With physical keys, a lot of people forget about securing their keys. They leave them out where they can be photographed, for example, or quickly imprinted, or even just compared to another key with all the bite codes on it so the numbers can be noted.
Same goes for locks. A lot of people don't secure their locks, either, which leaves an attacker plenty of opportunity to bypass. Even an area with security which will detect an attempt to pick a lock or force it open, is still vulnerable. You see a guy go up to a door, stick a key in the lock like he belongs there, then suddenly he "forgets" something and walks away without opening the door. You might not think twice about it in a busy office building, but that guy just got pin imprints and will be back every day to do the same thing again, or send in somebody else, until one day an attacker walks up with a manufactured key that opens the lock and goes right in.
"Something you have" like physical keys aren't that great if you don't secure them. You need to make sure that the only people who have that something are authorized to have it, and you need to restrict hardware access to the lock. It's a tricky proposition in the best of cases. Biometrics are even worse than most cases, because at least a lock on an office door can be changed if a key is lost. You can't change your biometrics. Furthermore, we're talking about digital systems here, when biometrics are inherently analog. Your analog finger, eye, or whatever is being taken in as a precise yet inaccurate digital signal, some probability function is determining if you're "close enough", and then a computer chip says you're okay. It's like having a lock where if you jiggle different keys in it, the tumbler will still turn. To put it in computer terms, it's like taking a float in as input, truncating the decimal, and using it as an integer in your finely-tuned algorithm. There's all kinds of floats out there that will get you the integer you need to make your algorithm work the way you want it to. It's no longer "something you have", it's "something that's kinda like what you have".
"Something you know" like a combination or a password, has always been more secure. It uses math instead of the physical world and its inherent weaknesses. There's too many combinations to reasonably guess it in the amount of time you have, and you're forced to exploit some vulnerability in the locking mechanism to get in, like using a blow torch to melt the locking bolt, or exploit some vulnerability in the user of the lock, like he was stupid and used his birthdate as the combination, or wrote it down. Passwords, and combinations, are digital, instead of analog, which means there's exactly one password or combination that will work, instead of an infinite number of "close enoughs".
You still need security with your lock and key, whether your key is something you know or something you have, but at least with digital, changeable keys, you have the power of discrete math on your side, and if you do lose lock or key security, you can go ahead and change your key.
And if I've piqued anyone's interest in security of physical locks and physical keys, I highly recommend the books by pen-tester Deviant Ollam, specifically Keys to the Kingdom which covers a number of attacks most people never consider when they're securing their offices, server rooms, etc. Practical Lock Picking is good too, if you want to learn how locks are defeated by, surprise, picking them (bumping, shimming, and bypassing too).
I too am surprised people are talking about CS majors as not getting a background in assembly and C or C-based languages. At my school, only ten years ago (shit, I'm getting old), assembly was a second year class, and actually the second class you took in the department if you were coming in with an APCS credit. Yeah, there was Java, but it was just the language they used to introduce new students to computer science, and all that was left behind after the first few classes, and more serious languages came very shortly after people got the basics of OO programming. By your third year classes you were expected to be able to pick up any language at any time, no problem, and you certainly had the background to do so. All the language concepts had already been learned, it was just a matter of picking up syntax or libraries as needed, in the context of whatever CS theory you were learning in a given class.
So is Asker just at a bad school, or has computer science education really changed?
If they get this up and running, it'll just be another diagnostic tool for your doctor. Hopefully it'll be a quick and cheap enough test that they can run it as soon as you report symptoms, just so they can rule in/rule out cancer and more quickly diagnose you properly with more specific tests to determine what kind and how bad. If it saves some people some unneeded biopsies, I'm all for it.
And here I thought the reason they included that into the game was because lots of people were doing this already and the game was inspired by real life.
Any kind of automated mass collection of data without a human in the loop to determine if a threat is credible or not is going to have significant problems. People are sarcastic. People exaggerate. People lie. How many innocent people are being targeted with programs like the NSA has, simply because of a benign association, a bit of sarcasm, or an imperfect algorithm?
While I'd love to believe that the USSS can create some newer, better algorithms to sort through the threats and non-threats they get, if I was one of their protectees I would be awfully nervous if an algorithm was sorting through everything, instead of actual human beings.
My entire post is a hypothetical. I don't expect Snowden to ever go on trial, fair or not. But I would like to see it happen and I would like for that trial to be fair. I have the same wishes about everybody who has committed a crime.
It's not my fault people have a hard time understanding pretty clear logical statements, and like to imagine other arguments I could be making but absolutely am not.
That is not my position. My position is if you break the law and admit you broke the law it's pretty obvious you're guilty of breaking the law. I said nothing about anyone deserving to go to prison just because they're guilty. In fact I outlined several ways by which a lawbreaker might avoid prison should they avail themselves of the justice system. Sometimes the law is wrong or misapplied.
Perhaps you should read a little closer to my post, then. Here you go:
I would very much like to see him get a fair trial, with all the evidence and arguments heard.
So yes, I am coming out in favor of a fair trial for Snowden, and people calling me all sorts of names are arguing against a straw man. Please direct your anger elsewhere.
Unfortunately people seem to be imagining my positions on other issues, rather than reading exactly what I said on this issue. I was specifically addressing the possibility of a trial for Snowden. I did not comment on other hypothetical trials because they were not mentioned in the Slashdot article I was commenting on. Staying on topic on a Slashdot story, crazy, I know. I'm a rebel.
If Slashdot were to have a story tomorrow about a potential trial for Clapper, or anyone else you care to name, you would find I am in favor of fair trials for everyone who has committed crimes, not just Snowden.
I am also aware that the system is not always fair. I addressed that point in my original post. Like I said, I want fair trials. I did not say I want unfair trials, or that I want a selective application of justice. Nothing I said is controversial unless people choose to imagine I'm saying things I'm not saying.
I don't disagree with him either. But the fact still remains, he's repeatedly and publicly admitted to the crime he's accused of. The crime may be telling the truth, but some truths are illegal to tell.
If we as a society disagree with that law, we have various methods of recourse. But denying that Snowden broke the law is ridiculous.
I believe everyone accused of a crime should be brought to trial and the trial should be fair. How is this not sinking in?
It's not my fault you are choosing to read my posts as some kind of support of the NSA. Like I keep saying, I don't know who you think you're arguing with, but it's not me. Stop trying to make me a straw man.
It gives Apple complete control over their own destiny, which is something Apple likes to have (not exactly news). They now have a language they can tinker with to their hearts' content and no external group or standards body can restrict what they do with it. They've made it very clear they intend to listen to developer feedback and tinker with it, at least in the near future. Certainly even if they do eventually open it up, they'll still be able to extend it however they like and whenever they like in the future, as well.
They had to pull off some pretty crazy stuff just to make Objective-C usable all this time, and it shows. That's the problem Swift solves. It solves it for Apple. It's dramatically new because Apple controls it completely. Apple can and is obviously deploying it. It's not a distraction since developers can still use Objective-C as much as they want, and will only switch to Swift if it offers significant advantages.
I freely admit that there are problems with the system too. But that's a discussion for another topic. I was only here to address specifically this news article. I didn't say anything terribly controversial with my very narrow focus, but unfortunately people decided to imagine my positions on other issues I did not address at all, positions I do not hold.
Geez, a guy can't come out in favor of fair trials without getting called an authoritarian. Who knew?
You are absolutely right. Rosa Parks was a criminal.
If you want to read more into that then there is, feel free, but don't pretend I'm the one saying it. The only thing I am advocating here is that justice be served. In case I was too subtle for you in describing four different ways by which Snowden could still "win" despite being a criminal, let me list those out again.
1) A jury could simply choose to ignore the law and let Snowden free (jury nullification). 2) Snowden can appeal his case if found guilty and get the verdict overturned. 3) If appeals fail, he can get his sentence commuted by a president. 4) If appeals fail, he can get pardoned by a president.
I thoroughly support our justice system. Those four things are part of our justice system. If politicians fail to repeal unjust laws, the system can still free criminals under those laws. Snowden is guilty. If the laws that make him guilty are wrong, staying a fugitive does nothing to change those laws.
Which is why I said "If I was Snowden, I might not be so inclined to trust a US federal court with my fate." I even explained possible scenarios that might deprive him of a fair trial. In case it wasn't clear, I'm not in favor of those scenarios.
But I do think he should get a fair trial. I am of course speaking hypothetically here since it's obvious there's not going to be any kind of trial any time soon. But he's accused of crimes and people accused of crimes are supposed to get a trial by jury and all that nice stuff. Unfortunately for his defense, he's admitted to the crimes he's accused of, which will be awkward when the prosecution reads his statements aloud in court. I did, however, outline four options for him to ultimately avoid a lengthy prison sentence. He should avail himself of those options.
Clapper openly admitted he lied to congress. Snowden openly admitted to espionage (he may define the term differently, but the law defines what he did as espionage and he admitted to the acts). I think the chances of either getting a trial any time soon is pretty slim. All of this is hypothetical.
I would like to see fair trials for everyone accused of crimes. This is an article about Snowden, so I commented on Snowden. I'm sorry if other people decided that my commenting on-topic has implications about my views about off-topic subjects. If Slashdot has a story tomorrow about government officials admitting to crimes, I will happily say they're guilty too, and should get a fair trial with all the same legal rights that Snowden should get. I think trials are a good thing. I think due process is a good thing. I think our justice system that includes jury nullification, appeals, commutations, and pardons is a good thing. Apparently that offends some people. Who knew?
Obviously by a trial I mean a fair trial. That's why I said "I would very much like to see him get a fair trial" in my original post. So no, I don't think I'm wrong. I think you're trying to turn me into a straw man. What I said was all pretty reasonable if you don't read into it any more than what I specifically said.
Espionage is defined a specific way under the law. Snowden can deny he's committed espionage all he likes, but are you trying to say that he hasn't admitted to doing the things that the law defines as espionage? He has absolutely admitted to doing those things.
This is like saying "no, I didn't murder anybody, but I did stab them repeatedly until they died." Yeah, you're a murderer according to the law whether you want to call yourself one or not. A prosecutor doesn't need to prove that you think that should be called murder, only that you stabbed somebody repeatedly until they died, and that the law defines that as murder which is illegal. The prosecution's case, seriously, would be over very quickly in the Snowden trial. All they have to do is read Snowden's statements back, and explain what laws he was admitting to breaking, regardless of what personal definition he might hold for that.
It'd be up to Snowden's defense to try to argue for jury nullification. They could very well prevail in court. If they don't prevail in court, they can appeal, and appeal all the way up to the Supreme Court. If that doesn't work they can lobby for a commutation or a pardon. If the laws he broke are unjust, or unjustly applied in his case, it's going to take a trial to change those laws or the application of those laws. Internet posting won't accomplish anything. Personally, I'd like to see something accomplished. Wouldn't you?
They didn't turn themselves in because they would not have gotten a trial of their peers under the American justice system. They would have been hanged immediately by a squad of soldiers. Isn't that obvious? This is part of the reason why they later wrote the US Constitution.
I am not advocating that Snowden gets hanged by a squad of soldiers. Quite the opposite. Happy now?
I really don't understand who you're arguing with, but it's definitely not me. Stop trying to put words in my mouth.
Trials are a good thing. It is how we as a society decide truth and reach justice. It's also how the citizens of this country nullify laws that they don't like that the politicians won't change. No amount of internet posting is going to accomplish what you want to accomplish here. A trial can. Jurors can decide to ignore the law if they don't like it. If he's found guilty of the crimes he's already confessed to, then he can appeal, perhaps up to the Supreme Court, get a commutation from a future friendly president, or even an outright pardon. All of these things would accomplish what you want. Him hiding in a foreign country means he's a fugitive forever and nobody ever gets justice. He doesn't get justice, the American people don't get justice.
I also don't believe our justice system can only handle one case at a time. By all means, let's prosecute everyone who's broken the law. Let them have their day in court. But this is an article about Snowden, and that's the article I was commenting on. If you want to imagine a strawman and call him an authoritarian monarchist, please do so without my username attached.
Well first you need a grand jury to indict them before they go on trial. I'm sure there's a lot of evidence to go over before that happens. Justice rushed is not justice.
Slashdot Mirror
With physical keys, a lot of people forget about securing their keys. They leave them out where they can be photographed, for example, or quickly imprinted, or even just compared to another key with all the bite codes on it so the numbers can be noted.
Same goes for locks. A lot of people don't secure their locks, either, which leaves an attacker plenty of opportunity to bypass. Even an area with security which will detect an attempt to pick a lock or force it open, is still vulnerable. You see a guy go up to a door, stick a key in the lock like he belongs there, then suddenly he "forgets" something and walks away without opening the door. You might not think twice about it in a busy office building, but that guy just got pin imprints and will be back every day to do the same thing again, or send in somebody else, until one day an attacker walks up with a manufactured key that opens the lock and goes right in.
"Something you have" like physical keys aren't that great if you don't secure them. You need to make sure that the only people who have that something are authorized to have it, and you need to restrict hardware access to the lock. It's a tricky proposition in the best of cases. Biometrics are even worse than most cases, because at least a lock on an office door can be changed if a key is lost. You can't change your biometrics. Furthermore, we're talking about digital systems here, when biometrics are inherently analog. Your analog finger, eye, or whatever is being taken in as a precise yet inaccurate digital signal, some probability function is determining if you're "close enough", and then a computer chip says you're okay. It's like having a lock where if you jiggle different keys in it, the tumbler will still turn. To put it in computer terms, it's like taking a float in as input, truncating the decimal, and using it as an integer in your finely-tuned algorithm. There's all kinds of floats out there that will get you the integer you need to make your algorithm work the way you want it to. It's no longer "something you have", it's "something that's kinda like what you have".
"Something you know" like a combination or a password, has always been more secure. It uses math instead of the physical world and its inherent weaknesses. There's too many combinations to reasonably guess it in the amount of time you have, and you're forced to exploit some vulnerability in the locking mechanism to get in, like using a blow torch to melt the locking bolt, or exploit some vulnerability in the user of the lock, like he was stupid and used his birthdate as the combination, or wrote it down. Passwords, and combinations, are digital, instead of analog, which means there's exactly one password or combination that will work, instead of an infinite number of "close enoughs".
You still need security with your lock and key, whether your key is something you know or something you have, but at least with digital, changeable keys, you have the power of discrete math on your side, and if you do lose lock or key security, you can go ahead and change your key.
And if I've piqued anyone's interest in security of physical locks and physical keys, I highly recommend the books by pen-tester Deviant Ollam, specifically Keys to the Kingdom which covers a number of attacks most people never consider when they're securing their offices, server rooms, etc. Practical Lock Picking is good too, if you want to learn how locks are defeated by, surprise, picking them (bumping, shimming, and bypassing too).
I too am surprised people are talking about CS majors as not getting a background in assembly and C or C-based languages. At my school, only ten years ago (shit, I'm getting old), assembly was a second year class, and actually the second class you took in the department if you were coming in with an APCS credit. Yeah, there was Java, but it was just the language they used to introduce new students to computer science, and all that was left behind after the first few classes, and more serious languages came very shortly after people got the basics of OO programming. By your third year classes you were expected to be able to pick up any language at any time, no problem, and you certainly had the background to do so. All the language concepts had already been learned, it was just a matter of picking up syntax or libraries as needed, in the context of whatever CS theory you were learning in a given class.
So is Asker just at a bad school, or has computer science education really changed?
If they get this up and running, it'll just be another diagnostic tool for your doctor. Hopefully it'll be a quick and cheap enough test that they can run it as soon as you report symptoms, just so they can rule in/rule out cancer and more quickly diagnose you properly with more specific tests to determine what kind and how bad. If it saves some people some unneeded biopsies, I'm all for it.
Sometimes I wonder if the editors are just trolling us.
And here I thought the reason they included that into the game was because lots of people were doing this already and the game was inspired by real life.
Any kind of automated mass collection of data without a human in the loop to determine if a threat is credible or not is going to have significant problems. People are sarcastic. People exaggerate. People lie. How many innocent people are being targeted with programs like the NSA has, simply because of a benign association, a bit of sarcasm, or an imperfect algorithm?
While I'd love to believe that the USSS can create some newer, better algorithms to sort through the threats and non-threats they get, if I was one of their protectees I would be awfully nervous if an algorithm was sorting through everything, instead of actual human beings.
You've got it backwards. It's the IRS who will want to use it first.
It's too bad they can't use this technology to stop the conspiracy theorists from revealing all of their conspiracies.
My entire post is a hypothetical. I don't expect Snowden to ever go on trial, fair or not. But I would like to see it happen and I would like for that trial to be fair. I have the same wishes about everybody who has committed a crime.
It's not my fault people have a hard time understanding pretty clear logical statements, and like to imagine other arguments I could be making but absolutely am not.
That is not my position. My position is if you break the law and admit you broke the law it's pretty obvious you're guilty of breaking the law. I said nothing about anyone deserving to go to prison just because they're guilty. In fact I outlined several ways by which a lawbreaker might avoid prison should they avail themselves of the justice system. Sometimes the law is wrong or misapplied.
Perhaps you should read a little closer to my post, then. Here you go:
I would very much like to see him get a fair trial, with all the evidence and arguments heard.
So yes, I am coming out in favor of a fair trial for Snowden, and people calling me all sorts of names are arguing against a straw man. Please direct your anger elsewhere.
Unfortunately people seem to be imagining my positions on other issues, rather than reading exactly what I said on this issue. I was specifically addressing the possibility of a trial for Snowden. I did not comment on other hypothetical trials because they were not mentioned in the Slashdot article I was commenting on. Staying on topic on a Slashdot story, crazy, I know. I'm a rebel.
If Slashdot were to have a story tomorrow about a potential trial for Clapper, or anyone else you care to name, you would find I am in favor of fair trials for everyone who has committed crimes, not just Snowden.
I am also aware that the system is not always fair. I addressed that point in my original post. Like I said, I want fair trials. I did not say I want unfair trials, or that I want a selective application of justice. Nothing I said is controversial unless people choose to imagine I'm saying things I'm not saying.
I don't expect to see any trials of any sort for anybody involved in this mess. This whole thing is hypothetical.
I'd still like to see fair trials happen. Apparently this is a controversial view.
I don't disagree with him either. But the fact still remains, he's repeatedly and publicly admitted to the crime he's accused of. The crime may be telling the truth, but some truths are illegal to tell.
If we as a society disagree with that law, we have various methods of recourse. But denying that Snowden broke the law is ridiculous.
I believe everyone accused of a crime should be brought to trial and the trial should be fair. How is this not sinking in?
It's not my fault you are choosing to read my posts as some kind of support of the NSA. Like I keep saying, I don't know who you think you're arguing with, but it's not me. Stop trying to make me a straw man.
It gives Apple complete control over their own destiny, which is something Apple likes to have (not exactly news). They now have a language they can tinker with to their hearts' content and no external group or standards body can restrict what they do with it. They've made it very clear they intend to listen to developer feedback and tinker with it, at least in the near future. Certainly even if they do eventually open it up, they'll still be able to extend it however they like and whenever they like in the future, as well.
They had to pull off some pretty crazy stuff just to make Objective-C usable all this time, and it shows. That's the problem Swift solves. It solves it for Apple. It's dramatically new because Apple controls it completely. Apple can and is obviously deploying it. It's not a distraction since developers can still use Objective-C as much as they want, and will only switch to Swift if it offers significant advantages.
I freely admit that there are problems with the system too. But that's a discussion for another topic. I was only here to address specifically this news article. I didn't say anything terribly controversial with my very narrow focus, but unfortunately people decided to imagine my positions on other issues I did not address at all, positions I do not hold.
Geez, a guy can't come out in favor of fair trials without getting called an authoritarian. Who knew?
You are absolutely right. Rosa Parks was a criminal.
If you want to read more into that then there is, feel free, but don't pretend I'm the one saying it. The only thing I am advocating here is that justice be served. In case I was too subtle for you in describing four different ways by which Snowden could still "win" despite being a criminal, let me list those out again.
1) A jury could simply choose to ignore the law and let Snowden free (jury nullification).
2) Snowden can appeal his case if found guilty and get the verdict overturned.
3) If appeals fail, he can get his sentence commuted by a president.
4) If appeals fail, he can get pardoned by a president.
I thoroughly support our justice system. Those four things are part of our justice system. If politicians fail to repeal unjust laws, the system can still free criminals under those laws. Snowden is guilty. If the laws that make him guilty are wrong, staying a fugitive does nothing to change those laws.
Which is why I said "If I was Snowden, I might not be so inclined to trust a US federal court with my fate." I even explained possible scenarios that might deprive him of a fair trial. In case it wasn't clear, I'm not in favor of those scenarios.
But I do think he should get a fair trial. I am of course speaking hypothetically here since it's obvious there's not going to be any kind of trial any time soon. But he's accused of crimes and people accused of crimes are supposed to get a trial by jury and all that nice stuff. Unfortunately for his defense, he's admitted to the crimes he's accused of, which will be awkward when the prosecution reads his statements aloud in court. I did, however, outline four options for him to ultimately avoid a lengthy prison sentence. He should avail himself of those options.
Clapper openly admitted he lied to congress. Snowden openly admitted to espionage (he may define the term differently, but the law defines what he did as espionage and he admitted to the acts). I think the chances of either getting a trial any time soon is pretty slim. All of this is hypothetical.
I would like to see fair trials for everyone accused of crimes. This is an article about Snowden, so I commented on Snowden. I'm sorry if other people decided that my commenting on-topic has implications about my views about off-topic subjects. If Slashdot has a story tomorrow about government officials admitting to crimes, I will happily say they're guilty too, and should get a fair trial with all the same legal rights that Snowden should get. I think trials are a good thing. I think due process is a good thing. I think our justice system that includes jury nullification, appeals, commutations, and pardons is a good thing. Apparently that offends some people. Who knew?
Obviously by a trial I mean a fair trial. That's why I said "I would very much like to see him get a fair trial" in my original post. So no, I don't think I'm wrong. I think you're trying to turn me into a straw man. What I said was all pretty reasonable if you don't read into it any more than what I specifically said.
Espionage is defined a specific way under the law. Snowden can deny he's committed espionage all he likes, but are you trying to say that he hasn't admitted to doing the things that the law defines as espionage? He has absolutely admitted to doing those things.
This is like saying "no, I didn't murder anybody, but I did stab them repeatedly until they died." Yeah, you're a murderer according to the law whether you want to call yourself one or not. A prosecutor doesn't need to prove that you think that should be called murder, only that you stabbed somebody repeatedly until they died, and that the law defines that as murder which is illegal. The prosecution's case, seriously, would be over very quickly in the Snowden trial. All they have to do is read Snowden's statements back, and explain what laws he was admitting to breaking, regardless of what personal definition he might hold for that.
It'd be up to Snowden's defense to try to argue for jury nullification. They could very well prevail in court. If they don't prevail in court, they can appeal, and appeal all the way up to the Supreme Court. If that doesn't work they can lobby for a commutation or a pardon. If the laws he broke are unjust, or unjustly applied in his case, it's going to take a trial to change those laws or the application of those laws. Internet posting won't accomplish anything. Personally, I'd like to see something accomplished. Wouldn't you?
They didn't turn themselves in because they would not have gotten a trial of their peers under the American justice system. They would have been hanged immediately by a squad of soldiers. Isn't that obvious? This is part of the reason why they later wrote the US Constitution.
I am not advocating that Snowden gets hanged by a squad of soldiers. Quite the opposite. Happy now?
I really don't understand who you're arguing with, but it's definitely not me. Stop trying to put words in my mouth.
Trials are a good thing. It is how we as a society decide truth and reach justice. It's also how the citizens of this country nullify laws that they don't like that the politicians won't change. No amount of internet posting is going to accomplish what you want to accomplish here. A trial can. Jurors can decide to ignore the law if they don't like it. If he's found guilty of the crimes he's already confessed to, then he can appeal, perhaps up to the Supreme Court, get a commutation from a future friendly president, or even an outright pardon. All of these things would accomplish what you want. Him hiding in a foreign country means he's a fugitive forever and nobody ever gets justice. He doesn't get justice, the American people don't get justice.
I also don't believe our justice system can only handle one case at a time. By all means, let's prosecute everyone who's broken the law. Let them have their day in court. But this is an article about Snowden, and that's the article I was commenting on. If you want to imagine a strawman and call him an authoritarian monarchist, please do so without my username attached.
Well first you need a grand jury to indict them before they go on trial. I'm sure there's a lot of evidence to go over before that happens. Justice rushed is not justice.
I would like the lawbreakers in government to get fair trials too, by the way.