Let's welcome them home from this situation properly -- with pomp and circumstance. To say they deserve at least that much is an understatement. If we can manage to make this happen for the Yankees, then we need to make sure it happens for the troops.
Like gp, I was also "almost" diagnosed ADHD as a kid, but my physician decided against it on the grounds that I was "too smart"; ADHD symptoms make kids do badly in school. But as school got harder, my performance did eventually slip terribly. I didn't need a diagnosis to "stick to me" -- the symptoms did that all by themselves. Depression set in, because there was no explanation for my behavior other than me being a shitty, lazy person with no "common sense" who was often admonished to just "stop being an idiot." But that's the dividing line between an illness and a mere maturity issue -- I *wanted* to do well. I was not consistently able to, in spite of an unwavering, categorically declared willingness to do so.
The real idiots are those who see only see one side of the "overdiagnosis problem" -- really, it's just a "diagnosis problem." Other than denialism, do these people have a solution to the difficulty in making the right call? Which side of caution do we want to err on?
Yeah, SSRI effects can be nasty. In my particular case, they have never approached anything resembling the nastiness of depression. Another anecdote - I don't personally know anyone whose life has been ruined by an unneeded Ritalin or SSRI prescription, but I have known many people whose lives have been turned upside down (in some cases, completely ruined) by an acute outburst of a previously undiagnosed mental illness.
He didn't need any skills - everyone knows that French network stacks immediately surrender when a hacker comes knocking. Don't believe me? Switch your locale to fr_FR and reboot... your box will be p0wn3d in minutes and/etc/sysconfig/iptables will be renamed to/tmp/vichy.
The handle bend isn't really a star as much as it's an asterism, of which Mizar is the prominent member... Alcor is the much dimmer (still visible) partner. Contrary to the article, it's not merely a minority opinion that Mizar and Alcor comprise a false binary... calling the whole thing a sextuple system might be a bit of an exaggeration.
I'm waiting for the cure to hibernation sickness. I froze my little brother in a trash can back in 1983. Before I let him out, I want to make sure he's not blind for two days just in case my mom decides to cast us into the Pit of Carkoon.
> Upshot of it is, that Y chormosome takes more risk, it produces more variation.
Read your post again and ask yoursef: might I have an extra chormosome?
Or maybe I'm just not getting what expeditions, ships and armies have to do with pasty nerds in lab coats doing calculus, watching Star Trek and eating Doritos. How are hard scientific or technical disciplines "risky" from an evolutionary perspective? You kind of gloss over that part in your post.
So there's no patch, there's no practical workaround, there are no av signatures, and there is no official explanation of the exploit mechanism. Hmm. What's a guy to do?
Yes, you'd need fewer, but the scale they are talking about is still way too cost prohibitive for batteries... it sounds like in this case, there are no mains... just generated power. Even so, you couldn't just use a battery to cover anything but super-brief mains outages, because the extended runtimes would probably require way too much in the way of battery cost, weight, floor space, etc.
How is it FUD? By making it seem like computer access is "ultimate power." It's not.
> write a script to randomly change numbers inthe accounting database Toss the controller's computer out the window, mix-and-match the labels on the backup tapes, swap technical/financial CDs on an unsuspecting sod, take advantage of poor permissions on the file server, leave fraudulent voicemails with bad financial data, fake a fax, elevate privileges and wreak similar havoc...
> Sending incriminating emails from the CEO's account to have reporters watched. This requires no admin access of any kind; the janitor could do it if a window was unlocked, an ordinary user could do it with a telnet client. Same with the follow-up bogus example.
Here's a little industry non-secret: physical access == root, in nearly all cases. Sad, but true.
The FUD comes from attempting to instill people with the patently false notion that an admin can damage a company with impunity by virtue of his privileged access, while ordinary employee could not. Sadly, it's simply an exaggeration proffered by admins who have read too much BOFH and get off on the fantasy that somehow a root password is equivalent to some kind of power above and beyond mortal people. I understand that being beat up by jocks your whole life can foster secret delusions of grandeur, and I really hate to burst bubbles... but the practical truth is that any sociopath could damage a company without getting caught, either by using computers or something else entirely. Admins just have different tools at their disposal and a trivial step (privilege elevation) skipped for them. Actually, their access is offset by their specialization... intimate understanding the core business will probably make you a more effective and efficient saboteur in most cases.
That's exactly what I was getting at (the FUD aspect). So I'm unsure as to why you're spreading more. Admin "power" is overrated. Anyone with physical access to a facility and a modicum of destructive creativity can cause major trouble for a company without an administrator password or even a computer.
The problem is: how will PGP stop an admin? Clickity-click, I just logged keystrokes and got Mr. Fancy Pants' private key password. You have to trust your admins to some degree.
If you don't have a chain of trust in your IT department you're fucked... even if you do spend bank on "secure internal IT infrastructure."
The rest of the article is all over the place. There's some mention of rogue admins reading executive e-mail rolled into boilerplate security talk about how X% of security risks are insider threats, and then it finishes up with a vaguely related sales pitch for RSA products, owned by... yep, EMC. The guys providing ComputerWorld with ad revenue on that sidebar.
Hopefully those scared VPs will hire consultants and purchase EMC products to "secure" their infrastructure from "rogue admins" who are probably reading their e-mail RIGHT NOW.
I agree... but my first point was more aimed at the summary's notion that the benefits will trickle down to ordinary users, who don't have fuel cells and the Wild Weasels on call, and have to deal with an open and heterogeneous network... although of course I do hope something (better energy density, improvements on protocols, better ideas for MACs) comes out of this project.
... I forgot to concede that, of course, you may be right and the solution will be to simply incorporate PKE into the protocol. It's just my opinion that it won't go down that way... at least, not solely, because the problems run deeper than MitM attacks.
Well, I don't know what to tell you except that it's time to get a new joke writer... and some manners, if you can manage it.
I'm arguing in view of the fact that key exchange and the higher probability for node (and key) compromise (due to both increased number and exposure of nodes) makes the ad-hoc routing problem a bit different that the problems alleviated by DNSSEC et al. The problem lies, practically, in the lower layer protocols. Fix those (as they should be fixed anyway) and the upper layer problems become less severe. Practically, this is how things tend to unfold... e.g. the idea of using signatures to secure traditional routing protocols was of theoretical interest but never widely took hold because implementors preferred to take steps to trust their links (physical security, tunneling, etc). That goes out the window with most wireless MACs, but it will relax again as good link protection becomes more commonplace.
I agree, but IMHO they're going at it from the wrong end. Making a highly dynamic MANET route reliably is a problem which has been more or less solved. Preventing DoS, spoofing and energy attacks... not so much. That's (partly) why there are no MANETs. You can't trust the existing MACs to be safe against attacks (authentication, association, eavesdropping, jamming, etc) for which they should have some built-in resiliency (things that are, by the way, being built into the newer standards). The other reason is that available commodity wireless has proven too clunky and limited to practically implement networks with a hop depth much greater than 5 or so nodes. The problem is with the MAC, not the routing protocols.
"Ass-u-ming"... how hilarious. Do you use that one a lot? You must be the funniest guy in your basement.
> I can easily envisision a routing technology that uses public-key encryption for the hand-shaking which would be > unspoofable in this context.
If it's so easy to "envisision", I'm anxious to see your paper/RFC/code etc. Truly.
You're confusing "existing" with "traditional." Ad hoc routing protocol which work fine in practice have been existing for years. It's layer 2 and below that need to catch up, because that's where the security problems will and should be tackled.
Excepting vehicle-only networks, battery-powered nodes will be abundant for the forseeable future because they just work better in a lot of applications. Fuel cells are rare, solar cells suck and denser energy platforms are heavy (i.e. not very mobile).
Wireless ad hoc nets have two major points of vulnerability: they are vulnerable to routing protocol attacks, and they consist of nodes with finite energy reserves.
I would disagree with the assertion in the article that current routing protocols are insufficient to handle MANETs. MANET routing protocols are slightly different (most are adaptations of traditional protocols), but if implemented correctly, they can support networks with very high rates of topology change... this has been supported by the literature for years now.
What the protocols are lacking is resistance from spoofing attacks that confound or exploit the "intelligence" of the adaptive routing protocols, and attacks on battery energy that coax nodes to use more energy or target and overwhelm key nodes. This has to be addresses in the lower layers as suggested by the article. So it's no surprise that the trend has been to develop "underlay" meshing protocols instead of traditional layer 3 routing schemes, because all of the security has to be built into layers 1 and 2 anyway on account of the fact that traffic can be easily sniffer or injected by passers by.
Just don't what... misconfigure or misapply the technology? If "Citrix" is anything, it's too expensive in some situations and inappropriate for others. Maybe you were just using some Citrix software to do something it's not ideal at doing, or otherwise using it incorrectly... in any case, it's kinda silly to malign an entire software suite with a vague anecdote.
If the explosion happened "before civilization" then it might be hard for there to be any memory of the "apocalyptic event" that created the glass. We're talking 800,000 years here... even before the advent of oral legend (Mmmmmmm.... oral legend).
Liquid != water there, Einstein, but thanks for watching the Abyss one too many times. I think it suffices to say that the severity of a condition has no connection whatsoever to causation and moral responsibility (ya know, those things which we were originally discussing).
No one is arguing that anything hard to do is not worth doing... only that it's rational to seek to understand the causes for prophylactic and/or corrective reasons.
There's absolutism in your final statement. Understanding if/when you are a victim is a good thing. Assuming that everything rests on you alone is crazy; taking responsibility for things that are out of your control is truly counterproductive. Recognizing those things that hurt you but which you cannot change prevents you from wasting your time on lost causes, and leaves you to work on the things that are actually within your means. It's not defeatist... it's as close as you can get to sanity defined.
Maybe there's a name to describe predictable knee-jerk reactions.
Tell me, does your concept of free will allow for constraints? If not, I challenge you to breathe water. And I don't want to hear any crap about how your genetics predispose you to breathing air.
Slashdot Mirror
Let's welcome them home from this situation properly -- with pomp and circumstance. To say they deserve at least that much is an understatement. If we can manage to make this happen for the Yankees, then we need to make sure it happens for the troops.
http://www.change.org/petitions/nyc-mayors-office-welcome-home-parade-in-canyon-of-heroes-for-iraq-vets
+1.
Like gp, I was also "almost" diagnosed ADHD as a kid, but my physician decided against it on the grounds that I was "too smart"; ADHD symptoms make kids do badly in school. But as school got harder, my performance did eventually slip terribly. I didn't need a diagnosis to "stick to me" -- the symptoms did that all by themselves. Depression set in, because there was no explanation for my behavior other than me being a shitty, lazy person with no "common sense" who was often admonished to just "stop being an idiot." But that's the dividing line between an illness and a mere maturity issue -- I *wanted* to do well. I was not consistently able to, in spite of an unwavering, categorically declared willingness to do so.
The real idiots are those who see only see one side of the "overdiagnosis problem" -- really, it's just a "diagnosis problem." Other than denialism, do these people have a solution to the difficulty in making the right call? Which side of caution do we want to err on?
Yeah, SSRI effects can be nasty. In my particular case, they have never approached anything resembling the nastiness of depression. Another anecdote - I don't personally know anyone whose life has been ruined by an unneeded Ritalin or SSRI prescription, but I have known many people whose lives have been turned upside down (in some cases, completely ruined) by an acute outburst of a previously undiagnosed mental illness.
He didn't need any skills - everyone knows that French network stacks immediately surrender when a hacker comes knocking. Don't believe me? Switch your locale to fr_FR and reboot... your box will be p0wn3d in minutes and /etc/sysconfig/iptables will be renamed to /tmp/vichy.
The handle bend isn't really a star as much as it's an asterism, of which Mizar is the prominent member... Alcor is the much dimmer (still visible) partner. Contrary to the article, it's not merely a minority opinion that Mizar and Alcor comprise a false binary... calling the whole thing a sextuple system might be a bit of an exaggeration.
I'm waiting for the cure to hibernation sickness. I froze my little brother in a trash can back in 1983. Before I let him out, I want to make sure he's not blind for two days just in case my mom decides to cast us into the Pit of Carkoon.
> Upshot of it is, that Y chormosome takes more risk, it produces more variation.
Read your post again and ask yoursef: might I have an extra chormosome?
Or maybe I'm just not getting what expeditions, ships and armies have to do with pasty nerds in lab coats doing calculus, watching Star Trek and eating Doritos. How are hard scientific or technical disciplines "risky" from an evolutionary perspective? You kind of gloss over that part in your post.
So there's no patch, there's no practical workaround, there are no av signatures, and there is no official explanation of the exploit mechanism. Hmm. What's a guy to do?
Yes, you'd need fewer, but the scale they are talking about is still way too cost prohibitive for batteries... it sounds like in this case, there are no mains... just generated power. Even so, you couldn't just use a battery to cover anything but super-brief mains outages, because the extended runtimes would probably require way too much in the way of battery cost, weight, floor space, etc.
How is it FUD? By making it seem like computer access is "ultimate power." It's not.
> write a script to randomly change numbers inthe accounting database
Toss the controller's computer out the window, mix-and-match the labels on the backup tapes, swap technical/financial CDs on an unsuspecting sod, take advantage of poor permissions on the file server, leave fraudulent voicemails with bad financial data, fake a fax, elevate privileges and wreak similar havoc...
> Sending incriminating emails from the CEO's account to have reporters watched.
This requires no admin access of any kind; the janitor could do it if a window was unlocked, an ordinary user could do it with a telnet client. Same with the follow-up bogus example.
Here's a little industry non-secret: physical access == root, in nearly all cases. Sad, but true.
The FUD comes from attempting to instill people with the patently false notion that an admin can damage a company with impunity by virtue of his privileged access, while ordinary employee could not. Sadly, it's simply an exaggeration proffered by admins who have read too much BOFH and get off on the fantasy that somehow a root password is equivalent to some kind of power above and beyond mortal people. I understand that being beat up by jocks your whole life can foster secret delusions of grandeur, and I really hate to burst bubbles... but the practical truth is that any sociopath could damage a company without getting caught, either by using computers or something else entirely. Admins just have different tools at their disposal and a trivial step (privilege elevation) skipped for them. Actually, their access is offset by their specialization... intimate understanding the core business will probably make you a more effective and efficient saboteur in most cases.
That's exactly what I was getting at (the FUD aspect). So I'm unsure as to why you're spreading more. Admin "power" is overrated. Anyone with physical access to a facility and a modicum of destructive creativity can cause major trouble for a company without an administrator password or even a computer.
The problem is: how will PGP stop an admin? Clickity-click, I just logged keystrokes and got Mr. Fancy Pants' private key password. You have to trust your admins to some degree.
If you don't have a chain of trust in your IT department you're fucked... even if you do spend bank on "secure internal IT infrastructure."
The rest of the article is all over the place. There's some mention of rogue admins reading executive e-mail rolled into boilerplate security talk about how X% of security risks are insider threats, and then it finishes up with a vaguely related sales pitch for RSA products, owned by... yep, EMC. The guys providing ComputerWorld with ad revenue on that sidebar.
Hopefully those scared VPs will hire consultants and purchase EMC products to "secure" their infrastructure from "rogue admins" who are probably reading their e-mail RIGHT NOW.
Shortly after the hijacking commenced, flight 93 dropped close to the deck (under 1000 ft). Not exactly cruising altitude.
I agree... but my first point was more aimed at the summary's notion that the benefits will trickle down to ordinary users, who don't have fuel cells and the Wild Weasels on call, and have to deal with an open and heterogeneous network... although of course I do hope something (better energy density, improvements on protocols, better ideas for MACs) comes out of this project.
... I forgot to concede that, of course, you may be right and the solution will be to simply incorporate PKE into the protocol. It's just my opinion that it won't go down that way... at least, not solely, because the problems run deeper than MitM attacks.
Well, I don't know what to tell you except that it's time to get a new joke writer... and some manners, if you can manage it.
I'm arguing in view of the fact that key exchange and the higher probability for node (and key) compromise (due to both increased number and exposure of nodes) makes the ad-hoc routing problem a bit different that the problems alleviated by DNSSEC et al. The problem lies, practically, in the lower layer protocols. Fix those (as they should be fixed anyway) and the upper layer problems become less severe. Practically, this is how things tend to unfold... e.g. the idea of using signatures to secure traditional routing protocols was of theoretical interest but never widely took hold because implementors preferred to take steps to trust their links (physical security, tunneling, etc). That goes out the window with most wireless MACs, but it will relax again as good link protection becomes more commonplace.
I agree, but IMHO they're going at it from the wrong end. Making a highly dynamic MANET route reliably is a problem which has been more or less solved. Preventing DoS, spoofing and energy attacks... not so much. That's (partly) why there are no MANETs. You can't trust the existing MACs to be safe against attacks (authentication, association, eavesdropping, jamming, etc) for which they should have some built-in resiliency (things that are, by the way, being built into the newer standards). The other reason is that available commodity wireless has proven too clunky and limited to practically implement networks with a hop depth much greater than 5 or so nodes. The problem is with the MAC, not the routing protocols.
"Ass-u-ming"... how hilarious. Do you use that one a lot? You must be the funniest guy in your basement.
> I can easily envisision a routing technology that uses public-key encryption for the hand-shaking which would be
> unspoofable in this context.
If it's so easy to "envisision", I'm anxious to see your paper/RFC/code etc. Truly.
You're confusing "existing" with "traditional." Ad hoc routing protocol which work fine in practice have been existing for years. It's layer 2 and below that need to catch up, because that's where the security problems will and should be tackled.
Excepting vehicle-only networks, battery-powered nodes will be abundant for the forseeable future because they just work better in a lot of applications. Fuel cells are rare, solar cells suck and denser energy platforms are heavy (i.e. not very mobile).
As opposed to non-mobile M(obile)ANETs?
Wireless ad hoc nets have two major points of vulnerability: they are vulnerable to routing protocol attacks, and they consist of nodes with finite energy reserves.
I would disagree with the assertion in the article that current routing protocols are insufficient to handle MANETs. MANET routing protocols are slightly different (most are adaptations of traditional protocols), but if implemented correctly, they can support networks with very high rates of topology change... this has been supported by the literature for years now.
What the protocols are lacking is resistance from spoofing attacks that confound or exploit the "intelligence" of the adaptive routing protocols, and attacks on battery energy that coax nodes to use more energy or target and overwhelm key nodes. This has to be addresses in the lower layers as suggested by the article. So it's no surprise that the trend has been to develop "underlay" meshing protocols instead of traditional layer 3 routing schemes, because all of the security has to be built into layers 1 and 2 anyway on account of the fact that traffic can be easily sniffer or injected by passers by.
I just have a new-found patience.
Just don't what... misconfigure or misapply the technology? If "Citrix" is anything, it's too expensive in some situations and inappropriate for others. Maybe you were just using some Citrix software to do something it's not ideal at doing, or otherwise using it incorrectly... in any case, it's kinda silly to malign an entire software suite with a vague anecdote.
If the explosion happened "before civilization" then it might be hard for there to be any memory of the "apocalyptic event" that created the glass. We're talking 800,000 years here... even before the advent of oral legend (Mmmmmmm.... oral legend).
Liquid != water there, Einstein, but thanks for watching the Abyss one too many times. I think it suffices to say that the severity of a condition has no connection whatsoever to causation and moral responsibility (ya know, those things which we were originally discussing).
No one is arguing that anything hard to do is not worth doing... only that it's rational to seek to understand the causes for prophylactic and/or corrective reasons.
There's absolutism in your final statement. Understanding if/when you are a victim is a good thing. Assuming that everything rests on you alone is crazy; taking responsibility for things that are out of your control is truly counterproductive. Recognizing those things that hurt you but which you cannot change prevents you from wasting your time on lost causes, and leaves you to work on the things that are actually within your means. It's not defeatist... it's as close as you can get to sanity defined.
Maybe there's a name to describe predictable knee-jerk reactions.
Tell me, does your concept of free will allow for constraints? If not, I challenge you to breathe water. And I don't want to hear any crap about how your genetics predispose you to breathing air.