I originally posted this entry on our family’s Wordpress blog, back in 2013. I decided to repost here, since it’s still relevant and fits better here anyway…
Recently, the NSA declassified 136 issues of their monthly internal publication, “Cryptolog”, and released them in PDF versions for public consumption. (alternate Cryptome archive) As a geek this was/is very exciting for me.
Without a great deal of time to read through them, I decided to briefly peruse the edition published the month I was born (Volume V, No 3 – Yes I’m a young whippersnapper) and quickly moved to the article entitled “I had ‘Animal Crackers in my soup,’ but you’ve got a donkey in your WHAT?".
What immediately struck me was that we’re still fighting the same mindset: the mindset that we can determine the health/security/etc of a given system simply by looking at a few numbers on a regular basis.
Many will not discover, until a “dead donkey” of some sort shows up in their shop, that statistics, as useful as they can be, are not meant to be the end-all. Their purpose is to indicate, hint, or suggest that a problem might exist. They may highlight a known problem or aid a manager in distinguishing between a symptom and an underlying cause. At that point the computerized report has done as much as it can ever do.
Yet we still try to manage to the numbers. Some things never change, I guess.