I admit, I'm not super-knowledgeable about security. I know some of the fundamentals, but not a great deal beyond that.

Still, in my early days on the 'net I got the distinct impression that allowing random people to execute arbitrary code on your computer is bad. I mean, that's somebody else using your computer to do stuff without your knowledge or consent, right? That's why attacks like this really, really make me shake my head (NSFW, offensive, turn off javascript before following):

hxxp://encyclopediadramatica.com/Firefox_XPS_IRC_Attack

Despite all this, somehow today's ordinary browsing experience consists of downloading pages full of arbitrary javascript written by any random person who controls a website, then blithely running them on your machine.

I don't get it. Where did we go wrong?

(PS. Firefox users: NoScript is your friend. =)

This is more about "mind hacking" than QA or tech, but still, stuff like this fascinates me:

http://en.wikipedia.org/wiki/Pointing_and_calling
http://search.japantimes.co.jp/cgi-bin/ek20081021wh.html

Background: In Japan there's this practice called shisa kanko (指差喚呼), usually translated into English as Pointing & Calling. It's a technique that makes sure you actually check critical safety items. You

• call out loudly what you're supposed to be checking,
• point at it,
• check it and announce the result.

Train drivers are the most conspicuous example; they're actually the ones that started doing this in the first place. If you were sitting in the cab of a train about to leave Ueno station, you might see the driver pointing to items and checking them off like this:

• (Door indicator light) "Doa: shimete-aru!" (Doors: closed!)
• (Signal light) "Shuppatsu: shinkou!" (Departure signal: proceed!)
• (Speed limit sign) "Seigen: sanju-go!" (Speed limit: 35!)
• (Timetable) "Ueno: hassha!" (Ueno: depart!)

This sounds stilted, nerdy, and quite frankly, embarassing. Does it really work?

"I posed that question to Kazumi Tabata of the Japan Industrial Safety and Health Association, who showed me research conducted in 1994 ...The combination of pointing and calling reduced mistakes by almost 85 percent."

All of us sometimes have to do tasks where the key challenge is to stay sharp and pay attention to a very routine or boring set of inputs. Driving is a good example. Sifting through columns of identical-looking numbers searching for an error is another. We've only got a limited ability to stay alert, so it's easy to go "on autopilot" during tasks like these. We might skip steps in a checklist, or "check" something without really checking it, especially if we're tired or distracted. How many times have you looked both ways at an intersection and completely failed to see an oncoming vehicle?

As technical people, it shouldn't come as a great surprise that we focus a great deal on technical tools and techniques. Will this database tweak make our site run faster? Will this test tool let us catch more bugs? I think we often neglect ways in which we can upgrade our wetware, even though it may be the most fruitful place in the system to look for improvement.

Humans are inherently error-prone and are always going to make mistakes, but that doesn't mean that there's not room for improvement. Any way that we can improve our acuity as individuals reduces the number of mistakes we send downstream for technology, process, or other people to catch. It's a no-brainer.