lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: frank at knobbe.us (Frank Knobbe) Subject: Security & Obscurity: physical-world analogies On Thu, 2004-09-02 at 19:49, James Tucker wrote: > A very well stated argument.The only remaining point I would like to > hear your opinion on is whether said analogies may be useful (although > clearly never complete) in the education of people, in order to > provide an abstraction which they may understand more immediately > rather than to require further knowledge in the field? In my opinion, no, it does not appear to be useful. If you make an abstraction about IT related issues with a real world analogy, you may be able to bring across the action/issue you want to present, but it will be understood in relation to the real world, not cyber space. Any thoughts that are provoked in the people you are trying to educate will appear in reference to the real world, and play out according to real world physics. In effect, you are doing yourself a disservice by -- not so much confusing the subjects you want to educate -- but by leading their thinking down the wrong path, namely that of the physical world (or cyber space, depending on what surrounding the analogies plays out in). When you try to bring your point across, your subject will analyze it based on their experience and knowledge of the given situation. If you take an IT subject matter, and place it in a real world analogy, your subjects will analyze it based on their experience and knowledge of the real world surrounding you placed the analogy in. That means you not just completely side-step any issues that your idea may have in cyber space, but you also do not allow your subject to understand the idea in the frame of cyber space, and deny them further scrutiny and "massaging" the problem in the setting of cyber space. Further, your subjects may react with counter ideas and scrutiny based on the real world which of course don't work in cyber space where you transferred the idea from. While your subject may understand the point you are trying to make, you deny them to evaluate the problem the native surrounding (i.e. cyber space), which means your subject will not fully understand your idea in the native surrounding. You basically get that familiar "Uh hu, I think I understand" with the eyes glazed over. I hope that made it a bit clearer. Thinking about these issues, how we appear to recognize ideas and thought and process them, kinda makes my brain twist into funny 3-dimensional shapes. :) Cheers, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040902/291b63df/attachment.bin
Powered by blists - more mailing lists