Why we suck at security (but not as much as you think)
"I could too! I totally could!"
LOL at all the people going "OMG U R GIVING TEH TERRORISTS IDEAZ!" in response to this article about how to destroy the Internet.
Did they miss the part about how you'd have to somehow be capable of launching simultaneous, coordinated strikes at dozens of locations on nearly every continent? This is not something any terrorist group could remotely pull off. This is not something a nation-state could pull off. This is not something Cobra Commander could pull off.
Humans, in general, are very bad at risk assessment. We spend hundreds of millions of dollars preventing what Bruce Schneier calls "movie plot" scenarios, and it's not even because people involved in security and national defense are ignorant. For the most part, they are not, even at the policy-making level. But what they are is politically risk-averse.
Some days I am very tired, even while I am trying to do my little part to keep shit from getting blown up. I see billions of dollars going down a drainhole, and wonder why the fuck anyone should care about a little fraud, waste, and abuse of taxpayer funds on a level that amounts to filching pocket lint by comparison.
I work in the belly of the beast, and I like to think what I do matters and ultimately serves good more than evil, but sometimes I am very tired.
Go is a metaphor for my life
This was a game against MFOG playing at the 9-kyu level. I was black. Usually the 9-kyu player beats me (sometimes I'm still getting wiped out at the 12-kyu level), but I am occasionally beating it. This time, I won by 6.5 points.
I am now learning a few josekis. Not sure if it is helping; many go instructors recommend not studying joseki at all until you are a very low-kyu or 1-dan player.
What actually is helping me is playing MFOG with "cheating" enabled, i.e., "Allow editing." In other words, when I realize I have totally fucked up, I go back and replay that sequence, or sometimes I try to backtrack to the move I identify as the point where my game went south. Sometimes I find out that no, I cannot save that group no matter what I do, but I am starting to recognize some of the traps I lead myself into, and I am becoming slightly less hasty to make the obvious and wrong move rather than the less obvious but superior move.
This is making me a slightly calmer player, too. When I know it "doesn't count," I don't get so angry when I screw up. However, I still need to get online and play real players more.
(I did not cheat when playing the above game, btw. There were no take-backs.)