Monday, August 25, 2008

the state of things

well, i've pretty much run out of both lolthreats and security idiot posts so i think it's time i moved both experiments into a new direction (a new phase of the experiment, if you will)...

since it's clear that i'm not going to be able to produce either of them at the one-a-weekday posting frequency i've been maintaining, i think it's time to think about making this a collaborative process... i would like to encourage others to submit their own for inclusion here - i think there are ample examples of each of them to go by but for the sake of clarity i'll break them both down...

both derive loosely from the joke meme where you hear a joke, you find it funny, you remember it and you retell it later on to a different set of people who in turn may find it funny, remember it and retell it to another set of people... as such, humour is a key property of the meme... without it there's no reason for people to want to keep it in their heads and no reward to passing it along like there would typically be with a joke...

the lolthreat in particular is a visual gag that prompts the viewer to laugh at the bad guys ("because you know you want to laugh at the bad guys") and their often ridiculous attempts at tricking people into taking some action or another... this can serve to demystify threats and attacks and heighten a meme-host's awareness of them... because of it's visual nature, the 'joke' can't be retold in the traditional sense so the replication of the meme happens by way of sharing a link to a particular instance (a staple of internet memes, though a technological barrier to classical memetic transmission)...

the security idiot meme, on the other hand, highlights the often ridiculous ways people or groups think about or practice security... this can serve to deter similar behaviours in those exposed to the meme (because no-one wants to be the but of a joke) and build social pressure against those who are already thinking/acting wrong... unlike lolthreats, the security idiot meme lends itself readily to traditional forms of joke retelling so that on top of sharing links to replicate the meme it can also be passed on by word of mouth without need for technology... this gives it an advantage in replication but also increases the potential for memetic drift as a result of replication/retelling errors and thus calls for a simple and reasonably brief format... also, unlike some other incarnations of this meme, this is not meant to be only for, by, or about security professionals... this is not a slight on security pros, or on the referenced incarnation, but simply a statement of intention that this be accessible to a broader range of people...

both have the potential to increase awareness of security concepts by virtue of having security issues in the underlying context, but they must always focus on the funny first because without that there is no replication of the meme... so if you'd like to participate in this experiment, head on over to the submissions page and go to it...

0 comments: