There's also the people who think they "need" an SUV but get upset about how much they have to pay for fuel. It's a stupid market, but that market exists.
MSDOS also worked perfectly adequately as the centerpiece of Windows 95 and 98.
On the contrary, Win9x crashed all the damn time (and mostly due to the reasons I mentioned: lack of memory protection, etc.) and caught viruses more easily than an immune-compromised crack whore. NT was much better, if you were lucky enough that all your software and hardware was compatible with it.
Oddly enough Microsoft's stock price stopped rising about the time that NT started to replace Windows 9. And the rather widespread dislike of Microsoft started about that time. Just coincidence, I'm sure
Yeah, actually, it was! The stock quit rising and everybody started to hate Microsoft because of everything they did except Windows NT:
Instead of targeting Windows 2000 to home users as well as business users, they released the buggy, terrible abortion that was "Windows ME" (the last DOS-based, non-NT Windows version)
They were fucking up the entire Internet by forcing Internet Explorer on everyone (this was when the only other choice was Netscape -- Mozilla was barely starting and Firefox didn't exist yet). It was so egregious that even the US government investigated them for anti-trust violations, for crying out loud!
They were diversifying into a whole bunch of unprofitable new areas, notably Xbox and assorted failed web stuff.
Even at the time, Windows 2000 was considered to be the greatest thing (or at least, least-terrible thing) Microsoft had ever made. If you ask people today, they'd say XP is best, mostly because fewer people used 2000 (because it didn't get marketed to home users) and because people started appreciating XP more once they had Vista to compare it to.
You're the only person I've ever heard of who liked DOS-based Windows better than NT.
All other things being equal, I would probably go with NT. But all other things don't seem to be so equal. MSDOS was simple and ran well on minimal hardware. NT isn't simple and doesn't seem to run all that well on slow CPUs.
MSDOS certainly was simple: it was 16-bit, it lacked preemptive multitasking, and each program was limited to 64kB of memory (that other processes were not prevented from overwriting)!
We have a couple of EEE PCs around the house running XT and Windows 7. They are both terminally slow.
Before, you were talking about the mid-90s (i.e., NT vs Windows 3.1 or 95). Other than compatibility with legacy DOS stuff, it's hard to argue that 3.1 or 95 was better than NT 3.5 or 4.0 in any way whatsoever.
Your problems with Windows XP or 7 on EEE PCs is not due to the NT architecture, but rather all the shit Microsoft piled on top of it. If Windows 2000 had the drivers, your EEE PCs would do better with it.
Do you really expect the average user to know about IPs, ports, TCP/UDP etc.? That's not very realistic.
No, I expect users who want to run services that listen on ports (which makes them not "average!") to know about those things.
I don't agree that a safe alternative is impossible - there's no magic power that packets have to hack a computer. Any failings are due to poorly written software.
It's even less realistic to expect software -- especially the crap software the "average user" uses by default -- to become any less poorly written in the near future.
The problem with that is how many home users know how to configure the firewall? There are legitimate reasons to have incoming connections.
And if your use case includes one of those legitimate reasons, then it's your responsibility to know enough about security to configure the firewall. It is fundamentally impossible for there to be a safe alternative to this!
Even as (currently) a business web app programmer, the more mathematical/theoretical parts of my CS education come in handy from time to time for things like understanding why our decimal and/or floating-point calculations were coming out wrong or rounding funny when such things mystified my much more experienced coworkers.
Okay, I'll concede that if you have an old keyboard (like a Model M) it's possible that it could be good and not have a Windows(ish) key. However, even new Model M reproductions have one these days.
I work in a Windows-based shop where it's an important rule to lock your computer whenever you walk away from your desk, so I've gotten into the habit of using winkey + L to do it... otherwise, I only tend to hit that key on accident.
This hasn't been my experience. It's hard to find qualified people - they've all got decent jobs already.
You know what that means? It means THE JOB YOU'RE OFFERING ISN'T DECENT!
Your problem is entirely due to your unwillingness or inability to make your company an attractive prospect. Fix that instead of whining about how people aren't stupid enough to accept your shit pay/conditions/etc.
Maybe if Microsoft had made different decisions in the mid-1990s when they had a compact real mode OS with a usable GUI running atop it, they could have ended up with something unified or unifiable. But that was then and this is now and the intervening two decades are water under the bridge or over the dam or something.
Wait a second, are you actually trying to argue that keeping DOS-based Windows instead of switching to the NT kernel would have been a good thing? That's just crazy talk!
Now, I can agree that they should have kept the UI decoupled from the rest of the OS, but there's no way I'd trade NT for DOS.
Of course, if you try to solve the problem of "damaged personalities" you end up with a situation out of a bad sci-fi movie (e.g. the one with 'gun kata').
Of course the NSA illegally acquires data from most all email providers, ISPs, etc. Even the services that are explicitly based in privacy get NSLs, so to avoid that I could avoid using the internet at all. I'm going to use the internet, so the NSA will be able to snoop until that problem is handled using the three boxes - soap box, ballot box, and if absolutely necessary ammo box.
There are four boxes: soap, ballot, jury and ammo.
If you were careful, you MIGHT be able to get away from everything using cyanogenmod and opting to NOT install ANY google services but then you'd have a mostly useless overpowered dumb phone...
I don't think it matters whether we take Exodus or the US Government. I'm not really sure why being a mercenary is so bad? What is the difference if the US Government pays Exodus or hires the people working for Exodus to write exploits directly?
The difference is motivation. If you're partisan -- if you're motivated because you think the cause is just -- then maybe it's ethical to fight. If you're motivated by money and otherwise don't care, it's clearly unethical.
(I say "maybe" because it's not ethical to fight if you're mistaken in your belief that the cause is just -- it has to genuinely be so. But if you don't care, fighting is unethical even before considering the justness of the cause because it's not your fight.)
And yes, people are using Tor to fight against the US; certainly hackers and terrorists use Tor. (I don't believe more than a small fraction of Tor users are malicious, but malicious users undoubtedly exist.
If the American Revolution were happening today, the Founding Fathers would be labeled "hackers and terrorists" from the perspective of the British Crown. In other words, unless you're purposefully targeting innocents, those sorts of labels are a matter of perspective. I'm not at all convinced that using TOR to fight against the US government is actually a bad thing.
If you have responsibly disclosed every exploit you know about, you are not going to be able to hack into the computer which triggers the bomb. I'm not sure why this isn't obvious. Unless somehow your "responsible disclosure" allows for holding on to exploits until you need them for dire situations, you have no way to stop such a computerized device.
Let's be more concrete here: someone has hooked up a Raspberry Pi to detonate a bomb, which is triggered, say, over Tor. Whoever made this wasn't stupid: it has a heartbeat which will detonate the bomb if it fails, so you can't just jam it or cut off internet access. It has normal motion sensors, etc. You have 1 hour to disable it.
I propose that given the possibility of such a scenario (or scenarios like this; obviously this is an extreme and contrived example to try to prove a point), it is ethical to withhold disclosure of vulnerabilities. In your proposed scenario, the government has "emptied its cyber arsenal". It has nothing it can do to prevent such an attack. I believe it is superior to have the capability to prevent such an attack.
First of all, I understood your previous scenario to be that you're discovering a new exploit in the process of defusing the bomb, and deciding whether to responsibly disclose it afterwards or to keep it in your pocket for later use. That's different from what you wrote this time, which is that you're using a previously-discovered but undisclosed exploit to defuse a bomb at the present time.
The problem with your scenario is that you're presupposing it "will" happen, and judging your actions after the fact. That's not a valid mode of reasoning, since there's no way to know that the scenario will actually occur (or even that it's more than infinitesimally likely to occur) at the time you're making the decision to disclose or not.
In other words, you're saying that it's perfectly ethical to do actual harm now because you guess that it might lessen the possibility of doing potential harm later. If you don't understand the problem with this, there's nothing more I can do to explain it to you more clearly.
It's like saying we shouldn't have fought in Wold War II against Hitler, because war is bad. The Allied forces were the "lesser of two evils"--evil, of course, because war is unethical just like hacking is. Why choose to actively help the lesser of two evils? We should have remained neutral.
That's exactly what we did do until the Japanese attacked us directly at Pearl Harbor. I think we acted pretty appropriately in that case!
Why do you feel you have to defend yourself against accusations like this? Have they been leveled at you?
They have, and they've been leveled at you, by the article itself, which made blanket statements about all men.
This woman thinks I'm asshole with no self-control for no other reason than because I have a penis. And she thinks I'm the one who's sexist?!
Not once have I ever felt the need to "defend myself against accusations like this." Why? Because it's pretty easy to avoid being a condescending sexist asshole...
Indeed. I have a suspicion that the opposite is also true: that the women who complain about these things are themselves the female equivalents of the condescending sexist assholes they're complaining about.
But if you dare to express the fact that it isn't true, then you get accused of "denying reality" and being part of the problem in that sense. It's a no-win scenario.
If other people are attacking you, should you lay down all your weapons and hope they do the same?
Are people attacking Exodus via TOR? If not, then what ethical justification does it have for involving itself as the NSA's mercenary?
I'm all for self-defense; it's aiding aggression that I find unethical.
Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant.
I think this is an incredibly bold statement. I think it's a bit hard to judge the ethics of exploiting a computer "in a vacuum", the context certainly matters. Let's take a hypothetical situation: if a computer was used as the trigger for a bomb which was going to go off and kill 100 people, would it not be ethical to hack in to the computer and disable it? [we can assume it also has all the fancy triggering mechanisms in place.. capacitive sensing in case someone gets too close, tilt/shock sensors in case something tries to move it, etc]
Clearly, I'm failing to understand -- what is there about your hypothetical situation that precludes responsible disclosure?
Also, responsible disclosure is sort of tautologically ethical because it does consider context (that's what the "responsible" part means). If you're not sure what kind of disclosure is responsible, then the only ethical option would be to forgo the hacking.
The other thing is you have to consider that "cyber weapons" mean governments can gain intelligence or affect systems without hurting people. Stuxnet is an interesting example. How many lives would have been lost if instead someone bombed the Iranian nuclear facility, or killed off Iranian scientists (yes, I know this still happens anyway, sadly)? Stuxnet was a virus that infected the public's computers as well.
Based on our discussion so far I would expect you to say something like "well sure, maybe it's better than bombing, but having neither would be even better". That's a totally understandable stance, but again, that isn't the world we live in. I think it's a step in the right direction to at least try to minimize deaths.
Being forced to choose the lesser of two evils doesn't mean you should become the active accomplice of that evil.
Besides, on a more practical note, you're also failing to consider the rest of the collateral damage. By supporting Exodus's position, you're saying that hypothetically saving the lives of the Iranian scientists is worth hypothetically risking the lives of TOR users worldwide.
So you seem to be saying hacking is never ethical.
Hacking with responsible disclosure is ethical. The fact that it may not be possible to do so profitably is irrelevant.
Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant. The fact that somebody else is acting unethically is not an excuse for you to act unethically too!
So no, I guess what I'm saying is that if Exodus weren't selling bugs to the government, we would be worse off, not better.
No. We're exactly equally bad off in either case. An attacker is an attacker. I have no confidence whatsoever that giving the NSA the exploits helps the American public, but even if I did the act of doing so would still be unethical!
Didn't your parents ever ask you rhetorical questions like "if your friends all jumped off a bridge, does that mean you should do it too?" or tell you "the ends do not justify the means" when you were a kid?
The arguments I'm used to hearing go something like "but it's obviously unethical, they should just responsibly report and disclose vulnerabilities they find". But this is a total crap argument. The options Exodus has aren't "sell to governments" or "responsibly disclose for little to no fee". The options are "sell to governments" or "go out of business". So maybe someone will say "fine, they should go out of business, then we will all obviously be safer!".
But, well, it's not really clear that's the case. If Exodus (or Vupen, or whomever) quit, it's not like suddenly the government would stop looking for exploits. And if the US government did, it's not like China or Russia would. And if they did, it's not like criminal organizations would stop. You aren't going to stop vulnerabilities from happening or being sold. Game theoretically, it seems like the right choice is to keep the US government snatching up what vulnerabilities it can to keep in its back pocket for espionage. Not doing so would be a huge blow to US intelligence agencies, when every other major government out there is working on the same capabilities.
So what you're saying is that what Exodus is doing is unethical, but criminals would do the same thing anyway, so we might as well ignore Exodus' unethical behavior because they're on "our side?"
Slashdot Mirror
The Air Force isn't the only entity who's opinion matters. Did the Navy want it?
The end does not justify the means.
Also, was causing the creation of Git some kind of grand scheme by Tridgdell? If it was an accident, he shouldn't get credit for it.
There's also the people who think they "need" an SUV but get upset about how much they have to pay for fuel. It's a stupid market, but that market exists.
On the contrary, Win9x crashed all the damn time (and mostly due to the reasons I mentioned: lack of memory protection, etc.) and caught viruses more easily than an immune-compromised crack whore. NT was much better, if you were lucky enough that all your software and hardware was compatible with it.
Yeah, actually, it was! The stock quit rising and everybody started to hate Microsoft because of everything they did except Windows NT:
Even at the time, Windows 2000 was considered to be the greatest thing (or at least, least-terrible thing) Microsoft had ever made. If you ask people today, they'd say XP is best, mostly because fewer people used 2000 (because it didn't get marketed to home users) and because people started appreciating XP more once they had Vista to compare it to.
You're the only person I've ever heard of who liked DOS-based Windows better than NT.
MSDOS certainly was simple: it was 16-bit, it lacked preemptive multitasking, and each program was limited to 64kB of memory (that other processes were not prevented from overwriting)!
Before, you were talking about the mid-90s (i.e., NT vs Windows 3.1 or 95). Other than compatibility with legacy DOS stuff, it's hard to argue that 3.1 or 95 was better than NT 3.5 or 4.0 in any way whatsoever.
Your problems with Windows XP or 7 on EEE PCs is not due to the NT architecture, but rather all the shit Microsoft piled on top of it. If Windows 2000 had the drivers, your EEE PCs would do better with it.
No, I expect users who want to run services that listen on ports (which makes them not "average!") to know about those things.
It's even less realistic to expect software -- especially the crap software the "average user" uses by default -- to become any less poorly written in the near future.
And if your use case includes one of those legitimate reasons, then it's your responsibility to know enough about security to configure the firewall. It is fundamentally impossible for there to be a safe alternative to this!
Even as (currently) a business web app programmer, the more mathematical/theoretical parts of my CS education come in handy from time to time for things like understanding why our decimal and/or floating-point calculations were coming out wrong or rounding funny when such things mystified my much more experienced coworkers.
Okay, I'll concede that if you have an old keyboard (like a Model M) it's possible that it could be good and not have a Windows(ish) key. However, even new Model M reproductions have one these days.
I work in a Windows-based shop where it's an important rule to lock your computer whenever you walk away from your desk, so I've gotten into the habit of using winkey + L to do it... otherwise, I only tend to hit that key on accident.
Actually, all decent ones do, but the key might be labeled "Meta" or "Cmd" or a funky icon something.
Don't worry, I have faith that you can get fat enough to fill a Rolls without too much effort!
You know what that means? It means THE JOB YOU'RE OFFERING ISN'T DECENT!
Your problem is entirely due to your unwillingness or inability to make your company an attractive prospect. Fix that instead of whining about how people aren't stupid enough to accept your shit pay/conditions/etc.
Wait a second, are you actually trying to argue that keeping DOS-based Windows instead of switching to the NT kernel would have been a good thing? That's just crazy talk!
Now, I can agree that they should have kept the UI decoupled from the rest of the OS, but there's no way I'd trade NT for DOS.
Oh, how I wish I hadn't used my modpoints up earlier today!
Of course, if you try to solve the problem of "damaged personalities" you end up with a situation out of a bad sci-fi movie (e.g. the one with 'gun kata').
There are four boxes: soap, ballot, jury and ammo.
Maybe you could get one of these Firefox phones.
The difference is motivation. If you're partisan -- if you're motivated because you think the cause is just -- then maybe it's ethical to fight. If you're motivated by money and otherwise don't care, it's clearly unethical.
(I say "maybe" because it's not ethical to fight if you're mistaken in your belief that the cause is just -- it has to genuinely be so. But if you don't care, fighting is unethical even before considering the justness of the cause because it's not your fight.)
If the American Revolution were happening today, the Founding Fathers would be labeled "hackers and terrorists" from the perspective of the British Crown. In other words, unless you're purposefully targeting innocents, those sorts of labels are a matter of perspective. I'm not at all convinced that using TOR to fight against the US government is actually a bad thing.
First of all, I understood your previous scenario to be that you're discovering a new exploit in the process of defusing the bomb, and deciding whether to responsibly disclose it afterwards or to keep it in your pocket for later use. That's different from what you wrote this time, which is that you're using a previously-discovered but undisclosed exploit to defuse a bomb at the present time.
The problem with your scenario is that you're presupposing it "will" happen, and judging your actions after the fact. That's not a valid mode of reasoning, since there's no way to know that the scenario will actually occur (or even that it's more than infinitesimally likely to occur) at the time you're making the decision to disclose or not.
In other words, you're saying that it's perfectly ethical to do actual harm now because you guess that it might lessen the possibility of doing potential harm later. If you don't understand the problem with this, there's nothing more I can do to explain it to you more clearly.
That's exactly what we did do until the Japanese attacked us directly at Pearl Harbor. I think we acted pretty appropriately in that case!
On the contrary, you've just proven my point!
They have, and they've been leveled at you, by the article itself, which made blanket statements about all men.
This woman thinks I'm asshole with no self-control for no other reason than because I have a penis. And she thinks I'm the one who's sexist?!
Indeed. I have a suspicion that the opposite is also true: that the women who complain about these things are themselves the female equivalents of the condescending sexist assholes they're complaining about.
But if you dare to express the fact that it isn't true, then you get accused of "denying reality" and being part of the problem in that sense. It's a no-win scenario.
Are people attacking Exodus via TOR? If not, then what ethical justification does it have for involving itself as the NSA's mercenary?
I'm all for self-defense; it's aiding aggression that I find unethical.
Clearly, I'm failing to understand -- what is there about your hypothetical situation that precludes responsible disclosure?
Also, responsible disclosure is sort of tautologically ethical because it does consider context (that's what the "responsible" part means). If you're not sure what kind of disclosure is responsible, then the only ethical option would be to forgo the hacking.
Being forced to choose the lesser of two evils doesn't mean you should become the active accomplice of that evil.
Besides, on a more practical note, you're also failing to consider the rest of the collateral damage. By supporting Exodus's position, you're saying that hypothetically saving the lives of the Iranian scientists is worth hypothetically risking the lives of TOR users worldwide.
What do you think the odds are that you could download the smallpox genome off The Pirate Bay or some TOR site?
Hacking with responsible disclosure is ethical. The fact that it may not be possible to do so profitably is irrelevant.
Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant. The fact that somebody else is acting unethically is not an excuse for you to act unethically too!
No. We're exactly equally bad off in either case. An attacker is an attacker. I have no confidence whatsoever that giving the NSA the exploits helps the American public, but even if I did the act of doing so would still be unethical!
Didn't your parents ever ask you rhetorical questions like "if your friends all jumped off a bridge, does that mean you should do it too?" or tell you "the ends do not justify the means" when you were a kid?
So what you're saying is that what Exodus is doing is unethical, but criminals would do the same thing anyway, so we might as well ignore Exodus' unethical behavior because they're on "our side?"
Fuck that, and fuck you!