Everybody understands your intent. Nobody understands why you think there is anything special about what you did, or why you think it is some sort of vulnerability. It is obvious to EVERYONE that an administrator (which you were as soon as you mounted the disk on your own system) can do ANYTHING, including making the system vulnerable.
Nowhere did I say those were the same things. All you did was take the system down, install a vulnerability, and bring the system back up. No magic. Of course you now have full access to the running system, but the ONLY reason you have that is because FIRST you had full access to the disk, and YOU created a vulnerability.
And again, you can do that on ANY OS. Take down Linux, replace (for example)/etc/init.d/firstboot (or any other automatically started service) with a simple script that starts vncserver, reboot Linux. Now you can magically connect to the system through vnc, and you will be logged in AS ROOT, without a password (or using a vnc password that you set). Don't want to use vncserver? Replace a pam module with one that doesn't actually do anything. Presto magico! You now have full access to the running system. Amazing!
You have not demonstrated any vulnerability, other than the vulnerability of letting an idiot have full access to your drive.
He did not 'miss the point', because you have no point. All you did was show that if you have unrestricted access to a disk you can make a system insecure. Well no shit Sherlock. You can do that on ANY OS. If you want to do it on a Unix system replace getty or xdm with a version that has a backdoor in it.
There is nothing special about what you did, and it is not a vulnerability, and there is nothing to 'get smart' about.
There really hasn't been enough time and study yet to see what the full impacts of GMO on the human system or the environment are yet.
... compared to someone actually manipulating your food you consume into your body system genetically
The long term effects of these food mutations, haven't yet had time to likely manifest themselves. We are currently seeing problems with peoples' health and all sorts of new allergies that haven't really yet been explained, but a lot of the problems do seem to coincide with the influx of changes in our food system in recent decades.
And so far, there isn't a LOT of in-depth scientific (independent of the companies producing the stuff) of GMO foods yet.
...what would you say, if down the road about 20-30 years, they do find that GMO foods had a negative effect on humans?
Every one of those statements is an expression of fear (namely fear of possible hidden problems), and nothing else.
Further, I will go so far as to say it will never be shown that GM poses a health risk to humans. There may be problems with specific GM foods, but it is kind of silly to think that just doing GM is going to cause a problem.
Yes, of course it is possible that in 20 or 30 years someone will find out that a certain GM food causes health problems. Guess what - someone could find out that a certain non-GM food causes health problems too! Should every food out there carry some sort of 'we don't really know the actual long term effects of this specific food' warning?
On the other hand, what if someone in 20 or 30 years finds out that eating a certain GM food actually improves health? Then all the people who were scared off by your 'danger - unknown consequences of GMO' labels will be less healthy than had they not had the labels that scared them off due to no specific danger at all.
You were arguing for MANDATORY labelling of GMO foods. There is absolutely no law that states every food must be labelled with it's kosher/tref or organic/non-organic status. The kosher/organic labels are VOLUNTARILY put on by manufacturers who think that is a selling point for their product. Manufacturers can also indicate that their product is not GMO, if they think that is a selling point (they can not, however, do so in a manner that implies non-GMO is healthier or that there is something wrong with GMO, because there is no basis for either statement).
There are basically two reasons for opposing something in the absence of evidence: belief that it is morally wrong, and fear. None of the labelling laws we have, including ingredient lists, are because of those two reasons. A mandatory GMO label would be exactly because of those reasons. It is not the goverments job to make sure everyone and anyone caters to your fears and beliefs.
No, they aren't. They are claimed to have terminator seeds by fudsters. If they actually are sterile, then explain the lawsuits Monsanto files against farmers who regrow the crop. Monsanto has stated they have never developed or commercialized strerile seeds, and have committed to not do so for food crops.
That's exactly the point. YOU have some fear of GMO foods, and think that justifies mandatory labelling. Well, OTHER people have concerns (kosher, organic, whatever) that, to them, are equally deserving of a label. What makes your fears any more valid than theirs?
Be sure to leave plenty of space on the label so we can mandate all the other things that every loony with an agenda thinks should be mandated. Warning: Tref! Warning: Non-organic! Warning: Hydroponically grown! Warning: Picked by Mexicans! Warning: Not fair-trade certified!
That is completely and utterly false. It can also ensnare anyone who has problems with the language, doesn't understand the nuances of what he is bing charged with, has mental or emotional problems, is suffering from stress, and any number of things.
There is absolutely no point compelling an answer to your #2 question. None. The only possible reason for compelling an answer is that you hope you will trip the guy up an he will reveal something he did not want to (such as his guilt).
I didn't say 'coerce', I said 'convince'. If I say to Bob 'give me your wallet, and I'll give you $100', and he gives me his wallet and I give him $100, exactly what crime has been committed? That is not a bribe, as a bribe is payment for doing something illegal or wrong. If I have a choice as to whether or not to testify, then you can not possibly bribe me to not testify, as not testifying is neither illegal nor wrong. However, if it is not legal to testify, then indeed you could bribe me to not testify.
It is NOT separate from the principle of innocent until proven guilty. Back when the Constitution was written, pretty much the only chance of getting a conviction for a crime was by the testimony of witnesses. There was no forensics, no DNA analysis, no ballistics, etc. Therefore, the only way for the state to 'prove' guilt was by witness testimony. If witnesses are allowed the option of not testifying, all a criminal needs to do to avoid conviction is convince the witnesses not to testify. I'll leave it up to you to think of ways he could do that (many of which, if not testifying is an option, would be perfectly legal).
Yes, the defendant might be guilty, but then again, he may not. If a defendant can be forced to testify against himself then there is no need for a trial, or really even an investigation. The goverment would have all the power in any criminal case.
On the other hand, allowing a third party to 'opt-out' of testifying also leads to abuses of power, but in the opposite direction. If not testiyfing is legal, than it couldn't be illegal to 'convince' someone to not testify. That convincing could take the form of either positive (ie cash) reinforcement, or negative (intimidation) reinforcement. The criminal would have all the power.
Forcing him to answer does not 'trample his fifth amendment rights' until his words are used against him. And therein is the answer to the 'problem'. If someone is compelled to testify, and winds up saying some that incriminates himself, his words can't be used against him (although they can still be used against the person he is testifying against). It is not really different than if the police coerce a confession - yes, you said the words, but if you can show you were coerced the confession can't be thrown out. And it would be a hell of a lot easier to show you were compelled to testify in court than to show the police coerced you.
Did you even read the link you referenced? The first line shows the problem with your claim of monopsony. 'One buyer faces many sellers.' You can't lump all of the publishers together and call them 'multiple sellers', because they all sell different products.
The second major problem with your claim is that Amazon is not the buyer, consumers are.
Amazon does not have some magical power to force publishers to accept low prices for ebooks. The publisher has a monopoly on his books, and he can set whatever price he wants. If Amazon doesn't get some ridiculously low price for an ebook, what are they going to do, not sell it? As soon as they refuse to sell a book the door is thrown wide open for competitors to sell the book.
Amazon's power comes from their ability to not sell paper books. That puts the publishers in the position of having to choose between low ebook prices or low paper sales. Too bad. Every manufacturer has to make such decisions in their product line.
Now you're starting to get it. Separation of duties requires roles. For in-house developer there will be developer, approver, installer, and security admin. The security admin sets up the signing and trusted keys. The developer creates a package intended for release. After appropriate testing, code reviews, etc the approver signs the package. After signing, the installer installs it.
This requires a minimum of two people. One person could have both developer and installer roles, and another could have both security admin and approver roles.
As long as those roles remain separate you have eliminated the possibility of any one individual compromising your system, and that is the whole idea. If a developer can't approve packages, and an approver can't create packages, and an installer can't install non-approved packages, then you have greatly increased the security of the system.
And again, none of this is theoretical stuff that can't work in the real world. It is all in production now.
You completely misunderstand how separation of duties works. And it does work, and has been in use in mainframe environments for decades.
First, software is software. It doesn't matter if it is the OS kernel, the custom applications, or anything in between there.
Now, let's take an example. Let's define three roles: developer, approver, installer.
The developer is a regular user, with no special authorites on the system. He can not modify the production environment in any way. The only unique thing about the developer role is that he can nominate a package he has created for release using the change management system.
The approver is a regular user, with no special authorities on the system. He can not modify the production environment in any way. His job is to ensure that all of the required testing, code reviews, etc have been done on the package the developer nominated. For packages that have been developed externally (like OS components), he insures that there is a proper cryptographic signature. His role-unique thing is that he can mark packages as having been approved using the change management system.
The installer is a regular user, with no special authorities on the system. He can not modify the production environment except by use of the change management system. His role-specific thing is telling the change management system to install package 'x'. The change management system ensures that the package has been approved and the installer has the authority to install that package. If those conditions are met, the package is installed.
Now, under this system, exactly how are you going to replace 'ls' so it makes a copy of everything? As a developer, you could write a malicious ls that does that, but then you would somehow have to get it past the reviews that are required so it gets approved. As an approver, you do not have the authority to nominate a package for release. As an installer, all you can do is tell the change management system to install previously approved packages.
Contrary to your statement that it opens up access, it does exactly the opposite. Nobody has access to do anything on their own.
As for you last paragraph, they are all true. Which is why a business will have more than one accountant (you don't think an accountant could just cut a check for himself without any other approval, do you)? Planes have at least two pilots. People get second opinions about medical advice, etc. It is only IT where (some) people have the bizarre idea it is OK to let a single person have the ability to completely compromise your business.
You seem to have missed the point that no sysadmin can do anything (including access the physical hardware) without another sysadmin being present. That greatly reduces the opportunity for the admin to install malicious software, go snooping, etc. Can it still happen? Of course - they could be in collusion, one could distract the other, etc. But in general the risk is greatly reduced by requiring two people to be present.
Fragile and easily broken? No, quite the opposite. A system that can not be compromised by a single individual is far less fragile or likely to be broken than one that can easily be compromised. That applies to both malicious and accidental compromise. Difficult to fix? Maybe, but then again, it doesn't need fixing all that often. Impractical? No, such systems are in use today in all major financial applications, etc. Expensive? Yes, but cheaper than having a compromised system if your system is dealing with high-value data.
The point of separation of duties is that no individual, acting alone, can compromise the system or it's data. Obviously this extends to physical security and booting. Two (or more) keys are required to access the physical server, and no one person has access to both. Any boot media must be verified, indepdendantly under the eyes of the other, by both persons having physical access to ensure that the hash of the media is on a list of approved media (said list not being modifiable by anyone with physical access).
Admins of course hate systems like this, because it changes them from all-powerful gods with more power than the owner of the server into ordinary employees who don't need to be coddled lest they compromise the systems. Why is it important that that change happens? Snowden and Terry Childs.
No, such separation of access is not fundamentally impossible. Why should the 'admin' have write ability to ANY installed software? He shouldn't. He should only have the authority to run an installation program, and the installation program should have the authority to replace the files. Of course, the installation program should verify that the package he is installing is on a list (which he does not have write access to) and has been properly cryptographically signed (where again, he has access to neither the signing keys nor the trusted keys database).
Such systems exist (and have for decades). Here is one .
You start with an OS that has proper separation of duties so that there is no 'root access'. For instance, the person responsible for maintaining the software on the system should not be able to access any data other than the software he is maintaining. The person 'operating' the system (startup, shutdown, network control, etc) also does not need access to user data. The person doing security admin should not be allowed to alter his own authority, and does not need access to user data. Etc. Relying on 'trustworthy admins' is just stupid.
Slashdot Mirror
Everybody understands your intent. Nobody understands why you think there is anything special about what you did, or why you think it is some sort of vulnerability. It is obvious to EVERYONE that an administrator (which you were as soon as you mounted the disk on your own system) can do ANYTHING, including making the system vulnerable.
Nowhere did I say those were the same things. All you did was take the system down, install a vulnerability, and bring the system back up. No magic. Of course you now have full access to the running system, but the ONLY reason you have that is because FIRST you had full access to the disk, and YOU created a vulnerability.
And again, you can do that on ANY OS. Take down Linux, replace (for example) /etc/init.d/firstboot (or any other automatically started service) with a simple script that starts vncserver, reboot Linux. Now you can magically connect to the system through vnc, and you will be logged in AS ROOT, without a password (or using a vnc password that you set). Don't want to use vncserver? Replace a pam module with one that doesn't actually do anything. Presto magico! You now have full access to the running system. Amazing!
You have not demonstrated any vulnerability, other than the vulnerability of letting an idiot have full access to your drive.
He did not 'miss the point', because you have no point. All you did was show that if you have unrestricted access to a disk you can make a system insecure. Well no shit Sherlock. You can do that on ANY OS. If you want to do it on a Unix system replace getty or xdm with a version that has a backdoor in it.
There is nothing special about what you did, and it is not a vulnerability, and there is nothing to 'get smart' about.
Haha! Good one!
There really hasn't been enough time and study yet to see what the full impacts of GMO on the human system or the environment are yet.
... compared to someone actually manipulating your food you consume into your body system genetically
The long term effects of these food mutations, haven't yet had time to likely manifest themselves. We are currently seeing problems with peoples' health and all sorts of new allergies that haven't really yet been explained, but a lot of the problems do seem to coincide with the influx of changes in our food system in recent decades.
And so far, there isn't a LOT of in-depth scientific (independent of the companies producing the stuff) of GMO foods yet.
...what would you say, if down the road about 20-30 years, they do find that GMO foods had a negative effect on humans?
Every one of those statements is an expression of fear (namely fear of possible hidden problems), and nothing else.
Further, I will go so far as to say it will never be shown that GM poses a health risk to humans. There may be problems with specific GM foods, but it is kind of silly to think that just doing GM is going to cause a problem.
Yes, of course it is possible that in 20 or 30 years someone will find out that a certain GM food causes health problems. Guess what - someone could find out that a certain non-GM food causes health problems too! Should every food out there carry some sort of 'we don't really know the actual long term effects of this specific food' warning?
On the other hand, what if someone in 20 or 30 years finds out that eating a certain GM food actually improves health? Then all the people who were scared off by your 'danger - unknown consequences of GMO' labels will be less healthy than had they not had the labels that scared them off due to no specific danger at all.
You were arguing for MANDATORY labelling of GMO foods. There is absolutely no law that states every food must be labelled with it's kosher/tref or organic/non-organic status. The kosher/organic labels are VOLUNTARILY put on by manufacturers who think that is a selling point for their product. Manufacturers can also indicate that their product is not GMO, if they think that is a selling point (they can not, however, do so in a manner that implies non-GMO is healthier or that there is something wrong with GMO, because there is no basis for either statement).
There are basically two reasons for opposing something in the absence of evidence: belief that it is morally wrong, and fear. None of the labelling laws we have, including ingredient lists, are because of those two reasons. A mandatory GMO label would be exactly because of those reasons. It is not the goverments job to make sure everyone and anyone caters to your fears and beliefs.
You are wrong. Here is monsanto's statement.
No, they aren't. They are claimed to have terminator seeds by fudsters. If they actually are sterile, then explain the lawsuits Monsanto files against farmers who regrow the crop. Monsanto has stated they have never developed or commercialized strerile seeds, and have committed to not do so for food crops.
That's exactly the point. YOU have some fear of GMO foods, and think that justifies mandatory labelling. Well, OTHER people have concerns (kosher, organic, whatever) that, to them, are equally deserving of a label. What makes your fears any more valid than theirs?
So exactly which seeds sold by Monsanto are deliberatly made sterile? Not a damn one. Find some different FUD to spread.
Be sure to leave plenty of space on the label so we can mandate all the other things that every loony with an agenda thinks should be mandated. Warning: Tref! Warning: Non-organic! Warning: Hydroponically grown! Warning: Picked by Mexicans! Warning: Not fair-trade certified!
That is completely and utterly false. It can also ensnare anyone who has problems with the language, doesn't understand the nuances of what he is bing charged with, has mental or emotional problems, is suffering from stress, and any number of things.
There is absolutely no point compelling an answer to your #2 question. None. The only possible reason for compelling an answer is that you hope you will trip the guy up an he will reveal something he did not want to (such as his guilt).
I didn't say 'coerce', I said 'convince'. If I say to Bob 'give me your wallet, and I'll give you $100', and he gives me his wallet and I give him $100, exactly what crime has been committed? That is not a bribe, as a bribe is payment for doing something illegal or wrong. If I have a choice as to whether or not to testify, then you can not possibly bribe me to not testify, as not testifying is neither illegal nor wrong. However, if it is not legal to testify, then indeed you could bribe me to not testify.
It is NOT separate from the principle of innocent until proven guilty. Back when the Constitution was written, pretty much the only chance of getting a conviction for a crime was by the testimony of witnesses. There was no forensics, no DNA analysis, no ballistics, etc. Therefore, the only way for the state to 'prove' guilt was by witness testimony. If witnesses are allowed the option of not testifying, all a criminal needs to do to avoid conviction is convince the witnesses not to testify. I'll leave it up to you to think of ways he could do that (many of which, if not testifying is an option, would be perfectly legal).
Yes, the defendant might be guilty, but then again, he may not. If a defendant can be forced to testify against himself then there is no need for a trial, or really even an investigation. The goverment would have all the power in any criminal case.
On the other hand, allowing a third party to 'opt-out' of testifying also leads to abuses of power, but in the opposite direction. If not testiyfing is legal, than it couldn't be illegal to 'convince' someone to not testify. That convincing could take the form of either positive (ie cash) reinforcement, or negative (intimidation) reinforcement. The criminal would have all the power.
Forcing him to answer does not 'trample his fifth amendment rights' until his words are used against him. And therein is the answer to the 'problem'. If someone is compelled to testify, and winds up saying some that incriminates himself, his words can't be used against him (although they can still be used against the person he is testifying against). It is not really different than if the police coerce a confession - yes, you said the words, but if you can show you were coerced the confession can't be thrown out. And it would be a hell of a lot easier to show you were compelled to testify in court than to show the police coerced you.
Did you even read the link you referenced? The first line shows the problem with your claim of monopsony. 'One buyer faces many sellers.' You can't lump all of the publishers together and call them 'multiple sellers', because they all sell different products.
The second major problem with your claim is that Amazon is not the buyer, consumers are.
Amazon does not have some magical power to force publishers to accept low prices for ebooks. The publisher has a monopoly on his books, and he can set whatever price he wants. If Amazon doesn't get some ridiculously low price for an ebook, what are they going to do, not sell it? As soon as they refuse to sell a book the door is thrown wide open for competitors to sell the book.
Amazon's power comes from their ability to not sell paper books. That puts the publishers in the position of having to choose between low ebook prices or low paper sales. Too bad. Every manufacturer has to make such decisions in their product line.
No, it does not mean Apple gets the same price. It means that nobody could SELL for less than Apple.
Now you're starting to get it. Separation of duties requires roles. For in-house developer there will be developer, approver, installer, and security admin. The security admin sets up the signing and trusted keys. The developer creates a package intended for release. After appropriate testing, code reviews, etc the approver signs the package. After signing, the installer installs it.
This requires a minimum of two people. One person could have both developer and installer roles, and another could have both security admin and approver roles.
As long as those roles remain separate you have eliminated the possibility of any one individual compromising your system, and that is the whole idea. If a developer can't approve packages, and an approver can't create packages, and an installer can't install non-approved packages, then you have greatly increased the security of the system.
And again, none of this is theoretical stuff that can't work in the real world. It is all in production now.
You completely misunderstand how separation of duties works. And it does work, and has been in use in mainframe environments for decades.
First, software is software. It doesn't matter if it is the OS kernel, the custom applications, or anything in between there.
Now, let's take an example. Let's define three roles: developer, approver, installer.
The developer is a regular user, with no special authorites on the system. He can not modify the production environment in any way. The only unique thing about the developer role is that he can nominate a package he has created for release using the change management system.
The approver is a regular user, with no special authorities on the system. He can not modify the production environment in any way. His job is to ensure that all of the required testing, code reviews, etc have been done on the package the developer nominated. For packages that have been developed externally (like OS components), he insures that there is a proper cryptographic signature. His role-unique thing is that he can mark packages as having been approved using the change management system.
The installer is a regular user, with no special authorities on the system. He can not modify the production environment except by use of the change management system. His role-specific thing is telling the change management system to install package 'x'. The change management system ensures that the package has been approved and the installer has the authority to install that package. If those conditions are met, the package is installed.
Now, under this system, exactly how are you going to replace 'ls' so it makes a copy of everything? As a developer, you could write a malicious ls that does that, but then you would somehow have to get it past the reviews that are required so it gets approved. As an approver, you do not have the authority to nominate a package for release. As an installer, all you can do is tell the change management system to install previously approved packages.
Contrary to your statement that it opens up access, it does exactly the opposite. Nobody has access to do anything on their own.
As for you last paragraph, they are all true. Which is why a business will have more than one accountant (you don't think an accountant could just cut a check for himself without any other approval, do you)? Planes have at least two pilots. People get second opinions about medical advice, etc. It is only IT where (some) people have the bizarre idea it is OK to let a single person have the ability to completely compromise your business.
You seem to have missed the point that no sysadmin can do anything (including access the physical hardware) without another sysadmin being present. That greatly reduces the opportunity for the admin to install malicious software, go snooping, etc. Can it still happen? Of course - they could be in collusion, one could distract the other, etc. But in general the risk is greatly reduced by requiring two people to be present.
Fragile and easily broken? No, quite the opposite. A system that can not be compromised by a single individual is far less fragile or likely to be broken than one that can easily be compromised. That applies to both malicious and accidental compromise. Difficult to fix? Maybe, but then again, it doesn't need fixing all that often. Impractical? No, such systems are in use today in all major financial applications, etc. Expensive? Yes, but cheaper than having a compromised system if your system is dealing with high-value data.
The point of separation of duties is that no individual, acting alone, can compromise the system or it's data. Obviously this extends to physical security and booting. Two (or more) keys are required to access the physical server, and no one person has access to both. Any boot media must be verified, indepdendantly under the eyes of the other, by both persons having physical access to ensure that the hash of the media is on a list of approved media (said list not being modifiable by anyone with physical access).
Admins of course hate systems like this, because it changes them from all-powerful gods with more power than the owner of the server into ordinary employees who don't need to be coddled lest they compromise the systems. Why is it important that that change happens? Snowden and Terry Childs.
No, such separation of access is not fundamentally impossible. Why should the 'admin' have write ability to ANY installed software? He shouldn't. He should only have the authority to run an installation program, and the installation program should have the authority to replace the files. Of course, the installation program should verify that the package he is installing is on a list (which he does not have write access to) and has been properly cryptographically signed (where again, he has access to neither the signing keys nor the trusted keys database).
Such systems exist (and have for decades). Here is one .
You start with an OS that has proper separation of duties so that there is no 'root access'. For instance, the person responsible for maintaining the software on the system should not be able to access any data other than the software he is maintaining. The person 'operating' the system (startup, shutdown, network control, etc) also does not need access to user data. The person doing security admin should not be allowed to alter his own authority, and does not need access to user data. Etc. Relying on 'trustworthy admins' is just stupid.
If you're going to play that game, 30 times is 10 times times 3.
Even if 'times' is equivalent to revolutions, there is no way it is equivalent to revolutions per minute. Unless you really suck at math.