Security as a public health discipline, not an engineering one


1 Like

Not the dreaded “Spanish” influenza! Madre Dios!!!..

1 Like

There’s only one problem with this - you just TRY telling engineers that something isn’t their discipline, and might not be best solved by an engineer.

1 Like

But the most powerful people in the world have told us that in order to be safe from this plague, we need to submit to regular bleeding. If we were to decide that bleeding causes more harm than good, then suddenly the ones who claim to be helping us, are exactly the kind of people we need protection from.

Bloody or bloodless, only a revolution can change this situation. Anything less, results in a more secure system of lies.


Three years ago, I was wishing for accurate IT Epidemiology metrics. My conclusion is, it was unlikely to happen as long as the Security industry was dominated by secrecy, superstition and self-interest.

But, just close your eyes and wish with me. If the NSA was restructured as Schneier proposed, we might end up with a well funded government group devoted to the defense of the internet.

  • We would get meaningful metrics that help us define the effectiveness of various security measures.
  • We could eliminate the specter of mass DoS attacks.
  • We would dismantle the large criminal botnets.
And a pony. I'm pretty sure each security professional would get a pony.

But, the forces of death and destruction have grown so potent, so fearless, it seems they believe we can’t turn away from our dark path.

I pray we can somehow prove them wrong.


Scientists formulate theories that they attempt to prove through
experiments that are reviewed by peers, who attempt to spot flaws in the
reasoning and methodology.

/Blackout Rage

Science is the other way around: Scientists formulate an hypothesis, then try to disprove it.

Cranks are the ones who formulate their theory first then search for supporting evidence. Scientists develop theories from a number of hypotheses that have withstood the testing. These theories then make new predictions, and tests are formulated in a way that is the most likely to break the theory. If even a single prediction fails the experimental testing, then the whole theory must be either thrown out or modified in some way so that it will become more parsimonious.

tl;dr: Explain the scientific method the correct way forward, instead of backwards.


an kxkxkx… worsening headache …please don’t do that.

I know it comes from the Greek, but it’s often pronounced with an initial h in the English.


Sadly, I think the NSA will only be reined in down the road once more Americans lose money because the rest of the world decides American tech is inherently less secure due to NSA meddling. It’ll be about the money instead of any concern for our beaten, tattered and absolutely despised US Constitution.

Until the NSA can be commandeered to be in service of the American public instead of being a corrupt lapdog of corporatist scumbags, they will continue the path of unconstitutional and corrupt suspicion-less surveillance instead of targeted surveillance that can actually protect the public in some circumstances.

Maybe further down the road they can even focus on helping the public to be more secure, but I’m not counting on it considering how profitable and powerful it is to be able to destroy political adversaries (and activists), pluck business secrets and generally fuck over anyone and everyone who is unfortunate enough to cross their corrupt paths.

I guess it all comes back to taking over our own government and getting to the root of the evil in the first place:

Gotta start somewhere…


In the Greek too. There’s no letter H but there’s a little squiggle for the same sound.


disclosed, understood and disclosed

That’s a really powerful call for disclosure.

In my latest Guardian column

I should have known to stop reading right there, but

Security is science on meth.

this gem of hilarious foolishness made it lolworthy. Too bad the public who reads that paper might buy this nonsense.

So in addition to all the CPEs I have to file for my CISSP, now I have to feed a pony too?

Sorry @MarjaE. I’m not changing it, since I’ve seen the “an” variant far more often from English majors in formal writing than the “a” variant from them. And I trust English majors to know how English works better than I do.

Does anyone have comments on the message of my post rather than the fairly intelligible mechanics of its linguistics?

I’m fixing for a good argument/debate. Either one works.

I trust linguists and speech and informal writing over formal writing. I have seen some terrible formal writing, although some forms which look/sound ungrammatical now were grammatical at one time. (Such as persons instead of people, ability/opportunity of +pp instead of ability/opportunity to +inf.)

and some other forms look/sound ungrammatical now because they were ungrammatical all along. (Such as adverb to verb instead of to adverb verb or to verb adverb, or shall and shan’t instead of will and won’t for the unmarked future. Shall/Should implies obligation and related concepts. Will/Would can imply intention, but can also mark tenses and situations.)

This topic was automatically closed after 5 days. New replies are no longer allowed.