Hacker News new | comments | ask | show | jobs | submit login

Recent example: Try explaining web app session stealing (to other web developers or management) two months ago versus now. Two months ago you get blank stares or outright disbelief, but now you get "oh, to protect against firesheep? yeah, let's use SSL everywhere."

It was just as obvious two months ago as today, but now people have a one word conceptual model to use without needing to understand cookies, browser requests, proxies, broadcast domains, or cross site issues.

Obvious to us. Amazing to the normals.

Hmmm. I agree with your conclusion, but I wouldn't say that Firesheep is a "one word conceptual model." Rather, it's a concrete instance, not a model.

That was the problem with before: in order to understand the threat, you needed to have a sophisticated mental model to be able to convince yourself "Yes, while I am unaware of any actual threats that use this, but I can see the potential for abuse." You needed to be able to deduce a threat from first principles. But once an actual threat exists, you get a shortcut; you can work backwards from the known threat rather than forwards from the system itself.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact