lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: frank at knobbe.us (Frank Knobbe)
Subject: Security & Obscurity: physical-world
	analogies

On Thu, 2004-09-02 at 19:49, James Tucker wrote:
> A very well stated argument.The only remaining point I would like to
> hear your opinion on is whether said analogies may be useful (although
> clearly never complete) in the education of people, in order to
> provide an abstraction which they may understand more immediately
> rather than to require further knowledge in the field?

In my opinion, no, it does not appear to be useful. If you make an
abstraction about IT related issues with a real world analogy, you may
be able to bring across the action/issue you want to present, but it
will be understood in relation to the real world, not cyber space. Any
thoughts that are provoked in the people you are trying to educate will
appear in reference to the real world, and play out according to real
world physics. In effect, you are doing yourself a disservice by -- not
so much confusing the subjects you want to educate -- but by leading
their thinking down the wrong path, namely that of the physical world
(or cyber space, depending on what surrounding the analogies plays out
in).

When you try to bring your point across, your subject will analyze it
based on their experience and knowledge of the given situation. If you
take an IT subject matter, and place it in a real world analogy, your
subjects will analyze it based on their experience and knowledge of the
real world surrounding you placed the analogy in. That means you not
just completely side-step any issues that your idea may have in cyber
space, but you also do not allow your subject to understand the idea in
the frame of cyber space, and deny them further scrutiny and "massaging"
the problem in the setting of cyber space. Further, your subjects may
react with counter ideas and scrutiny based on the real world which of
course don't work in cyber space where you transferred the idea from.

While your subject may understand the point you are trying to make, you
deny them to evaluate the problem the native surrounding (i.e. cyber
space), which means your subject will not fully understand your idea in
the native surrounding. You basically get that familiar "Uh hu, I think
I understand" with the eyes glazed over.

I hope that made it a bit clearer. Thinking about these issues, how we
appear to recognize ideas and thought and process them, kinda makes my
brain twist into funny 3-dimensional shapes. :)

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040902/291b63df/attachment.bin

Powered by blists - more mailing lists