Descartes loves Keanu Reeves

Hi folks,

My wife and I hate folding laundry.  Clean laundry will often pile up for a while until it reaches a critical mass and one of us caves, folding the whole gigantic pile in a long, marathon folding session.  (the effects of our procrastination may explain why we hate folding, but I digress)  When I’m the one folding, I’ll sometimes listen to an audio book or watch a movie.  The other day, I watched The Matrix.

The premise of the movie is that we’re all living in a computer-generated world intended to keep us distracted while our biological bodies are harvested for energy by an evil, rogue artificial intelligence.  Which is an updated version of the ol’ brain in a vat argument.  Which is an updated version of René Descartes’ evil demon argument.  Which is the foundation for this:

Close enough.

One of the big questions in philosophy is “how can you know something”?  The brain in the vat argument is skeptical of all knowledge, suggesting that only the existence of one’s mind is certain.  Plenty of smart people have taken issue with philosophical skepticism, including philosopher Hilary Putnam.  But while Putnam’s refutation depends on logic and language (the whole “this sentence is a lie” sort of thing), it’s really Ludwig Wittgenstein who shuts it down in my opinion.  He says:

If you are not certain of any fact, you cannot be certain of the meaning of your words either […] If you tried to doubt everything you would not get as far as doubting anything. The game of doubting itself presupposes certainty

The gist is that any investigation of life/reality/whatever needs to be rooted in some assumed knowledge – you can’t raise a doubt without having a bit of knowledge on which to base it.

See?  You doubted that quote because you know something about Lincoln.

It’s true for us in IT security, too.  We’re often called upon to investigate events that seem odd or suspicious.  But in order for that investigation to yield meaningful results, we need to know what normal is.  The foundation of our investigations must start with a knowledge of what’s expected – what devices should be on our network, who should be using them, what they should be doing, etc.  The more knowledge we have, the easier it is for us to isolate the things worth investigating – worth doubting.  If we have to start from scratch, we could fall down the skeptic’s rabbit hole and question everything in front of us instead of focusing on the anomalies.

So for those of us with investigative obligations, we need to pull our brains out of the vat and develop a solid understanding of our enterprise.  Because when we’re asked to figure out what went wrong, we don’t want to be left doubting everything we see.

Rex