Slashdot Mirror

← Back to Stories (view on slashdot.org)

Whom Must You Trust?

Posted by Soulskill on from the mainly-just-late-night-infomercial-spokepeople dept.

CowboyRobot writes: 'In ACM's Queue, Thomas Wadlow argues that "Whom you trust, what you trust them with, and how much you trust them are at the center of the Internet today." He gives a checklist of what to look for when evaluating any system for trustworthiness, chock full of fascinating historical examples. These include NASA opting for a simpler, but more reliable chip; the Terry Childs case; and even an 18th century "semaphore telegraph" that was a very early example of steganographic cryptography. From the article: "Detecting an anomaly is one thing, but following up on what you've detected is at least as important. In the early days of the Internet, Cliff Stoll, then a graduate student at Lawrence Berkeley Laboratories in California, noticed a 75-cent accounting error on some computer systems he was managing. Many would have ignored it, but it bothered him enough to track it down. That investigation led, step by step, to the discovery of an attacker named Markus Hess, who was arrested, tried, and convicted of espionage and selling information to the Soviet KGB."'

14 of 120 comments (clear)

  1. I would trust me.... by Petron · · Score: 4, Funny

    But I know what I've been up to...

    --
    if (it != oneThing) it = another;
  2. Correct usage? by bluefoxlucid · · Score: 2, Informative

    The predicate comes first in this sentence?

    --
    Support my political activism on Patreon.
    1. Re:Correct usage? by Aighearach · · Score: 2, Funny

      Off the lawn you will get. Put up with this I will not!

  3. Whom you trust ... ? by jamesl · · Score: 3, Informative

    Who vs. Whom

    This rule is compromised by an odd infatuation people have with whom -- and not for good reasons. At its worst, the use of whom becomes a form of one-upmanship some employ to appear sophisticated. The following is an example of the pseudo-sophisticated whom.
    http://www.grammarbook.com/gra...

    1. Re:Whom you trust ... ? by X-Ray+Artist · · Score: 2

      I was reading this to find out how to determine whom to trust. I didn't learn much on that topic (Basically, trust no one.) I did, however, learn plenty about "who vs whom."

      --
      I would have a sig but I am too busy updating programs and restarting my computer
  4. Yes I'm here by istartedi · · Score: 2

    What do you want?

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  5. Re:Trust is a virgin by ArcadeMan · · Score: 4, Funny

    You could have phrased that better, such as "Trust is like virginity. Once you get fucked, it's gone."

    --
    Get free satoshi (Bitcoin) and Dogecoins
  6. To quote The Wizard's doorman by Chas · · Score: 2

    NOT NOBODY!
    NOT NOHOW!

    --


    Chas - The one, the only.
    THANK GOD!!!
  7. Trust networks can fix this by MarkPNeyer3416 · · Score: 5, Interesting

    imagine something like linkedin's 'how are you connected to this person' - except instead of 'we worked together' the edges are all of the form 'i trust this person to this extent.'

    you take a bunch of statements of this form (node X trusts node Y with level 0.4), all signed by private keys. if you meet someone else, you can see all of the trust paths from you to them, to decide how much you trust them, and to what extent.

    then, instead of having to personally know someone else personally, i can say 'there are 300 paths from me to this woman. 250 of them are strictly positive with trust levels over 0.7 which is my default threshold for comfort. all of the negative ones turn negative over two hops from me, and only three are intensely negative. i already had weak trust levels for intermediary nodes between myself and the negative inbound edges to her. she's fine, and i have more confidence in my negative assessment of those intermediary nodes.'

    this could be huge. it would let us have more trust in strangers, and it would let us do things like this:

    • 'this lawyer has 50 inbound links from people i'm relatively close to, that all rated him as an asshole. i wont work with him'
    • 'this guy i'm serving at the restaurant has 30 level-4 links out who've said he helped them when they didn't offer anythign in return. i'll service him better than this other guy over where who's been rated as rude and elitist by some closer level links to me'
    • lets look at the yelp reviews of these restaurants, weighted by the trust scores i give users who've left the reviews. hmm, all of these reviews are from identities i only have a few paths to, with all of those paths passing through my SEO friend, who i thought might be black hat. drop this guy's trust level to negative and mark all of those reviews as untrusted by me. don't want my friends to waste their time with that.
  8. Re:Uplink was visionary by Opportunist · · Score: 5, Insightful

    Trust is a necessity. People do not have infinite time and skill available. At some point, I must trust someone or something. I must trust my mechanic that he doesn't cut my brakes. I must trust the pizza delivery guy that he doesn't sprinkle his pizza with E605. Of course you can opt to trust NOBODY, but, bluntly, that would indeed leap over the border to paranoia.

    But just as you have to pick your battles, you have to pick who to trust and who not to. A good starting point is usually the "cui bono" approach. What's in it for my pizza guy to kill me? Nothing. So I guess it's safe to assume that he wants to continue bringing me pizza because he wants more of my money.

    OTOH, with the current situation, I wouldn't trust any government any further than I can throw up.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re:Are you guys too young or what? by Chris+Mattern · · Score: 2

    TRUST NO ONE

    Keep your laser handy.

  10. Who by rossdee · · Score: 2

    Who do you serve, and who do you trust? - Galen

  11. Well, yes, I was there... by Cliff+Stoll · · Score: 5, Interesting

    It's been a quarter century since I chased down those hackers. Hard to think back that far: 2400 baud modems were rarities, BSD Unix was uncommon, and almost nobody had a pocket pager. As an astronomy postdoc (not a grad student), I ran a few Unix boxes at Lawrence Berkeley Labs. When the accounting system crashed, my reaction was curiosity: How come this isn't working? It's an attitude you get from physics -- when you don't understand something, it's a chance to do research. And oh, where it led...

    Today, of course, everything's changed: Almost nobody has a pocket pager, 2400 baud modems are a rarity, and Berkeley Unix is, uh, uncommon. What started out as a weirdness hiding in our etc/passwd file has become a multi-billion dollar business. So many stories to tell ...

    I've since tiptoed away from computer security; I now make Klein bottles and work alongside some amazing programmers at Newfield Wireless in Berkeley. Much fun debugging code and occasionally uncorking stories from when Unix was young.

    Warm cheers to m'slashdot friends,
    -Cliff

  12. Re:Uplink was visionary by Anonymous Coward · · Score: 2, Informative

    Bruce Schneier has an excellent 2012 book-length treatment of trust called Liars and Outliers: Enabling the Trust that Society Needs to Thrive .
    https://en.wikipedia.org/wiki/...

    It makes many of the same arguments as the previous post in a rigorous way, drawing on social science research and game theory for support. Well worth reading for those interested in trust and security.

    Posting anonymously to not loose my mods.