Wednesday, June 5, 2013

Observations, Safety and Reasoning


People who follow me on twitter or this blog will know that I tend to find a lot of faults and issues in my daily life, and I raise many of these with the people responsible, so that they get fixed.  What people don't usually understand is why I find so many?  

In short, I pay more attention to my surroundings than the average person does and I question what is going on around me, and I often question why things are the way they are; Is something done a certain way because it's easier, or is it more profitable?  Would it be safer done a different way?

This sometimes leads to a sort of "snowball effect" because once I have spotted a few issues with something, I can often guess what the pattern of failure is and test the hypothesis.  Once I've proven something, I raise it as an issue, and generally the provider of the service or product improves as a result.  However, not everyone appreciates me pointing out ways to improve things.  When the issue is electronic, this is especially true.  

People like to think that their service providers and product vendors are doing everything they can to protect them - but the reality is often they're not.  They advertise that they are safe and are protecting you, but then they threaten to come down heavy on anyone that demonstrates any weakness in their systems.  They then threaten to escalate proceedings against anyone that repeatedly demonstrates any flaw they haven't fixed…. 

This leads to an interesting side effect:  When a large corporation has a security hole and people know that the hole exists, and more importantly the corporation has threatened legal action against people demonstrating further holes, the holes multiply because people know the holes are not being fixed and have already demonstrated that the corporation doesn't know where the holes are (because if they knew where they were, they'd close the holes), whilst still further holes can be pinpointed (which also can't be reported to the corporation for fear of legal action). 

Eventually, you can connect these dots and predict where the holes will be without having to use a computer at all, because whilst the corporation has put it's head in the sand, you've had a good chance to observe "the rest of the ostrich" without touching it.