Slashdot Mirror
We Must Slow Innovation in Internet-Connected Things, Says Bruce Schneier (technologyreview.com)
Bruce Schneier argues that governments must step in now to force companies developing connected gadgets to make security a priority rather than an afterthought. Schneier made these arguments in his new book titled, Click Here to Kill Everybody which is on sale now. Here's an excerpt from his interview with MIT Technology Review: Technology Review: So what do we need to do to make the Internet+ era safer?
Schneier: There's no industry that's improved safety or security without governments forcing it to do so. Again and again, companies skimp on security until they are forced to take it seriously. We need government to step up here with a combination of things targeted at firms developing internet-connected devices. They include flexible standards, rigid rules, and tough liability laws whose penalties are big enough to seriously hurt a company's earnings.
Technology Review: But won't things like strict liability laws have a chilling effect on innovation?
Schneier: Yes, they will chill innovation -- but that's what's needed right now! The point is that innovation in the Internet+ world can kill you. We chill innovation in things like drug development, aircraft design, and nuclear power plants because the cost of getting it wrong is too great. We're past the point where we need to discuss regulation versus no-regulation for connected things; we have to discuss smart regulation versus stupid regulation.
Technology Review: There's a fundamental tension here, though, isn't there? Governments also like to exploit vulnerabilities for spying, law enforcement, and other activities.
Schneier: Governments are certainly poachers as well as gamekeepers. I think we'll resolve this long-standing tension between offense and defense eventually, but it's going to be a long, hard slog to get there.
Schneier: There's no industry that's improved safety or security without governments forcing it to do so. Again and again, companies skimp on security until they are forced to take it seriously. We need government to step up here with a combination of things targeted at firms developing internet-connected devices. They include flexible standards, rigid rules, and tough liability laws whose penalties are big enough to seriously hurt a company's earnings.
Technology Review: But won't things like strict liability laws have a chilling effect on innovation?
Schneier: Yes, they will chill innovation -- but that's what's needed right now! The point is that innovation in the Internet+ world can kill you. We chill innovation in things like drug development, aircraft design, and nuclear power plants because the cost of getting it wrong is too great. We're past the point where we need to discuss regulation versus no-regulation for connected things; we have to discuss smart regulation versus stupid regulation.
Technology Review: There's a fundamental tension here, though, isn't there? Governments also like to exploit vulnerabilities for spying, law enforcement, and other activities.
Schneier: Governments are certainly poachers as well as gamekeepers. I think we'll resolve this long-standing tension between offense and defense eventually, but it's going to be a long, hard slog to get there.
I give the book five stars based solely on the title.
I strongly disagree. You should do your own research and refuse to buy inferior products. If you get hax0red its your own fault for buying crap from china and not securing your own equipment
In the car world if manufacturers make a mistake they can be forced to recall the vehicles. In the device world you can release something and wash your hands of it.
We want you to lock everyone else out of the device - but us! ... so our intrepid developers put 200+ back doors in their devices. One for every government that asked for it,
With admin names like:
UnitedStates-BackDoor-KeepOut
Yemen-BackDoor-KeepOut
VaticanCity-BackDoor-KeepOut
Canadia-BackDoor-PleaseKeepOut
Russa-BackDoor-NothingToSeeHere
Oh, and the passwords for all the backdoors? - 1-2-3-4-5 No one read the email that said that the Govt's were to change the password to something only they knew when they hacked the device to put their own spyware on it.
Finally, some I-D-10-T left the spreadsheet for said back doors out on a public Dropbox, Azure, AWS, GoogleDoc,location so that they could work on it from home.
Seriously, What could possibly go wrong...
Fred In IT
All the same old tired stupid mistakes are made again in the IoT space. It is really quite stupid.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The problem isn't innovation, doing new things is good. The problem is not learning from the old things. The mistakes the IoT vendors are making are all mistakes that have been made before. Looking to the future is positive, so long as you don't ignore the past.
We don't need to slow down innovation. We need to put more emphasis on history. Ironically this could actually speed up innovation since less time would be spent fighting fires.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
These attempts to postpone the coming technological singularity and save their own... everything will not be successful, and are not acceptable.
Accelerate.
This simply isn't true. To take one industry, look at automobiles. Ford put in safety glass and GM was conducting crash tests in the early 1930's before rules were put in place. Ford was marketing a safety package by the mid-50's as well that never really sold well. US regulation on safety really didn't start until the late 50's and early 60's.
Even in industrial and food safety, market factors (employees unwilling to work, bad press and people unwilling to buy the product) moved safety standards along before governments ever codified them into law. And sometimes regulations have a negative impact on safety by mandating and/or preventing an action that impacts the safety of the person using or making/providing the product/service.
The simple and obvious fix for IoT security is for a bunch of open source security experts to build something basic and give it away under a free licence. If it's well documented and saves the company having to develop their own, they'll use it. Everyone wins.
Almost.
IoT is going to end up a security sinkhole, with devices devoting 2/3 of their code to security, and 1/3 to actual functionality. Unfortunate but necessary.
But failed security won;y be solved by regulation. Small manufacturers will suffer because when they get it wrong they will be crushed. And consumers will suffer because they will be stuck with failed devices and lost money.
Ultimately regulation of IoT will look more like rent-seeking than protection, since punishing manufacturers for security failures has, in the past, only resulted in abandonment of failed devices. These things are so simple they are not work fixing most of the time.
Or will we see future IoT devices that can actually be maintained? Those attractive, simple, cheap-ish things like door locks have so far proven to be unable to be 'fixed' in most cases. I'm not hopeful. But there are going to be successful security models, probably based on local gateways, and will come with fully featured vendor lock-in and captivity to the whole infrastructure that is vendor dependent. Probably unavoidable, since security is a huge problem for everything Internet.
deleting the extra space after periods so i can stay relevant, yeah.
If we're talking consumer applications, most of the shitty IoT concepts aren't innovative in the slightest, they are just slapping a wifi chip onto the side of a pre-existing product. The societal benefit of holding manufacturers responsible for their bugs far outweighs missing out on iteration #48,294 of a networked baby monitor or washing machine.
All these IoT devices are just mini time-bombs waiting to go off. When they get hacked / p0wned will politicians FINALLY realize that allowing devices on the internet with none, or very little, security was a bad idea???
This is why I call Internet-of-Things with a more accurate one: In-waiting of Tragedy
Because when enough people's fridges, thermostats, stoves, etc. get hacked it will be hell.
Firstly, there's a difference between "Internet-Connected Things" and "Internet of Things". We had internet-connecting things long before the concept of IoT came around. We had webcams, we even had linux toasters. The promise of IoT is that the experience is seemless, that holistic new functionality and capability emerges far greater than the sum of its parts when devices are imbued with appropriate smarts.
To that end, there has been no innovation in IoT yet. There isn't even any IoT devices on the market. Not one. There has only been the same old garbage "now with internet". That's not innovation and that's not IoT.
Yep, it's a catchy title. Bruce is generally a smart guy, so I'm surprised to hear him start the interview with a statement that is flat out wrong on the facts. More than that, anyone who knows a little history KNOWS it's wrong.
"There's no industry that's improved safety or security without governments forcing it to do so.", he began.
Has Bruce never heard of Underwriters Laboratories (UL listed, UL registered, etc)? Underwriters means insurance companies. That's not government, that's insurance companies offering guidance and an incentive. How about the National Fire Protection Association, which writes the fire codes? That's another safety organization started by insurance companies, and insurance companies wouldn't insure a building unless it met fire code. Later, local governments ALSO said "me to", but the NFPA and fire codes were created by insurance companies, not government.
The auto companies were advertising safety innovations for half a century before there was any major legistlate. From Dusenberg advertising hydraulic brakes in the 1920s to Ford marketing safety glasses in all its cars in the 1930s to padded dashboards, safety cages, and disc brakes in the 1940s - it wasn't until the 1960s that the government got involved.
So it's simply factually incorrect, plain wrong, to say "There's no industry that's improved safety or security without governments forcing it to do so". My side gig is pyrotechnics, fireworks. A LOT of what we talk about and work on in the industry is safety, sometimes talking about how to convince the government official to allow us to do things the safer way rather than insisting on outdated procedures, or things that are a bad (dangerous) fit for the situation.
Yes, you can find examples of industries that improve safety reactively as a marketing ploy in response to bad press from an unfortunate incident (for example, tamper-proof packaging after the Tylenol poisoning incident in the 1980s). Getting them to do it proactively (i.e. before something really bad happens) generally requires government intervention, and that is what we need here. Also, once the bad press goes away, the safety measures often do as well unless regulations have been updated to require them.
Support Right To Repair Legislation.
I'd like to see more read-only devices, or a hard switch for read-only. For example, maybe I'd like to know my fridge temperature while away from home to know my medications are safe, but I don't want me or anyone else to be able to adjust the temp or turn it off. I'd like to know when my washing machine or drier is finished, but I don't want me or anyone else to turn it on remotely.
https://en.wikipedia.org/wiki/... "The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency[1] (NSA) as an encryption device that secured “voice and data messages"[2] with a built-in backdoor. It was intended to be adopted by telecommunications companies for voice transmission. It can encipher and decipher messages. It was part of a Clinton Administration program to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions."[2] “Each clipper chip ha[d] a unique serial number and a secret ‘unit key,’ programmed into the chip when manufactured."[2] This way, each device was meant to be different from the next. It was announced in 1993 and by 1996 was entirely defunct."
He opposes common sence racial profiling.
I don't think we have to rely on archaic notions of what is secure. I don't think we need to suffer with medieval concepts of what was reliable.
It's perfectly reasonable to expect IoT technology to strictly exceed the standards taught in the 1980s, simply because those standards are 40-odd years old. We've learned how to build things better since then.
The law can reasonably enforce certain standards. There are standards out there, for coding and security. Some, like MISRA, are regarded as correct only in places. But they are published and are used by real people for real projects.
The obvious solution is to commission the NSF to draw up some core standards, using the existing ones as templates:
One set of rules for all I/O, probably based on CERT's secure programming and FIPS.
One set for low-criticality systems, I'd argue 5N reliability is all you need for that.
One set for high-criticality (medical implants, for example), probably using only vital, universal, elements from MISRA, JSF+ and DO-178C. Emphasis on vital, universal. You don't want rules here that are frivolous or domain-specific.
One set for split role devices. I'd probably use ideas that are still relevant from the Rainbow Series.
Such a group may decide that a given set is the empty set. That's fine. That means regulations don't make any sense at that level and that's worth knowing.
The rules should be minimal, no group should have more than ten rules. I don't think anyone can seriously object to ten rules programmers came up with in the first place.
By using existing, established, rules, most can be checked automatically, making it a cinch to validate and certify.
Is it enough? Probably not, but that's not the point. The point is to create a starting point and enforce minimal standards superior to what is currently used but trivial enough to not impose an excessive overhead.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
That is irrespective of whether one user is a grandma trying to email to a relative, an individual buying a product, a city's traffic light network, a government department, a car or a battleship
This is a ridiculous situation to be in. We segregate road users for their own safety (and that of others) and in order to provide facilities that are appropriate for each type of user. What we don't need is a one-size-fits-all security model. We should be separating out the various forms of network traffic into physically discrete networks. Maybe even to the extent of having multiple networks with little or no cross-over between them.
This would be especially apt for a break between commercial and non-commercial traffic. Or between government and civilian use. And especially between safety-critical infrastructure and everything else.
The concept of an "internet" is past its useful life. The whole structure never took security seriously and was designed more around trust than enforcement. It is past time to move a LOT of stuff off the public network and to make it harder for grandma to accidentally email the Pentagon's National Military Command Centre - just like it isn't (I hope) possible for someone to accidentally walk in through its front door.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Are in a position to shop between implants, and there's obviously millions of vendors.
And, of course, stores carry an entire department of wireless routers, not just three boxes between two near-identical vendors who offer no information and have secrecy clauses on everything.
Find any good OpenBSD-based thermostats on Amazon? Thought not.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
You know those pointless noise-maker car alarms? It used to be that only douches have those. When I bought my car in '07 it never occurred to me it would come with one. It did. I never asked for it. They didn't warn me. The damned thing has pissed me off and sent me into a rage on several occasions. I went to the dealer and they said they could fix it when they're security specialist was in, or some bullshit like that. They acted like it was serious business. It's a fucking noise maker that pisses me off.
Many cars come like this; perhaps all of them. I'm still waiting for the magic of the free market to fix it for me.
Your libertarian philosophy does NOTHING to defend us against the collective decisions of powerful private interests.
Let me repeat. NOTHING. I'm not "free to replace google" or "free to replace Honda", because that's an unrealistic goal for almost everybody. For the few who may achieve such things? They are in on the racket.
The only way for regular Joes like us, the only realistic shot we have, is to regulate those douches.
Get it through your damned libertarian skulls.
We get it Alexander Peter Kowalski, you are retarded and an antisemite. You must have gotten really pissed at losing so badly this week to rage this hard. Maybe instead of repeating your bullshit lies and antisemitic rants you could instead focus on that BSD and OS X port of your slow and bloated file concatenator. If you complete that your parents might stop regretting not aborting you, but likely not. If that doesn't work you could always post some unsigned responses in defense of your self because that might convince your mom to come back and take care of her retarded man child of a son.
Thieves break into financial networks on a regular basis. They pay a lot of people a lot of money to prevent this, but it still happens. There is no one to prevent some 12 year old script kiddie from turning your 'smart refrigerator's' temperature all the way up. No to mention the vastness of security camera botnets and how manufacturers spy through smart TVs...
Is it that hard to air gap IoT devices? I'm not concerned about someone hacking into my cameras, you should see all the bullshit those cameras want to send back home. IoT devices will never be secure. Why even fight that battle?
>There's no industry that's improved safety or security without governments forcing it to do so.
How about PCI (Payment Card Security Standards)? This is one of many examples where industry has self imposed security standards without being forced by government.
I personally advocate a happy medium on regulation, but that statement seems to demand the creation of a police state and I have to speak out against that horrible idea.
Greed is the root of all evil.
... largely in denial.
Regulation is not going to stop anything in a nation that worships corporations. It's in too many big companies interest to spy on everyone and remove their ability to own their own software. Mere regulation isn't going to help jack squat. The best security is not to have software and hardware unnecessarily connected to the internet for instance.
If we were really interested in security drm would not be a thing and all game would be be able to be playable offline. The best security is not to put it on the net in the first place. Too many big companies have too much power and mere regulation is not going to do jack shit in government that is bought and owned by corporations. Like the man wasn't paying attention to the bail outs of the big banks in 2008 or the last 40 years of repeals of various acts that were designed to protect the public.
"The point is to create a starting point and enforce minimal standards superior to what is currently used but trivial enough to not impose an excessive overhead."
No, the point is to make things secure. Having only minimal standards that don't actually provide a secure environment is what is creating "excessive overhead" for everyone else.
"We've learned how to build things better since then."
Actually we haven't. We are still relying on security by obscurity and the notion that if you just create enough overhead to crack code it will remain secure. Potential hackers are much more sophisticated with much better hardware to work with.
I suspect the real problem is the internet. It was designed to be an open communications network and it got hijacked into serving as an industrial control network. There is really no other reason that our electrical grid management can be accessed from snapchat and vice versa. What we really need are different networks that are physically and operationally separated.
If all IoTs meet some baseline security on, say, Day 1, new attacks will be found on Day 2 if not before the item ships
How do you keep your things current with the latest challenges?
If the manufacturers have hidden paths that allows them to update remotely, that code will just be a new way to hack the device.
If the manufacturers send you a new plugin with the updated code for your light or refrigerator, you get to fix each each device.
We don't need to slow down innovation. We just need the universal understanding that proprietary software in these devices is not acceptable.
... argues that governments must step in now to force companies developing connected gadgets to make security a priority rather than an afterthought.
Banks, anyone? How about fast food joints and places like Target?
Yahoo!?
Equifax?
No?
OK.
It little behooves the best of us to comment on the rest of us.
Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.
Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.
This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):
Jew Talmud excerpts (the book that calls Christ's mother a whore & a bastard of a roman soldier):
1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."
2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."
3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."
4. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."
5. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."
6. Hilkkoth Akum X1: "Do not save Goyim in danger of death."
7. Hilkkoth Akum X1: "Show no mercy to the Goyim."
8. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."
9. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."
10. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."
11. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."
12. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."
13. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."
14. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."
15. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."
16. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."
17. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."
18. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."
19. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."
20. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."
21. Schulchan Aruch, Choszen H
Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.
Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.
This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):
Jew Talmud excerpts (the book that calls Christ's mother a whore & a bastard of a roman soldier):
1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."
2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."
3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."
4. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."
5. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."
6. Hilkkoth Akum X1: "Do not save Goyim in danger of death."
7. Hilkkoth Akum X1: "Show no mercy to the Goyim."
8. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."
9. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."
10. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."
11. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."
12. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."
13. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."
14. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."
15. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."
16. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."
17. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."
18. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."
19. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."
20. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."
21. Schulchan Aruch, Choszen H
Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.
Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.
This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):
Jew Talmud excerpts (the book that calls Christ's mother a whore & a bastard of a roman soldier):
1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."
2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."
3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."
4. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."
5. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."
6. Hilkkoth Akum X1: "Do not save Goyim in danger of death."
7. Hilkkoth Akum X1: "Show no mercy to the Goyim."
8. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."
9. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."
10. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."
11. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."
12. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."
13. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."
14. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."
15. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."
16. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."
17. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."
18. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."
19. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."
20. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."
21. Schulchan Aruch, Choszen H
I’m no Hebe, but I downmoderated you because you’re fucking annoying. You have to post this shit once in every thread, fine. Stop there.
Sure you're not. Sure. What's that I read from the YOODISH talmud about lying under oath or using subterfuge wording? Why hide truth/fact?
Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.
Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.
This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):
Jew Talmud excerpts (the book that calls Christ's mother a whore & a bastard of a roman soldier):
1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."
2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."
3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."
4. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."
5. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."
6. Hilkkoth Akum X1: "Do not save Goyim in danger of death."
7. Hilkkoth Akum X1: "Show no mercy to the Goyim."
8. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."
9. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."
10. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."
11. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."
12. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."
13. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."
14. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."
15. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."
16. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."
17. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."
18. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."
19. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."
20. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."
21. Schulchan Aruch, Choszen H
So many jewghoul and jewtoob links...you are the jew.
> Remember the introduction of seat belts? Yeah, that had to be mandated
Seat belts were a highly advertised feature. Later, it was such a popular feature that gas stations sold them for installation in order cars, much like large stations sell aftermarket cupholders today.
Here's a Chevron ad, only $5.95 for this great seatbelt:
https://www.thrillist.com/vice...
After Ford was putting the belts I all of their cars, and after owners of older cars picked up the new-style seatbelt from the corner gas station, then the government said "oh yeah, that's a good idea. Let's mandate that."
We can require everyone to use formal methods, but don't expect any updates to OpenSSL/LibreSSL this decade.
It would cost $2.4 billion to reduce the bug density in the Linux kernel to 0.00045 or less and keep it there for a year.
Current status: https://scan.coverity.com/proj...
That's very nearly bug-free. It would actually be 100% bug-free in all components that don't require features that are inherently unreliable. The government could afford it, most corporations could not.
I would actually like that for Linux, have a huge program to perform a proper detailed clean-up of the entire kernel. No loss of functionality, just a loss of bugs. It's used in many important areas and no system can be more reliable than the OS it uses.
But you can't ask people to design KDE that way (although they could design it better), nor could you ask a commercial vendor like Oracle to get their database to that standard. Only a government has the money needed and even then only for a few projects.
When it comes to encryption, it's worse. We don't know what constitutes good, we only know some things that constitute bad. Same for authentication. Ergo, we can define minimum standards by defining what is bad, but we can't define anything better.
Open source doesn't help, since nobody does test driven development and almost nobody tests. Documentation is dreadful. Want to show otherwise? Sure, go ahead. Reply to this with a file in CPNTools format that shows the full state machine for the IPv6 stack. That should be easy, you have RFCs showing the datagrams and state changes.
Such a diagram can be drawn, but not by anyone here in any sane length of time. That's full-time work for a large team of high-end experts.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Who planted that ROM chip with the code?
And what is the code?
I envision my Maytag dryer communicating with my Kenmore washer and playing cybernetic havoc.
If you have a homeowners insurance policy you should be limited to installing certified IoT devices on your home network. Why? Those devices often control critical appliances and climate control systems in your home, creating the potential to cause major liability issues. Who should regulate certification of IoT devices? Maybe Underwriters Laboratory should lead the charge on this. The real sticky bit will be handling experimental devices to allow individuals the ability to tinker with IoT devices. Perhaps those folks simply need to pay higher premiums.
in the airline business there's huge government safety overhead because lots of people die otherwise. in iot they don't die. we don't need standards. we need smarter consumers. buy junk, get junk. doh.
nothing to see here - move along
And goverments created law of torts.
And law of torts begat liability.
And liability begat insurance companies.
And insurance companies created safety codes.
Now therefore Schneier said unto the people: "It is because of what governments did that you have safety laws. Now go and be humble and do not speak harshly of government. For though it may not be your friend today, yet shall it be your friend in your Hour of need."
Well said. Write that out 100 times.
That was entertaining, thanks.
Watching my young daughter has taught me some things. Such as:
> And law of torts begat liability.
Two year olds very much understand "it's your fault and I'm mad at you", liability for harms done is not an invention of government.
What I thought was interesting is that two year olds will get really mad if another two year old copies their drawing (scribble) or song. Copyright seems to be instinctual.
Secondary effects are a reality, bub. Besides the pacemakers with OPEN WIFI CONNECTIONS LACKING ANY SECURITY.
Besides the stories over the past month where hackers could simultaneously change a neighborhood's thermostats and shutdown a utility?
DDoS attacks removing network connectivity or overrunning cell towers - and therefore, nowadays, the ability to call emergency services?
... and at this point in time, there's no *widespread* public consumer demand to increase the security of products. Therefore, there's no profit incentive for manufacturers to spend the extra time, money and effort to secure a product.
The same goes for corporations and information privacy. There are significant costs involved in securing and maintaining complex systems and databases containing personal information. When a data breach takes place, the corporation isn't actually *losing* anything. The data is *copied.* The only thing the company loses is a little bit of face, then the public gets distracted by something else, and no one cares that the breach took place (e.g. Equifax). There are no fines, no boycotts, no backlash. At worst, stock dips a little before recovering, maybe a CEO takes their millions and lays low for a little while or quietly moves to another corporation, but the gears keep turning, and the money keeps rolling in anyway.
So in this scenario, *why on Earth* would a company or corporation bother to spend the time, money or effort to make something secure, when they don't have to? Until the public starts demanding security, there's no financial incentive to make it happen. And at this point, we're so far along with so many breaches, that new generations are starting to realize that there's no security or privacy inherently associated with the connected world at all. Spray enough generations of monkeys with the hose when the try to step on the ladder, and they forget why they aren't supposed to step on the ladder anymore. Raise enough generations of people in an environment where there's no security or privacy to be had anyway, and they stop being concerned about it in the first place.
No public concern, no public demand, no public or legislative pressure, no financial incentive. Simply put: "no one" cares enough about security to bother covering the costs of security, because the costs of security currently outweigh the costs of not being secure.