In parts 1 and 2, we talked about various forms of security testing and evaluation by telling a story about a concerned parent purchasing (and evaluating) a car for the newly licensed teenaged daughter. Now, let's talk about the mechanic for a bit.
You, fortunately, have
had a car before, and have had the opportunity to work with this
mechanic before. He set your expectations, you’ve seen what he’s done
before, and you generally have good reasons to trust
him because you know what you want is what he is going to give you.
You’ve already got a mutually established language. His services are
clearly defined. You know what to expect.
What if you’ve never
had a car before, and you don’t know any mechanics?
You’d probably ask
some friends who have cars if they have recommendations. But, some of
your friends might be even less informed about
cars than you are. You did research, but you know your friend Steve
would rather be golfing than thinking about this kind of stuff. He
probably went to his mechanic because it was next to the golf course.
And since he can afford to spend a little more than
you could on a car, he probably doesn’t have as much to worry about as
you do. Also, Steve doesn’t have any kids of his own, only a
partial-custody stepson who hates his guts.
But, what about these
services that claim to vet service providers for their quality? Wouldn’t
one of them be able to help? It turns out, there’s no single way of
managing auto maintenance that works for everyone
and every condition. Take Steve, for example. His mechanic might be
just fine for his concerns. What standard is this service using to vet
the mechanics? Also, what about the mechanics who pay lots of money to
be listed with the service? Does the service feel
like it should be nicer to the mechanics who pay a lot of money to
support the listing?
Do your research (establish a threat model):
So, it looks like you
have to learn a little bit about cars, and the possibilities.The first
step is understanding what could happen, and how much of it you’re
really worried about. So, you watch the news,
and you see terrible car crashes on the interstate. Write that down:
The car could crash. Think about your car. What could happen if it
crashed? Write that down: if my car crashes, I could get hurt. My
passengers could get hurt. My children could get hurt.
Other people on the road could get hurt. Then, you should think about
what causes crashes. Why did that crash on the news happen? The car’s
tire blew out, causing the driver to lose control of the vehicle. Write
that down: bad tires can cause crashes.
You don’t need to be
an expert on cars. But, you do need to talk to other car owners about
problems they have had with cars. It wouldn’t hurt to talk to some
mechanics and say “what kinds of things should I
be worried about finding wrong on my car, and why?” It would be useful
for you to keep notes of all the things that have gone wrong with your
car so that you can know how to deal with them going forward. For
instance, remember that time your battery died,
and you were late for work? Write that down: Batteries are required for
the car to work.
Examine your risk tolerance
Once you have an
established knowledge base, now it’s time to think about what you’re
most concerned about. Are you more worried about the safety of the
people in the car than the reliability of the car? Are
you concerned about how long the car is going to last? What about the
daily commute? Are you worried that the car will be the same in the rain
as it is when it’s dry, or when it’s hot or cold? Will you get to work,
not only safe, but dry?
So, you should look at
how you use your car. You decide that you use your car to drive back
and forth to work, to get groceries, to take your kids to school, and
occasionally lend it to your teenagers when
they want to go out with their friends. It’s, therefore, important to
you that your car is dependable - that it works when you need it to.
It’s important to you that the car is safe, that it won’t cause injury
to you or your passengers in the event of a crash.
It’s important to you that the car isn’t unnecessarily prone to
crashing (the tires aren’t in bad shape, the steering works as expected,
you can see adequately at night and in the rain, etc.) You also don’t
have a ton of money to pay for repairs all the time,
so you hope the car will last a little while. You have to meet the
letter of the law.
Find out what services are available
Now you determine how
best to figure all of that out. Go talk to the mechanics. Ask about what
services they offer. Get them to explain how those services address
your concerns and needs. Ask how the services compare to one another. Ask how they compare to competing offerings.
Sanity check your expectations
Remember the triangle:
Fast, Good, Cheap. If your mechanic is very cheap and very fast, you
should be skeptical that the service is good. If the service is Cheap
and Good, everyone is going to be lined up, so it might take longer than
you thought. If your product is Fast and good,
you’re going to pay more for it.
Be clear that the
mechanic can meet your budget, but be realistic that cars are complex
machines and they cost quite a bit when compared to chairs or shirts or
food. If you’re a teacher or low-income wage worker
who can’t afford a proper mechanic, see if you can identify charity
organizations or services who do charity work. But, remember that
informal charity organizations may not offer the same consistency of
service or polish that a professional garage gives. And
professional garages are going to be selective about the organizations
to which they choose to donate their services.
Get references
Beware of people who
promise things that sound too good to be true. Ask your mechanic for
references. Prior customers should be willing to talk with you about how
the mechanic met their needs. Ask to talk to
prior customers who are like you and have similar concerns. Get
feedback from other parents who are concerned about the safety,
reliability, and longevity of their commuter cars.
Is the provider a good match for you?
Ask whether the
mechanic has experience with your model of car. Ask questions to confirm
the mechanic understands your concerns about your car and why you want
them evaluated. If your concern is safety, and
the only thing the mechanic can talk about is legality, that mechanic
may not be the best match for your concerns.
Ask mechanics whether
their methodology is adaptive, or if it’s a one-size-fits-all solution.
Here’s an example, if the process is to run the car through a test track
by turning left, then turning right, then
going in reverse, what happens when the tires fall off? What happens if
the doors fly open? Do they simply write it down and tell you, or do
they examine additional problems that might be related to that happening
to your car? If the tires fall off, do they
do additional tests to the wheels? If the doors fly open, do they look
at the seatbelts? If they have a test track that is designed to test the
doors, what happens if you have a Jeep, and it doesn’t have doors?
One-size-fits-all solutions might not work for
you.
Confirm the common language
Ask if the mechanic makes
the connection between a broken part and a broken system. Think about
the door and seatbelt example. Does your mechanic
simply note that the door locks don’t work, or is there additional
consideration within context of the driver? How about the engine? Does
the mechanic say that it’s an older engine that might have problems, or
does the garage actually spin up the engine and
see if it fails? Which case makes you feel like your goals are met best?
No comments:
Post a Comment