The trouble is that any single member of their target demographic will think that about 50% of videos violently suck. And when such a vid comes on, they change channels. Big long shows about l33t h4x0R types are bound to suck, but are specifically designed so that their coefficient of suckage is not quite enough to justify the caloric expenditure required to lift one of their fat, cheese-munching fingers out of the chicken bucket and onto the remote. So they're more likely to be there when the adverts start. That's my understanding anyway.
And in any case, who the heck told you that Capital was a short book? Volume 1 alone runs to five hundred pages in my Penguin edition! If you've just read the manifesto, then fair enough, but you miss a lot of subtlety (and not a little boredom).
Anyway, if any masochistic slashdotters want to check it out for themselves, the link's here
Not wanting to get shirty about this, but I have read Marx, and it wasn't in a textbook version, or in high school, or in America. I studied the nineteenth century political economists at Oxford, ta very much. I was talking about the parallels and differences between CatB and Marx's economic theory -- to claim that the libertarian Eric Raymond might endorse Marx's political views on such matters as property rights would be obviously laughable.
If you look above, I note that CatB was clearly informed by a reading of Marx's critique of capitalism, so I agree that there are parallels. But there are more important differences; specifically, Raymond believes that OSS offers a solution to the problem of accumulation and concentration, which Marx considered to be an intrinsic, immutable feature of the capitalist mode of production. Therefore, Raymond does not accept historical materialism. Therefore, he is not a Marxist.
Hmmm... I also don't like the way he throws around the word "Marxist" without regard for its meaning. If the author (as he hints) grew up in a Communist society, then I'm very sorry for him. But Eric Raymond's economic remarks in CatB are clearly informed by a reading of Marx, and equally clearly not Marxist; he takes on board elements of Marx's critique of capitalist accumulation, but not historical materialism, and nothing about the proleteriat. I rather think that the loaded word "Marxist" is being used because of its propensity to raise fear, uncertainty and, well, doubt, in the mind of the average reader.
jsm
[don't ask me where I learned about Marxism, or I might have to tell you]
Hmmmm... but "peer review" is a more structured process, which is actually carried out by "peers" -- carefully selected other experts. This is more akin to the governmental process of producing "White Papers" and setting them out for comment by the general public.
The Open Source model of peer review works because hacking isn't like science -- rather than a small number of specialists in each field, there's a lot of gifted generalists. So there aren't any "peers", but there is a well-informed "public". Or something.
My guess is that Cringely has just run out of ideas and wants to do a "those ill-mannered geeks" story, so he's posted some blatant flamebait and is now sitting waiting for contributions to "Slashdot Readers are so rude" for the next column. Hey ho hum.
hrmmm... call me "crazy crazy black helicopters guy", but you can send my cash to the FSF if I get any. The idea of passing my real name and address to a bunch of known spooks who will then put me on a list of "people who take an unhealthy interest in computer security" does not appeal. Maybe it's paranoid, but I had a cousin in the 1980s who died in a car crash. Funny thing was, all his workmates died within the next six months, in similar accidents. Defence computing can be bad voodoo.
jsm
(Oh yeh, and it wasn't my cousin. Relationships have changed to protect traceable information)
2016. All existing currencies are abolished. The megawatt hour becomes the unit of exchange.
I love the way that tech guys get all touchingly naive about these things. In 2016, the megawatt hour becomes the unit of ezchange. Brilliant. Now, every time we have a technological improvement which makes energy easier to produce, we get a period of hyperinflation comparable to the Spanish gold shocks of the 17th century. Monetary policy becomes impossible, so we have constant boom and bust cycles. Why would we give up the usefulness of central banks and consumption smoothing, just for some strange "cool factor" of dealing in MWh?
Related to this is a quibble I've always had about Star Trek. Think how many problems European Monetary Union has caused. Now consider that Credits are meant to be universally acceptable as currency on worlds at wildly different stages of development. How do the less sophisticated worlds ever manage to trade? Star Wars also has this problem if I remember rightly, which is in a way worse now that it seems to be basing important plot lines on economic issues.
Despite the above, it's now five hours after the story was posted, and there still isn't a single comment with a -1 score (or, as far as I can see, any that really deserved one). An absolute tribute to the maturity of the/. crowd, and quite miraculous given the flame-fests that this sort of issue usually deteriorates into.
Worth remembering as a data point next time we get one of those "socially retarded geeks" media screeds. Unless there's been some "outside the box" moderation (why no "First Posters" on this thread?), this is truly remarkable.
Kudos to roblimo for raising an "edgy" subject, too.
Shouting out an accusation is an action, not an idea (much ink has been spilt on getting this distinction straight).
But to address your general point: Yes, all evil actions begin as evil ideas. But it's a general principle of good government (more than that, a general moral principle) that if you're going to ban something for the good of us all, you should do it in a way which reduces freedom as little as possible. This would clearly mean taking steps against the action, not the idea.
And, I think that the idea that the group to which I belong (human beings) should be exterminated is not one that should be censored. I personally think it's loony, but the people who believe it serve a useful purpose, increasing the diversity of ideas. Maybe they're right -- maybe human beings are a bad idea for the world and we should all die out. Or maybe they're mad. Either way, we don't do ourselves any favours by ruling things out other than on their merits.
Interesting question. My guess is that the US Constitution is not as badly drafted as the Weimar Constitution was -- if Hitler had been forced to stand in a two-party Presidential-style election rather than being appointed Chancellor because leader of the largest party, then I doubt he'd have taken control in Germany. And the USA never had economic conditions which were bad enough to generate the underclass politics which fed the Nazi party (got pretty close, though).
But I wouldn't kid yourself that there's anything intrinsic about American political culture which would be inimical to Nazism. Mentally deficient people have been forcibly sterilised in the USA (not to the same extent as in Sweden). And it's one of only two developed countries to have operated a system of apartheid since the war. The potential's there everywhere.
, such suggestions and ideas are highly dangerous.
Suggestions? and Ideas? Are Dangerous?
Suggestions and ideas are dangerous?
No. Whatever else we think, we ought to be able to agree that suggestions and ideas cannot be dangerous, and attempts to suppress them certainly can be. There have been a few people who have tried to sack university professors for advocating controversial views, but I rather suspect that their names are going to be over-used in this discussion, so I won't contribute to wearing them out.
Bill Gates thinks that fragmentation of operating systems is dangerous. Rev. Fred Phelps thinks that tolerating homosexuality is very dangerous indeed. A fair few people think that allowing non-Christians to hold positions of political power is dangerous.
And I don't have much time for arguments to the effect that "sacking Prof. Singer isn't the same as censoring him". If you make it more difficult for one idea to be expressed than another, then you are censoring. And you don't have to be the government to be a censor, either. By far the majority of censorship in the world today is carried out through implicit rather than explicit means, through taboos, selective funding of different sides of an argument and social pressure. And it is ourselves we harm when we allow ideas to gain acceptance based on their palatability rather than their merits.
I don't think that the above is really flamebait, and I regretfully suggest that any and all negative moderation points will be needed for the real hardcore unpleasantness that I suspect this topic will launch.
Hmmmm... I think you're blunting the point of Swift's actual satire. His essay was a commentary on the famine in Ireland, and his actual suggestion was that famine could be alleviated by producing children and selling them to be eaten. He in fact suggested that the babies should be considered a delicacy by English landlords in Ireland because they had already (through giving over tracts of farmland to beef) "eaten" the children's parents. Not actually material to your point, but I hate to see a sharp political point ground down into a blunter ethical one.
A few comments, more on-topic:
One person has had a chance to lead a full life while the other has not
I'm not sure we're actually discussing cases where "the chance to lead a full life" is the issue.
Pain tells us that we are alive
I'm reminded of Joseph Heller's views on this from Catch-22 (transcribed from memory, may be wrong)
"God made everything with a purpose", said the nurse. "Even pain has a purpose, to tell us that our bodies are being damaged".
"Bullshit", said Yossarian "If that's all it's for, why does it hurt so much? To tell us that we were being damaged, we could have a set of blue and red neon lights on our foreheads. Any half-competent jukebox designer could have put that together. Why can't God?"
"Well", replied the nurse "People would look pretty silly walking round with red and blue lights sticking out of their heads, wouldn't they"
"And I suppose they look just lovely now writhing around in agony or stuffed full of morphine", snarled Yossarian"
My personal view is that the real mistake here is to try to make general moral rules about these things. I personally feel revulsion at this sentiment; but I wouldn't necessarily presume to tell parents facing this problem what their choice should be. On the other hand, I don't want to say that "anything goes"; there should be some moral statements which are actually true. I guess that a lot would depend on the motives -- I would not like to see disabled children become the victims of infanticide because they were "inconvenient", but would mind less if euthanasia were carried out because the parents simply couldn't cope. There is a distinction there.
Of course, perhaps the answer is that there is no right thing to do when such an unfortunate child is born. Perhaps either decision is very badly morally wrong. I'm not aware of any obligation on the universe to always provide us with a "right thing to do" -- perhaps genuine "moral tragedies" can exist.
Thank heavens that the immediate question -- that of academic freedom -- is much more clear cut. I refer all present to Mill's On Liberty, which says all that needs to be said on this.
No, it's etymologically right. "Euthanasia" (literally "good killing") does not carry an implication of "voluntary" -- and it's usually qualified when used to describe voluntary assisted suicide.
My guess would be that the congressperson reads his own mail from the internal system (because it might talk about important things like two-for-one donut offers in the cafeteria), but that the external email gets sent to a minion who then prepares a digest for his boss.
I just typed "congressperson reads his own mail". I guess I need to go to another one of those awareness classes. Tits.
This is true, but we're talking about terrorists here, which makes insider attack less of a consideration. Insiders should be watched like hawks, but in general, their crimes will be dedicated to stealing valuable things. They lack the ideological motivation of the true terrorist, so they will attack different targets, unless they need funds. But in general, bank clerks and pwoer station workers are not "outsiders", so they don't join terrorist organisations.
Social engineering is obviously a problem, and you get props from me for mentioning it (sorry, I don't have points to give). I think the solution here lies in censoring this kind of information from employees. As many terminals as possible should be kept as dumb as possible, and all requrests for systems information be directed to someone central who knows exactly who is bonafide and who isn't.
Interesting. I disagree that double-blind anonymity between cells is the most important feature of the cell structure -- more important is the organisational form itself. Network organisations don't make effective terrorists.
And (going by Nkrumah's book on terrorism) an important part of the role of communication for the terrorist leader is to inspire and inculcate doctrine, as well as to impart information. I would guess that a double-blind remailer would be difficult for that purpose.
Your "intelligent agent" is also interesting, but I must confess not to see why it would be more dangerous than the human expert it is meant to simulate. More patient, I guess, and more easily duplicated, but with the considerable advantage for the human that the expertise and intelligence wouldn't be taking up memory in a hostile system.
In fact, I think that this requirement will limit the "superness" of the super-worm -- either it will need so much space to store its library of known exploits and to operate its AI that "stealth" becomes impossible, or it will need to make frequent requests for information to an external source, which multiplies the risk fo detection for the owner. If you wanted to launch an all-out attack and take down a good proportion of the Internet, I would guess that a trip to your local Caterpillar dealer would be easier:-)
I also disagree that the ability to cause frequent computer crashes would have that much effect on the economy. After all, Windows NT is a popular operating system.... In general, I think that most of these problems can be solved by multiple remote redundant systems, which was my original point.
Well, Johan should certainly be talking to the people at APACS, the UK payments system and to the Federal Reserve Board of Governors, who run Fedwire. They have had cause to think about this thing for a while.
I'll add that, for fairly obvious reasons, there is no technical security information on either of those websites, but I would guess that Jane's would be able to get an in to the people who know.
In my opinion, the fundamental difference is that Cyber attacks are utterly unlike any other form of attack because they do not involve the delivery of large amounts of energy to the enemy (unless you would call EMP or HERF attacks "Cyber", which IMO would be wrong -- a HERF gun aimed at a computer terminal is really the same sort of thing as a grenade thrown at same.)
Cyber attacks, therefore, are aimed at the information, which is much less easy to destroy because of the possibility of making qualitatively and functionally identical copies. I'd divide cyber attacks into two species: "Destruction of information" (erasing) and "Corruption of information" (spoofing).
Erasing is very difficult to carry out because any system worth attacking is also worth backing up. I know that UK and US interbank transactions are backed up daily, with multiple remote backup tapes. Any Cyber attacker wanting to "destroy" the interbank market will cause the loss of at most one day's worth of transactions. Erasing attacks can be straigthforwardly guarded against through multiple, remote (in both geopgraphy and network topology) backups, taken at sufficient frequency that the maximum possible loss is bearable for the system (the "safe frequency"). Any system for which the safe frequency is too low for the backup defense to be practical (for example, a power grid) should be kept remote from networks; although this does not defend against attacks from insiders, network seclusion should allow the terminals of the vulnerable network to be physically guarded.
Spoofing is much more difficult to guard against. This kind of attack comes in two flavours; attempts to create phony records, or phony messages in a system (such as creating false bank accounts), or attempts to create phony instructions to the processing system, causing a failure of the system which is as bad as an erasing attack.
The easiest way to defend against non-destructive spoofing would be to use backups once more, and to operate a kind of "double-entry book-keeping" which traces every record to its creation and requires consistency between numerous (again, preferably topologically remote) sources. This multiplies the difficulty of a Cyber attack, as the attacker now has to break several systems instead of just one.
Destructive spoofing aimed at the processor rather than its records is a different matter. Causing the processor to execute phony instructions could allow the Cyber attacker to erase records, transmit phony messages and, potentially, to "cover its tracks" well enough to escape consistency checks. Of course, this kind of attack is more difficult than any other -- usually the only way to get another machine to execute rogue instructions is to exploit buffer overflows.
I have no particular suggestions for defense against the final kind of attack, except for the rather obvious advice not to create situtations in which buffer overflows can happen. The use of non-standard operating systems or instruction sets could, in principle, make it harder for an attacker to work out what to do with a buffer overflow once discovered, but to me, this seems too much like security through obscurity to be recommended.
I'd add that using the Internet as it is currently designed to communicate between members of a terrorist organisation would not be a good idea -- it goes against the "cell" concept which is known to be the best way to organise. Even messages on private bulletin boards carry enough information in the headers to allow substantial information about the whole network to be deduced for any security agency which can gain access to the routers.
The ten month calendar was also a part of the grande plan. And the French started the count of years over again at zero. Why aren't the Metric geeks fighting for that as well?
I wrote this song once. Please forgive me:
My baby believes in the decimal clock She thinks an hour has a hundred minutes (In it) My baby believes in the decimal clock, and the decimal calendar too
I said to my baby "See you half past eight" When she turns up, she's twenty minutes late My baby believes in the decminal clock, and the decimal calendar too
My baby said to me, "I'll meet you at noon" She shows up at five o'clock and says "Where were you?" My baby believes in the decimal clock and the decimal calendar too.
Ten months a year Ten days a month Last night we celebrated here one hundred and oneth! My baby believes in the decimal clock and the decimal calendar too
[piano solo]
One two three o'clock, four o' clock Rock! Five six seven o'clock, eight o'clock Rock! Nine ten...
Slashdot Mirror
hmmmm indeed ... I can just see the /. crowd running to "peer review" this one the moment it gets open sourced. You'd never live it down:
"Hey d00d, r u l33t?"
"Yeah, I've got code in the last three kernels, how about you?"
"Well, as it happens, I fixed a security hole in AOL's email system! "First patch", too! Pretty cool, huh?"
{laughter}
jsm
The trouble is that any single member of their target demographic will think that about 50% of videos violently suck. And when such a vid comes on, they change channels. Big long shows about l33t h4x0R types are bound to suck, but are specifically designed so that their coefficient of suckage is not quite enough to justify the caloric expenditure required to lift one of their fat, cheese-munching fingers out of the chicken bucket and onto the remote. So they're more likely to be there when the adverts start. That's my understanding anyway.
jsm
And in any case, who the heck told you that Capital was a short book? Volume 1 alone runs to five hundred pages in my Penguin edition! If you've just read the manifesto, then fair enough, but you miss a lot of subtlety (and not a little boredom).
Anyway, if any masochistic slashdotters want to check it out for themselves, the link's here
Not wanting to get shirty about this, but I have read Marx, and it wasn't in a textbook version, or in high school, or in America. I studied the nineteenth century political economists at Oxford, ta very much. I was talking about the parallels and differences between CatB and Marx's economic theory -- to claim that the libertarian Eric Raymond might endorse Marx's political views on such matters as property rights would be obviously laughable.
If you look above, I note that CatB was clearly informed by a reading of Marx's critique of capitalism, so I agree that there are parallels. But there are more important differences; specifically, Raymond believes that OSS offers a solution to the problem of accumulation and concentration, which Marx considered to be an intrinsic, immutable feature of the capitalist mode of production. Therefore, Raymond does not accept historical materialism. Therefore, he is not a Marxist.
And that answers AC's question, too.
jsm
Hmmm ... I also don't like the way he throws around the word "Marxist" without regard for its meaning. If the author (as he hints) grew up in a Communist society, then I'm very sorry for him. But Eric Raymond's economic remarks in CatB are clearly informed by a reading of Marx, and equally clearly not Marxist; he takes on board elements of Marx's critique of capitalist accumulation, but not historical materialism, and nothing about the proleteriat. I rather think that the loaded word "Marxist" is being used because of its propensity to raise fear, uncertainty and, well, doubt, in the mind of the average reader.
jsm
[don't ask me where I learned about Marxism, or I might have to tell you]
Hmmmm ... but "peer review" is a more structured process, which is actually carried out by "peers" -- carefully selected other experts. This is more akin to the governmental process of producing "White Papers" and setting them out for comment by the general public.
The Open Source model of peer review works because hacking isn't like science -- rather than a small number of specialists in each field, there's a lot of gifted generalists. So there aren't any "peers", but there is a well-informed "public". Or something.
My guess is that Cringely has just run out of ideas and wants to do a "those ill-mannered geeks" story, so he's posted some blatant flamebait and is now sitting waiting for contributions to "Slashdot Readers are so rude" for the next column. Hey ho hum.
jsm
hrmmm ... call me "crazy crazy black helicopters guy", but you can send my cash to the FSF if I get any. The idea of passing my real name and address to a bunch of known spooks who will then put me on a list of "people who take an unhealthy interest in computer security" does not appeal. Maybe it's paranoid, but I had a cousin in the 1980s who died in a car crash. Funny thing was, all his workmates died within the next six months, in similar accidents. Defence computing can be bad voodoo.
jsm
(Oh yeh, and it wasn't my cousin. Relationships have changed to protect traceable information)
Oh come off it, Harry Bowles, we all know who you are and you're not fooling anyone.
</joke>
jsm
and furthermore:
2016. All existing currencies are abolished. The megawatt hour becomes the unit of exchange.
I love the way that tech guys get all touchingly naive about these things. In 2016, the megawatt hour becomes the unit of ezchange. Brilliant. Now, every time we have a technological improvement which makes energy easier to produce, we get a period of hyperinflation comparable to the Spanish gold shocks of the 17th century. Monetary policy becomes impossible, so we have constant boom and bust cycles. Why would we give up the usefulness of central banks and consumption smoothing, just for some strange "cool factor" of dealing in MWh?
Related to this is a quibble I've always had about Star Trek. Think how many problems European Monetary Union has caused. Now consider that Credits are meant to be universally acceptable as currency on worlds at wildly different stages of development. How do the less sophisticated worlds ever manage to trade? Star Wars also has this problem if I remember rightly, which is in a way worse now that it seems to be basing important plot lines on economic issues.
hey ho
jsm
Despite the above, it's now five hours after the story was posted, and there still isn't a single comment with a -1 score (or, as far as I can see, any that really deserved one). An absolute tribute to the maturity of the /. crowd, and quite miraculous given the flame-fests that this sort of issue usually deteriorates into.
Worth remembering as a data point next time we get one of those "socially retarded geeks" media screeds. Unless there's been some "outside the box" moderation (why no "First Posters" on this thread?), this is truly remarkable.
Kudos to roblimo for raising an "edgy" subject, too.
jsm
Shouting out an accusation is an action, not an idea (much ink has been spilt on getting this distinction straight).
But to address your general point: Yes, all evil actions begin as evil ideas. But it's a general principle of good government (more than that, a general moral principle) that if you're going to ban something for the good of us all, you should do it in a way which reduces freedom as little as possible. This would clearly mean taking steps against the action, not the idea.
And, I think that the idea that the group to which I belong (human beings) should be exterminated is not one that should be censored. I personally think it's loony, but the people who believe it serve a useful purpose, increasing the diversity of ideas. Maybe they're right -- maybe human beings are a bad idea for the world and we should all die out. Or maybe they're mad. Either way, we don't do ourselves any favours by ruling things out other than on their merits.
jsm
"If you don't know what it does, DON"T FUCKING TOUCH IT"
Well that's my sex life finished then.
jsm
Interesting question. My guess is that the US Constitution is not as badly drafted as the Weimar Constitution was -- if Hitler had been forced to stand in a two-party Presidential-style election rather than being appointed Chancellor because leader of the largest party, then I doubt he'd have taken control in Germany. And the USA never had economic conditions which were bad enough to generate the underclass politics which fed the Nazi party (got pretty close, though).
But I wouldn't kid yourself that there's anything intrinsic about American political culture which would be inimical to Nazism. Mentally deficient people have been forcibly sterilised in the USA (not to the same extent as in Sweden). And it's one of only two developed countries to have operated a system of apartheid since the war. The potential's there everywhere.
jsm
, such suggestions and ideas are highly dangerous.
Suggestions? and Ideas? Are Dangerous?
Suggestions and ideas are dangerous?
No. Whatever else we think, we ought to be able to agree that suggestions and ideas cannot be dangerous, and attempts to suppress them certainly can be. There have been a few people who have tried to sack university professors for advocating controversial views, but I rather suspect that their names are going to be over-used in this discussion, so I won't contribute to wearing them out.
Bill Gates thinks that fragmentation of operating systems is dangerous. Rev. Fred Phelps thinks that tolerating homosexuality is very dangerous indeed. A fair few people think that allowing non-Christians to hold positions of political power is dangerous.
And I don't have much time for arguments to the effect that "sacking Prof. Singer isn't the same as censoring him". If you make it more difficult for one idea to be expressed than another, then you are censoring. And you don't have to be the government to be a censor, either. By far the majority of censorship in the world today is carried out through implicit rather than explicit means, through taboos, selective funding of different sides of an argument and social pressure. And it is ourselves we harm when we allow ideas to gain acceptance based on their palatability rather than their merits.
jsm
I don't think that the above is really flamebait, and I regretfully suggest that any and all negative moderation points will be needed for the real hardcore unpleasantness that I suspect this topic will launch.
jsm
A few comments, more on-topic:
One person has had a chance to lead a full life while the other has not
I'm not sure we're actually discussing cases where "the chance to lead a full life" is the issue.
Pain tells us that we are alive
I'm reminded of Joseph Heller's views on this from Catch-22 (transcribed from memory, may be wrong)
My personal view is that the real mistake here is to try to make general moral rules about these things. I personally feel revulsion at this sentiment; but I wouldn't necessarily presume to tell parents facing this problem what their choice should be. On the other hand, I don't want to say that "anything goes"; there should be some moral statements which are actually true. I guess that a lot would depend on the motives -- I would not like to see disabled children become the victims of infanticide because they were "inconvenient", but would mind less if euthanasia were carried out because the parents simply couldn't cope. There is a distinction there.
Of course, perhaps the answer is that there is no right thing to do when such an unfortunate child is born. Perhaps either decision is very badly morally wrong. I'm not aware of any obligation on the universe to always provide us with a "right thing to do" -- perhaps genuine "moral tragedies" can exist.
Thank heavens that the immediate question -- that of academic freedom -- is much more clear cut. I refer all present to Mill's On Liberty, which says all that needs to be said on this.
jsm
No, it's etymologically right. "Euthanasia" (literally "good killing") does not carry an implication of "voluntary" -- and it's usually qualified when used to describe voluntary assisted suicide.
Common supposition though.
jsm
My guess would be that the congressperson reads his own mail from the internal system (because it might talk about important things like two-for-one donut offers in the cafeteria), but that the external email gets sent to a minion who then prepares a digest for his boss.
I just typed "congressperson reads his own mail". I guess I need to go to another one of those awareness classes. Tits.
jsm
Very good mice? Surely you're kidding. I tried one yesterday. It tasted filthy.
jsm
This is true, but we're talking about terrorists here, which makes insider attack less of a consideration. Insiders should be watched like hawks, but in general, their crimes will be dedicated to stealing valuable things. They lack the ideological motivation of the true terrorist, so they will attack different targets, unless they need funds. But in general, bank clerks and pwoer station workers are not "outsiders", so they don't join terrorist organisations.
Social engineering is obviously a problem, and you get props from me for mentioning it (sorry, I don't have points to give). I think the solution here lies in censoring this kind of information from employees. As many terminals as possible should be kept as dumb as possible, and all requrests for systems information be directed to someone central who knows exactly who is bonafide and who isn't.
jsm
Interesting. I disagree that double-blind anonymity between cells is the most important feature of the cell structure -- more important is the organisational form itself. Network organisations don't make effective terrorists.
:-)
.... In general, I think that most of these problems can be solved by multiple remote redundant systems, which was my original point.
And (going by Nkrumah's book on terrorism) an important part of the role of communication for the terrorist leader is to inspire and inculcate doctrine, as well as to impart information. I would guess that a double-blind remailer would be difficult for that purpose.
Your "intelligent agent" is also interesting, but I must confess not to see why it would be more dangerous than the human expert it is meant to simulate. More patient, I guess, and more easily duplicated, but with the considerable advantage for the human that the expertise and intelligence wouldn't be taking up memory in a hostile system.
In fact, I think that this requirement will limit the "superness" of the super-worm -- either it will need so much space to store its library of known exploits and to operate its AI that "stealth" becomes impossible, or it will need to make frequent requests for information to an external source, which multiplies the risk fo detection for the owner. If you wanted to launch an all-out attack and take down a good proportion of the Internet, I would guess that a trip to your local Caterpillar dealer would be easier
I also disagree that the ability to cause frequent computer crashes would have that much effect on the economy. After all, Windows NT is a popular operating system
jsm
Well, Johan should certainly be talking to the people at APACS, the UK payments system and to the Federal Reserve Board of Governors, who run Fedwire. They have had cause to think about this thing for a while.
I'll add that, for fairly obvious reasons, there is no technical security information on either of those websites, but I would guess that Jane's would be able to get an in to the people who know.
jsm
In my opinion, the fundamental difference is that Cyber attacks are utterly unlike any other form of attack because they do not involve the delivery of large amounts of energy to the enemy (unless you would call EMP or HERF attacks "Cyber", which IMO would be wrong -- a HERF gun aimed at a computer terminal is really the same sort of thing as a grenade thrown at same.)
Cyber attacks, therefore, are aimed at the information, which is much less easy to destroy because of the possibility of making qualitatively and functionally identical copies. I'd divide cyber attacks into two species: "Destruction of information" (erasing) and "Corruption of information" (spoofing).
Erasing is very difficult to carry out because any system worth attacking is also worth backing up. I know that UK and US interbank transactions are backed up daily, with multiple remote backup tapes. Any Cyber attacker wanting to "destroy" the interbank market will cause the loss of at most one day's worth of transactions. Erasing attacks can be straigthforwardly guarded against through multiple, remote (in both geopgraphy and network topology) backups, taken at sufficient frequency that the maximum possible loss is bearable for the system (the "safe frequency"). Any system for which the safe frequency is too low for the backup defense to be practical (for example, a power grid) should be kept remote from networks; although this does not defend against attacks from insiders, network seclusion should allow the terminals of the vulnerable network to be physically guarded.
Spoofing is much more difficult to guard against. This kind of attack comes in two flavours; attempts to create phony records, or phony messages in a system (such as creating false bank accounts), or attempts to create phony instructions to the processing system, causing a failure of the system which is as bad as an erasing attack.
The easiest way to defend against non-destructive spoofing would be to use backups once more, and to operate a kind of "double-entry book-keeping" which traces every record to its creation and requires consistency between numerous (again, preferably topologically remote) sources. This multiplies the difficulty of a Cyber attack, as the attacker now has to break several systems instead of just one.
Destructive spoofing aimed at the processor rather than its records is a different matter. Causing the processor to execute phony instructions could allow the Cyber attacker to erase records, transmit phony messages and, potentially, to "cover its tracks" well enough to escape consistency checks. Of course, this kind of attack is more difficult than any other -- usually the only way to get another machine to execute rogue instructions is to exploit buffer overflows.
I have no particular suggestions for defense against the final kind of attack, except for the rather obvious advice not to create situtations in which buffer overflows can happen. The use of non-standard operating systems or instruction sets could, in principle, make it harder for an attacker to work out what to do with a buffer overflow once discovered, but to me, this seems too much like security through obscurity to be recommended.
I'd add that using the Internet as it is currently designed to communicate between members of a terrorist organisation would not be a good idea -- it goes against the "cell" concept which is known to be the best way to organise. Even messages on private bulletin boards carry enough information in the headers to allow substantial information about the whole network to be deduced for any security agency which can gain access to the routers.
Just some idle thoughts
jsm
You are Gerald Holmes and I claim my five pounds.
jsm
I wrote this song once. Please forgive me:
Sorry about that
jsm