You take the same chance with US AV. If they can hack Kaspersky (who are really good), then they can hack the other AV vendors as well. And no, Kaspersky will not have cooperated. They are not suicidal.
People thinking that Kaspersky being based in Russia is a special risk are kidding themselves.
What evidence? I have yet to see any. At this time, this are all unproven accusations, with zero actual evidence and some really hard-to-believe claims. For example, that an NSA member would take NSA attack software and put it on his private computer that is connected to the Internet and runs AV is not credible at all. Seriously, doing so is a federal crime and the people with access to this stuff _now_ that. They also know how AV works and that their private computers may be compromised if connected to the Internet.
Don't get me wrong, if there were solid evidence, then that would be pretty interesting, but there is not. All there is is propaganda claims that turn out to be based on hot air once you dig a little deeper and some of them do not even make sense at all.
Seriously, the whole design process of WIFI "security" is almost as badly broken as that of mobile phone security. Anybody sane tunnels over these connections, using a VPN or SSH, or the like for anything critical.
And for all those confused: No, this is not HTTP security, i.e. SSL or TLS on TCP-Level (ISO/OSI Leyer 4), this is link-level security for the WIFI connection, i.e. below IP layer but above hardware (ISO/OSI layer 2).
Indeed. People do stupid things until something really important breaks. Then some measures are put in place, these days usually via liability. Then more important things break. Then some better measures are put in place. Repeat until breaking of important things gets rare enough that people forget (Tchernobyl...Fuckushima: 25 years).
Those who do learn are a small minority and usually ignored, see also the story of Kassandra. All others usually need several catastrophes to get a glimmer of insight that things maybe should be done differently.
I believe I do see the bigger problem. If you pull in stuff from middlemen, then it is _your_ responsibility to make sure it is safe. I fully agree on your last sentence.
Of course, this is within reason. A food-store, for example, does not need to test anything it sells for poison. They can reasonably expect the food they get delivered from suppliers is clean, unless they get notified otherwise. The same is currently not true for anything you pull into your site from a 3rd party.
They chose to embed 3rd party analytics, which then turned out to be insecure. This is either entirely their fault, or they must have a contract in place that applies the consequences I described to the CEO of the company that supplied the analytics. Seriously, people that mess up must feel consequences.
As long as it is not gross negligence, I have no problem with the CEO actually getting insurance for this, but the damage must be paid for in full and at a realistic rate.
Noting surprising here. And unless these people get limited in their greed and stupidity by really unpleasant and, most important, personal consequences for the CEO when that happens, nothing will change. No, I am not talking about firing them. I am talking about them paying for the damage and, depending how extreme their failure, prison time.
Indeed. Keyboards will be "phased out" the same as pencils or paper were. Oh, wait, they were not. Because they do work well and they are familiar to any educated person. If it is not broken, do not fix it.
This is just another instance of somebody that has nothing worthwhile to say making ridiculous grande claims. Keyboards will be around for the foreseeable future.
Since we clearly _cannot_ trust any decision made at MS (just look what they are doing with Win10, with really bad ideas like spying on users, forced updates and an UI that changes its design), I don't see how this thing will make things worse.
Good. That means the stream of willing morons working for MS may be drying up. In actual reality MS has never been cool, but there are far too many people that mistake having a lot of money as a really positive quality.
...to find out where the sites are. Normally, the traffic snooping needed to find a hidden service needs to cover a lot of the network. It is unclear whether it is actually possible to do. But maybe you can do better if you flood one or several high-responsiveness target sites, ideally with some very specific patterns. My guess is somebody is testing that now.
An alternate explanation would be that they try to trick the site operators into doing something hasty and stupid.
What's truly amazing is how useful neural nets are without a deep understanding of precisely how and why.
They are not unique in that. For example Kalman Filters tend to have good properties in general and nobody really knows why. Hence you try them out when you have a problem they are applicable to.
There are many, many PhDs ready and waiting for those willing to wade in and help move things along.
Yes, there are. But beware, most really low hanging fruit have been picked.
Oh, yes. Those that think outer form defines the nature and capabilities of a thing have become prevalent again. Exceptionally stupid, but even people of average and higher intelligence and education seem to believe this now. That does not bode well for a society critically dependent on technology.
It clearly is. It has all the characteristics: Belief in one or a class of supreme being (AI computers) with unlimited power ("the singularity"). At the same time, zero actual factual foundation for these beliefs and non-rational arguments why they must be true. And a high level of aggression against anybody that points that out.
Indeed. And we do not even have a credible theory how that could be done, beyond the invalid (as you nicely point out) "throw more computing power at it". So, no implementation, no theory, that means we do not even know whether it can be done at all.
Indeed. Well said. In fact, current AI has absolutely zero autonomy. There is simply no mechanism for it that could be implemented. And not even theory has one. This is not a problem of throwing more power at it. Something fundamental is missing. And in fact, when you look at research into what intelligence and consciousness actually is, things just get more mysterious as more becomes known. Don't get me wrong, humans run a lot of pretty dumb automation, but that is not all they have, and the additional capabilities, which are completely non-understood at this time, are critical.
They are not. They are merely a scaling up. All we have today already existed before, just slower. I think you do not understand what "fundamental" means.
You take the same chance with US AV. If they can hack Kaspersky (who are really good), then they can hack the other AV vendors as well. And no, Kaspersky will not have cooperated. They are not suicidal.
People thinking that Kaspersky being based in Russia is a special risk are kidding themselves.
Indeed. You have just explained why you must not run _any_ AV on critical systems and why you must not run Windows or MacOS either.
What evidence? I have yet to see any. At this time, this are all unproven accusations, with zero actual evidence and some really hard-to-believe claims. For example, that an NSA member would take NSA attack software and put it on his private computer that is connected to the Internet and runs AV is not credible at all. Seriously, doing so is a federal crime and the people with access to this stuff _now_ that. They also know how AV works and that their private computers may be compromised if connected to the Internet.
Don't get me wrong, if there were solid evidence, then that would be pretty interesting, but there is not. All there is is propaganda claims that turn out to be based on hot air once you dig a little deeper and some of them do not even make sense at all.
Seriously, the whole design process of WIFI "security" is almost as badly broken as that of mobile phone security. Anybody sane tunnels over these connections, using a VPN or SSH, or the like for anything critical.
And for all those confused: No, this is not HTTP security, i.e. SSL or TLS on TCP-Level (ISO/OSI Leyer 4), this is link-level security for the WIFI connection, i.e. below IP layer but above hardware (ISO/OSI layer 2).
In fact, it is a pretty good indicator for the opposite. In capitalism, people tend to forget that and that harms humanity as a whole.
Might also work for publicly traded companies. Not all are.
Indeed. People do stupid things until something really important breaks. Then some measures are put in place, these days usually via liability. Then more important things break. Then some better measures are put in place. Repeat until breaking of important things gets rare enough that people forget (Tchernobyl...Fuckushima: 25 years).
Those who do learn are a small minority and usually ignored, see also the story of Kassandra. All others usually need several catastrophes to get a glimmer of insight that things maybe should be done differently.
I believe I do see the bigger problem. If you pull in stuff from middlemen, then it is _your_ responsibility to make sure it is safe. I fully agree on your last sentence.
Of course, this is within reason. A food-store, for example, does not need to test anything it sells for poison. They can reasonably expect the food they get delivered from suppliers is clean, unless they get notified otherwise. The same is currently not true for anything you pull into your site from a 3rd party.
They chose to embed 3rd party analytics, which then turned out to be insecure. This is either entirely their fault, or they must have a contract in place that applies the consequences I described to the CEO of the company that supplied the analytics. Seriously, people that mess up must feel consequences.
As long as it is not gross negligence, I have no problem with the CEO actually getting insurance for this, but the damage must be paid for in full and at a realistic rate.
Noting surprising here. And unless these people get limited in their greed and stupidity by really unpleasant and, most important, personal consequences for the CEO when that happens, nothing will change. No, I am not talking about firing them. I am talking about them paying for the damage and, depending how extreme their failure, prison time.
You are not required to listen. If you do, what you get is your own fault, stop whining about it.
Indeed. Keyboards will be "phased out" the same as pencils or paper were. Oh, wait, they were not. Because they do work well and they are familiar to any educated person. If it is not broken, do not fix it.
This is just another instance of somebody that has nothing worthwhile to say making ridiculous grande claims. Keyboards will be around for the foreseeable future.
Since we clearly _cannot_ trust any decision made at MS (just look what they are doing with Win10, with really bad ideas like spying on users, forced updates and an UI that changes its design), I don't see how this thing will make things worse.
Good. That means the stream of willing morons working for MS may be drying up. In actual reality MS has never been cool, but there are far too many people that mistake having a lot of money as a really positive quality.
Thank you.
...to find out where the sites are. Normally, the traffic snooping needed to find a hidden service needs to cover a lot of the network. It is unclear whether it is actually possible to do. But maybe you can do better if you flood one or several high-responsiveness target sites, ideally with some very specific patterns. My guess is somebody is testing that now.
An alternate explanation would be that they try to trick the site operators into doing something hasty and stupid.
What's truly amazing is how useful neural nets are without a deep understanding of precisely how and why.
They are not unique in that. For example Kalman Filters tend to have good properties in general and nobody really knows why. Hence you try them out when you have a problem they are applicable to.
There are many, many PhDs ready and waiting for those willing to wade in and help move things along.
Yes, there are. But beware, most really low hanging fruit have been picked.
It actually is a _religious_ claim. It promises unlimited wonders, but at the same time has no factual basis.
Oh, yes. Those that think outer form defines the nature and capabilities of a thing have become prevalent again. Exceptionally stupid, but even people of average and higher intelligence and education seem to believe this now. That does not bode well for a society critically dependent on technology.
It clearly is. It has all the characteristics: Belief in one or a class of supreme being (AI computers) with unlimited power ("the singularity"). At the same time, zero actual factual foundation for these beliefs and non-rational arguments why they must be true. And a high level of aggression against anybody that points that out.
Indeed. And we do not even have a credible theory how that could be done, beyond the invalid (as you nicely point out) "throw more computing power at it". So, no implementation, no theory, that means we do not even know whether it can be done at all.
Indeed. Well said. In fact, current AI has absolutely zero autonomy. There is simply no mechanism for it that could be implemented. And not even theory has one. This is not a problem of throwing more power at it. Something fundamental is missing. And in fact, when you look at research into what intelligence and consciousness actually is, things just get more mysterious as more becomes known. Don't get me wrong, humans run a lot of pretty dumb automation, but that is not all they have, and the additional capabilities, which are completely non-understood at this time, are critical.
They are not. They are merely a scaling up. All we have today already existed before, just slower. I think you do not understand what "fundamental" means.
Indeed. The ignorance of these people is staggering.