Re: Re: Re: Security & Obscurity: physical-world analogies

[James Tucker <jftucker () gmail com>]

I agree with your points, however I have this to add (I apologise that
I must state this quickly):

1. To explain the full realm of cyber-space is a detailed task and
would require education at every level. We who are somewhere near (in
at least average population distribution of knowledge in the field)
the leading edge, have yet to understand every component at every
level of the systems we use. At some point, even we reach a level of
at least abstraction (commonly for us an Interface, and maybe this is
the key, Interfaces instead of analogies) or sometimes an analogy as
to how that component works. The time required to pass this knowledge
in full (furthermore to have it understood by all those concerned) is
much too long for practical consideration, let alone commercial
consideration.

2. It may as another solution also be possible to educate the audience
to not take the analogies too far, by pointing out how they may fall
down. Explain the "this scenario only" approach to the analogies.

Does this seem somewhat more reasonable?


On Thu, 02 Sep 2004 20:16:44 -0500, Frank Knobbe <frank () knobbe us> wrote:
> On Thu, 2004-09-02 at 19:49, James Tucker wrote:
> > A very well stated argument.The only remaining point I would like to
> > hear your opinion on is whether said analogies may be useful (although
> > clearly never complete) in the education of people, in order to
> > provide an abstraction which they may understand more immediately
> > rather than to require further knowledge in the field?
>
> In my opinion, no, it does not appear to be useful. If you make an
> abstraction about IT related issues with a real world analogy, you may
> be able to bring across the action/issue you want to present, but it
> will be understood in relation to the real world, not cyber space. Any
> thoughts that are provoked in the people you are trying to educate will
> appear in reference to the real world, and play out according to real
> world physics. In effect, you are doing yourself a disservice by -- not
> so much confusing the subjects you want to educate -- but by leading
> their thinking down the wrong path, namely that of the physical world
> (or cyber space, depending on what surrounding the analogies plays out
> in).
>
> When you try to bring your point across, your subject will analyze it
> based on their experience and knowledge of the given situation. If you
> take an IT subject matter, and place it in a real world analogy, your
> subjects will analyze it based on their experience and knowledge of the
> real world surrounding you placed the analogy in. That means you not
> just completely side-step any issues that your idea may have in cyber
> space, but you also do not allow your subject to understand the idea in
> the frame of cyber space, and deny them further scrutiny and "massaging"
> the problem in the setting of cyber space. Further, your subjects may
> react with counter ideas and scrutiny based on the real world which of
> course don't work in cyber space where you transferred the idea from.
>
> While your subject may understand the point you are trying to make, you
> deny them to evaluate the problem the native surrounding (i.e. cyber
> space), which means your subject will not fully understand your idea in
> the native surrounding. You basically get that familiar "Uh hu, I think
> I understand" with the eyes glazed over.
>
> I hope that made it a bit clearer. Thinking about these issues, how we
> appear to recognize ideas and thought and process them, kinda makes my
> brain twist into funny 3-dimensional shapes. :)
>
> Cheers,
> Frank

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html