[... at Sudoku]
When I first started with Sudoku puzzles my interest was "how do I reduce these to an algorithm?" I wrote some code that would solve the puzzles and then started to try do it in my head.
I got better and better and the simpler puzzles started to get very boring and the harder ones became easy. Then, recently I got hold of an advanced Sudoku book and I was hooked once again.
But there was one puzzle that I just couldn't do. I would stare at the thing like it was a novel I could not put down. Hours went by and I was starting to see blocks in my sleep. So I decided to re-visit some of the online Sudoku solver sites I had used to help build my Sudoku solver. (Why not use my own solver? Its on a disk, somewhere!)
I found a good site that shows "hints" (because after all, I want to know how to solve it. If I wanted the answer, I could have just flipped to the end of the book but then I would have learnt nothing from the experience)
I typed the puzzle into the site and *boom*... a hint... yay. I was well on my way to solving the puzzle. I actually just really wanted one number and the rest all fell into place.
[The actual point of this long blog is here ;) -] Once I knew what the next number of the Sudoku was then I could work out how I should have gotten to it. But the PC showed me how it would have gotten to it and it was a totally different method altogether. Its obvious but not always on top of our mind, Computers and Humans inhabit the same world but our world view is very different.
This is why Spam gets through. This is why passwords don't work. This is why brute force does work. This is why Web-filters don't work.This is why DLP is partially effective.
Using technical controls for human created problems is what Information Security is all about. Its also something doomed to fail. Whats better? I wish I knew.