Things I've Tagged ‘Frustration’

Page 1 of 1

The Opportunity Cost of Security

Choosing a password has become more and more of a burden than is realistically necessary in my view. In a lot of cases, I’m stuck with a set of rules that make the password virtually impossible to remember, e.g. 7Yule#gF. Though that example is extreme, it’s just insane to expect users to remember this sequence.

My bank is particularly egregious–at least one of them anyway–in that they require your account name be typed in and submitted, then bring you to a page with a security image and an inaccessible password form that is produced using javascript. The password must contain one uppercase letter, a number, and some other set of letters that bring the total number of characters within a certain range.

The most ridiculous part of the process, though, is if your cache has been cleared, you are required to answer the security questions they have you set up on all of these sites. The questions are never the same, and it is difficult to remember exactly how you’ve spelled the answers.

No, this isn’t something I think about on a consistent basis; in spite of my annoyance, what got me writing on the subject had to do with a report from Microsoft Research that I became interested in reading more than anything else. It pointed something out that is becoming increasingly obvious.

In effect, the benefit gained from following such stringent security standards might be more costly than the actual damage incurred from a security breach.1

The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot.1

In particular, the notion that the benefit is “largely speculative” certainly makes the user less likely to follow the advice and makes me even more annoyed; there really isn’t enough data to backup any of the claims of security experts.

But is this where it should end for users? In determining potential damage, shouldn’t simple security advice be followed?

Of course it can be difficult to trace or predict the portion of a reduction in losses that springs from a particular piece of security advice. However if the increase in externalities is greater than the total direct losses, then a piece of advice certainly represents a poor cost benefit tradeoff for the user population. For example, a piece of security advice that requires an hour per year for the average user to follow should reduce direct costs to the users by at least $180e6 x 2 x 7.25 = $2.6 bn (again using twice the minimum hourly wage of $7.25 and an online population of 180 million) to be worthwhile. We will find that this is almost never the case with the attacks that we examine. Instead we find the direct costs are small, or unquantifiable, or borne by the banks rather than users, or are theoretical, protecting users against potential rather than actual losses.1

Security advice is meant to protect users and networks from malicious use, but the benefit to most users is minimal. And considering the large number of places we’re likely to use passwords, complex rules governing their content, and advice suggesting you not write it down, it makes the burden hard to justify.

I don’t think we should abandon what security experts have been suggesting, but in order to improve security, perhaps we should be looking at the construction of the internet itself. Finding ways in which to secure users at the gates of the city rather than expecting them to be armed and vigilant themselves.

And I’ll still follow the advice, for now, as long as I must maintain my own online fortunes.

  1. Herley, Cormac. So Long, And No Thanks. <>. Accessed 3/17/2010.

Where Did I Go Wrong?

I went to my first official PT session this morning. This was at 7:00am, which two days prior would have been 6:00am. I felt tired, and not expecting much in terms of output, this worked out very well. I’m not much for mornings, but will certainly wake up if the situation requires it.

This particular morning, the alarm beeps (no longer blares, because I’m not allowed to use that alarm anymore), and I tap snooze for another ten minutes. And I tap it again. Man, I am way too beat to be up early, I think.

I proceed to eat a bowl of some delicious oatmeal and I’m ready to leave. I hop in my ride, to make a quick run. Ha.

Disclaimer: I kid of course. Seriously, Michelle, you’re always on time in my eyes.

Anyway, I pull into the lot only to see the building is empty and dark, at five till seven. How could I have done this to myself? I always insist on arriving early anywhere I go, though the wife tends to make that a tough proposition. But it puts me in these awkward spots where I look a little too eager when the therapist arrives.

Not that I’m not eager to solve my knee issues, but it’s physical therapy. It can be tedious and boring. And if done wrong, apparently, can lead to more issues.

Somewhere along the way I was unable to get my knee together. Strengthening wasn’t working, I hit a brick wall. My exercises didn’t feel like they were working. Maybe I’ve been screwing up this whole time? I don’t know. I’ve been working on this knee religiously, I just hope that something works. I hope that something will make it feel at least slightly normal again.

This has not been fun.

ACL Fail: Episode 302

It appears that my ACL adventure might not be over. For the past couple of months my knee has begun to loosen up, meaning that it felt as if the tibia was beginning to slip forward in more and more situations than I thought were appropriate for my level of rehabilitation.

This is not all that uncommon for someone that has gone through this surgery.

Now, at first I suspected this was because of a lack of muscle strength due in part to the patellar tendon pain I had been experiencing but as the months went on the movement was beginning to exhibit itself in day to day activities, and the pain has really only increased as a result.

I thought perhaps I was worrying myself over nothing, I do this often relating to issues like this, but in this case perhaps they were relatively well founded.

I went to my orthopedic surgeon a few days ago and he confirmed my self diagnosis: the knee was indeed a bit loose. The anterior drawer and lachman tests turned up positive, however he could not produce a positive pivot shift which gave him, and by extension me, a little hope that this is all salvageable.

He has prescribed a six week course of physical therapy in an effort strengthen the surround muscles in the hopes that this will solve my issue.

Here’s seriously hoping this is the case. I don’t particularly want to experience this again.

Heater Cores, and Radiators, and Intake Gaskets…Oh My!

Ever have one of those days when you regret purchasing a car that you really wanted? Well, I’m having one of those just about every day for the past few months. It seems like I’ve replaced or repaired more than my fair share of items on this vehicle. It’s definitely a money pit.

After a year and roughly fifteen thousand miles, the lower intake gasket on my 2000 GMC Jimmy has failed–again. This is a little frustrating to me as this repair probably should have lasted at least another forty‐five thousand or so. Instead of taking it to the shop, though, I think this time around I’ll go ahead and take care of it myself. I’m fairly adept at dealing with cars–go figure–something I’ve started to get into the past few years.

Next on the list of fun and exciting things is that lovely coolant aroma inside of my vehicle. Yes, when I initially turn the heat on it’s a rush of coolant to the nostrils. It’s so sweet and lovely it’s disgusting. It assaults you from all angles and makes you want to rip your hair out–not from the smell but from knowing the heater core is leaking, but only ever so slightly right now. I hear this is a tough job and do not look forward to it. I may be able to put it off at least through the summer so that’s good.

Last, but certainly never mistaken for least, I believe my radiator is possibly leaking. I noticed a spot of coolant on the ground on the front driver’s side of the truck after coming home from work last night. It looks like it’s running from the front of the radiator and towards the engine compartment from multiple spots, but probably only from somewhere near the top. Whatever the case, I might be replacing this radiator. It doesn’t look like an incredibly expensive or difficult job, just kind of a bigger one than I’ve ever really tackled.

All I want to say about all of this at this point is: AHHHHHHH, no more!