[Banking_and_finance] Daily News 08.26.03

[richb at pioneer.ci.net (Rich Braun)]

David Kramer wrote:
> The more I read 2600, the more I feel that cracking is a people problem, not a
> computer problem.  People who rely on known-buggy software, people who do not
> use firewalls, people who do not keep their software updated, people who do
> not pay the money to hire smarties to protect their company against
> others....

That was an appropriate approach to take for the first, say, 1 million or even
10 million computer users.  It doesn't scale to 100 million or 1 billion+.

Take two common products, a Sony camcorder and a Linksys wi-fi hub.  Which is
the more-complex product?  Probably the camcorder, but that's neither here nor
there.  The point is that if you called up Sony and asked them for a firmware
update to correct a design flaw, they'd laugh at you.  On the other hand, if
Linksys didn't have a firmware-update download page, you'd laugh them off and
choose a different supplier.

I think something is wrong with this picture.  When consumer-electronics
companies launched their products back in the 1940s through 1960s, a whole
industry of 3rd-party service shops was spawned.  The products weren't
bug-free, and consumers expected things to break--but they also expected to
find a reasonably-priced service shop available whenever a problem came up. 
So long as the TV or stereo kept working, they had no reason to check a
newsletter or call a support line or schedule a service checkup--just use it
'til it breaks, then get it fixed a few times, then scrap it once it's too
costly to keep fixing.

In the 1970s and 1980s, the service-shop approach ceased to scale.  Consumer
electronics companies (and car companies) were forced by economics to make
products that didn't break.  Service shops found fewer customers, and are now
a quaint echo of the past if you can find them anywhere anymore. 
Current-generation products have few, if any, field-replaceable parts owing to
the rise of the IC.

(Yesterday's news gave me a poignant reminder about what can happen if an
industry fails to address reliability scaling.  Light aircraft never got the
same level of reliability innovation that passenger cars did, mainly because
the manufacturers got sued almost out of existence in the 1970s and therefore
stopped making planes from about 1978 until 1996.  A Beech 1900 is a typical
product of that pre-1978 era, and there aren't any cost-effective alternatives
developed in the 25 years since.  I gave up private-piloting years ago when
too many friends got killed or injured in obsolete Cessna and Piper aircraft.)

What we're witnessing now, I think, is a comparable collision of consumer
demand with a scaling problem in software reliability.

Anyway, I ramble with analogies which go well beyond the Microsoft-Linux
rivalry in today's headlines.  Patterns of consumer behavior (and litigation)
seen in other industries should make clear what has to happen next with
software.

Individuals simply are not going to take recommended precautions; the device
they pick up at a store simply has to work in its default configuration
without thinking about it.  Period.

-rich