundation of mutual trust and respect.

      That's some of the funniest shit I've heard all day. It's first, last, and all points in between about the money for them. Don't believe it? See if they'll accept trust and respect in lieu of wages.

      Now if you want to pay a motherfucker to dick around, be my guest. This is America and your business is by definition your business. Me, I want every dime I pay someone to be earned and if extra work at crunch time is necessary, I'll pay them the extra with a smile because they've earned it.

      --
      My rights don't end where your fear begins.
      • (Score: 5, Insightful) by Anonymous Coward on Tuesday October 04 2016, @02:15AM

        by Anonymous Coward on Tuesday October 04 2016, @02:15AM (#409777)

        See if they'll accept trust and respect in lieu of wages.

        Like most selfish dipshits, you've never learned just how powerful and important morale is. With high morale, they will, in fact, accept trust and respect in lieu of wages. Not for their entire salary, of course, but you can "purchase" many extra manhours of work per week per person that way.

        • (Score: 0) by Anonymous Coward on Tuesday October 04 2016, @03:31AM

          by Anonymous Coward on Tuesday October 04 2016, @03:31AM (#409795)

          Yup! When work is slow people dick around and take it easy. If you're a good boss/client those workers will bust their asses to make sure things work out.

          If you're too narrow minded and demand that every minute is accounted for, well you create stress where it is unneeded and thus your workers are unfairly taxed with "urgency". It is a real thing, and trying to pull spreadsheets out to argue the point will only lose you credibility.

  • (Score: 2) by SecurityGuy on Tuesday October 04 2016, @01:32AM

    by SecurityGuy (1453) on Tuesday October 04 2016, @01:32AM (#409765)

    If you have shitstain employees who spend an hour creating a playlist on company time, then their listening to music isn't the problem. Goofing off on company time is the problem.

    Personally, I listen to music at work when I need more focus than I can get without. Sure, I could focus even better in perfect silence, but cube farms aren't conducive to perfect silence. In point of fact, my company bought us all noise cancelling headphones in recognition of the fact that when you're trying to focus, having to listen to the guy over the cube wall can be a hell of a lot more distracting than music.

  • (Score: 0) by Anonymous Coward on Tuesday October 04 2016, @08:39AM

    by Anonymous Coward on Tuesday October 04 2016, @08:39AM (#409876)

    Talk about useless optimizations. People might have wasted some time on the company's dime; how terrible! Unless it become a serious issue, I don't see the problem. Sometimes, doing 'useless' things can improve efficiency by giving the employees enough time off to prevent brain overload. There's also a concept known as diminishing returns; expecting people to work at 100% efficiency for hours and hours is unrealistic.

    It's pretty much never good to micromanage employees, and if some of your employees are so bad that you feel they need to be micromanaged, then they need to be fired.

  • (Score: 1) by Francis on Tuesday October 04 2016, @01:57PM

    by Francis (5544) on Tuesday October 04 2016, @01:57PM (#409982)

    There's no clinical evidence to support such a strong assertion. There's a huge variety of music and of individuals. I personally get a whole lot more done of certain types of tasks when I'm listening to music. There are combinations to avoid like any type of music with words when you're working with words as the two interfere with each other. But, in most jobs there's a ton of time where you're not needing to do much thinking because you've done the task dozens of times and having music makes that go a lot more smoothly.

    As for the car, again, it depends a great deal on what kind of music you're listening to. On the rare occasion where I'm driving, I'll throw on some baroque music and it makes the process a lot calmer and a lot safer. Unfortunately, you can't legally do that on a motorcycle around here, so I'm stuck without the music.