Sunday, May 24, 2015

Coloring (and More) By Numbers

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams

As I discussed in A Different Kind of Cost, there's no such thing as perfect security; all you can do is make it cost the attacker more to do harm to you than they're willing to pay. This sort of playing outside the numbers is applicable to other areas as well.

To make something "foolproof," you have to figure out how far most fools would go to try to break something. The problem with this is they're always making better fools, and it's far easier to destroy than create. Water-proofing and hacker-proofing are in the same boat.

Child-proofing, now, is a completely different matter. Child-proofing is different because children have way too much time to sit down and try to figure out how something works; their minds and bodies, while being less experienced than adults', are far more flexible. If anything, what's supposed to be a child-proof medicine bottle is actually more likely to be an adult-proof medicine bottle.