The last two weeks have been among the busiest weeks I’ve had in years. Most of the security work I’ve done in the last eight years or so has been largely confined to the realm of embedded systems, IoT, SCADA & friends, but these trying times have brought enough trouble that there’s something to be done for everyone.
This has given me renewed insight into the social dimension of security. It’s something that everyone talks about in the background but it’s never quite as vivid as in these days, when the entire social landscape is shifting.
Continue reading Quarantine and The Social Aspect of Security
There’s an old saying that I mistrust deeply: users don’t know what they want. I think they do, and I think that products that are designed based on the unshakeable conviction that users don’t know what they want routinely turn out to be terrible.
You don’t see it because sometimes this frame of mind produces good results: specifically, it produces good results when the team that builds it wants the same things that users want. The bad results that it produces — which far outnumber the good ones — don’t live long enough to be reviewed and discussed over and over and over again on Hacker News.
In my experience, users do know what they want. It’s just that they can’t always state it in a useful form — which is completely understandable, given that it’s really not their job to do that. They’re a bit like an ancient oracle.
Continue reading Users: The Most Unhelpful Oracle
I just read that the Max Planck Society discontinued its agreement with Elsevier and this sent me whirling back to a time when I was involved in research — and that was the time when I gained even more of an appreciation for the programming community.
Continue reading Computers, Programming and Free Information