It’s Not Information Overload. It’s Filter Failure.
This piece from Clay Shirky isn’t new, but it’s sure still absolutely relevant.
Dec 28
This piece from Clay Shirky isn’t new, but it’s sure still absolutely relevant.
“If you’re not asking the right question, then there is no correct answer.” Merlin Mann
“The man who doesn’t read has no advantage over the man who cannot read.” Mark Twain.
“ The most serious mistakes are not being made as a result of wrong answers. The truly dangerous thing is asking the wrong questions.” Peter Drucker
The problem I’ve most often met in building secure systems is that this particular subject seems to bring out the utopian in people like no other.
This ‘should’ happen, that ‘should’ happen, its unfair or wrong or wicked that such and such is allowed to continue. Well, yes. But what are we actually going to do about it? So we need realistic problems solvers. That means a pragmatic approach, which can often offend a lot of purists. Peter Gutmann captures the essence beautifully - “I think a lot of purists would rather have PKI be useless to anyone in any practical terms than to have it made simple enough to use, but potentially “flawed”.”
I was struck by how much this Bryan Lawson quote could actually be about security design decisions and tradeoffs.
“Design security almost invariably involves compromise…. Rarely can the designer security engineer simply optimise one requirement without suffering losses elsewhere…. There are no established methods for deciding just how good or bad solutions are, and still the best test of most design security controls is to wait and see how well it works in practice. Design security solutions can never be perfect and are often more easily criticised than created, and designers security engineers must accept that they will almost invariably appear wrong in some ways to some people.” —Bryan Lawson. Originally observed here.
” Trust comes from knowing, not from blind faith. And to know one must understand, and to understand one must have an intimate awareness of what conditions are truly present, what people do and what they don’t, how people do what they do and don’t.” Michael Gerber, “The E-Myth Revisited“
George Bernard Shaw is meant to have sent Winston Churchill a pair of tickets to the opening night of one of his plays, saying “bring a friend… if you have one”. Churchill is meant to have replied, returning the tickets, “can’t make opening night. will make second. if you have one.”