I've been posting for years every time discussions about ICANN, DNS and other US-centric Internet systems came up that the party line "but only US control guarantees that it remains free and open" is bullshit at best.
Frankly, putting everything under UN control is probably the best thing we could do. Not because the UN were any less power-hungry or insane than any individual government, but because they have more trouble ever agreeing on anything, and less resources to do crap in secret.
The founding fathers were Libertarians or they were as near as makes no difference. Remember, you are talking about a group of people who were willing to fight and die and fill the streets with blood over a tax dispute.
One of the most important things you learn when you study history is the difference between source and occasion.
The assassination of Archduke Franz Ferdinand of Austria was the occasion to start WW1, but not the cause.
Likewise, the Declaration of Independence was not caused by one single tax. That was the straw that broke the camels back, but hardly the only reason.
I believe this is one of the arguments for anarcho-libertarianism: that once you have a government at all it will eventually become a dystopian police state. Just a matter of time.
I believe the crucial error everyone makes in this area is to assume that a fixed system will maintain its state in a world of constant change. No matter if your vision of the ideal government is a big, a small or an ultra-minimalist government, most of these visions share one fatal flaw: They are static. Real life isn't static. What your vision needs is a mechanism of adaption to constant change.
"libertarian" has a very specific meaning. Basically it means that you support a system pretty much like 18th century America
Agreed, especially on the 2nd point. We have almost no data on how long intelligent life persists. There's one theory that I forgot the name of that says most intelligent species will probably wipe themselves out once they discover nuclear war.
It's official then, it's not the land of the free anymore. Because if you don't want your freedom, you don't deserve it.
Oppressed people at least know that things should be different. They might lack the resources or resolve to fight the system right here and now, but they know things aren't right and just might stand up any moment.
The US, on the other hand - and to be honest, lots of the west - has become the worst kind of oppressive system, worse than 1984. The kind where the oppressed believe the lies they are told. Russians knew that Prawda wasn't telling them the truth. Way too many americans believe Fox does.
You seem to be implying that the US has a different sort of Libertarian from other countries.
They do, just like US-democracts and US-republicans are unlike their counterparts in other countries.
A US-republican would be considered a hardcore right-winger in most of Europe, for example.
Interest groups don't typically have large armies and hundreds of thousands of henchman (the police) to do their bidding.
But why?
If got go deeper on this question - and we desperately need more people answering questions on more than just the surface layer - you will find that the reason that corporations do not have armed forces is, oops, that the strong government prevents it. In many 3rd world countries, they in fact do have armed forces in pay.
The strong government you abhor so much is what stands between you and everyone else oppressing you in very much the same ways.
That is why the founders of the U.S. felt the need to make a list of things that the government was allowed to do we call a constitution. In order to try to prevent it from growing into something that controls every aspect of peoples' lives.
While at the same time giving it enough power to still function as a government. The founding fathers weren't libertarians and did include rules about things like taxation that modern-day-US-style-libertarians condemn as stuff straight out of hell.
Because other types of organizations, corporations, churches, interest groups, etc., do not have the power to compel you to do their bidding at the point of a gun.
Not in the US and not at this point of time, and that doesn't mean they are any better just because they have other means.
Besides, in many cases that power is largely theoretical. If you don't pay a parking ticket, the government won't storm your house with a SWAT team - they will sue you. Oh, you probably don't make a difference between the three arms of government, do you?
Don't like your church's rules for tithing? Stop going, and/or stop paying the tithe.
Tell that to people who got into Scientology and don't like it anymore. We have quite a few first-person accounts that it ain't this easy.
If you were really hired by a medium-size company, you would be professional enough to a) not require advise from/. on the very stuff you're being paid for and b) would not post any details of a job on a public forum, with our without names.
My best guess is that you're in the IT department and don't like your boss, and the imaginary consultant is someone who you hope/dream/fantasize about. Not judging you, we've all been there. IT management is notoriously incompetent, and if you haven't had at least one boss in your career who was utterly and completely a result of the Peter Principle, then you haven't had much of a career, yet.:-)
But please, don't take your fellow geeks for fools, we aren't.
The state is not the enemy of liberty (or more accurately, it does not have to be, and should not be).
Your liberty can be infringed by the action of any powerful entity, be it the state, a large corporation, a wealthy person or a simple thug.
Bingo.
This is what I don't get about US-style libertarians. Somehow, the government is evil by definition, but what about all the other types of organizations, corporations, churches, interest groups, etc, etc.
The machine will care whether or not he's a future danger, because past damage is done.
And I'm pretty sure that if he is any smart, he has made sure that in the event of his demise, news agencies will be informed and at least one additional secret document will be released.
So yes, 6 months down the line, this would still be a big story and the news would bring it. If you want to talk time, try 6 years.
Again, just like Asange, being in the news is a pretty good safety net. Better than hiding.
If your safety is anonymity, you will never know if it has been pierced.
And if they'd kill him now, or in the very near future, it would be an instant news item and there would be many, many questions. In fact, if I were the NSA, I'd probably send out a team to make sure that he doesn't have an accident, because if he dies in a car crash tomorrow, everyone will assume it wasn't an accident.
What we know with certainty is that life in the universe is rare, as far as we know earth is the only planet that has it.
That's total nonsense. And you contradict yourself in the next sentence:
Everything else about life elsewhere is simply hypothesis and statistics, but unproven.
We know nothing about life in the universe. Nothing. Zero, nada, zilch, null. Until we have a much larger data sample, it is all just theoretical. Completely true, and until the intervention of interstellar travel, unavoidable.
That is exactly why we're looking for any clues we might find. That includes not only Mars, but also Europa, for example, where some scientists believe we might find primitive life.
We know for sure that there's life on Earth. We can exclude most of the other planets and moons as they can not possibly sustain any life based on anything we can imagine.
But that's just the solar system. For the rest of the universe, we have, for example, just recently changed our estimate about how common planets are. We thought that most suns wouldn't have any, now we think almost the opposite.
We have just started having methods to find planets of earth size.
But still, life somewhere else in the solar system would be a pretty big deal.
Intelligent life is even rarer, given the biomass of earth.
Wrong. Biomass is not the deciding factor. Right now, our sample size indicates that 100% of planets with life at all will bring about intelligent life. But that could just be due to the anthropic principle. We don't know if Earth is a rare exception, or if there's something to evolution that will result in intelligence in most cases.
Again, getting closer to an answer here, in either direction, would be a pretty big deal.
Yeah, that quote is really, really old and gets used by politicians a lot.
Lately, here in Germany, we've started throwing it back at them whenever they are hiding something from us. Like who gives them how much money or which companies they work for after their term, or who paid their campaign, or indeed their last holiday.
The "if you have nothing to hide..." should be told to them a lot more often, because they've been abusing it for a long, long time.
Also, since we know that sexual favours are as successful in swaying people as financial incentives, I would like a full record of who my politicians have been sleeping with during their terms. As there are more lies in this area than in any other, we should have 24/7 surveilance and automated reporting. What? You don't have anything to hide, do you?
Why did he do it? My guess is this: He's worked in the industry long enough to figure out that they would get him, sooner or later. And that they don't forget.
Going public might be his life insurance. At least it'll make it more difficult to make him vanish.
Exactly. Life in the solar system would change our view of life in the universe.
Right now, the only instance of a planet developing life is Earth. We extrapolate from there. But the big question (intelligent life) also hangs on the probability of life evolving into intelligent life.
If we find that life is actually a pretty common event in the universe, but it rarely evolves beyond bacterial or small organisms, it might change our equations on how likely we'll find some other space-faring race.
But if we find that life is rare, it'll also change it.
The combination of these two makes a pretty damn big differences on all "are we alone?" questions.
Not primarily to sue the other guy, though that might be a result. But you need to check with someone who is as much an expert in law as you are an expert in code just what's going on.
Did you ever really own the copyright on those files? Copyright is a legal term, even though we coders often use it as a name tag. You may have never had the right to write "(C) by me" in there in the first place if it was a work-for-hire for your client, in which case they own the copyright.
What did the contract you had with them specify regarding rights?
Finally, talk to him about how to put your name in for the future in a proper way. Maybe "(C) by me" should be replaced by "written by me (year)" and your future contracts specify that the client may not remove that line (though he may add further ones if other people take over and add their own code).
Often, a friendly lawyer that you find through a personal contact will be willing to give not-legal-advise over a meal or drinks. Lawyers are the geeks of the business world.
Simple: I've found something better that does everything I want it to do.
There's still a bootcamp partition on this iMac, originally installed and used for games. But 2013 seems to finally be the year I don't even need it anymore. I can't remember when I booted windows up the last time, must have been months ago. All the games I really want are available for OS X now.
For all I care, windows can go the way of the Dodo bird. I wouldn't even notice.
Why do you want to disconnect after a set time interval? Your time will never be correct. Sometimes, legit maintainance might take longer (e.g. if they're monitoring the system to trace a problem) and often it will be much shorter.
Without knowing the details, what you need is a point inbetween that IT Security controls, and the procedure that says enabling remote access requires form 123a filled out. Which would be a simple paper saying "please enable remote access for vendor X on (datetime) until (datetime)".
Everyone will hate you for the added bureaucracy, but this is the one and only way to guarantee that no outside vendor can access your system without your knowledge.
Take care regarding the wording of the form. Nobody likes the beg IT to do anything. It should sound like an order, that'll make them feel a lot better, and you're not planning to deny any of these anyways.
It would be a slippery slope if there were even the faint ghostly remains of some content to it. At best, it's an imaginary potentially unperfectly grippy slightly inclined partial slope.:-)
The real problem is that people are driving while distracted, and we already have a law against that. We do not need more laws.
That, too. Though there's a related issue and that is that people vastly underestimate the amount of distraction that a quick Twitter check causes. Most people think of themselves as being able to handle that just fine and it not making any difference.
They're doing it all wrong. You can't solve a social problem with technological features.
No, but you can mitigate it. The problem is real, people are dying on the street today because someone checked his Twitter or Mail while driving. If a technological feature can reduce the number of these incidents by x% - well, ask the x% who would otherwise be dead if they think it's worth it.
The solution is to fix the culture to make it socially unacceptable.
While I agree on that, we do not have a formula on how to do that. Some stuff that we outlaw is also uncool, but some stuff is cool exactly because it's illegal. Laws do not define what's socially acceptable, and we don't know how exactly to change a culture.
The technology solution might not be as good, but at least we know how it can be done. That's a real practical advantage.
The point is simple and clear. Obscuring that version info is a tiny little security measure.
No it is not. I'm using "so many words" because you refuse to acknowledge a simple point:
"Security" is something that still provides security if your attacker knows about it. Example: The fact that you now know that my front door has 2 locks does not make breaking and entering any easier for you.
"Obscurity" is something that provides "security" only as long as it is unknown. Example: If I were to tell you that I keep a spare key under the door mat, my entire entry-system security would be instantly compromised.
If you really, really can't see the fundamental difference between these two concepts, I'm now out of ideas how to explain it.
With ASLR the only difference is that you don't know where it is anymore -- because it has been *obscured* from you.
I'm not discussing semantics with someone who insists on having his own meaning for words. Quote one expert on the topic who uses the word "obscurity" to describe ASLR. "Security through obscurity" does not refer to a specific number being unknown - otherwise every password or crypot key system ever would be "security through obscurity". STO (I need to abbreviate it) refers to a system design or specification being unknown.
What are the other factors? Everything translates into cost eventually.
In a capitalistic world or for a sufficiently meaningless definition of the word, yes. If your attacker is, say, religiously motivated (and it happens, there are islamic hacking groups), cost doesn't matter. Their limits are the limits of their available time, computing power and expert knowledge.
Yes, you will argue, all of those can be expressed as "costs". So if you want to insist on that POV, be my guest. I'm simply saying that some attackers don't go about calculating a $ value of the attack and then running a ROI estimate.
What is the cheapest point of attack in your system currently? [...] You don't need to project the attackers cost to do that.
Pray tell, how do you calculate the cheapest point of attack without projecting the attack cost?
Stop doing this! See your above strawman -- did I suggest that hiding your IP address is a single point of defense you should rely on? WTF is this logic?
Yes, effectively you are arguing that. Or rather: You are arguing that hiding my IP address is a security measure because it - however slightly - raises the cost to the attacker.
I'm arguing that if factors like this even make a difference, your security is seriously broken. It should be just as secure with or without your IP address being known, because it really isn't as hard to figure it out as you think.
Same thing with all your examples. If you think that the fact that your system uses ASLR is worth keeping a secret, because it'll confuse attackers, you are doing STO. But ASLR itself is real security, because it adds actual difficulty.
Low cost measure of what? Low cost measure of what? Ans: security.
So you think anything that adds even one cent to the cost of breaking into a system is a security measure, yes? Well, as I said above, for a sufficiently meaningless definition of "cost", you can claim to be right. In the real world, such bullshit is meaningless.
But you do obscure something -- the key
omg
You are using words and have no idea what they mean.
A cryptographic secret is not an obscurity measure. This is just ridiculous.
If you use words within a context, you need to use them in the meaning they have within that context. You can't talk about, say, "intent" in a court and use the philosophical definition, you'll have to use the legal definition.
I've been posting for years every time discussions about ICANN, DNS and other US-centric Internet systems came up that the party line "but only US control guarantees that it remains free and open" is bullshit at best.
Frankly, putting everything under UN control is probably the best thing we could do. Not because the UN were any less power-hungry or insane than any individual government, but because they have more trouble ever agreeing on anything, and less resources to do crap in secret.
Cue the USA-USA-USA answers...
The founding fathers were Libertarians or they were as near as makes no difference. Remember, you are talking about a group of people who were willing to fight and die and fill the streets with blood over a tax dispute.
One of the most important things you learn when you study history is the difference between source and occasion.
The assassination of Archduke Franz Ferdinand of Austria was the occasion to start WW1, but not the cause.
Likewise, the Declaration of Independence was not caused by one single tax. That was the straw that broke the camels back, but hardly the only reason.
I believe this is one of the arguments for anarcho-libertarianism: that once you have a government at all it will eventually become a dystopian police state. Just a matter of time.
I believe the crucial error everyone makes in this area is to assume that a fixed system will maintain its state in a world of constant change. No matter if your vision of the ideal government is a big, a small or an ultra-minimalist government, most of these visions share one fatal flaw: They are static. Real life isn't static. What your vision needs is a mechanism of adaption to constant change.
"libertarian" has a very specific meaning. Basically it means that you support a system pretty much like 18th century America
omg
You really think that "libertarian" is an american speciality? You're going to ignore Joseph Déjacque? You're going to ignore that the term had a considerable change of meaning in the US in the 1950s? You're going to ignore the Austrian School of economics?
Change, my friend. Change is the only constant phenomenon.
Agreed, especially on the 2nd point. We have almost no data on how long intelligent life persists. There's one theory that I forgot the name of that says most intelligent species will probably wipe themselves out once they discover nuclear war.
That's the point. Even putting them into the fridge to kill them (as in this concept) is something lots of people wouldn't want to do.
Then again, two hundred years ago, most people did kill their own farm animals prior to eating them, so it very much is a cultural thing.
It's official then, it's not the land of the free anymore. Because if you don't want your freedom, you don't deserve it.
Oppressed people at least know that things should be different. They might lack the resources or resolve to fight the system right here and now, but they know things aren't right and just might stand up any moment.
The US, on the other hand - and to be honest, lots of the west - has become the worst kind of oppressive system, worse than 1984. The kind where the oppressed believe the lies they are told. Russians knew that Prawda wasn't telling them the truth. Way too many americans believe Fox does.
You seem to be implying that the US has a different sort of Libertarian from other countries.
They do, just like US-democracts and US-republicans are unlike their counterparts in other countries.
A US-republican would be considered a hardcore right-winger in most of Europe, for example.
Interest groups don't typically have large armies and hundreds of thousands of henchman (the police) to do their bidding.
But why?
If got go deeper on this question - and we desperately need more people answering questions on more than just the surface layer - you will find that the reason that corporations do not have armed forces is, oops, that the strong government prevents it. In many 3rd world countries, they in fact do have armed forces in pay.
The strong government you abhor so much is what stands between you and everyone else oppressing you in very much the same ways.
That is why the founders of the U.S. felt the need to make a list of things that the government was allowed to do we call a constitution. In order to try to prevent it from growing into something that controls every aspect of peoples' lives.
While at the same time giving it enough power to still function as a government. The founding fathers weren't libertarians and did include rules about things like taxation that modern-day-US-style-libertarians condemn as stuff straight out of hell.
Because other types of organizations, corporations, churches, interest groups, etc., do not have the power to compel you to do their bidding at the point of a gun.
Not in the US and not at this point of time, and that doesn't mean they are any better just because they have other means.
Besides, in many cases that power is largely theoretical. If you don't pay a parking ticket, the government won't storm your house with a SWAT team - they will sue you. Oh, you probably don't make a difference between the three arms of government, do you?
Don't like your church's rules for tithing? Stop going, and/or stop paying the tithe.
Tell that to people who got into Scientology and don't like it anymore. We have quite a few first-person accounts that it ain't this easy.
I call bullshit on this one.
If you were really hired by a medium-size company, you would be professional enough to a) not require advise from /. on the very stuff you're being paid for and b) would not post any details of a job on a public forum, with our without names.
My best guess is that you're in the IT department and don't like your boss, and the imaginary consultant is someone who you hope/dream/fantasize about. Not judging you, we've all been there. IT management is notoriously incompetent, and if you haven't had at least one boss in your career who was utterly and completely a result of the Peter Principle, then you haven't had much of a career, yet. :-)
But please, don't take your fellow geeks for fools, we aren't.
The state is not the enemy of liberty (or more accurately, it does not have to be, and should not be).
Your liberty can be infringed by the action of any powerful entity, be it the state, a large corporation, a wealthy person or a simple thug.
Bingo.
This is what I don't get about US-style libertarians. Somehow, the government is evil by definition, but what about all the other types of organizations, corporations, churches, interest groups, etc, etc.
The machine will care whether or not he's a future danger, because past damage is done.
And I'm pretty sure that if he is any smart, he has made sure that in the event of his demise, news agencies will be informed and at least one additional secret document will be released.
So yes, 6 months down the line, this would still be a big story and the news would bring it. If you want to talk time, try 6 years.
Again, just like Asange, being in the news is a pretty good safety net. Better than hiding.
If your safety is anonymity, you will never know if it has been pierced.
And if they'd kill him now, or in the very near future, it would be an instant news item and there would be many, many questions. In fact, if I were the NSA, I'd probably send out a team to make sure that he doesn't have an accident, because if he dies in a car crash tomorrow, everyone will assume it wasn't an accident.
What we know with certainty is that life in the universe is rare, as far as we know earth is the only planet that has it.
That's total nonsense. And you contradict yourself in the next sentence:
Everything else about life elsewhere is simply hypothesis and statistics, but unproven.
We know nothing about life in the universe. Nothing. Zero, nada, zilch, null. Until we have a much larger data sample, it is all just theoretical. Completely true, and until the intervention of interstellar travel, unavoidable.
That is exactly why we're looking for any clues we might find. That includes not only Mars, but also Europa, for example, where some scientists believe we might find primitive life.
We know for sure that there's life on Earth. We can exclude most of the other planets and moons as they can not possibly sustain any life based on anything we can imagine.
But that's just the solar system. For the rest of the universe, we have, for example, just recently changed our estimate about how common planets are. We thought that most suns wouldn't have any, now we think almost the opposite.
We have just started having methods to find planets of earth size.
But still, life somewhere else in the solar system would be a pretty big deal.
Intelligent life is even rarer, given the biomass of earth.
Wrong. Biomass is not the deciding factor. Right now, our sample size indicates that 100% of planets with life at all will bring about intelligent life. But that could just be due to the anthropic principle. We don't know if Earth is a rare exception, or if there's something to evolution that will result in intelligence in most cases.
Again, getting closer to an answer here, in either direction, would be a pretty big deal.
Yeah, that quote is really, really old and gets used by politicians a lot.
Lately, here in Germany, we've started throwing it back at them whenever they are hiding something from us. Like who gives them how much money or which companies they work for after their term, or who paid their campaign, or indeed their last holiday.
The "if you have nothing to hide..." should be told to them a lot more often, because they've been abusing it for a long, long time.
Also, since we know that sexual favours are as successful in swaying people as financial incentives, I would like a full record of who my politicians have been sleeping with during their terms. As there are more lies in this area than in any other, we should have 24/7 surveilance and automated reporting. What? You don't have anything to hide, do you?
...well, not the money in this case.
Why did he do it? My guess is this: He's worked in the industry long enough to figure out that they would get him, sooner or later. And that they don't forget.
Going public might be his life insurance. At least it'll make it more difficult to make him vanish.
Exactly. Life in the solar system would change our view of life in the universe.
Right now, the only instance of a planet developing life is Earth. We extrapolate from there. But the big question (intelligent life) also hangs on the probability of life evolving into intelligent life.
If we find that life is actually a pretty common event in the universe, but it rarely evolves beyond bacterial or small organisms, it might change our equations on how likely we'll find some other space-faring race.
But if we find that life is rare, it'll also change it.
The combination of these two makes a pretty damn big differences on all "are we alone?" questions.
Talk to a lawyer.
Not primarily to sue the other guy, though that might be a result. But you need to check with someone who is as much an expert in law as you are an expert in code just what's going on.
Did you ever really own the copyright on those files? Copyright is a legal term, even though we coders often use it as a name tag. You may have never had the right to write "(C) by me" in there in the first place if it was a work-for-hire for your client, in which case they own the copyright.
What did the contract you had with them specify regarding rights?
Finally, talk to him about how to put your name in for the future in a proper way. Maybe "(C) by me" should be replaced by "written by me (year)" and your future contracts specify that the client may not remove that line (though he may add further ones if other people take over and add their own code).
Often, a friendly lawyer that you find through a personal contact will be willing to give not-legal-advise over a meal or drinks. Lawyers are the geeks of the business world.
I'm not an Apple hater by any means
Yes, you are. The fact that you found it necessary to write this reply is evidence of that.
Simple: I've found something better that does everything I want it to do.
There's still a bootcamp partition on this iMac, originally installed and used for games. But 2013 seems to finally be the year I don't even need it anymore. I can't remember when I booted windows up the last time, must have been months ago. All the games I really want are available for OS X now.
For all I care, windows can go the way of the Dodo bird. I wouldn't even notice.
Why do you want to disconnect after a set time interval? Your time will never be correct. Sometimes, legit maintainance might take longer (e.g. if they're monitoring the system to trace a problem) and often it will be much shorter.
Without knowing the details, what you need is a point inbetween that IT Security controls, and the procedure that says enabling remote access requires form 123a filled out. Which would be a simple paper saying "please enable remote access for vendor X on (datetime) until (datetime)".
Everyone will hate you for the added bureaucracy, but this is the one and only way to guarantee that no outside vendor can access your system without your knowledge.
Take care regarding the wording of the form. Nobody likes the beg IT to do anything. It should sound like an order, that'll make them feel a lot better, and you're not planning to deny any of these anyways.
It would be a slippery slope if there were even the faint ghostly remains of some content to it. At best, it's an imaginary potentially unperfectly grippy slightly inclined partial slope. :-)
The real problem is that people are driving while distracted, and we already have a law against that. We do not need more laws.
That, too. Though there's a related issue and that is that people vastly underestimate the amount of distraction that a quick Twitter check causes. Most people think of themselves as being able to handle that just fine and it not making any difference.
Almost as ready for a strawman argument where making murder illegal is the first step towards a total police state.
They're doing it all wrong. You can't solve a social problem with technological features.
No, but you can mitigate it. The problem is real, people are dying on the street today because someone checked his Twitter or Mail while driving. If a technological feature can reduce the number of these incidents by x% - well, ask the x% who would otherwise be dead if they think it's worth it.
The solution is to fix the culture to make it socially unacceptable.
While I agree on that, we do not have a formula on how to do that. Some stuff that we outlaw is also uncool, but some stuff is cool exactly because it's illegal. Laws do not define what's socially acceptable, and we don't know how exactly to change a culture.
The technology solution might not be as good, but at least we know how it can be done. That's a real practical advantage.
The point is simple and clear. Obscuring that version info is a tiny little security measure.
No it is not. I'm using "so many words" because you refuse to acknowledge a simple point:
"Security" is something that still provides security if your attacker knows about it. Example: The fact that you now know that my front door has 2 locks does not make breaking and entering any easier for you.
"Obscurity" is something that provides "security" only as long as it is unknown. Example: If I were to tell you that I keep a spare key under the door mat, my entire entry-system security would be instantly compromised.
If you really, really can't see the fundamental difference between these two concepts, I'm now out of ideas how to explain it.
With ASLR the only difference is that you don't know where it is anymore -- because it has been *obscured* from you.
I'm not discussing semantics with someone who insists on having his own meaning for words. Quote one expert on the topic who uses the word "obscurity" to describe ASLR. "Security through obscurity" does not refer to a specific number being unknown - otherwise every password or crypot key system ever would be "security through obscurity". STO (I need to abbreviate it) refers to a system design or specification being unknown.
What are the other factors? Everything translates into cost eventually.
In a capitalistic world or for a sufficiently meaningless definition of the word, yes. If your attacker is, say, religiously motivated (and it happens, there are islamic hacking groups), cost doesn't matter. Their limits are the limits of their available time, computing power and expert knowledge.
Yes, you will argue, all of those can be expressed as "costs". So if you want to insist on that POV, be my guest. I'm simply saying that some attackers don't go about calculating a $ value of the attack and then running a ROI estimate.
What is the cheapest point of attack in your system currently? [...] You don't need to project the attackers cost to do that.
Pray tell, how do you calculate the cheapest point of attack without projecting the attack cost?
Stop doing this! See your above strawman -- did I suggest that hiding your IP address is a single point of defense you should rely on? WTF is this logic?
Yes, effectively you are arguing that. Or rather: You are arguing that hiding my IP address is a security measure because it - however slightly - raises the cost to the attacker.
I'm arguing that if factors like this even make a difference, your security is seriously broken. It should be just as secure with or without your IP address being known, because it really isn't as hard to figure it out as you think.
Same thing with all your examples. If you think that the fact that your system uses ASLR is worth keeping a secret, because it'll confuse attackers, you are doing STO. But ASLR itself is real security, because it adds actual difficulty.
Low cost measure of what? Low cost measure of what? Ans: security.
So you think anything that adds even one cent to the cost of breaking into a system is a security measure, yes? Well, as I said above, for a sufficiently meaningless definition of "cost", you can claim to be right. In the real world, such bullshit is meaningless.
But you do obscure something -- the key
omg
You are using words and have no idea what they mean.
A cryptographic secret is not an obscurity measure. This is just ridiculous.
If you use words within a context, you need to use them in the meaning they have within that context. You can't talk about, say, "intent" in a court and use the philosophical definition, you'll have to use the legal definition.
oh look, it even has a fucking Wikipedia entry:
And he would be right that they at least contribute to the problem, as studies have shown. So your point is?