Shostack + Friends Blog Archive


Open thread

What’s on your mind in October?

14 comments on "Open thread"

  • Nicko says:

    In the current climate, is the best thing I can do with my money to put it in an old sock, under the squeaky floorboard, behind the kitchen dresser? If so, Dollars, Euros, Rubbles or Krugerrands?

  • Nicko says:

    Oops. Any useful value in rubble might not fit under the floorboards. Rubles might work better.

  • Lyger says:

    Just went to Best Buy to pick up a printer cartridge. The parking lot for the entire mall area was was eerily lacking vehicles. Somber mood inside the stores as well. In honor of the excursion, we picked up a six of Dead Guy Ale on the way home.

  • tim says:

    Was at best buy yesterday picking up a new monitor – parking lot was packed – but then again it is the flagship store …

  • Ryan Russell says:

    Authentication. Virtualization, infrastructure centralization.
    Stuff from work.

  • Hi, I have started a list of Black Swans for IT Security. Perhaps it is of interest you and some readers. My first conclusion is that I need to write a paper rather than a blog post – there is just too much to say
    regards Luke

  • Luke O'Connor says:

    … sorry I thought the URL would turn up in the comment.
    I have compiled a lists of Black Swan events that we have witnessed and endured. Naturally my list is subjective
    * One Time Pad
    * Computers, Cryptography and Cryptanalysis
    * Public Key Cryptography and RSA
    * The Internet Worm
    * Basic internet protocol insecurity
    * Bruce Schneier
    * PKI
    * Passwords
    * Good Enough Security
    Full details here
    regards Luke

  • mckt says:

    Everybody in security has come to the depressing conclusion that everything we do is hopeless.
    Maybe it’s time I go to culinary school.

  • beri says:

    Mckt: As John Maynard Keynes, the British economist, said,
    “In the long run, we’ll all be dead.”
    Yes, in the long run, everything we do will be buried with us, but meanwhile, there is a long list of stuff to do.
    And the security business has contributed significantly to the conversation on privacy, which I think is important in the political sense. So even if everyone pastes their password on the monitor, it’s not hopeless.

  • mckt says:

    Yeah, but everybody appreciates food.

  • Matt says:

    October Surprises. Thesis topics. The Dodgers finding a way to win at least one game in Philly.

  • Alex says:

    My pet peeve, but those things aren’t “black swans”. Not in the traditional use of the term, at least. You certainly have prior information for those things (or else you couldn’t list them), unlike a “true” black swan.
    Black Swan != Long Tail Event, though some Long Tail Events are Black Swans (the irony of Taleb’s re-definition is oh, so thick).

  • Luke O'Connor says:

    I agree that what I have listed are not all Black Swans, and some can be explained by long tails (which Taleb calls grey swans).
    I don’t think that all black swans need to be unknowable but rather outside the realm of expectation. And this is point for Taleb, that we are often working with the wrong idea of what to expect. I think that the invention of Public Key was outside of expectations for civilians certainly, and the impact of the internet worm again was again outside expectation. Not too many people thought that one program could bring down 10% of the then known internet, apparently including the author.
    You’re right that Taleb is not trying to be Hume or solve the general problem of inductive reasoning. In the end he is bringing awareness that many events of significance are not bell-shaped and that extreme impacts are not receding into a region of infinitely low probability.
    IT Security has had its share of shocks, and perhaps the worst or most delibitating is the current one, dealing with Good Enough security. I think this is not a sudden jolt but a slowish yet irreversible change of our place in the IT and business landscape.
    regards Luke

Comments are closed.