Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ninetyninenine 3 days ago

The relationship between physics, functional programming and security feels forced.

Like I can see functional programming and physics but security just feels arbitrary.

zem 3 days ago | parent | next [-]

the underlying connection the author is making between physics and security is knowing the low level laws governing the systems you are dealing with, or at least being aware of them. if anything the functional programming bit could have been left out.

ninetyninenine 3 days ago | parent [-]

The low level laws "governing" security are just procedural rules made up by humans. There could be a thousand ways to "secure" something but the author is just following convention here.

The axioms of functional programming and physics are not arbitrary conventions. They are fundamental to reality.

dtj1123 3 days ago | parent | next [-]

At its foundation modern security is based on ideas from information theory and cryptography that were discovered, not invented. Arguably just as fundamental as the postulates of general relativity or quantum mechanics.

ninetyninenine 2 days ago | parent [-]

Doesn't change a thing. All things are derived from fundamental principles.

IT Security is an arbitrary methodology derived from fundamental principles, but it doesn't change the fact that it's arbitrary.

I can make up dozens of ways to make something "secure" that doesn't follow convention. Why isn't he using biometric data like saliva DNA testing to verify identity? And why are they using a channel that anyone can peek at? Send the signals and credentials over a blinking laser light and therefore we know if the laser is disrupted we have someone trying to peek at the encrypted signal.

See what I'm saying, I can arbitrarily come up with dozens of ways to make things not only just as secure, but MORE secure. IT security is mostly memorization of convention. These conventions are derived from fundamentals, they are not principles themselves. There are thousands of orthogonal methodologies to achieve the same level of secureness but the set we use for IT are just an arbitrary selection out of an infinite amount of possibilities.

zem 3 days ago | parent | prev [-]

but that's not the analogy the article was making at all! it was making an analogy with using technology based on underlying physical principles, where you could either be cognizant or ignorant of those principles, and similarly you could use something like https while either knowing or not knowing what the lower level pieces it relied on were.

ninetyninenine 3 days ago | parent [-]

Yeah and I'm saying it's a bad analogy. Because the principles of security are made up. They aren't fundamental. They are arbitrary and they exist by convention.

Usually concepts that are arbitrary I wouldn't call "principles" because they aren't principles. Just convenient rules to follow. A principle is much deeper.

torium 3 days ago | parent | prev [-]

I think that technical people tend to see their area of expertise the most fundamental one, from which everything else derives.

This guy specialized in security and so he thinks that the concepts that he learned underlying everything, and everything else is just application.

But he's making the same mistake as everyone else. Everybody has gaps in their knowledge, it's just that he chooses to talk down to people who have their in their knowledge in _his_ area of expertise. Physicists do this a lot (I should know: I trained as a physicist so I know a lot of physicists). "Physics is really everything, everything else could be deducted from physics in principle, so no point spending time thinking about it". He carried this attitude into the next area of expertise he learned.

I'm with the project manager. "How does the gorb fleem the leemaflop?" Don't know, don't care, you do your job and I do mine. Time is finite and I'd rather spend my time on things I find intellectually stimulating, not IT security. The irony is, if everybody could reliably answer those questions, he wouldn't have a job. I find the lack of understanding quite disgusting frankly.

ninetyninenine 2 days ago | parent [-]

Yeah, he is talking a bit down to everybody.