Big pharma is behind get flu shot PSAs Big Dairy is behind the Got Milk PSAs The government is an arm of the corporations... oblig. news at 11 or whatever I don't even care anymore.
So the cynical teens will look at the anti-piracy PSA's created and understand that they're just a corporation trying to manipulate them via other teens.
I don't think this will be as successful as they want.
If anything, it will "justify" the cynical teens "pirating" content as "ironic" or "sarcastic". Instead of just for selfish reasons (which they may have done already).
I envy the Mormon church, not for their horrible history or laughable theology, but for the community and real ethical teachings.
Didn't they dump a bunch of money into California in an attempt to stop "gay marriage" from becoming legal there?
I guess it depends upon whether you agree with their "ethical teaching" or not.
No atheist is part of a community so focused on being a good person and striving for the good life.
Again, it depends upon what you believe.
The exact same thing can be said about Scientologists. Unless you don't agree with them in which case they're a "cult".
The problem with finding an atheist organization like that is that atheists don't normally go door-to-door telling you how much they'd like to help you "save" yourself.
Any non-religious organization will, usually, have religious members. So they cannot be labeled "atheist". Such as the library.
The closest you could probably get would be non-theistic models such as Taoism or Buddhism or such. But again, they don't tend to go door-to-door so you probably haven't had much experience with them.
I really don't care why someone thinks something I say in "interesting".
But I think that someone mod'ing "overrated" should be REQUIRED to explain why. And if their explanations are too similar for each of their mods (copy paste) or seem to have no bearing on the comment, then adjust their likelihood of receiving mod points in the future (or revoke their current moderation).
Evaluate this with the existing meta-moderation system.
No, because we can only evaluate something as "good" or "evil" within the context of all of its dependencies--of which the implications of eliminating free will in this case would have to be included when stipulating God can and should do something about it.
So it is questionable whether raping a child is a "good" act or an "evil" act?
And what does that have to do with free will? There are LOTS of acts that will result in pain/death in the world right now. Adding "raping a child" to the list would certainly seem to be within the ability of an omnipotent/omniscient God.
One of which being, for a consequence you might find personally more relevant, to eliminate evolution.
Again, there are LOTS of acts that will result in pain/death in the world right now. If we evolved (which I believe we did) then evolution has nothing to do with this discussion.
There are whole species which I do not believe would ever be able to form the CONCEPT of raping a child (should they evolve intelligence). Fish for example. Kind of hard to rape a child when the "sex" process takes place external to the female and male.
After several years they had hundreds of alerts a day... way too many to even think of turning on paging... and it was another 4 years before they got to the point that they had management buy in to take it seriously, turn on paging, and make people work with the monitoring group to tune down the alerts.
One place I worked had a problem with an average of 1 alert A WEEK. Because it almost always turned out to be some stupid non-issue... eventually everyone started ignoring it. Even to the point of ignoring the follow-up emails about WHY the alert was happening.
This supports my belief that security is easy. But no matter how easy it is, NOT doing it will always be easier. And somewhere in the chain will be an individual who is lazy enough to break the security.
Sorry for repeating a meme, but in this case it is extremely valid.
First level contact was to ask the trader to recheck their transactions, then escalate to supervisors.
IT should NEVER be involved at that level. The alerts should go to the manager (or the manager of managers) who SHOULD have more insight into the situation than IT.
Having IT in the loop means one more failure point (and an additional delay).
You set up the monitoring system... and you investigate the events it is reporting.
Then you tune it to get rid of the junk... and you monitor it again... and you investigate the events it is reporting.
Then you tune it blah blah blah blah blah.
Once you have it to the point where it isn't reporting junk you start testing it by setting up fake scenarios you want to catch. And investigate the events it is reporting (and the cycle continues).
Not to mention just going through ALL the events on a regular schedule to see if there are circumstances / situations / edge-cases that you did not anticipate.
Then when he became a trader, he knew about the test accounts to store his losses, as well as how to smooth over the tripwire alarm system whenever IT called him up.
Well there's your problem.
Why would IT call him? Wouldn't the alarm go to someone managing the people who manage the trades?
I'll disagree with that portion. But for right now...
Grecian pagan fundamentalists probably still believe Zeus manifests himself on Earth to rape people, though, He seems to prefer taking forms like rams and rain clouds rather than men. Ah well, if you're going for God-rape, why not throw in some beastiality with it as well, eh?
That's because the Greek / Roman / Norse / etc Gods never claimed to be the Ultimate Good (nor did their followers claim that).
The Gods did whatever the Gods wanted to because they had the power to do it and they got bored / horny / pissed / whatever. That was easy to understand.
Which is the major problem between certain monotheistic religions and religions based around a pantheon. If you have ONE God, that God has to be responsible for everything that happens. Even if it seems cruel or meaningless.
With a pantheon, it's easy to blame a different God for whatever happened. Maybe it was a Godly turf war. Maybe God A pissed off God B so God B decided to take it out on God A's worshipers. Maybe God A needed some help with celestial paperwork so God A collected some worshipers early. Maybe God A lost a bet with God B. So many options.
And none of those make sense when you have a single God who is eternal, omnipotent and omniscient.
This sounds clever, but all the argument really says is "I don't like the way God does things."
To me it is more evidence for the non-divine origin of that PARTICULAR religion.
It makes sense if you think back 3,000+ years when the world was divided into "them" and "us" and it was easy to tell the beliefs of "them" from the beliefs of "us".
And "them" had always been "them" from the time of your father and his father and his father's father.
When your view of the world was limited by what you could see from the highest hill in the area.
Where one bad year could mean death for all of "us" and triumph for "them".
So, in your mind, God manifests in the current world and rapes children? Seriously?
And you're okay with that?
Last I recall, ALL religion can be summarized:
And yet, strangely enough, WBC does not appear to share that view. Hence the picketing of Jobs' funeral.
The point of the post SEEMS to be that if God is capable of preventing a child from being raped (an act which we can all agree qualifies as "evil") but does NOT prevent that, then God is also "evil".
The key here is communication, I find the more of my day I devot to communication at the cost of getting less stuff done, the better my position becomes.
The problem with that is that all it takes to ruin it is someone claiming to be able to do more, better, flashier, etc.
Particularly if they have access to a nice golf course.
There will always be someone who devote even less time than you to getting something accomplished... so that they can spend that additional time selling management on the latest fad.
And blaming you for any problems.
The only way around this is for management to have SOME understanding of the levels below them. Isn't that why they're paid the management salaries and bonuses in the first place?
Other people understand "magic". You say the right mystic words and make the right arcane gestures and the things that tech said could not be done get done.
"Just stand it up now", they say. "We'll put the security money in next year's budget."
That's powerful magic. It gets things done NOW.
Other spells are: "I think you're over-analyzing this." "There won't be any problems." and "My nephew says he can do it this weekend." This is a particularly dangerous spell because it releases destructive imps into the systems.
That's a per user problem. There's an "Oh! Yeah!" moment at the end of it.
For REAL Hell, from TFA:
How many of us have been abandoned by our vendors to IT limbo, only to find ourselves falling victim to app dev anger when in-house developers are asked to pick up the slack?
Here, spend YEARS supporting something you didn't write.
I wish IT management would understand that part of their job is PRUNING systems. If it is unsupported / undocumented, then put together a plan to either remove it or further isolate it so it can be removed in the future.
What if you put the lock for the door underneath one of the many flower pots, and perhaps even have a completely non-functional keyhole on the door itself.
That isn't "obscurity" in the context of "security THROUGH obscurity". The word "through" is important there.
You can have a functional security system and add misdirection to that without reducing the overall security of the system. But the system, in the end, still depends upon the original security model. Once the correct key hole is known, the lock still must be cracked.
You can add obscurity without making the security dependent upon the obscurity.
You're shamelessly playing with word semantics here.
No. It's the usage of the terms in the context.
The same as people complain about evolution being "just a theory". The words have multiple definitions and using the incorrect one in this context is incorrect.
One could trivially create a set of systems which can have an exponential number of variations on the underlying algorithm,with automatic generation of these variations. Then the specific set member is your secret. There is no distinction between secret and obscure other than one of degree (at best).
That's an awful lot of effort to go through (and easily confused) just to use "obscure" in both instances.
I'll stick to "secret" to identify the password. It's in common usage in this discussion.
It seems that you're arguing over whether the word "secret" or "obscure" can be applied to a password. Which then confused the concept of "security through obscurity".
That's why I originally used the example of a house key hidden under a flower pot.
Well, if you define "security through obscurity" to such an absurd point, then of course there's no value to obscurity.
You may view it as "absurd" but it having no value is the whole point.
In these SPECIFIC instances, obscurity only REDUCES the security of a system.
Soldiers use "security through obscurity" by wearing camouflage.
The problem is that we're discussing computer security. Physical security is a different matter and has very limited usefulness as an analogy.
Of course if you want to narrowly define it into absurdity by a scheme where you put a key to your door under a flower pot, tell everyone you have gold in your house and then say you put a key under your flower pot, then of course, that's stupid.
No. You misunderstood that. The "obscure" part is where you do NOT tell everyone that the key is under the flower pot.
The key is the "secret". Just like a password is a "secret".
No matter how good the lock is, once the "obscure" part is found, the security is cracked.
It may SOUND "absurd" but there are a LOT of people arguing for exactly that in this thread.
If it takes you 20,000 years to crack my password with a password cracker, then the system is secure for 20,000 years. After which it is cracked (until I change my password again).
If the password is hidden on a post-it under my keyboard, then there is an easier, alternative avenue of attack. And the system is cracked in a minute.
So, having the "security through obscurity" resulted in a less secure system that was cracked a lot quicker than the original system.
That is why you do not use "security through obscurity".
I am not suggesting leaving it open and just not telling anyone. That would be crazy.
No, that would be "security through obscurity".
What you want to do is keep it secure as possible, but give the potential intruder something else to work on that yields no results, but increases their risk of exposure.
But that does nothing to improve the security of the system. If the attacker choose the correct door (or whatever) then you're left with only the defenses of that door.
Security through obscurity does not automatically assume that it is a door left wide open, just no one knows about it.
No. The "security THROUGH obscurity" means that the door IS unlocked (or unlockable with the hidden key) and that the "security" comes from no one KNOWING that it is a way in. That's what the "through" part of that statement means.
Do you understand the thinking now?
I've always understood it. And you're making a very common mistake. Obscurity != Secret in "security through obscurity".
Nope. Similar to the use of "theory" in science. The common usage of the word is not the exact same as the usage in this context.
The system is designed so that it can only be opened by the correct secret (the key in this case). That does not mean that the key is "obscure" even though it is the "secret".
Obscurity refers to the system. The key is still the secret. What the obscurity is is the fact that you're hiding (obscuring) the secret under a flower pot.
To put it another way, using a password cracker to "find" a password and spending 2^128 years doing so is very different from "finding" a password hidden under a keyboard.
And once you guess their encryption password, their encryption isn't completely broken?
You're confusing the "obscurity" portion of that statement.
Passwords should rely upon the difficulty in cracking them due to their complexity. The system is known. The password is not known.
Security through obscurity refers to the workings of the system being hidden. Such as the key under the flower pot opening the door. Once that information is discovered, the system is cracked.
One would be honeypotting, another would be and in line with the "Security through Obscurity" thinking, you have to choose which door to attack.
Just as in my house key example. The attacker has to know WHICH flower pot has the house key.
The problem is that once that piece of information is uncovered, the entire security implementation is broken.
The point being, the hacker doesnt know because of security through obscurity.
Yes, I understand the concept. I just don't agree with it. Again with the house key example: the work of putting a decent lock on the door is negated by having an easier, alternative avenue of attacking the door.
My point is Security through obscurity is a valid point to be made, but under the right direction and/or policies.
My point is that it is not because all it does is allow another, easier, avenue of attack.
If it does not, then it is not "security through obscurity".
Does the attacker have to get through 50 doors to get the gold? Not all locked with the same key? (etc) This is good security (unless locked with the same key and so forth)...or.. Does the attacker have to get through ONE door that is NOT locked (the security depends upon the attacker not getting the right door) ?..or.. Does the attacker just have to check the doors for recent fingerprints to guess which door to attack?
Slashdot Mirror
So the cynical teens will look at the anti-piracy PSA's created and understand that they're just a corporation trying to manipulate them via other teens.
I don't think this will be as successful as they want.
If anything, it will "justify" the cynical teens "pirating" content as "ironic" or "sarcastic". Instead of just for selfish reasons (which they may have done already).
Didn't they dump a bunch of money into California in an attempt to stop "gay marriage" from becoming legal there?
I guess it depends upon whether you agree with their "ethical teaching" or not.
Again, it depends upon what you believe.
The exact same thing can be said about Scientologists. Unless you don't agree with them in which case they're a "cult".
The problem with finding an atheist organization like that is that atheists don't normally go door-to-door telling you how much they'd like to help you "save" yourself.
Any non-religious organization will, usually, have religious members. So they cannot be labeled "atheist". Such as the library.
The closest you could probably get would be non-theistic models such as Taoism or Buddhism or such. But again, they don't tend to go door-to-door so you probably haven't had much experience with them.
I really don't care why someone thinks something I say in "interesting".
But I think that someone mod'ing "overrated" should be REQUIRED to explain why. And if their explanations are too similar for each of their mods (copy paste) or seem to have no bearing on the comment, then adjust their likelihood of receiving mod points in the future (or revoke their current moderation).
Evaluate this with the existing meta-moderation system.
So it is questionable whether raping a child is a "good" act or an "evil" act?
And what does that have to do with free will? There are LOTS of acts that will result in pain/death in the world right now. Adding "raping a child" to the list would certainly seem to be within the ability of an omnipotent/omniscient God.
Again, there are LOTS of acts that will result in pain/death in the world right now. If we evolved (which I believe we did) then evolution has nothing to do with this discussion.
There are whole species which I do not believe would ever be able to form the CONCEPT of raping a child (should they evolve intelligence). Fish for example. Kind of hard to rape a child when the "sex" process takes place external to the female and male.
One place I worked had a problem with an average of 1 alert A WEEK. Because it almost always turned out to be some stupid non-issue ... eventually everyone started ignoring it. Even to the point of ignoring the follow-up emails about WHY the alert was happening.
This supports my belief that security is easy.
But no matter how easy it is, NOT doing it will always be easier.
And somewhere in the chain will be an individual who is lazy enough to break the security.
Sorry for repeating a meme, but in this case it is extremely valid.
IT should NEVER be involved at that level. The alerts should go to the manager (or the manager of managers) who SHOULD have more insight into the situation than IT.
Having IT in the loop means one more failure point (and an additional delay).
You set up the monitoring system ... and you investigate the events it is reporting.
Then you tune it to get rid of the junk ... and you monitor it again ... and you investigate the events it is reporting.
Then you tune it blah blah blah blah blah.
Once you have it to the point where it isn't reporting junk you start testing it by setting up fake scenarios you want to catch. And investigate the events it is reporting (and the cycle continues).
Not to mention just going through ALL the events on a regular schedule to see if there are circumstances / situations / edge-cases that you did not anticipate.
Well there's your problem.
Why would IT call him? Wouldn't the alarm go to someone managing the people who manage the trades?
I'll disagree with that portion. But for right now ...
That's because the Greek / Roman / Norse / etc Gods never claimed to be the Ultimate Good (nor did their followers claim that).
The Gods did whatever the Gods wanted to because they had the power to do it and they got bored / horny / pissed / whatever. That was easy to understand.
Which is the major problem between certain monotheistic religions and religions based around a pantheon. If you have ONE God, that God has to be responsible for everything that happens. Even if it seems cruel or meaningless.
With a pantheon, it's easy to blame a different God for whatever happened. Maybe it was a Godly turf war. Maybe God A pissed off God B so God B decided to take it out on God A's worshipers. Maybe God A needed some help with celestial paperwork so God A collected some worshipers early. Maybe God A lost a bet with God B. So many options.
And none of those make sense when you have a single God who is eternal, omnipotent and omniscient.
To me it is more evidence for the non-divine origin of that PARTICULAR religion.
It makes sense if you think back 3,000+ years when the world was divided into "them" and "us" and it was easy to tell the beliefs of "them" from the beliefs of "us".
And "them" had always been "them" from the time of your father and his father and his father's father.
When your view of the world was limited by what you could see from the highest hill in the area.
Where one bad year could mean death for all of "us" and triumph for "them".
So, in your mind, God manifests in the current world and rapes children? Seriously?
And you're okay with that?
And yet, strangely enough, WBC does not appear to share that view. Hence the picketing of Jobs' funeral.
The point of the post SEEMS to be that if God is capable of preventing a child from being raped (an act which we can all agree qualifies as "evil") but does NOT prevent that, then God is also "evil".
The problem with that is that all it takes to ruin it is someone claiming to be able to do more, better, flashier, etc.
Particularly if they have access to a nice golf course.
There will always be someone who devote even less time than you to getting something accomplished ... so that they can spend that additional time selling management on the latest fad.
And blaming you for any problems.
The only way around this is for management to have SOME understanding of the levels below them. Isn't that why they're paid the management salaries and bonuses in the first place?
Tech's understand technology.
Other people understand "magic".
You say the right mystic words and make the right arcane gestures and the things that tech said could not be done get done.
That's powerful magic. It gets things done NOW.
Other spells are:
"I think you're over-analyzing this."
"There won't be any problems."
and
"My nephew says he can do it this weekend." This is a particularly dangerous spell because it releases destructive imps into the systems.
That's a per user problem. There's an "Oh! Yeah!" moment at the end of it.
For REAL Hell, from TFA:
Here, spend YEARS supporting something you didn't write.
I wish IT management would understand that part of their job is PRUNING systems. If it is unsupported / undocumented, then put together a plan to either remove it or further isolate it so it can be removed in the future.
The difference is that the people RESPONSIBLE for those turf wars are now being IDENTIFIED by NAME.
Look at how many "mistakes" were made on critical issues ... without anyone being identified or fired.
That isn't "obscurity" in the context of "security THROUGH obscurity". The word "through" is important there.
You can have a functional security system and add misdirection to that without reducing the overall security of the system. But the system, in the end, still depends upon the original security model. Once the correct key hole is known, the lock still must be cracked.
You can add obscurity without making the security dependent upon the obscurity.
No. It's the usage of the terms in the context.
The same as people complain about evolution being "just a theory". The words have multiple definitions and using the incorrect one in this context is incorrect.
That's an awful lot of effort to go through (and easily confused) just to use "obscure" in both instances.
I'll stick to "secret" to identify the password. It's in common usage in this discussion.
It seems that you're arguing over whether the word "secret" or "obscure" can be applied to a password.
Which then confused the concept of "security through obscurity".
That's why I originally used the example of a house key hidden under a flower pot.
You may view it as "absurd" but it having no value is the whole point.
In these SPECIFIC instances, obscurity only REDUCES the security of a system.
The problem is that we're discussing computer security. Physical security is a different matter and has very limited usefulness as an analogy.
No. You misunderstood that. The "obscure" part is where you do NOT tell everyone that the key is under the flower pot.
The key is the "secret". Just like a password is a "secret".
No matter how good the lock is, once the "obscure" part is found, the security is cracked.
It may SOUND "absurd" but there are a LOT of people arguing for exactly that in this thread.
In the end, it all comes down to time.
If it takes you 20,000 years to crack my password with a password cracker, then the system is secure for 20,000 years. After which it is cracked (until I change my password again).
If the password is hidden on a post-it under my keyboard, then there is an easier, alternative avenue of attack. And the system is cracked in a minute.
So, having the "security through obscurity" resulted in a less secure system that was cracked a lot quicker than the original system.
That is why you do not use "security through obscurity".
No, that would be "security through obscurity".
But that does nothing to improve the security of the system. If the attacker choose the correct door (or whatever) then you're left with only the defenses of that door.
No. The "security THROUGH obscurity" means that the door IS unlocked (or unlockable with the hidden key) and that the "security" comes from no one KNOWING that it is a way in. That's what the "through" part of that statement means.
I've always understood it. And you're making a very common mistake. Obscurity != Secret in "security through obscurity".
Nope. Similar to the use of "theory" in science. The common usage of the word is not the exact same as the usage in this context.
The system is designed so that it can only be opened by the correct secret (the key in this case). That does not mean that the key is "obscure" even though it is the "secret".
Obscurity refers to the system. The key is still the secret. What the obscurity is is the fact that you're hiding (obscuring) the secret under a flower pot.
To put it another way, using a password cracker to "find" a password and spending 2^128 years doing so is very different from "finding" a password hidden under a keyboard.
You're confusing the "obscurity" portion of that statement.
Passwords should rely upon the difficulty in cracking them due to their complexity. The system is known. The password is not known.
Security through obscurity refers to the workings of the system being hidden. Such as the key under the flower pot opening the door. Once that information is discovered, the system is cracked.
Just as in my house key example. The attacker has to know WHICH flower pot has the house key.
The problem is that once that piece of information is uncovered, the entire security implementation is broken.
Yes, I understand the concept. I just don't agree with it. Again with the house key example: the work of putting a decent lock on the door is negated by having an easier, alternative avenue of attacking the door.
My point is that it is not because all it does is allow another, easier, avenue of attack.
If it does not, then it is not "security through obscurity".
Does the attacker have to get through 50 doors to get the gold? Not all locked with the same key? (etc) This is good security (unless locked with the same key and so forth). ..or.. ..or..
Does the attacker have to get through ONE door that is NOT locked (the security depends upon the attacker not getting the right door) ?
Does the attacker just have to check the doors for recent fingerprints to guess which door to attack?
Obscurity only makes your security "brittle". Once broken, it is completely broken. Like hiding your house key under a flower pot.
Which means that the real security is the lock on the door. All you've done is allow another avenue of attacking it.