I see smartphones becoming the size of a credit card within the next 10 years, graphene or no graphene.
Is that credit card-sized smartphone going to come with microscopic vision enhancement and more compact finger-tips? I hope the advances are in power life and lower cost rather than making them teeny-tiny.
At that point, why not just build the phone into the headset and do it all by voice control, with possibly a laser keypad as an alternate.
I could see that doing most communications and even driving directions. If you had bluetooth receivers in cars, it could play music most times you want it to.
You know, the group of 4Channers who mete out vigilante justice as they see fit?
But I think gman003 was more talking about media. There are like 5 superhero movies coming out this year. Virtually all of them are vigilantes (although having seen Thor, the current #1 movie, it's not actually a vigilante movie).
As another guy put it, that group's motto contains "We are Legion" and I think that (being accurate, if melodramatic) disqualifies them as vigilantes.
To your other point: Everyone interpreted "American culture" to mean "Hollywood and comic books."
I'm not going to belabor the point since I'll never convince anyone, but there's a lot more to it than Hollywood and comic books.
But even within that domain, the vigilante formula is only prominent in action movies. And given that you can only kill people legally if you're a cop or a soldier or something like that, any protagonist who kills illegally has to be a criminal or a vigilante. Since criminals aren't sympathetic figures, action heroes are split more or less evenly into cop, soldier and vigilante.
So I still don't buy the notion that we're culturally obsessed.
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
Holy shit! You're one of them!
But seriously, "We are Legion" is pretty much "we are not vigilantes." Anonymous is a left-wing hate group, like Earth First, Weather Underground, Black Panthers, etc., but with a more cleverly decentralized approach, and with less actual violence.
Any actual evidence that Americans are "obsessed" with vigilante justice? I'm trying to recall the last time I heard of any notorious vigilante actions, and I'm drawing a blank. Even when the WBC crowd protested military funerals, the worst anyone did was slash their tires.
It's called conditioning. If Comcast is always living up to the worst expectations, then it's hard not to assume the worst when someone suggests further shenanigans.
It's a perfectly natural response.
For example, if every time a bell rings, someone punches you in the face - (eventually) you'd get the idea to cover your face whenever the bell rings.
Wow.
I've rarely seen that much fail packed into such a short post.
Were they wrong or was it irrational to do so? Not particularly.
Jumping to conclusions is pretty much the very fucking definition of irrational.
You're right, we should never infer a future or new behaviour from an existing verified pattern of behaviour...
I didn't say what you should or shouldn't do. "Should" did not enter into my post, the entirety of which is quoted above, nor does it enter into this post.
No I think in this instance, accuse first and apologise later is justified.
There's never a justification for a false accusation. Our whole system of law is seriously distorted by false accusations, to the point where teenagers taking a pictures of their nasties will be labeled sex offenders for life. Our politicians are all lowlife scumbags or power-hungry psychos because the normal people stay home rather than have their lives put up like a circus and deal with defamation every waking hour.
Every little false accusation just adds to it.
You're going to do it anyway, because you're irrational, and you're not actually going to do anything but bitch and gripe anyway, but I'm just here to tell you you're full of shit and part of the problem.
Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open.
This isn't just Captain Obvious.
This is Captain Obvious after he's been beaten half to death by a mob wielding stupid bats, been gene spliced with a tardosaurus rex, and then got a lobotomy from Dr. Mengele.
The inevitable legal battles are going to be hilarious...
I think historic Supreme court decisions are very interesting to listen to because you've got some very skilled lawyers who break the concepts down in clear language. It is pretty satisfying to hear the justices methodically drawing an argument out in full and then tear it to shreds.
...when defense lawyers start forcing RIAA et al to pick apart the exact technical differences between local and remote playback.
IANAL, but I suspect the RIAA might respond that the technical difference is not the issue. The legal difference is that the data is passing through lines and routers owned by third parties and crossing legal jurisdictions. It will be a very interesting case, but I don't think it will be nearly as one-sided as you're thinking because established law has such strong protections of IP.
Why did we pay some "scientist" for 3 years (read the summary, it says "three years ago") to calculate this, so we can all be amused by it on/. for 10 minutes?
Astounding as it may seem, researchers don't just work on one project to the exclusion of all else. This is probably the "human interest" stuff they do on the side.
So what you've done there is redefined obscure to something that you think that it should mean and then reduced everything to your new definition. And of course you haven't done it properly so everything collapses into a single case.
You're right in that "obscure" isn't the perfect word, but I'm just trying to rebut the "security through obscurity" meme rather than do a course in cryptography, which I wouldn't be qualified to do anyway.
What about 2^128 values? Well beyond the limits of computational feasibility. We don't treat this as "just a bit harder to guess" because beyond some limit things actually do operate differently and the mental intuition from smaller domains breaks down....
If you start to reinforce the door on your house, long before the door becomes unbreakable a determined attacker will just go through the walls.
A key with 128 bits, while impossible to guess, is also impossible (or at least highly impractical) to memorize. You're right, there are plenty of things that are well beyond obscure, but by themselves they're not useful in security.
Your 128 bit key is probably stored on physical media, which only you have, but is certainly possible to steal. That's now the obscure object. Say your data is worth the effort of memorizing 128 bits of pure randomness. Now your resistance to a rubber hose is the weak point.
While I'm open to a more general or correct term, I think "obscure" still stands as a pretty good way of describing what it is that you're forced to defend when you create a token to be used in a security process. Conceptually, it seems solid to me, and it is fairly approachable unlike, say, "entropy" or other information theory notions.
Hey, guess how passwords work? They're hard to guess.
But when you're using HTTPS, a password is usually passed along a pre-secured channel. Aren't these URI's visible to all routers in between you and the file site, as well as any computer monitoring traffic on your local LAN?
If so, that's somewhat less secure than passwords.
Right, so the normal usage of the terms "secure" and "obscure" is ambiguous. And pardon me if I'm explaining the obvious, but some people definitely don't get it, and the Internet has a desperate need for my opinion.
Obscurity is an intrinsic property of things. A Babe Ruth rookie card is obscure because there aren't many of them. It often, but not always, makes something valuable. Vogon poetry might make a great secret key, but no one would pay for it.
Security is something you impose upon a thing. I can secure the card by locking it in a vault. Security is often achieved through mechanisms, processes or algorithms.
Half of security is keeping others out of your stuff, the other half is letting you in. So the reason I say all security is achieved through obscurity is that the way you let yourself in is through an obscure token.
And some of the confusion comes about because that obscurity has to be secured. Your example of the password over HTTPS is great: if the password is sent by plaintext, it can be a great password, but once it's revealed it's no longer obscure, and the whole system is broken. That's an example of an information leak.
That link I posted to a rar full of my favorite pr0n pics on/b/ is easy pickings to thousands of other online users? No wai!
I mean, I had no idea most people who used quick upload services like imgur, rapidshare, and mediafire uploaded most of their files with any implied expectancy of privacy. But boy was I wrong!
That was my initial reaction, but on second thought I think it is fairly newsworthy.
The Register's audience is regular users, who do stuff like put sensitive documents on a file sharing site. It's worth a few paragraphs to remind people not to do idiotic things.
It's also worth noting that these sites either a. have index pages turned on and don't know it, which would be so incompetent as to make me wonder how they keep a file server running or b. are allowing these pages to be crawled and telling their users that they aren't, which is unethical as hell and possibly illegal.
“These services adopt a security-through-obscurity mechanism where a user can access the uploaded files only by knowing the correct download URIs,” the researchers wrote in a paper presented at the most recent USENIX Workshop on Large-Scale Exploits and Emergent Threats.
Hey, guess how passwords work? They're hard to guess. How do biometrics work? Your fingerprints are hard to replicate. How do keycards work? It's hard to guess whatever code is stored in it. All security ultimately comes down to some token that is "obscure."
All security is through obscurity. If these sites are being accessed when they shouldn't, it means that there's an information leak, that is, the owners think (or claim) that it is far more obscure than it really is.
Once saw 8 guys trying to get a HMMWV started. Automatic transmission, diesel engine, so they tried the glow plug, slaving (jumping) it, checked fluids, checked fuses, everything they could think of. Nothing doing, would not start.
After about an hour of this, an NCO comes by, notices it's in gear. D'oh!
But it doesn't matter anyway, since these companies all target the suits instead of the IT folks. The suits will just buy whatever product sounds nice without consulting the people who will use or administer it. There's effectively no interaction between the vendors and their user-base./rant
Yeah, I had to evaluate a security product, and the marketing material was definitely not meant for consumption by anyone with a remotely technical background. The hype was unbelievable, everything it did was totally game changing, and their acceleration hardware made things 60 times or 700 times or even 3500 times faster. They even claimed that their stuff was somehow better for the environment! After I started digging into it, they actually had a fairly promising product. But the hype made me think they were total scammers.
Little buy in from upper management. Without this getting people to meet and discuss and prioritize is futile.
No return on investment. Securing data is not glorious until after you've been compromised.
Risk versus reward.
Software setup is not overly hard. Integration with existing systems is.
I think you're right. You can have very capable IT people, but real security requires more than just IT. A lot of people have to be trained, processes have to be set up, etc., so if management doesn't "get it", it doesn't actually happen.
The attitude that IT will do all the work to make stuff secure, and all everyone else has to do is memorize a few passwords is pretty poisonous.
Slashdot Mirror
Wait for the patent trolls to join the party and tell me which century this will revolutionize.
The next one...
Is that credit card-sized smartphone going to come with microscopic vision enhancement and more compact finger-tips? I hope the advances are in power life and lower cost rather than making them teeny-tiny.
At that point, why not just build the phone into the headset and do it all by voice control, with possibly a laser keypad as an alternate.
I could see that doing most communications and even driving directions. If you had bluetooth receivers in cars, it could play music most times you want it to.
You included stuff from El Salvador, Colombia, Thailand, India, Mexico, England, Ireland and some loopy environmental groups; I probably missed some.
So half that list isn't US, many aren't even violent, so we're down to one or two nutters every decade in a country of 300 million.
And most people have never even *heard* of these people. Conclusion: no obsession.
You know, the group of 4Channers who mete out vigilante justice as they see fit?
But I think gman003 was more talking about media. There are like 5 superhero movies coming out this year. Virtually all of them are vigilantes (although having seen Thor, the current #1 movie, it's not actually a vigilante movie).
As another guy put it, that group's motto contains "We are Legion" and I think that (being accurate, if melodramatic) disqualifies them as vigilantes.
To your other point: Everyone interpreted "American culture" to mean "Hollywood and comic books."
I'm not going to belabor the point since I'll never convince anyone, but there's a lot more to it than Hollywood and comic books.
But even within that domain, the vigilante formula is only prominent in action movies. And given that you can only kill people legally if you're a cop or a soldier or something like that, any protagonist who kills illegally has to be a criminal or a vigilante. Since criminals aren't sympathetic figures, action heroes are split more or less evenly into cop, soldier and vigilante.
So I still don't buy the notion that we're culturally obsessed.
how bout the golden sachs employee who stole code and got 10 years in the slammer?
what did gs execs get for ripping us off?
Nothing, that's what being the number two donor to President Obama gets you.
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
Holy shit! You're one of them!
But seriously, "We are Legion" is pretty much "we are not vigilantes." Anonymous is a left-wing hate group, like Earth First, Weather Underground, Black Panthers, etc., but with a more cleverly decentralized approach, and with less actual violence.
It's a sign of the end times.
Any actual evidence that Americans are "obsessed" with vigilante justice? I'm trying to recall the last time I heard of any notorious vigilante actions, and I'm drawing a blank. Even when the WBC crowd protested military funerals, the worst anyone did was slash their tires.
It's called conditioning. If Comcast is always living up to the worst expectations, then it's hard not to assume the worst when someone suggests further shenanigans.
It's a perfectly natural response.
For example, if every time a bell rings, someone punches you in the face - (eventually) you'd get the idea to cover your face whenever the bell rings.
Wow.
I've rarely seen that much fail packed into such a short post.
Were they wrong or was it irrational to do so? Not particularly.
Jumping to conclusions is pretty much the very fucking definition of irrational.
You're right, we should never infer a future or new behaviour from an existing verified pattern of behaviour...
I didn't say what you should or shouldn't do. "Should" did not enter into my post, the entirety of which is quoted above, nor does it enter into this post.
No I think in this instance, accuse first and apologise later is justified.
There's never a justification for a false accusation. Our whole system of law is seriously distorted by false accusations, to the point where teenagers taking a pictures of their nasties will be labeled sex offenders for life. Our politicians are all lowlife scumbags or power-hungry psychos because the normal people stay home rather than have their lives put up like a circus and deal with defamation every waking hour.
Every little false accusation just adds to it.
You're going to do it anyway, because you're irrational, and you're not actually going to do anything but bitch and gripe anyway, but I'm just here to tell you you're full of shit and part of the problem.
You apparently don't know what fucking irrational is... or maybe you do. Hmmm....
I said the fucking definition, as in I gave your mother the fucking definition of a sore asshole last night.
Were they wrong or was it irrational to do so? Not particularly.
Jumping to conclusions is pretty much the very fucking definition of irrational.
Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open.
This isn't just Captain Obvious.
This is Captain Obvious after he's been beaten half to death by a mob wielding stupid bats, been gene spliced with a tardosaurus rex, and then got a lobotomy from Dr. Mengele.
The inevitable legal battles are going to be hilarious...
I think historic Supreme court decisions are very interesting to listen to because you've got some very skilled lawyers who break the concepts down in clear language. It is pretty satisfying to hear the justices methodically drawing an argument out in full and then tear it to shreds.
...when defense lawyers start forcing RIAA et al to pick apart the exact technical differences between local and remote playback.
IANAL, but I suspect the RIAA might respond that the technical difference is not the issue. The legal difference is that the data is passing through lines and routers owned by third parties and crossing legal jurisdictions. It will be a very interesting case, but I don't think it will be nearly as one-sided as you're thinking because established law has such strong protections of IP.
And to think, the case was this close, this close, to making it all the way to the SCOTUS.
How much longer can society go on without knowing who owns our names on Facebook?
Why did we pay some "scientist" for 3 years (read the summary, it says "three years ago") to calculate this, so we can all be amused by it on /. for 10 minutes?
Astounding as it may seem, researchers don't just work on one project to the exclusion of all else. This is probably the "human interest" stuff they do on the side.
No.
Yes!
So what you've done there is redefined obscure to something that you think that it should mean and then reduced everything to your new definition. And of course you haven't done it properly so everything collapses into a single case.
You're right in that "obscure" isn't the perfect word, but I'm just trying to rebut the "security through obscurity" meme rather than do a course in cryptography, which I wouldn't be qualified to do anyway.
What about 2^128 values? Well beyond the limits of computational feasibility. We don't treat this as "just a bit harder to guess" because beyond some limit things actually do operate differently and the mental intuition from smaller domains breaks down. ...
If you start to reinforce the door on your house, long before the door becomes unbreakable a determined attacker will just go through the walls.
A key with 128 bits, while impossible to guess, is also impossible (or at least highly impractical) to memorize. You're right, there are plenty of things that are well beyond obscure, but by themselves they're not useful in security.
Your 128 bit key is probably stored on physical media, which only you have, but is certainly possible to steal. That's now the obscure object. Say your data is worth the effort of memorizing 128 bits of pure randomness. Now your resistance to a rubber hose is the weak point.
While I'm open to a more general or correct term, I think "obscure" still stands as a pretty good way of describing what it is that you're forced to defend when you create a token to be used in a security process. Conceptually, it seems solid to me, and it is fairly approachable unlike, say, "entropy" or other information theory notions.
I've set the bar pretty low... I mean, it's a British rag that's not talking abut their fucking wedding.
Hey, guess how passwords work? They're hard to guess.
But when you're using HTTPS, a password is usually passed along a pre-secured channel. Aren't these URI's visible to all routers in between you and the file site, as well as any computer monitoring traffic on your local LAN?
If so, that's somewhat less secure than passwords.
Right, so the normal usage of the terms "secure" and "obscure" is ambiguous. And pardon me if I'm explaining the obvious, but some people definitely don't get it, and the Internet has a desperate need for my opinion.
Obscurity is an intrinsic property of things. A Babe Ruth rookie card is obscure because there aren't many of them. It often, but not always, makes something valuable. Vogon poetry might make a great secret key, but no one would pay for it.
Security is something you impose upon a thing. I can secure the card by locking it in a vault. Security is often achieved through mechanisms, processes or algorithms.
Half of security is keeping others out of your stuff, the other half is letting you in. So the reason I say all security is achieved through obscurity is that the way you let yourself in is through an obscure token.
And some of the confusion comes about because that obscurity has to be secured. Your example of the password over HTTPS is great: if the password is sent by plaintext, it can be a great password, but once it's revealed it's no longer obscure, and the whole system is broken. That's an example of an information leak.
That link I posted to a rar full of my favorite pr0n pics on /b/ is easy pickings to thousands of other online users? No wai!
I mean, I had no idea most people who used quick upload services like imgur, rapidshare, and mediafire uploaded most of their files with any implied expectancy of privacy. But boy was I wrong!
That was my initial reaction, but on second thought I think it is fairly newsworthy.
The Register's audience is regular users, who do stuff like put sensitive documents on a file sharing site. It's worth a few paragraphs to remind people not to do idiotic things.
It's also worth noting that these sites either a. have index pages turned on and don't know it, which would be so incompetent as to make me wonder how they keep a file server running or b. are allowing these pages to be crawled and telling their users that they aren't, which is unethical as hell and possibly illegal.
“These services adopt a security-through-obscurity mechanism where a user can access the uploaded files only by knowing the correct download URIs,” the researchers wrote in a paper presented at the most recent USENIX Workshop on Large-Scale Exploits and Emergent Threats.
Hey, guess how passwords work? They're hard to guess. How do biometrics work? Your fingerprints are hard to replicate. How do keycards work? It's hard to guess whatever code is stored in it. All security ultimately comes down to some token that is "obscure."
All security is through obscurity. If these sites are being accessed when they shouldn't, it means that there's an information leak, that is, the owners think (or claim) that it is far more obscure than it really is.
Once saw 8 guys trying to get a HMMWV started. Automatic transmission, diesel engine, so they tried the glow plug, slaving (jumping) it, checked fluids, checked fuses, everything they could think of. Nothing doing, would not start.
After about an hour of this, an NCO comes by, notices it's in gear. D'oh!
Esteemed Colleague,
I find your Writings to be of an Astonishing Clarity, and would lyke to subscribe to your Weekly Pamflet.
Your Humble Servant.
But it doesn't matter anyway, since these companies all target the suits instead of the IT folks. The suits will just buy whatever product sounds nice without consulting the people who will use or administer it. There's effectively no interaction between the vendors and their user-base. /rant
Yeah, I had to evaluate a security product, and the marketing material was definitely not meant for consumption by anyone with a remotely technical background. The hype was unbelievable, everything it did was totally game changing, and their acceleration hardware made things 60 times or 700 times or even 3500 times faster. They even claimed that their stuff was somehow better for the environment! After I started digging into it, they actually had a fairly promising product. But the hype made me think they were total scammers.
Actually I read it as:
I think you're right. You can have very capable IT people, but real security requires more than just IT. A lot of people have to be trained, processes have to be set up, etc., so if management doesn't "get it", it doesn't actually happen.
The attitude that IT will do all the work to make stuff secure, and all everyone else has to do is memorize a few passwords is pretty poisonous.