Shostack + Friends Blog Archive


For epistemological anarchism

So Dave Mortman and Alex Hutton have a talk submitted to Security BSides entitled “Challenging the Epistemological Anarchist to Escape our Dark Age.” Now, it would certainly be nice if we could all use the same words to mean the same things. It would make communication so much easier! It would let us build the semantic web.

Now, don’t get me wrong. I hate cutesy and confusing names for attacks as much as Alex and Dave. But let’s think about the solution for a minute. If we’re going to challenge anarchy, we do it from a position of authority. We ask some group of the great and the good
to authoritatively assign meanings to terms, and then we move on. To the next attempt to do the same thing.

Even with all these definitions, I still get the occasional sputtering prescriptivist trying to tell me that what my employer calls threat modeling should be called “sleeping furiously” or something. My response is now always the same. I ask “is this the most productive conversation we could be having?”

Now my other issue with challenging anarchy is that once you have some great and good, they shape the thoughts that we might have. [I’m running out of time, so imagine witty and relevant references to Orwell here, along with pointer to Politics and the English Language.]

So I have two reasons to not bother challenging the epistemological anarchist. First, it won’t work, and secondly, it wastes energy that we might otherwise use to shape the language in the directions we prefer.