Insecure systems are merely a corollary to that 1948 proof, and your schoolboy suggestions on how to make systems "secure" just shows you don't understand the problem. Everyone who understands the problem accepts the ultimate futility that underlies attempts to solve it.
What is this, a rerun of the "security is encryption+verification" No-True Scotsman fallacy that lead to the Firefox self-signed certs debacle.
An abstract mathematical proof means we cannot make a secure product? And somehow the security community has bought into this? I worry sometimes that the security community is prone to ridiculously levels of dogmatism and groupthink befitting any serious hacking group.
You can make a secure product. Security does not mean 100% proof perfect security. Security means that it is difficult, very difficult, to break into or even break the product.
Right now, in a similar way to unencrypted connections, we have a situation where most programs are insecure, and wide open to exploits and worse. And right now, just as with self-signed certs, we have a security community dogma that regards trying to improve things as a step backwards. This is asinine.
Stop making excuses for bad software, and bad systems designs. We can build a better internet, which is more secure from the ground up. Our efforts will not be futile -- far from it. A better internet for all is waiting to be created out there.
There is no honour amongst hackers any more. There is no real community. There is precious little skill.
This quote should concern everyone. We have now had an entire generation of programmers raised on walled garden apps, cookie-cutter scripting libraries, and above all a wave of cheap VC funding and hardware. How many people are left out there that can build the likes of Bittorrent, Bitcoin, a language like C, a game like Elite, or even a site like Slashdot? How many people, young people, are there who can write an OS kernel, design a basic circuit, and at a more pertinently serious level, reliably write software to implement mathematical encryption algorithms.
Reading this I'm inclined to believe that recent meme post about how the programming/silicon valley community has been taken over by "brogrammers", "hipsters" and "neckbeads", which to my mind are simply constitute cultural re-skinnings of the infamous Visual Basic programmers of old.
I worry that the unglamorous, mostly uncompensated, and largely intellectually driven practice of pure software programming and creation has been left behind in recent years. I personally have noticed little progression and indeed in many areas a general regression in the quality and reliability of software since approximately 2006/7.
While I would attribute this to my general "civilization is in decline" zeitgeist worries, my frustrations with software, UIs, and websites in particular has undoubtedly increased manifestly in the last 2-3 years or so. Maybe I'm just getting old -- or maybe programmers really are getting worse.
UX Webdesign hipster-trons have laid waste to yet another well known IP. When will it end? When the internet implodes into a black hole of dyslex-o-vision whitespace sites, and buzzfeed headlines, NSA surveillance crawlers. The few of us left will have to take refuge on resurrected BBS boards.
all these software engineers that work for nsa/gov , do they have any fucking morals? do they really believe they are securing the world from the evil guys? are they kept at gunpoint? are they just plain stupid?
Imagine a fraternity house filled with hundreds of "bro-grammers" looking to impress their peers and outsiders, alongside more socially inept nerds with a superiority complex and a grudge against society for its refusal to pay homage to their obviously superior intellects. The herd is managed by a cadre of MBA/careerist sociopaths with a lust for profit, exploitation and power. The entire operation has been given essentially unlimited budgets, unprecedented resources, and unrestricted access to private industry and the backbone of the net, and finally has been mandated to gather all it can, on whoever it can, by whatever means necessary by an ascendancy whose interests are explicitly opposed to the general public good.
Things have worked out about as well as you'd imagine. The fraternity house has engaged in naked, shameless and destructive criminal behaviour; in effect the NSA has become the largest hacker/cyber-crime organization on the globe. The Rule of Law now has no meaning on the network, or for computers, and society itself has been pushed into a literal sci-fi dystopia of surveillance and state security excess.
And were it not for one single fraternity member who found the courage to turn back and listen to his conscience, we would be spiraling into an even darker scenario at this very moment. Whether we eventually meet this fate is still uncertain.
The NSA is an out of control cyber-criminal gang. It is a matter of time before insiders at the NSA make contact with the criminals who run the banking industry, and at that point western society will probably be ripped apart in an orgy of computer-aided looting, sabotage, fraud, and political suppression. This is what happens when you let the hyenas run the zoo.
... The founders are younger; the pace is faster.'
And the quality is far, far lower.
While I may be a luddite, I truly believe that the progress of software innovation reached its peak circa 2007. Since then the quality of applications, usability of UIs, and generally the overall value of software has declined overall. In some sectors precipitously (web pages, window managers, tablet/metro style interfaces), in others a a steadier pace (office suite, web browsers); at best the industry has managed to simply maintain a moderately acceptable quality level(clis, email clients).
But more critically, the progress in building the infrastructure we need has effectively stopped completely. We need encryption by default, a distributed web, and software which interacts seamlessly with all of this. I don't see that the current bloom of App-creators is either willing or technically able to carry the network or software in general into its next stage of development.
So post the names of NSA employees publicly, and let's start collecting heads.
Why bother with the hassle, effort and expense. The best way to deal with the NSA is to cut their ludacrious budget. Then watch the outrageous sci-fi super surveillance software projects subsequently implode.
They seem to be influential in most countries. The part I cannot fathom though is why?
A car dealer is nothing more than a middle-man/sales-man. This dealership is literally a gift of the car company, which can be revoked at nigh any time. His capital base is pretty small next to even a moderately sized small business, he's very sensitive to shocks, and if he's in the used business he's deeply mistrusted and unpopular.
So where is this influence coming from? The cars?! Are they giving off some kind of pheromone that he absorbs by osmosis?
I saw this in college with the women who took CS seriously feeling like they had to work twice as hard because half of the girls were getting by, in their minds by "flipping their skirts and smiling the guys" to get them to do their work for them.
How would this even work? Most Engineering degrees are based principally on examinations. You can't smile your way out of solving a differential equation on paper.
The older you have become, the more exceptions you have encountered which shatter common stereotypes. By the time you hit 70-80 years of age, the whole of humanity probably seems like am unweighted random behaviour generator.
The relevant Quote:
The latter part of a wise man's life is taken up in curing the follies, prejudices, and false opinions he had contracted in the former.
I'm confident most of us can name at least one "superior" who held critical decision making powers in an organization who would print off their emails to read them rather than reading them on the monitor. Why are these people not being publicly shamed?
The joke is on you cyber-man. These guys print off the emails to make sure they have a hardcopy for everything they're read so that all their bases and asses are covered when its hits the fan. Those who rey on soft copies will be left flapping in the breeze at the first hard disc failure.
Personally, I find this to be the single most infuriating aspect of the financial crisis -- in any country. Every single time I hear about public time and money being wasted on frivolous prosecutions, I am keenly reminded that these are the same police services and directors of public prosecutions who won't investigate the banks. Not who can't; who won't -- Refuse to even. it would be one this if the justice system was simply universally inept. But cases like this shows they can and do act with extreme prejudice when they have a mind to.
It's shambolic, slipshod, corrosive to the justice system and ultimately seditious. It's the clearest indication of the justice system which has been seized by political interests, and which refuses to perform its stated function to maintain the rule of law.
P.S. Regarding Corzine. The money did not "disappear". Corzine stole it out of customer accounts to covers his bills at JP Morgan. He knew exactly where it went; and the SEC and the Justice Department know exactly where it went but refuse to do anything about ti. They're too busy perusing basement dwelling geeks and beatniks to investigate those cases which actually rock the foundations of commerce and law. Stellar job there Mr Holder; Kudos.
which OS/Web-browser is so insecure that it accepts a root certificate from the network like this?
Firefox.
Firefox loves CAs. Firefox must have CAs. If your website uses a self signed cert, Firefox will scream unholy murder and frighten most visitors away until you register with a proper, Christian root CA and do thing the way the applied cryptography community believes they should be done.
And all the while, the entire root CA infrastructure is so shoddily implemented that MITM attacks like this are common at most companies. What a joke! HTTPS and SSH are almost meaningless in such an environment.
I think it's time for the entire Internet to admit that the current CA model is a joke of an implementation and cannot be relied upon to protect privacy, security, or trust for ordinary users at all.
In retrospect, I rather regret not leaping on some bizzare and obscure science topic very early on in my career. With my early knowledge of pop-science and fantasy TV, film, and comic books, I could have made big headways in modern cosmology and theoretical physics by now.
A Typical Mix-Maxer response. The rules _technically_ allow this, so I will ruin the game for everyone by twisting/optimizing them to the limit to win even if I have to destroy the game to do it.
Future generations will see the mass influx of STEM geeks into the finance and business arena as a catastrophic social development in early 21st century industries.
Obviously, I imagine an upskirt picture does not reveal any more than what you would see at a beach in any western country.
It's not about what is visible and what isn't. It's about technologically equipped perverts intimidating women on public streets and public transport, for their own personal kicks. It's about people doing something wrong because it offends another person. If you allow this kind of behavior to go unchecked, worse will follow.
He flew a model next to a helipad and wonders why the FAA are stomping on him. They apparently overreached a bit when going into the commercial motivations for flying the model, but he was being a dick and the FAA is not entirely wrong to stomp on people who are flying like a dick.
You sir are a unapolagetic "moocher", obviously ignorent of the Galt-ian philosophies of liberty which divinely entitle -- nay, oblige -- this man to use his superior intellect and skills to pilot and above all profit by flying this cheap, personal risk-less drone in an environment which should be free of all oppressive government regulations, no matter how many leechers walk or crash into the path of his unfiled flight-plan. The world's creative and productive elites will not be held back by the like of you and your FAA -- they'll strike!
Actually the media is supposed to speak truth to power, an to perform these investigation and exposes on corrupt and criminal bankers, politicians, civil servants, etc, etc. Needless to say, this isn't happening.
Whoever Dorian Nakamoto is, it's clear he's not a powerful person. So this isn't journalism; it's exploitation.
I've been following this pretty closely today and it honestly seems to be fairly convincing to me that he is.
The problem here is false positives. If you slowly go through all the Satoshi Nakamoto's in the entire world, what is the probability that you _won't_ find one who fits the profile of a secretive computer geek? Chances are that that is basically what we are seeing here.
The list of circumstantial evidence is fairly convincing, but it must be weighted against the odds of _not_ finding such a person. If you look for a person with the name "David O'Neill" who could fit Bitcoin Satoshi's profile, odds are you will also find such a man, with just such a set of circumstantial evidence.
On top of all that, there are details of the story which, bluntly, make it seem fabricated. The line about the cop who knew about "the guy who invented bitcoin" reads conspiculously like either an embellishment or an outright fabrication
"What?" The police officer balks. "This is the guy who created Bitcoin? It looks like he's living a pretty humble life."
I don't think the story has much credibility. Then again, I have a pretty low opinion of journalists anyway.
We live in an age of propaganda, mendaciousness, and manipulation. PR-men are literally in charge of public policy. A positive public information campaign reliant on trust is impossible in our present circumstances.
Why do people even need to "deposit" their coins with Flexcoin in the first place? The chain is completely public; the exchange knows how much everyone has anyway. Is this an operation thing or do people who use Bitcoin still have some kind of pathological need to store their coins in a "bank" of some kind?
Slashdot Mirror
What is this, a rerun of the "security is encryption+verification" No-True Scotsman fallacy that lead to the Firefox self-signed certs debacle.
An abstract mathematical proof means we cannot make a secure product? And somehow the security community has bought into this? I worry sometimes that the security community is prone to ridiculously levels of dogmatism and groupthink befitting any serious hacking group.
You can make a secure product. Security does not mean 100% proof perfect security. Security means that it is difficult, very difficult, to break into or even break the product.
Right now, in a similar way to unencrypted connections, we have a situation where most programs are insecure, and wide open to exploits and worse. And right now, just as with self-signed certs, we have a security community dogma that regards trying to improve things as a step backwards. This is asinine.
Stop making excuses for bad software, and bad systems designs. We can build a better internet, which is more secure from the ground up. Our efforts will not be futile -- far from it. A better internet for all is waiting to be created out there.
This quote should concern everyone. We have now had an entire generation of programmers raised on walled garden apps, cookie-cutter scripting libraries, and above all a wave of cheap VC funding and hardware. How many people are left out there that can build the likes of Bittorrent, Bitcoin, a language like C, a game like Elite, or even a site like Slashdot? How many people, young people, are there who can write an OS kernel, design a basic circuit, and at a more pertinently serious level, reliably write software to implement mathematical encryption algorithms.
Reading this I'm inclined to believe that recent meme post about how the programming/silicon valley community has been taken over by "brogrammers", "hipsters" and "neckbeads", which to my mind are simply constitute cultural re-skinnings of the infamous Visual Basic programmers of old.
I worry that the unglamorous, mostly uncompensated, and largely intellectually driven practice of pure software programming and creation has been left behind in recent years. I personally have noticed little progression and indeed in many areas a general regression in the quality and reliability of software since approximately 2006/7.
While I would attribute this to my general "civilization is in decline" zeitgeist worries, my frustrations with software, UIs, and websites in particular has undoubtedly increased manifestly in the last 2-3 years or so. Maybe I'm just getting old -- or maybe programmers really are getting worse.
UX Webdesign hipster-trons have laid waste to yet another well known IP. When will it end? When the internet implodes into a black hole of dyslex-o-vision whitespace sites, and buzzfeed headlines, NSA surveillance crawlers. The few of us left will have to take refuge on resurrected BBS boards.
Imagine a fraternity house filled with hundreds of "bro-grammers" looking to impress their peers and outsiders, alongside more socially inept nerds with a superiority complex and a grudge against society for its refusal to pay homage to their obviously superior intellects. The herd is managed by a cadre of MBA/careerist sociopaths with a lust for profit, exploitation and power. The entire operation has been given essentially unlimited budgets, unprecedented resources, and unrestricted access to private industry and the backbone of the net, and finally has been mandated to gather all it can, on whoever it can, by whatever means necessary by an ascendancy whose interests are explicitly opposed to the general public good.
Things have worked out about as well as you'd imagine. The fraternity house has engaged in naked, shameless and destructive criminal behaviour; in effect the NSA has become the largest hacker/cyber-crime organization on the globe. The Rule of Law now has no meaning on the network, or for computers, and society itself has been pushed into a literal sci-fi dystopia of surveillance and state security excess.
And were it not for one single fraternity member who found the courage to turn back and listen to his conscience, we would be spiraling into an even darker scenario at this very moment. Whether we eventually meet this fate is still uncertain.
The NSA is an out of control cyber-criminal gang. It is a matter of time before insiders at the NSA make contact with the criminals who run the banking industry, and at that point western society will probably be ripped apart in an orgy of computer-aided looting, sabotage, fraud, and political suppression. This is what happens when you let the hyenas run the zoo.
And the quality is far, far lower.
While I may be a luddite, I truly believe that the progress of software innovation reached its peak circa 2007. Since then the quality of applications, usability of UIs, and generally the overall value of software has declined overall. In some sectors precipitously (web pages, window managers, tablet/metro style interfaces), in others a a steadier pace (office suite, web browsers); at best the industry has managed to simply maintain a moderately acceptable quality level(clis, email clients).
But more critically, the progress in building the infrastructure we need has effectively stopped completely. We need encryption by default, a distributed web, and software which interacts seamlessly with all of this. I don't see that the current bloom of App-creators is either willing or technically able to carry the network or software in general into its next stage of development.
I always thought it was called SELinux.
Why bother with the hassle, effort and expense. The best way to deal with the NSA is to cut their ludacrious budget. Then watch the outrageous sci-fi super surveillance software projects subsequently implode.
They seem to be influential in most countries. The part I cannot fathom though is why?
A car dealer is nothing more than a middle-man/sales-man. This dealership is literally a gift of the car company, which can be revoked at nigh any time. His capital base is pretty small next to even a moderately sized small business, he's very sensitive to shocks, and if he's in the used business he's deeply mistrusted and unpopular.
So where is this influence coming from? The cars?! Are they giving off some kind of pheromone that he absorbs by osmosis?
Correction: Someone pays them to work under the table. The same person who won't pay you to work above the table.
How would this even work? Most Engineering degrees are based principally on examinations. You can't smile your way out of solving a differential equation on paper.
The older you have become, the more exceptions you have encountered which shatter common stereotypes. By the time you hit 70-80 years of age, the whole of humanity probably seems like am unweighted random behaviour generator.
The relevant Quote:
The joke is on you cyber-man. These guys print off the emails to make sure they have a hardcopy for everything they're read so that all their bases and asses are covered when its hits the fan. Those who rey on soft copies will be left flapping in the breeze at the first hard disc failure.
Personally, I find this to be the single most infuriating aspect of the financial crisis -- in any country. Every single time I hear about public time and money being wasted on frivolous prosecutions, I am keenly reminded that these are the same police services and directors of public prosecutions who won't investigate the banks. Not who can't; who won't -- Refuse to even. it would be one this if the justice system was simply universally inept. But cases like this shows they can and do act with extreme prejudice when they have a mind to.
It's shambolic, slipshod, corrosive to the justice system and ultimately seditious. It's the clearest indication of the justice system which has been seized by political interests, and which refuses to perform its stated function to maintain the rule of law.
P.S.
Regarding Corzine. The money did not "disappear". Corzine stole it out of customer accounts to covers his bills at JP Morgan. He knew exactly where it went; and the SEC and the Justice Department know exactly where it went but refuse to do anything about ti. They're too busy perusing basement dwelling geeks and beatniks to investigate those cases which actually rock the foundations of commerce and law. Stellar job there Mr Holder; Kudos.
Firefox.
Firefox loves CAs. Firefox must have CAs. If your website uses a self signed cert, Firefox will scream unholy murder and frighten most visitors away until you register with a proper, Christian root CA and do thing the way the applied cryptography community believes they should be done.
And all the while, the entire root CA infrastructure is so shoddily implemented that MITM attacks like this are common at most companies. What a joke! HTTPS and SSH are almost meaningless in such an environment.
I think it's time for the entire Internet to admit that the current CA model is a joke of an implementation and cannot be relied upon to protect privacy, security, or trust for ordinary users at all.
The NSA approves of this messege.
In retrospect, I rather regret not leaping on some bizzare and obscure science topic very early on in my career. With my early knowledge of pop-science and fantasy TV, film, and comic books, I could have made big headways in modern cosmology and theoretical physics by now.
A Typical Mix-Maxer response. The rules _technically_ allow this, so I will ruin the game for everyone by twisting/optimizing them to the limit to win even if I have to destroy the game to do it.
Future generations will see the mass influx of STEM geeks into the finance and business arena as a catastrophic social development in early 21st century industries.
It's not about what is visible and what isn't. It's about technologically equipped perverts intimidating women on public streets and public transport, for their own personal kicks. It's about people doing something wrong because it offends another person. If you allow this kind of behavior to go unchecked, worse will follow.
Wait; Do you literally live in a sewer drain?
You sir are a unapolagetic "moocher", obviously ignorent of the Galt-ian philosophies of liberty which divinely entitle -- nay, oblige -- this man to use his superior intellect and skills to pilot and above all profit by flying this cheap, personal risk-less drone in an environment which should be free of all oppressive government regulations, no matter how many leechers walk or crash into the path of his unfiled flight-plan. The world's creative and productive elites will not be held back by the like of you and your FAA -- they'll strike!
Actually the media is supposed to speak truth to power, an to perform these investigation and exposes on corrupt and criminal bankers, politicians, civil servants, etc, etc. Needless to say, this isn't happening.
Whoever Dorian Nakamoto is, it's clear he's not a powerful person. So this isn't journalism; it's exploitation.
The problem here is false positives. If you slowly go through all the Satoshi Nakamoto's in the entire world, what is the probability that you _won't_ find one who fits the profile of a secretive computer geek? Chances are that that is basically what we are seeing here.
The list of circumstantial evidence is fairly convincing, but it must be weighted against the odds of _not_ finding such a person. If you look for a person with the name "David O'Neill" who could fit Bitcoin Satoshi's profile, odds are you will also find such a man, with just such a set of circumstantial evidence.
On top of all that, there are details of the story which, bluntly, make it seem fabricated. The line about the cop who knew about "the guy who invented bitcoin" reads conspiculously like either an embellishment or an outright fabrication
I don't think the story has much credibility. Then again, I have a pretty low opinion of journalists anyway.
P.S.
*Stands up* I'm Satoshi!!
Apart from Newsweek's ad revenue, which probably skyrocketed after publishing this story.
We live in an age of propaganda, mendaciousness, and manipulation. PR-men are literally in charge of public policy. A positive public information campaign reliant on trust is impossible in our present circumstances.
Why do people even need to "deposit" their coins with Flexcoin in the first place? The chain is completely public; the exchange knows how much everyone has anyway. Is this an operation thing or do people who use Bitcoin still have some kind of pathological need to store their coins in a "bank" of some kind?