Nice article about how deterrence cannot work for computer security at Slate. The real problem is that computing systems are generally vulnerable to attack. This is not an inevitable state of affairs, but currently no one knows how to build secure, usable systems in a cost-effective way. It is not merely an engineering problem; it … Continue reading Deterrence


The OPM disaster and computer security

The theft of data from the Office of Personnel Management is a disaster with long-lasting consequences. It is hard to imagine what event —without causing broad, immediate physical damage— could give the government a stronger incentive to support work on improving computer security. I'm worried the opportunity will be missed anyway. Current computing systems are … Continue reading The OPM disaster and computer security

Worse is Better vs. Better is Better

In 1991 Richard Gabriel wrote a insightful and influential article about the difference in designing software systems in the "MIT Style" and "New Jersey Style" (AT&T), where he termed the latter "worse is better". He argued that when building software, the "MIT style" of getting the design "right" (at the cost of complexity in implementation) … Continue reading Worse is Better vs. Better is Better