In the last three years, very few things have stayed the same for me. Hardly did I think when I walked into my cube in Feb 2005, that I'd still be sitting in the same exact cube when 2008 dawned. My team changed, my entire upward hierarchy changed, even the company name changed - but hidden behind the walls of 3A-14 I sat. Slept there, ate there and sometimes even did some work.
I've come a long way in those three years, but I hardly moved at all. But perhaps this world did move a lot and all's relative.--
This Universe is populated by stable things.
-- Richard Dawkins
After all the dust from the miniconfs settled down, the real conference began with a real treat - Bruce Schneier talking on Reconceptualizing Security [video (~150 MB)]. The keynote was about dealing with security as an intangible feeling as well as the reality of security.
Lemons: But before I head off into what that talk was about, let me introduce a new concept - Market for Lemons. The idea is that when the quality of a product (like a used car) cannot be assessed easily, the bad car (i.e a lemon) would sell for a profit, while the good car wouldn't have any customers because it is expensive. The scenario is exactly tilted towards the dishonest seller, in the absence of proper information and/or blacklists for lemon peddlers.
The security software market right now is such a one (I'd say that the job market is too). Products which are pure snakeoil are completely indistinguishable from real products from a brochure or presentation. As was clearly illustrated today. The company which invests more efforts in creating the illusion of security would potentially win over someone who has been actually spending time & effort to secure their product. The price war cannot be fought between good & bad without enough in-depth information about stuff under-the-hood.
There is probably a sweet spot between real security and the illusion of security, which would be profitable. It wouldn't be bullet-proof security by any stretch of imagination, but the sense of security wouldn't necessarily be misplaced. Which is what the profit-oriented capitalist economy would gravitate to, provided there was enough awareness & information about what is actually in the box.
Q&A: I actually got to ask Bruce Schneier a question - about the meta-stable state of this balance, where every new development/marketing tactic would again upset the market off this point. He admitted that it was an interesting question, but suggested that it would probably dampen into insignificance (think about soaps & detergent brands).
Anyway, there I was, communicating to Bruce Schneier without encyrption.--
There's small choice in rotten apples.
-- William Shakespeare, "The Taming of the Shrew"
Looks like I'll be able to make it to freed.in. Except, in a departure from the usual, I'll not be presenting there. I wasn't online or in any state to prepare a decent proposal for the conference. I'll be attending it as a vanilla delegate to the conference, possibly talking about something during the conclaves.
I wouldn't miss it if I were you (even if I were me, which I am).--
Nothing will dispel enthusiasm like a small admission fee.
-- Kim Hubbard