[wpietri]

Thanks for posting this. I get why people do the victim-blaming thing; it lets them feel smart and superior, two feelings I have been known to enjoy.

But it's a fundamentally bad way to approach analyzing safety issues. For those who really want to dig in on the topic, I strongly recommend Dekker's "A Field Guide to Understanding 'Human Error'": https://www.amazon.com/gp/product/B00Q8XCSFI/ref=dbs_a_def_r...

It's nominally about examining airplane crashes. But he breaks down into great detail why the default analytical model is entirely inappropriate in ways that makes real safety improvement impossible. And it's the same set of analytical mistakes you see in a lot of blame-related behavior.

[WalterBright]

This has entered programming language design. It's not longer "educate the programmer so he doesn't make stupid mistakes", but "design the language so that stupid mistakes are detected by the compiler". Mechanical verification is far more reliable than hoping people don't make mistakes.

[potatolicious]

Yeah, the "you should wipe your phone!" and "you should never keep sensitive data on your device!" chorus seem to be missing the point entirely:

We can design devices and operating systems to be safe by default in the same way we are now designing programming languages to be safe by default. There's no reason why the data should have been recoverable from a bricked phone without the user's authentication.

We really can have our cake and eat it too - we can have devices that you can freely store nudes on without risking that some rando with a USB cord and physical access can just make off with the data, bricked device or otherwise!

[WalterBright]

The goal in the D programming language is to allow the programmer to do unsafe things (no way to implement malloc() in safe code!), but it is not by default and isn't going to happen by accident. The programmer will have to positively do something.

It's also done in a way that a programming manager can mechanically verify the absence of such code. Exceptions can be flagged for special review. Often there are safe ways of doing the equivalent.

[potatolicious]

Yep, and I think we should apply the same principles to consumer technology. You should be free to do unsafe things - but it should not be possible to accidentally do unsafe things.

It should be harder to have your photos be unencrypted on device, accessible via any USB connection, than it is to have them to be entirely inaccessible at rest.

[WalterBright]

Yes, it's a sound rule in general.

[this_steve_j]

I finally made a HN account, after many years of lurking, to show appreciation for wpietri's comment. Sidney Dekker transformed the way I think about techno-human systems and cybersecurity, and so much more than that. I don't know when I was introduced to his work on safety, but it may have been through this site, and it has changed my life and career for the better. I'm incredibly happy every day to see not only thoughtful comments on HN, but also learn about entirely new viewpoints through which I can grasp the day's events.

[skoskie]

Apple Books:

https://books.apple.com/us/book/the-field-guide-to-understan...

[nickff]

It's not just about feeling smart and superior, it also helps them feel invulnerable. People victim-blame smokers who get lung cancer because they don't want to think about the chance they might get it too.

[WalterBright]

Smoking a pack a day for 30 years is not really the same thing as making a momentary error in judgement.

Yes, non-smokers can get lung cancer, too. But at a far lower frequency.

[wpietri]

You're not wrong, but you're missing how people become smokers. "Approximately 90 percent of all smokers start before age 18; the average age for a new smoker is 13." [1] A momentary error in childhood judgment (to the extent that isn't an oxymoron) quickly becomes an addition. "Inhaled smoke delivers nicotine to the brain within 20 seconds, which makes it very addictive—comparable to opioids, alcohol and cocaine." [2] Once they're hooked, it's very hard to quit [3], so it's often a life-long addiction. And that's before we even get into all tobacco companies have done to hook people.

So even as a life-long nonsmoker who absolutely hates smoking I think there's a lot of unnecessary victim-blaming for smokers.

[1] https://www.cdc.gov/tobacco/data_statistics/fact_sheets/yout...

[2] https://www.camh.ca/en/health-info/mental-illness-and-addict...

[3] https://www.heart.org/en/news/2018/10/17/why-its-so-hard-to-...

[ska]

> it lets them feel smart and superior,

While, ironically, simultaneously demonstrating the opposite.