Agree. It seems like a simple solution is to unbundle the testing and interpretation.

This is really no different from any other area of testing. A lab can assay the creatinine in my blood, or the microalbumin in my urine, or the concentration of glucose in my blood. Those results are likely to be very accurate and reproducible unless the lab is just criminally negligent.

What those results mean is an entirely different matter. A doctor will certainly utilize those results as well as the results of many other tests, history, interviewing the patient, and so on to make a diagnosis, and refine it as more data comes in.

Just make the labs, well, labs. Now you can certify them far more objectively.

Do you even allocate memory in the sense that most people think about it (in other words, calling malloc or something similar to do dynamic allocation), or just have a region defined for data in your linker scripts and have constant addresses for regions of memory hard coded for certain purposes?

Long ago, after writing C++ like Java, I decided it would be much easier and I would be much more productive if I just actually used Java. Many headaches of trying to write C++ like Java go away if you just use Java (or C# instead) and you get easier to understand and easier to maintain software systems.

don't have a magical fix. My latest pet theory is that, at a Federal level, there should be a specified number of politicians. Rather than state-by-state, gerrymandered-district-by-gerrymandered-district, shit should be direct. Is there 3% of the US population who are pot-smoking tree-humping eco-dweebs? Then 3% of the politicians should be from the Nature Molestin' Party. Sure, we wouldn't have the 'hope and change' of meaningless party swaps over individual seats. We might get locked into some terrible shit if the majority of the country are, in fact, clueless assholes. But it'd be better representation.

A much "simpler" change (in terms of concept, not ease of execution) would be to go re-learn the concept of Federalism and take a bunch of power away from the Federal government and give it to state and local ones. The less the Federal government has responsibility over, the less harm unaccountable Congresscritters can do.

Hey, at least I, for one, had learned my lesson by 2012.

I agree with your post. I'll just add that a big problem with IT security is that companies cannot rely on the same level of protection from governments in preventing intrusion.

For example, if I have a safe in my house, the means an attacker would have to penetrate it are going to be limited. Since my township has police and neighbors that wander around, they can only spend so much time there before they're likely to be detected. They can generally only carry in stuff that will fit in the doors and is man-portable, since if they have to cut a hole in the house and lower their equipment using a giant crane somebody is likely to notice. If they want to use explosives they will have to defeat numerous regulatory and border controls designed to prevent criminals from gaining access to them, and of course they will be detected quickly. Some destructive devices like nuclear weapons are theoretically possible to use to crack a safe, but in practice as so tightly controlled that no common thief will have them. If the criminal is detected at any point, the police will respond and will escalate force as necessary - it is extremely unlikely that the intruder will actually be able to defeat the police. If the criminal attempted to bring a platoon of tanks along to support their getaway the US would mobilize its considerable military and destroy them.

On the other hand, if somebody wants to break into my computer over the internet, most likely nobody is going to be looking for their intrusion attempts but me, and if they succeed there will be no immediate response unless I beg for a response from the FBI/etc. An intruder can attack me from a foreign country without ever having to go through a customs control point. They can use the absolute latest technology to pull off their intrusion. Indeed, a foreign military might even sponsor the intrusion using the resources of a major sate and most likely the military of my own state will not do anything to resist them.

The only reason our homes and businesses have physical security is that we have built governments that provide a reasonable assurance of physical security. Sure, we need to make small efforts like locking our doors to sufficiently deter an attacker, but these measures are very inexpensive because taxpayers are spending the necessary billions to build all the other infrastructure.

When it comes to computer security, for various reasons that secure environment does not exist.

Maybe. If you're buying an insurance policy to cover leaks of information, then almost by definition any claim is going to be the result of lax security. So, why bother buying insurance at all if the insurer can get out of it? The likely result is that those harmed won't be able to collect damages since there will be no insurance, and the company that lost the data will simply declare bankruptcy.

I think there are better precedents. For example, my company is routinely audited by its insurers or other certification bodies. If they spot a blocked electrical panel, that has consequences for the company. The purpose of the audits is to PREVENT bad things from happening, and of course passed audits will support later claims if something bad things happen anyway.

So, why not do the same with "cyber policies" or whatever they're calling them. The insurer states some standard that the policyholder is to be audited against. The policyholder agrees to be audited. If the audit passes, they're in the clear.

And that is what insurance is about - elimination of risk. If you are in charge of some big company you can get the blessing of the appropriate auditors and now it isn't you're fault if something bad happens. It is a bit like having an IT team with skin in the game.

Sure, you can hire what you think is a good IT security team, but how do you really know if you've gotten one? If you buy a cyber insurance policy you're getting that IT audit, but then if you're declared clean and you get burned anyway, that insurance company comes in and puts their money behind their words and pays for your loss. THAT is what insurance is supposed to be.

Heck, I remember continuous film slide projectors in school where the projector even auto-advanced the slides when it heard the bing. :)

Nah, I'm not nearly rad enough to drive an AMC Pacer. My car is just a nice, low-miles Miata.

Also, these days, Vanilla Ice is a general contractor / house-flipper. Not a bad gig, to be honest -- once I'm making enough money I'm maxing my tax-deferred investments, I indeed might try acting like him.

Plus, oversimplification can be used to justify all kinds of short-sighted behavior, with all the plausible deniability you describe.

I remember learning my company's brand of six sigma, and they stressed not having more than a few CTQs for any process. It made for really nice-looking powerpoint slides (which seemed to be the main output of my company's six sigma efforts). It also made for some really broken processes in some cases, because the stuff the company was making was really hard to make. There were cases where somebody would optimize out some $10 part and end up destroying a million dollars worth of product from time to time due to a failure to deliver an acceptable level of quality. But, when you only focus on 3-5 key quality attributes, it is hard to justify every little $10 part in the multi-million-dollar manufacturing process.

I'm fairly convinced that far more was lost in market share due to an inability to meet demand than was ever gained from optimizing out the odd $10 part.

"For every complex problem there is an answer that is clear, simple, and wrong."
--H. L. Mencken

You poor, naive fool! A Charter merger with Time Warner would inevitably degrade Charter's customer service to Time Warner's level, not the other way around.

My 25-year-old Mazda* has a tape deck, and I'm perfectly happy with that. (Okay, I do have a minor quibble that there's no line-in port, but that's no big deal. At least it doesn't have a CD player instead; if that were the case then I'd actually have to get an aftermarket stereo.)

(*Don't knock it; it's very much on the "classic sports car" end of the spectrum, not the "old junky econobox" end.)

See it's not a conspiracy involving the "taxi lobby", in fact it's to protect us from them.

Let's be honest here: there's no reason why it can't be a little from column A and a little from column B.

That's why we must preserve what little is left, for its rarity makes it finite and precious.

I like that better than adopting a defeatist attitude and assuming all is lost.