[Cryptography] Serious paranoia...

[ianG]

appeal for calm, season's greetings and all that...

On 25/12/13 04:35 AM, Bill Cox wrote:
...
> My next question is shills.  I often think I'm seeing potential shills,
> but it's hard to tell a shill paid to subvert Internet security from the
> common dork.  For example, on one of my other posts on this forum, "Why
> don't we protect our passwords", I agree wholeheartedly with Arnold when
> today he wrote:
...
> So, is [someone] a dork or a shill?  Do we live in a world where we
> can't chat intelligently about security because of NSA shills, or is the
> world really full of that many dorks?



In my experience, it is definately the latter.  Dorks might be a bad 
term, but the world is full of people who achieve a certain level of 
expertise, but not mastery.  Sometimes this is for good reasons, such 
as, they're simply too busy on other responsibilities.

You see it in big teams.  Most all are middle ranking programmers. 
Getting those stars to lead them is the hard part.  If it was easy, we'd 
all be that star, right?

It's just humanity;  look up the Star effect or the Hollywood effect. 
People range in skills according to some form of pyramid.

And when it comes to seriously hard things like security, which has a 
huge list of considerations, it's just seriously hard to figure out what 
matters and what you can leave out.

Rest easy, you're not surrounded by shills :) have a merry xmas!



iang

ps; on the question of the shills, what should be reminded frequently, 
and is 2013's hot topic, is that in such an environment that we live in, 
when the enemy wants to send in a shill, it is remarkably easy to do. 
But calling people shills off the cuff isn't going to help, it takes a 
fair amount of work and time to out a real shill, and getting it wrong 
can be really destructive.