One man’s apathy is another’s risk tolerance.
One of my most mentally fruitful times is when I’ve just woken up. Somehow things that I’ve been puzzling over fall into place, and I get new insights that help me solve problems. My dad spent some of his career as an inventor, and for him the “epiphany time” was in the shower; it worked so well that his boss started paying his hot-water bills.
After waking up from a nap with my preschooler this weekend, I had a few more thoughts about Hoff’s Crusade and the reactions to it around the neighborhood. I recalled the arguments I was having with Hoff as to whether the D*Z is dead and comparing it to seat belts and airbags.
As Spaf and others say, we know how to write solid systems, but we don’t do it. Why not?
And for that matter, why do we put up with hundreds of thousands of car crashes a year? That’s one of the largest risks we face these days, and we could reduce it significantly in several ways, but nobody wants to do it.
To point out the obvious, it’s because the benefit is so large and so widespread that the cost in terms of risk is tolerable at its current level.
Now, let’s turn back to computers. Back in the olden days, when Real Programmers walked the earth, there weren’t a whole lot of computers. They were big, they were expensive, and they generally ran really important things. It was important to get programming right, as concisely as possible, using the fewest resources, and it became a point of pride to do so.
These days, of course, computers are everywhere. We all derive enormous benefit from them, couldn’t do without them, and they are plentiful and cheap compared to 30 years ago. They are also mediocre in terms of security and quality. Programming is the new factory work, and the emphasis is on volume and speed. It’s a lot easier to replace or complement a less-than-functional system with another one than it is to hand-craft it as if it were a one-of-a-kind artisanal piece.
Could it be that the very fact of computing’s ubiquity today is raising our risk tolerance threshold?
Is this why we don’t see consumers marching in the streets, calling for better auto safety or “information survivability”? The risk is so widely spread that it is easy to convince ourselves that we will never be affected by it. At the same time, the cost of reducing that risk further is unacceptable to us (public transportation? centrally controlled auto navigation? completely rewriting Windows from the bottom up?). We have both benefit and freedom the way things are now, with an easy recovery plan (wipe and re-install, or toss it out and buy a new one).
If this is the case, then our state of computing security may be precisely where it needs to be. Paging Dr. Pangloss ...
Posted by shrdlu on Sunday, October 21, 2007(7) Comments • Permalink •
