jeudi 28 mars 2013

My Answer to: Everything Wrong With The Hobbit in 4 Minutes Or Less

My Answer to: Everything Wrong With The Hobbit in 4 Minutes Or Less

Well... A bit out of topic on a blog supposed to be about InfoSec, even though we have an excellent example of one time (a year) two factor authentication in this book & movie ;)

Everything Wrong With The Hobbit An Unexpected Journey In 4 Minutes...

Badly stored bread, burning candles, etc. Hey, this a fantasy movie, inspired by one the best fantasy book in history. What did you expect ? This is a magick world. I won't argue with every one of your mean points.

Elvish blades don't shine a blue light, except Sting ? Peter Jackson explained it well in The Lord Of The Rings comments: with all these shining elvish blades, the movies would have looked too much like Star Wars.

As for the Eagles, you should read the books, friend. The answer is in the Silmarillion (and the Lost/Unfinished Tales). It was kind of a hell of a headache for JRR Tolkien to prevent the Eagles to spoil his plots. So Manwë decided to send His Eagles to help a bit the people of Middle-earth, but not too much, as the main tasks remain their to accomplish.

And you missed one AWFULL mistake : when Thorin stands up to fight Azog, at the end of the movie, he has his legendary oakenshield which was never seen before, upgraded with some metal blades. How did he got it ? Sure it's not a pine branch, sure we didn't see him carrying it before, sure he couldn't keep it during the battle with the goblins, he was lucky enough to keep his elvish blade, Orcrist.

So yes, Peter Jackson made many mistakes in his movies. As a fan of JRR Tolkien, reading at least The Silmarillion, the Hobbit, The Lord Of The Rings once a year (twice in fact, in French and in English) and his other "unfinished" books, of course I don't agree with all what Peter Jackson did in his movies. But I forgive him, he had to bend things a bit to give a good show, and in the end, he remained fairly true to the books. His movies' success led many to know and read JRR Tolkien's books, and that what's important in the end.

Finding ways to evangelize Tolkien's writings is a bit like evangelizing Information Security. Not an easy task.

samedi 9 mars 2013

Jargon, Communication, and Respect.

« Qui se sait profond tend vers la clarté;
qui veut le paraître vers l'obscurité ;
car la foule tient pour profond tout ce dont elle ne peut voir le fond. »

“Whoever knows he is deep, strives for clarity;
whoever would like to appear deep to the crowd, strives for obscurity.
For the crowd considers anything deep if only it cannot see to the bottom:
the crowd is so timid and afraid of going into the water.”

Friedrich Nietzsche

One trending topic in InfoSec these days is our jargon usage and more generaly our ability (or lack of) to communicate properly with our stakeholders.

Sure, jargon and acronyms are a necessity in every tech/scientific field. As a vernacular language of the specialists.
But we must never forget: we don't work for ourselves, we are at the service of stakeholders, most of them non-specialists.

Here are some links related to this, in English and French:

RSAC2013 and InfoSec communication (English)
A real life example of what can go wrong (English)
Information Classification in simple words (French)
Excellent InfoSec Terminology Definitions (French)

IT specialists in general have this problem of having a hard time to communicate with non specialists.
It's even more true for InfoSec specialists, even when communicating with other IT fellows.

Certification bodies tell us we must adhere to important values: honesty, respect, responsibility, diligence, etc.
I think Respect is a key: proper communication avoiding obscure jargon is a way to respect others, and they will respect us in return, and more importantly listen to all the fear-mongering, boring and hindering/blocking advices and recommandations we give them ;)
Without this, InfoSec is doomed to fail.

I worked for some years for an antivirus company. This industry is crouded, many competitors. But one thing I marked: key people of these companies often work together and have good relations, doing presentations in common at InfoSec conferences, referencing each other's work in articles, forums, blogs or in social media.
I remember internal orders we had when one competitor had some source code leaked on the Internet: don't try to get it, if media contact you about this, don't answer and worst of all, don't despise. Direct them to our official PR service.

In a word most of them respect each other even if they work for competing companies. Nobody boasts to "go thermonuclear" against another.
This is a good sign, and seems to be mostly true in the InfoSec community in general, not only in the antivirus industry.

Of course, there are strong-minded people in this field, it may even be a requirement to be a good InfoSec specialist ;)
And there are some polemic topics, offensive security currently the main one. All businesses have their darker side.

I'm kind of a newbie in InfoSec, and I may be a bit naive about this. But I hope Respect is and will remain a key value in this field. I deem it's a necessity.

Famous scientifics, such as Louis de Broglie consider one of their main missions is to popularize their arcane field, as a service to the society and humanity as a whole.
We must follow this track.