the underlying connection the author is making between physics and security is knowing the low level laws governing the systems you are dealing with, or at least being aware of them. if anything the functional programming bit could have been left out.

▲

ninetyninenine 3 days ago | parent [-]

The low level laws "governing" security are just procedural rules made up by humans. There could be a thousand ways to "secure" something but the author is just following convention here.

The axioms of functional programming and physics are not arbitrary conventions. They are fundamental to reality.

▲

dtj1123 3 days ago | parent | next [-]

At its foundation modern security is based on ideas from information theory and cryptography that were discovered, not invented. Arguably just as fundamental as the postulates of general relativity or quantum mechanics.

	▲	ninetyninenine 2 days ago \| parent [-]
		Doesn't change a thing. All things are derived from fundamental principles. IT Security is an arbitrary methodology derived from fundamental principles, but it doesn't change the fact that it's arbitrary. I can make up dozens of ways to make something "secure" that doesn't follow convention. Why isn't he using biometric data like saliva DNA testing to verify identity? And why are they using a channel that anyone can peek at? Send the signals and credentials over a blinking laser light and therefore we know if the laser is disrupted we have someone trying to peek at the encrypted signal. See what I'm saying, I can arbitrarily come up with dozens of ways to make things not only just as secure, but MORE secure. IT security is mostly memorization of convention. These conventions are derived from fundamentals, they are not principles themselves. There are thousands of orthogonal methodologies to achieve the same level of secureness but the set we use for IT are just an arbitrary selection out of an infinite amount of possibilities.

▲

zem 3 days ago | parent | prev [-]

but that's not the analogy the article was making at all! it was making an analogy with using technology based on underlying physical principles, where you could either be cognizant or ignorant of those principles, and similarly you could use something like https while either knowing or not knowing what the lower level pieces it relied on were.

	▲	ninetyninenine 3 days ago \| parent [-]
		Yeah and I'm saying it's a bad analogy. Because the principles of security are made up. They aren't fundamental. They are arbitrary and they exist by convention. Usually concepts that are arbitrary I wouldn't call "principles" because they aren't principles. Just convenient rules to follow. A principle is much deeper.