[HN Gopher] This World of Ours (2014) [pdf]
___________________________________________________________________
This World of Ours (2014) [pdf]
Author : xeonmc
Score : 222 points
Date : 2025-10-27 08:28 UTC (14 hours ago)
(HTM) web link (www.usenix.org)
(TXT) w3m dump (www.usenix.org)
| samlinnfer wrote:
| This will always be my favourite Mikens essay (The Slow Winter):
| https://www.usenix.org/system/files/1309_14-17_mickens.pdf
| chao- wrote:
| Mine as well.
|
| I have a fond memory of being at a party where someone had the
| idea to do dramatic readings of various Mickens Usenix papers.
| Even just doing partial readings, it was slow going, lots of
| pauses to recover from overwhelming laughter. When the reading
| of The Slow Winter got to "THE MAGMA PEOPLE ARE WAITING FOR OUR
| MISTAKES", we had to stop because someone had laughed so hard
| they threw up. Not in an awful way, but enough to give us a
| pause in the action, and to decide we couldn't go on.
|
| Good times.
| eeeficus wrote:
| Sounds like you found nerd heaven. I couldn't imagine a
| situation like yours in my world! :)
| purplehat_ wrote:
| Bit of an aside, but I'm wondering in what city this was in.
|
| I'm going to be job hunting soon and I was planning to
| prioritize the Bay Area because that's the only place I've
| encountered a decent density of people like this, but maybe
| I'm setting my sights too short.
| chao- wrote:
| Houston, Texas.
|
| There are nerds everywhere.
| isoprophlex wrote:
| > [...] it's pretty clear that compilers are a thing of the
| past, and the next generation of processors will run English-
| level pseudocode directly.
|
| hilarious AND scary levels of prescient writing...
| purplehat_ wrote:
| If people want to read all six, here they are!
| https://mickens.seas.harvard.edu/wisdom-james-mickens
|
| My favorite is The Night Watch.
| tuzemec wrote:
| Somewhat related video: https://vimeo.com/95066828
| optimalsolver wrote:
| I think fighting Israel is kind of a glimpse into what trying to
| fight a malevolent AGI will be like.
|
| Expect to lose in highly surprising ways.
| speedgoose wrote:
| I don't know, driving a big truck into AWS' us-east-1 power
| supply section sounds more than enough to take down internet
| for a while.
| ta1243 wrote:
| I would _hope_ that data centre has multiple power supplies
| from multiple locations - as well as UPS and on site
| generators, certainly mine do.
|
| However given AWS is so complex (which is required because
| they want to be a gatekeeping platform) leading the uptime to
| struggle to match a decent home setup, I'm not sure. I'm sure
| there's no 6 figure bonus for checking the generators are
| working, but a rounded corner on a button on an admin page?
| WJW wrote:
| Of course, but that's the point. Actual AGI wouldn't need to
| limit itself pointlessly in ways that would make it obvious
| to every internet rando how to hit it. Just as you cannot
| kill an intelligence agency with a single strike, it could
| distribute itself over many secret locations.
| red-iron-pine wrote:
| ITT: we've never spent time around ashburn va data centers.
|
| most have big heavy barriers and multiple bollards and
| fences. some of the reston va data centers have big glorious
| planters out front and weird angles to walk up to the mantrap
| -- to prevent trucks from driving through. the generators
| usually have some sort of fence or bollards, and most are on
| multiple power sources from the local and airport grids.
|
| source: used to manage nova data centers and did plenty of
| attack surface mapping. the truck-through-front-door approach
| is consistently considered.
| broodbucket wrote:
| Remember, you don't have to be unhackable, just sufficiently
| unimportant to not be worth burning any novel capability on
| INTPenis wrote:
| That's right, just keep your head down, smile and nod, do your
| job and nothing will ever go wrong. /s
| brigandish wrote:
| A more charitable view would be to act like a zebra in a herd
| of zebra rather than a zebra in a herd of horses.
| IAmBroom wrote:
| Charitable, but also privileged. Many people only have the
| option of looking like a cow in a cattle yard.
| GreenWatermelon wrote:
| You /s but this is actually valid advice for someone who just
| wants to get by in life and is content.
| energy123 wrote:
| Downvoted, but so much evil is caused by people due to
| their distorted yet sincerely believed moral virtues. Not
| due to an absence of morality but because of it. Whatever
| you have in your mind as the image of quintessential evil
| is probably caused by those people's sincerely held moral
| system, a moral system they believed in as strongly as you
| do yours. So people who just live their lives and do not
| grasp on external change are fine by me.
| GreenWatermelon wrote:
| are you saying that you've downvoted me, or just pointing
| out that I've been downvoted? If the former, why?
| throwaway_dang wrote:
| Do the bombs dropping in war zones avoid apolitical people?
| If not, when is the appropriate time to get sufficiently
| political to avoid having a bomb dropped on one's head?
| adrianN wrote:
| Very few individuals can influence whether or not bombs
| drop. The best way to avoid having bombs dropped on your
| head is moving to a place where fewer bombs are dropped.
| jimnotgym wrote:
| But many people together, although none of them
| individually influencial enough, certainly can influence
| where bombs get dropped.
|
| When you start successfully reaching many people you can
| be sure that security agencies will start watching you.
| adrianN wrote:
| In areas where bombs are dropped there is generally a
| large majority in favor of stopping that, but they have
| little influence.
| GreenWatermelon wrote:
| "Keeping your head down" means not doing anything that
| would cause a government (especially your own) to want to
| disappear you.
|
| If you vocally oppose your tyrannical government, you
| won't avoid a bomb on your head. In the best case you'll
| get a bullet through your head. Worst case, you spend a
| lifetime in a prison.
| INTPenis wrote:
| True enough. I'm content as long as I don't hear the news
| anywhere. Recently had my dad over and he can't go 5
| minutes without the news on in the background. Really hard
| to be content then.
| ragazzina wrote:
| >someone who just wants to get by in life and is content
|
| "It's the reductionist approach to life: if you keep it
| small, you'll keep it under control. If you don't make any
| noise, the bogeyman won't find you. But it's all an
| illusion, because they die too, those people who roll up
| their spirits into tiny little balls so as to be safe.
| Safe?! From what? Life is always on the edge of death;
| narrow streets lead to the same place as wide avenues, and
| a little candle burns itself out just like a flaming torch
| does."
| lisbbb wrote:
| That's stupid. It's not all an illusion. The scale
| definitely matters. If you are buying stocks you can make
| a profit as a little guy that if the big guys tried to do
| it they would quickly become the "market maker" and the
| strategy would not scale up. It's the same with criminal
| activity or insurgency--small mosquitoes are ignored
| while the major threats get swatted hard.
| impossiblefork wrote:
| I don't think that's the interpretation, but make your
| computer systems disconnected from what you do.
|
| If relevant adversaries don't know which computer to burn the
| exploit on, then they won't burn it on the right one.
| aa-jv wrote:
| I think the more important maxim to follow is this: _if you
| didn 't manufacture your own sillicon, you are infinitely more
| hackable than if you did._
|
| Alas, no matter how hard we try to trust our compilers, we must
| also adopt methods to trust our _foundries_.
|
| Oh, we don't have our own foundries?
|
| Yeah, thats the real problem. _Who owns the foundries?_
| pydry wrote:
| When has anybody ever been hacked via a foundry?
|
| While having your own foundry is undoubtedly a good thing
| from the perspective of supply chain resiliency, if hacking
| is what you're worried about there are probably easier ways
| to mitigate (e.g. a bit more rigor in QC).
| aa-jv wrote:
| Do _you_ know what "your" CPU is doing? Do you _really_?
| lisbbb wrote:
| I always figured the spy crap was programmed right in to
| the chips themselves and the BIOS.
| IAmBroom wrote:
| "When" is what we will likely never know, given the
| subterranean depth of trust _and_ visibility there.
| Probably never...
| kragen wrote:
| Roughly everybody you've ever met, 100% of the time.
|
| There's a reason the NSA can get Intel CPUs without IME and
| you can't. Given the incentives and competence of the
| people involved, it's probably an intentional vulnerability
| that you can't escape because you don't fab your own chips.
| There's strong circumstantial evidence that Huawei got
| banned from selling their products in the US for doing the
| same thing. And the Crypto AG backdoor (in hardware but
| probably not in silicon) was probably central to a lot of
| 20th-century international relations, though that wasn't
| publicly known until much later.
|
| And this is before we get into penny-ante malicious
| hardware like laser printer toner cartridges, carrier-
| locked cellphones, and HDMI copy protection.
|
| No amount of QC is going to remove malicious hardware; at
| best, it can tell you it's there.
| purplehat_ wrote:
| Not exactly what you're asking, but multiple CVEs have been
| found in Intel's Management Engine (ME) which have been
| used in spyware.
|
| It might not be an intentional backdoor, but it very much
| seems designed with out-of-band access in mind, with the
| AMT remote management features and the fact that the
| network controller has DMA (this enables packet
| interception).
| smithkl42 wrote:
| Nah, if I manufactured my own silicon, I'd be infinitely more
| hackable than I am right now - just like if I wrote my own
| crypto code. 99.9999% of people are going to be more secure
| if they just rely on publicly accessible cryptography (and
| silicon). Otherwise you're just going to be making stupid
| mistakes that real cryptographers and security folks found
| and wrote defenses against three decades ago.
| MomsAVoxell wrote:
| If you _could_ make your own silicon, you could create a
| guild or a federation to audit it, and then your trust
| circle would be smaller and therefore safer.
|
| >Otherwise you're just going to be making stupid mistakes
| that real cryptographers and security folks found and wrote
| defenses against three decades ago.
|
| Yeah, thats the point, learn those same techniques, get it
| in the guild, and watch each others backs.
|
| Rather than just 'trusting' some faceless war profiteers
| from the midst of an out of control military-industrial
| complex.
| shiandow wrote:
| Given that choice I'd rather choose to be unhackable.
| itsnowandnever wrote:
| I think people don't understand what this means either. the
| nation-state "agencies" that can and will get into your
| network/devices can do so because they would employ tactics
| like kidnapping and blackmailing a local telco field
| technician. or if it's your own government, they can show up
| with some police and tell them to do whatever and most will
| comply without even receiving a proper court order.
|
| so unless you're worth all that trouble, you're really just
| trying to avoid being "low hanging fruit" compromised by some
| batch script probing known (and usually very old)
| vulnerabilities
| red-iron-pine wrote:
| plenty of big telcos push back to gub'mnt orders. they
| usually get a warrant.
|
| or they just pay the $2100 per API call to download it from
| the telco or social media company.
|
| it's not improper if you agreed to give a company the ability
| to sell your data to anyone -- the government is anyone, and
| they have the money.
| andai wrote:
| So the advice would be for an activist to choose extremely
| boring forms of activism? ;)
| broodbucket wrote:
| If you're at that level where some powerful entity really
| takes an interest in you, you just have to operate as if
| you're always compromised, I think.
| lisbbb wrote:
| I like the "gray man" concept, but can't predict when you end
| up on the radar or why. As a young graduate student, I once
| wrote an article that rebuffed the government's "Total
| Information Awareness" trial balloon and suddenly found myself
| embroiled in much unexpected controversy, including some big
| name journalists e-mailing me and asking questions. You just
| never know when you stumble into something that you're not
| supposed to know about and what might happen.
| edu wrote:
| That's a fun take, similar to the classic XKCD 538: Security.
| https://xkcd.com/538/
| hshdhdhehd wrote:
| The 4096 bits just stops it being so easy to surveil you that
| it is hyper-automated. So there is some use. The $5 wrench
| needs a million dollar operation to get that guy to your house.
| bbarnett wrote:
| Oh come on, that's way over budget! Every time I managed such
| an operation, we'd just rent a van and... uh, I mean, um, I
| heard it costs less.
|
| <NO CARRIER>
| hshdhdhehd wrote:
| Its a million dollars to the defense contractor who lobbies
| for more wrench attacks.
| ta1243 wrote:
| Depends how strong the protections of your civil society is,
| but it doesn't cost $1m to send a goon with a crowbar or
| shotgun. Sure that doesn't scale, but if _you_ are a target
| you 're screwed
| hshdhdhehd wrote:
| The $1m is the stuff they did to the point where they knew
| where to send the goon.
|
| If you are a target you are screwed. But clever crypto
| isn't useless.
| sigwinch wrote:
| Probably used to average over $1m. Nowadays, those
| operations (polonium, novachuk, expending expensive KGB
| resources) send a signal. Otherwise, swatting your home
| while they drain your wallets; or threatening to swat;
| quite inexpensive.
| dominicrose wrote:
| this is why you need a fake password that provides access to
| fake content that looks like the real content
| eirini1 wrote:
| Never agreed with this logic. For a lot of people (anyone that
| does political activism of some sort for example) the threat
| model can be a lot more nuanced. It might not be Mossad or the
| CIA gunning for you, specifically, but it might police searching
| you and your friend's laptops or phones. It might be burglars
| targetting the office of the small organization you have and the
| small servers you have running there.
| rini17 wrote:
| You did not write what you actually disagree with....
| turboturbo wrote:
| The false dichotomy
| rini17 wrote:
| The dichotomy between what average people(including
| political activists) can actually handle and stuff proposed
| by security researchers is real.
| anonym29 wrote:
| The idea that average people can't handle incremental
| improvements like a password manager, MFA, full disk
| encryption, etc is unhealthy infantilization of people
| who are entirely capable of understanding the concepts,
| the benefits, the risks they address, and appreciating
| the benefits of them.
|
| Most people just don't care enough until after they're
| hacked, at which point they care just enough to wish
| they'd done something more previously, which is just shy
| of enough to start doing something differently going
| forward.
|
| It's not that normies are too stupid figure this out,
| it's that they make risk accept decisions on risks they
| don't thoroughly understand or care enough about to want
| to understand. My personal observation is that the
| concept of even thinking about potential future
| technology risks at all (let alone considering changing
| behavior to mitigate those risks) seems to represent an
| almost an almost pathological level of proactive
| preparation to normies, the same way that preppers
| building bunkers with years of food and water storage
| look to the rest of us.
| rini17 wrote:
| I do understand the concepts and exactly because of that
| I doubt I myself would be able of airtight opsec against
| any determined adversary, not even state-level one. I
| think it's humility, you think I infantilize myself lol.
|
| I do use password manager and disk encryption, just for
| case of theft. Still feels like one stupid sleepy
| misclick away from losing stuff and no amount of MFAs or
| whatever is going to save me, they actually feel like
| added complexity which leads to mistakes.
| coldtea wrote:
| the maximalist false dillema of "all or nothing": either it's
| a super-poweful super-human agency and you can't do anything,
| else any half-measure is fine
| bell-cot wrote:
| _Yep._ While there might be _some_ use cases for his ultra-
| simplistic "Mossad/not-Mossad duality" - say, convincing Bob
| Jones that "b0bj0nes" is not a great password - it's 99% fairy
| tale.
|
| And even if the CIA/Mossad/NSA/whoever is "interested" in you -
| this is the era of mass surveillance. The chances that you're
| worth a Stuxnet level of effort is 0.000000001%. Vs. 99.999%
| chance that they'll happily hoover up your data, if you make it
| pretty easy for their automated systems to do that.
| tonnydourado wrote:
| Also worth noting that Mossad/CIA/etc. are not monoliths.
| Maybe you got a top agent assigned to you, but maybe your
| file is on the desk of the Mossad's version of Hitchcock and
| Scully from Brooklyn 99.
| zahlman wrote:
| > Yep. While there might be some use cases for his ultra-
| simplistic "Mossad/not-Mossad duality" - say, convincing Bob
| Jones that "b0bj0nes" is not a great password - it's 99%
| fairy tale.
|
| Honestly, the oversimplification here reads to me more like
| something Bob Jones could use to _justify not caring_ about
| "b0bj0nes" not being a great password.
| bell-cot wrote:
| I was thinking, "Bob, stop making excuses about how it's
| hopeless, and you'd need a 'U0hBNTEyICgvdmFyL2xvZy9tZXNzYWd
| lcykgPSBjNGU2NGM1MmI5MDhiYWU3MDU5NzdlMzUzZDlk'-level
| password to be safe. That 'b0bj0nes' is so easy that a
| bored kid might get it in a few dozen guesses, and you need
| to change it to something better."
| wpollock wrote:
| That password should include symbols too! Without
| symbols, each character is one of 62 values (sticking to
| ASCII letters and digits). Including symbols makes it
| much harder to guess passwords of a given length. Even
| better would be Unicode letters, digits, and symbols,
| even if you stick to the Basic Multilingual Plane.
|
| Best would be non-text, binary strings. Since I already
| use a password manager, I don't really need to type
| passwords by hand. But I do understand most people prefer
| text passwords that could be entered by hand if
| necessary.
| bell-cot wrote:
| Except that's exactly what the Mossad will be expecting
| us to use, for our uber-secure password! By eschewing
| symbols and binary, we are actually meta-out-smarting
| their ultimate giga-quantum nuclear crypto cracker.
|
| Or: This is Bob "Dim Bulb" Jones we're talking to. KISS,
| and _maybe_ we can convince him to upgrade his password
| to "iwantacoldbeernow".
| jasomill wrote:
| "iwantacoldbeernow"
|
| _Sorry, your password does not meet complexity
| requirements because it does not contain at least one of
| each of the following: uppercase letters, lowercase
| letters, numeric digits, nonalphanumeric symbols._
|
| "I want 1 cold beer now."
|
| _Sorry, your password may not contain spaces._
|
| "Iwant1coldbeernow."
|
| _Sorry, your password is too long._
|
| "Iwant1beernow."
|
| _Sorry, your password is too long._
|
| "1Beer?"
|
| _Sorry, your password is too short._
|
| "Password1!"
|
| _Thank you. Your password has been changed._
| YesThatTom2 wrote:
| I'm pretty sure his point was that security labels are a dead
| end.
|
| (Have you ever attended an academic security conference like
| Usenix Security?)
| shermantanktop wrote:
| The third mode is enabled by scale of data and compute. If
| enough data from enough sources is processed by enough compute,
| Mossad does not need to have a prior interest in you in order
| for you to fit a profile that they are interested in.
|
| Anyone else see all the drones flying over a peaceful No Kings
| assembly?
| some_random wrote:
| Yeah it's extremely immature, even within police agencies
| there's a huge variation on their ability to perform digital
| forensics. Furthermore, just because the feds don't like you
| for whatever reason doesn't mean they're going to deploy their
| top-of-the-line exploits against you, or detain and torture
| you, or whatever magic voodoo bullshit the author thinks the
| Mossad can do.
| megous wrote:
| Not sure what audience he is talking to. Experts deal with a lot
| more issues that sit between choosing a good password + not
| falling for phishing and "giving up because mossad". The
| terminology that he sprinkles about suggests the audience is
| experts.
| rini17 wrote:
| The article actually addresses this -- that all these extra
| issues are not manageable for mere mortals anyway and/or
| perfectly spherical cows are involved.
| megous wrote:
| It does not. It just invents a bunch of straw men, and then
| mocks them.
| rini17 wrote:
| Such as?
| IAmBroom wrote:
| Literally what you are doing with the article right now.
| impossiblefork wrote:
| The Mossad part is a very silly element of the text. Many
| organizations have to defend against US intelligence, Israeli
| intelligence etc., and I'm sure, that they, with the exception of
| some very terrible countries with a lot of incompetence or full
| of disloyal people likely to become infiltrators, are quite
| successful.
|
| Actual security is possible even against the most powerful and
| determined adversaries, and it's possible even for _you_.
| IAmBroom wrote:
| Well, data security. Right up until the wetware is included.
| impossiblefork wrote:
| I think, a lot of people imagine these people as very
| capable, and they think of things like those pagers etc., but
| when I think of them I think of the Lillehammer affair and a
| bunch of other similarly silly business, so I'm much less
| impressed with them, feeling that they're basically silly
| people.
|
| There's so many cock-ups etc. that you can read about
| Wikipedia that I don't understand why people hold these
| people highly and imagine them to be so able. They simply
| aren't.
| lifestyleguru wrote:
| Then how it's possible Mossad didn't know about what had happened
| on 7 October 2023?
| INTPenis wrote:
| This is exactly the type of comment that will get you mossad'd.
| lifestyleguru wrote:
| ok I'll keep you updated, but I don't own any real estate
| they could "de-Hamasify"
| ozirus wrote:
| Domestic intel = Shin Bet, not Mossad
| bbarnett wrote:
| The same way the US didn't know about 9/11. Intelligence
| failures.
|
| (Portions of the US intelligence apparatus knew, but that
| knowledge didn't transition into action)
| energy123 wrote:
| Israel's intelligence services (not Mossad) did collect valid
| signals, such as sim cards in Gaza being swapped out for
| Israel sim cards, but it was ignored as another false
| positive. What the public don't see are all the false
| positives (like many drills for an attack that don't
| materialize) that drown out valid signals when the attack is
| actually going to happen. There's also hesitancy to act on
| signals because drills are used to expose intelligence.
|
| It's one of the many asymmetries that changes when you are
| the defender versus the attacker. As the defender, you have
| to be right 100% of the time. As the attacker, you have the
| luxury of being right only 30% of the time. The law of large
| numbers is on the side of the attacker. This applies to
| missile offense/defense and to usage of intelligence.
|
| This information asymmetry is also one of the key drivers of
| the security dilemma, which in turn causes arms races and
| conflict. The defender knows they can't be perfect all the
| time, so they have an incentive to preemptively attack if the
| probability of future problems based on their assessment of
| current information is high enough.
|
| In the case of Gaza there was also an assessment that Hamas
| were deterred, which were the tinted glasses through which
| signals were assessed. Israel also assumed a certain shape of
| an attack, and the minimal mobilisation of Hamas did not fit
| that expected template. So the intelligence failure was also
| a failure in security doctrine and institutional culture. The
| following principles need to be reinforced: (i) don't assume
| the best, (ii) don't expect rationality and assume a rival is
| deterred even if they should be, (iii) intention causes
| action, believe a rival when they say they want to do X
| instead of projecting your own worldview onto them, (iv)
| don't become fixated on a particular scenario, keep the
| distribution (scenario analyses) broad
| dominicrose wrote:
| Avoiding a car accident has a low cost, you just have to
| take it slowly and be 1 min late to your meeting or
| whatever, but deciding wether you should attack first based
| on a small suspicion, that a hell of a problem, because if
| you're wrong, you're seen as the bad guy. And maybe even if
| you're right and can't prove it.
| energy123 wrote:
| > because if you're wrong, you're seen as the bad guy.
| And maybe even if you're right and can't prove it.
|
| An example of this is France cutting off all support
| after Israel's initiation of the Six Day War, which
| followed signals such as Egypt massing troops on the
| border. The problem for Israel was the lack of strategic
| depth combined with the geographical low ground, which
| creates these hair trigger scenarios with no room for
| error, reducing the threshold to act preemptively. The
| more abstract problem was the absence of a hegemon in the
| late 20th century that had security control over West
| Asia, which is a necessary and sufficient condition for
| resolving the security dilemma.
| IAmBroom wrote:
| > As the attacker, you have the luxury of being right only
| 30% of the time.
|
| Interesting number you suggested. That's a pretty normal
| success rate for a carnivore attacking prey.
| throwaway_dang wrote:
| Maybe they did but it was permitted to happen to provide the
| pretext to expand those Greater Israel borders.
| 2rsf wrote:
| a. I am too lazy to search but they probably did, the problem
| was what was done with the information. Same with 8200 the all
| mighty signal intelligence corps
|
| b. The Mossad is the equivalent of the CIA, they are not meant
| to act inside Israel
| ta1243 wrote:
| > b. The Mossad is the equivalent of the CIA, they are not
| meant to act inside Israel
|
| For that purpose is Gaza inside or not inside Israel?
| 2rsf wrote:
| Yes (TBD)
| lifestyleguru wrote:
| Israel would probably dispute it, but for most of the world
| Gaza in relation to Israel is "abroad" and not "domestic".
| rgblambda wrote:
| Shin Bet (Israeli internal security service) have an Arab
| desk that covers the West Bank & Gaza.
| smashah wrote:
| They didn't know about the pretense they wanted to spend the
| following 2+ years making unlimited fallacious justifications
| for committing a live-streamed holocaust of children? Who told
| you that?
| drdrek wrote:
| Actually Gaza and the West Bank are handled by the "Shabak"
| agency which is the equivalent of the FBI while the "Mossad"
| agency is only for foreign operations and is equivalent to the
| CIA
|
| And asking how did they miss something is like asking how come
| AWS has downtime. But I'm sure you could come to this
| conclusion on your own if you didn't really want the answer to
| be something else.
| torginus wrote:
| And the article is a huge rant about why security people are
| stupid for worrying about the most clearly implausible shit
| ever.
| IAmBroom wrote:
| Lack of omniscience, infinite computing power, and yottabyte
| storage facilities?
| lifestyleguru wrote:
| Dunno, Microsoft was quite generous with their cloud plan.
| smashah wrote:
| They didn't know about Hannibal Directive Celebration Day? Who
| told you that?
| torginus wrote:
| If your adversary is a state intelligence agency, you're probably
| a high ranking politician and a boomer who is clueless about
| computers, and has demonstrably terrible opsec, either through
| government incompetence of your own agencies, or not following
| the terribly cumbersome opsec procedures, either because of
| inconvenience, the policies being terrible or sheer incompetence.
|
| The amount of examples we've seen of this is staggering.
| sigwinch wrote:
| That sounds like an elected legislator, not like the kind of
| person with close access to compartmentalized info. And its the
| form of a leak of policy or some covert program; details which
| could also be bought; so it's called "retail" compared with
| systematic.
| torginus wrote:
| I think saying that people like Hillary Clinton, Trump, Biden
| or Bolton didn't have access to highly sensitive information
| is not a reasonable stance (and those are just the ones we
| know about).
| sigwinch wrote:
| It's good that no one is arguing that. But your argument
| isn't strong. You're saying that numbers matter. Those
| kinds of people go in and out of SCIFs. If they belch a
| secret at lunch, maybe it has lobbying implications, but it
| wasn't compartmentalized. It can even be disinfo.
|
| The real ROI is to land a Jonathan Pollard. Not even a
| million Hegseths can leak enough info to collect into one
| Pollard.
| mike_hearn wrote:
| It's hilarious, but the hilarity gets in the way of recognizing
| how much insight there is also there. It makes serious points.
| This part about the Mossad is especially astonishing given the
| pager attack:
|
| _> If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S
| NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated
| by the fact that you employ https: //. If the Mossad wants your
| data, they're going to use a drone to replace your cellphone with
| a piece of uranium that's shaped like a cellphone_
|
| It's like a Mossad agent read this paper and thought hey that's
| actually not a bad idea.
|
| But the core rant is about dubious assumptions in academic
| cryptography papers. I was also reading a lot of academic crypto
| papers in 2014, and the assumptions got old real fast. Mickens
| mocks these ideas:
|
| * _" There are heroes and villains with fantastic (yet oddly
| constrained) powers"_. Totally standard way to get a paper
| published. Especially annoying were the mathematical proofs that
| sound rigorous to outsiders but quietly assume that the adversary
| just can't/won't solve a certain kind of equation, because it
| would be inconvenient to prove the scheme secure if they did. Or
| the "exploits" that only worked if nobody had upgraded their
| software stack for five years. Or the systems that assume a
| perfect implementation with no way to recover if anything goes
| wrong.
|
| * _" you could enlist a well-known technology company to [run a
| PKI], but this would offend the refined aesthetics of the vaguely
| Marxist but comfortably bourgeoisie hacker community who wants
| everything to be decentralized"_, lol. This got really tiresome
| when I worked on Bitcoin. Lots of semi-technical people who had
| never run any large system constantly attacking every plausible
| design of implementable complexity because it wasn't
| decentralized enough for their tastes, sometimes not even
| proposing anything better.
|
| * _" These [social networks] are not the best people in the
| history of people, yet somehow, I am supposed to stitch these
| clowns into a rich cryptographic tapestry that supports key
| revocation and verifiable audit trails"_ - another variant of
| believing decentralized cryptography and PKI is easy.
|
| He also talks about security labels like in SELinux but I never
| read those papers. I think Mickens used humor to try and get
| people talking about some of the bad patterns in academic
| cryptography, but if you want a more serious paper that makes
| some similar points there's one here:
|
| https://eprint.iacr.org/2019/1336.pdf
| Yizahi wrote:
| > Lots of semi-technical people who had never run any large
| system constantly attacking every plausible design of
| implementable complexity because it wasn't decentralized enough
| for their tastes, sometimes not even proposing anything better.
|
| And for added fun, that same radical decentralization crowd,
| finally settling on the extremely centralized Lightning crutch,
| which is not only centralized but also computationally over
| complicated and buggy.
| ta1243 wrote:
| > you could enlist a well-known technology company to [run a
| PKI],
|
| If you have a single company, then that's easy enough for a
| group like Mossad to infiltrate. Probably easier than a
| distributed system.
| mike_hearn wrote:
| The best known PKI (webtrust) is many companies, not a single
| company. So it's distributed but that makes it easier to hack
| not harder because you have many possible targets instead of
| just one.
| jojobas wrote:
| It is kinda funny, but cost and benefit analysis is not foreign
| even to Mossad. Mossad would prefer quite a few people's data
| stolen, but they are not going to carry out a black abroad for
| most of them.
| commandlinefan wrote:
| > going to use a drone to replace your cellphone with a piece
| of uranium
|
| That's assuming they can figure out who you are in the first
| place. My pipe dream for the internet (that I thought we were
| getting way back in the 90's) is total anonymity. You can say
| whatever you like about the mossad, or the NSA or the KGB or
| whatever you like, and they'll never be able to figure out
| whose cellphone to replace with a piece of uranium.
|
| We have the technology to make it happen (thanks to the
| paranoid security researchers!) just not the collective will to
| allow it.
| nathan_compton wrote:
| The biggest social challenge to this is astro-turfing, from
| my own point of view. Even total anonymity with proof of work
| doesn't solve the problem. Like the idea we _want_ is that
| people can speak truth to power. But total anonymity makes it
| quite difficult to figure out if its power speaking lies to
| create a false perception of the truth.
|
| I mean go read 4chan, a place where there is something like
| total anonymity. Those people are constantly imagining that
| half the comments on the site are generated by intelligence
| agencies and, who knows, maybe they are right? I really do
| wonder if there is any way to reap the rewards of total
| anonymity without the poison of bad actors.
|
| I'm somewhat moderate on the issue from a practical point of
| view. I think citizens have a right to some sort of
| reasonable privacy and I don't think laws which try to
| regulate the technical mechanisms by which we can have it
| make sense, no matter how evil the use of the technology is.
| But I don't think that, in the end, it is beyond the remit of
| authority to snoop with, for example, a court order, and the
| means to do so. I expect authority to abuse power, but I
| don't think that technological solutions can prevent that.
| Only a vigilant citizenry can do it.
| ikamm wrote:
| If you think the bots and bad actors are bad now...
| smashah wrote:
| Very true, unfortunately there's no password strong enough to
| stop Malaysian Airlines ground crew from loading a pallet full of
| Mossad-rigged walkie talkies on my flight from Kuala Lumpur to
| Beijing via conveniently-placed-NATO-AWACS-infested airspace.
|
| 2FA isn't going to protect me from cruising altitude walkie
| talkie detonation and having the debris scattered over an
| impossibly wide area.
|
| I guess the best thing to do is not take an airline of a country
| that has recently showed public support for Gaza specifically
| during a humanitarian visit in the months prior to my flight.
|
| Thankfully none of this is true and everything the mainstream
| media and governments tell us are true - imagine if things
| weren't as they seemed?.. Craziness... Back to my password
| manager!
| gjvc wrote:
| this guy's stuff reads like word salad and people lap it up. I've
| never understood why.
| Havoc wrote:
| Despite word salad it is entertaining and the core message is
| valid
| EdwardDiego wrote:
| Because it's a funny rant.
| torginus wrote:
| He wrote quirky internet humor before it was mainstream, in
| fact he's a victim of his own success - when this article came
| out this would've been considered funny and witty writing, but
| has become tired and derivative enough today to provoke a
| negative reaction.
| ChrisMarshallNY wrote:
| I've always enjoyed Mikens' writing. He has a great sense of
| humor.
|
| I like his using Mossad as the extreme. I guess "Mossad'd" is now
| a verb.
| zkmon wrote:
| Security is a problem caused by ownership of some usefulness.
| Sometimes solution can be around addressing these two causes.
| tarjei_huse wrote:
| Do you have a concrete example?
| zkmon wrote:
| Do not have concentrated usefulness and do not have
| concentrated ownership.
| Havoc wrote:
| I see this on reddit a lot in self hosting context.
|
| The range of things people do on security is wild. Everything
| from publicly expose everything and pray the apps login function
| some random threw together is solid to elaborate intrusion
| detection systems.
| jones89176 wrote:
| I enjoyed "The Night Watch" a lot:
|
| https://scholar.harvard.edu/files/mickens/files/thenightwatc...
|
| > A systems programmer will know what to do when society breaks
| down, because the systems programmer already lives in a world
| without law.
| dnlserrano wrote:
| Mickens essays are always a good read
| contrarian1234 wrote:
| I think the central premise is a "wrong". The "point" of science
| isn't really to do useful things. Framing things from that angle
| is in subtle ways dangerous bc that shouldnt be part of the
| incentive structure.
|
| you dont understand the mating behaviors of naked mole rats bc of
| some sense of "usefulness". Its just an investigation of nature
| and how things work. The usefulness comes out unexpectedly. Like
| you find out naked mole are actually maybe biologically immortal
|
| You should just find interesting phenomena and invetigate.
| Capitalism figures out the usefulness side of things
| wmwragg wrote:
| Yeah, Science shouldn't be concerned with usefulness, just like
| Art. It's the application of those fields which should concern
| itself with usefulness i.e. applied science, engineering,
| design etc. I'm not saying that scientific research shouldn't
| be carried out by companies with specific goals in mind, just
| that it shouldn't be the expected default.
| kragen wrote:
| Both Assange and Snowden are apparently alive and well, despite
| Mossad-like agencies wishing otherwise, largely thanks to Tor;
| and Hamas, whose adversary was in fact the Mossad, apparently
| still exists. Hizbullah has hopefully taught us all a good lesson
| about supply-chain attacks.
|
| Debian is probably the only example of a successful public
| public-key infrastructure, but SSH keys are a perfectly
| serviceable form of public-key infrastructure in everyday life.
| At least for developers.
|
| Mickens's skepticism about security labels is, however,
| justified; the problems he identifies are why object-capability
| models seem more successful in practice.
|
| I do agree that better passwords are a good idea, and, prior to
| the widespread deployment of malicious microphones, were adequate
| authentication for many purposes--if you can avoid being phished.
| My own secure password generator is
| http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords....,
| and some of its modes are memorable correct-horse-battery-staple-
| type passwords. It's arguably slightly blasphemous, so you may be
| offended if you are an observant Hindu.
| sigwinch wrote:
| Why did you choose random's SystemRandom rather than secrets?
| kragen wrote:
| What?
|
| Oh, you mean PEP 506. I wrote this program in 02012, and PEP
| 506 wasn't written until 02015, didn't ship in a released
| Python until 3.6 in 02016, and even then was only available
| in Python 3, which I didn't use because it basically didn't
| work at the time.
|
| PEP 506 is just 22 lines of code wrapping SystemRandom.
| There's no advantage over just using SystemRandom directly.
| _zoltan_ wrote:
| what is 02012 and why write it so strange?
| namibj wrote:
| They want to feel like they matter in over 10k years from
| now, where a 4-digit year would start to wrap.
| zahlman wrote:
| In fact that will be not even 8k years from now.
| sigwinch wrote:
| I'll be very embarrassed when I'm still writing 9999 on
| my checks.
| ahoka wrote:
| Obviously it's octal and the person is a time traveler
| from the 11th century.
| will4274 wrote:
| It's the long now foundation thing. The long now
| foundation encourages writing years with five digits to
| encourage readers to think about long term planning, to
| plan for a future of humanity that is measured in more
| than thousands of years.
|
| https://en.wikipedia.org/wiki/Long_Now_Foundation
| dredmorbius wrote:
| <https://news.ycombinator.com/item?id=45505856>
|
| <https://news.ycombinator.com/item?id=43463920>
|
| <https://news.ycombinator.com/item?id=39175614>
| prometheus76 wrote:
| > prior to the widespread deployment of malicious microphones,
| were adequate authentication for many purposes
|
| Can you elaborate on this? I don't understand the context for
| malicious microphones and how that affects secure passwords.
| kragen wrote:
| Oh, well, it turns out that keyboard sounds leak enough
| entropy to make it easy to attack even very strong passwords.
|
| Microphones on devices such as Ring doorbell cameras are
| explicitly exfiltrating audio data out of your control
| whenever they're activated. Features like Alexa and Siri
| require, in some sense, 24/7 microphone activation, although
| normally that data isn't transmitted off-device except on
| explicit (vocal) user request. But that control is imposed by
| non-user-auditable device firmware that can be remotely
| updated at any time.
|
| Finally, for a variety of reasons, it's becoming increasingly
| common to have a microphone active and transmitting data
| intentionally, often to public contexts like livestreaming
| video.
|
| With the proliferation of such potentially vulnerable
| microphones in our daily lives, we should not rely too
| heavily on the secrecy of short strings that can easily leak
| through the audio channel.
| antonvs wrote:
| Using a password manager is an easy and useful protection
| against audio leaks of passwords.
|
| But this is an example of the kind of thing the OP is
| talking about. You're probably not at a very realistic risk
| of having your password hacked via audio exfiltrated from
| the Ring camera at your front door. Unless it's Mossad et
| al who want your password.
| kragen wrote:
| Like "you're probably not at a very realistic risk of
| having your phone wiretapped", this is overindexing on
| past experience--remember that until Room 641A commenced
| operations in 02003
| (https://en.wikipedia.org/wiki/Room_641A), you _weren
| 't_, and after it did, your phone was virtually
| guaranteed to be wiretapped. Similarly, you aren't at a
| very realistic risk of having your password hacked via
| audio, until someone is doing this to 80% of the people
| in the world. As far as we know, this hasn't happened
| yet, but it certainly will.
| eykanal wrote:
| > ...Assange and Snowden...
|
| I'd argue that for every Assange and Snowden, there are 100
| (1k? 100k?) people using Tor for illegal, immoral, and
| otherwise terrible things. If you're OK with that, then sure,
| fine point.
|
| > SSH keys
|
| Heartbleed and Terrapin were both pretty brutal attacks on
| common PKI infra. It's definitely serviceable and very good,
| but vulnerabilities can go for forever without being noticed,
| and when they are found they're devastating.
| kragen wrote:
| Mickens was arguing that security was illusory, not, as you
| are, that it was subversive and immoral. My comments were
| directed at his point. I am not interested in your idea that
| it would be better for nobody to have any privacy.
| eykanal wrote:
| > ...who non-ironically believes that Tor is used for
| things besides drug deals and kidnapping plots.
|
| That was the quote I was referring to. Also, of course I
| didn't say that no one should have any privacy; I simply
| implied a high moral cost for this particular form of
| privacy.
| atomic128 wrote:
| Continuously updated HTTP response dumps from all the
| major Tor hidden services: https://rnsaffn.com/zg4/
|
| It is accurate to say that Tor's hidden service ecosystem
| is focused on drugs, ransomware, cryptocurrency, and sex
| crime.
|
| However, there are other important things happening
| there. You can think of the crime as cover traffic to
| hide those important things. So it's all good.
| JohnBooty wrote:
| Definitely some heinous-sounding stuff.
|
| The third result was "FREE $FOO PORN" where $FOO was
| something that nearly the entire human race recognizes as
| deeply Not Okay and is illegal everywhere.
|
| I wonder what % of the heinous-sounding sites are
| actually providing the things they say they are.
|
| I'm sure that some (most?) of them actually offer heinous
| stuff. But surely some of them are honeypots run by law
| enforcement and some are just straight up scams. However,
| I have no sense of whether that percentage is 1% or 99%.
| yapyap wrote:
| If you truly have a secure tool you won't be able to control
| what your users do with it.
| psunavy03 wrote:
| The idea that either of them are at risk of being whacked is
| utter tinfoil-hattery. The worst Snowden has to fear is being
| convicted and jailed, and it says a lot about him that he fled
| to Russia of all places instead of manning up and facing trial.
| willmarch wrote:
| Snowden didn't choose Russia as a destination. He left Hong
| Kong for Latin America and got stranded in Moscow when the
| U.S. revoked his passport mid-transit. He spent weeks in the
| airport transit zone while seeking asylum from multiple
| countries; Russia gave him temporary asylum after that.
|
| "Manning up and facing trial" sounds fair in theory, but
| under the Espionage Act there's no public-interest defense.
| He'd be barred from explaining motive or the public value of
| the disclosures, much of the case would be classified, and
| past national-security whistleblowers have faced severe
| penalties. That's why he sought asylum.
| alwa wrote:
| Being convicted and jailed can be pretty bad. Didn't Robert
| Hanssen end up in Florence ADMAX until he died [0]? And,
| maybe a more direct comparison, Wikileaker Joshua Schulte
| [1]?
|
| [0] https://en.wikipedia.org/wiki/ADX_Florence
|
| [1] https://en.wikipedia.org/wiki/Joshua_Schulte
| BLKNSLVR wrote:
| It was the US that forced Snowden into Russia.
| uvaursi wrote:
| Neither Assange nor Snowden are a threat anymore. They are
| contained and have next to no ability anymore. So it would be a
| waste of resources to pursue them. The lackeys (police etc) are
| all that's needed here to harass them and make their lives
| miserable. What's Mossad going to do? Kill them with
| explosives? That takes all the fun out of torturing them and
| making their lives miserable by proxy.
|
| The only thing I see is that both are contained and
| quarantined. The threat of both has been neutralized to the
| degree where I think the espionage agencies of all these
| countries are playing along together to keep the engine of
| their craft going uninterrupted without fuss.
|
| In other words, you have to be gullible to think an embassy
| cares about protecting Assange. It's a phone call from the
| secret service director saying "Keep him there for now, it's
| where we want him."
| drdrek wrote:
| The point about the lay person not needing massive parallelism
| was very true, until it was not :D
| anthk wrote:
| Ah, very Germanic tactics against some Mediterranean foe. Us,
| Southern Mediterranean/half Atlantic guys, we have it easier. We
| would just put fake data, hints and traces untl they get mad and
| paranoid between themselves, we are experts on that since
| forever.
|
| Also, the Southern part of the country (which I am pretty much
| not related culturally at least on folklore and tons of customs)
| managed to bribe even the Russian mafias. They were that crazy,
| it's like a force of nature. OFC don't try backstabbing back
| these kind of people, some 'folklorical' people are pretty much
| clan/family based (even more than the Southern Italians) and they
| will kick your ass back in the most unexpected, random and non-
| spectacular way ever, pretty much the opposite of the Mexican
| cartels where they love to do showoff and displays. No, the
| Southern Iberians are something else, mixed along Atlantics and
| Mediterranean people since millenia and they know all the tricks,
| either from the Brits/Germanics to Levantine Semitic foes...
|
| You won't expect it. You are like some Mossad random Levi,
| roaming around, and you just met some nice middle aged woman on a
| stereotyped familiar bar where the alleged ties to some clan must
| be nearly zero, and the day after some crazy Islamic terrorist
| wacko with ties to drug cartels will try to stab you some Sunday
| in the morning and he might try to succeed with the dumbest and
| cheapest way ever.
|
| No, is not an exaggeration. We might not be Italy, but don't try
| to mess up with some kind of people. My country is not Mafia-
| bound, but criminal cartels, mafias and OFC some terror groups
| from the Magreb (and these bound to the Middle East ones) have
| deals with each other because of, you know, weapons and money.
| And Marbella it's pretty much a hub.
| kragen wrote:
| This explains a lot about Argentina.
| anthk wrote:
| Half of Iberians can't stand the rascal (picaresca) tradition
| from the other half. Specially the heavy industrialized
| North.
|
| We are not as divided as Italy, as Spain has powerhouses in
| the South as Airbus and the like, but, yes, there's a
| 'climatological gap' between the different 'Spains' across
| the mountains.
|
| Not Ethnics, but kinda like what would happen in Italy if the
| North wasn't as developed (the North of Spain isn't bad but
| you can't compare it against the Franco-German-Austrian-
| Italian industrial hub) and the South had their Mafias shut
| down in the 19th century and if they were more developed than
| they are compared to the Southern Spain.
|
| The South here isn't a shithole as Napoli and the like but
| some Andalusian coastal places can be far more dangerous than
| the Basque Country/Navarre in the 80's (terror attacks) for a
| policeman.
|
| OTOH, Belgium it's far closer to be a Narcostate than some
| microrregions in Spain such as Algeciras in Cadiz (Andalusia)
| were you can read about the Militarized Police fighting drug
| boats almost as a daily chore.
|
| On Argentina, except for a die hard Ghetto like the '3000
| viviendas' and Canada Real, every Argentinian would love to
| stay in Spain even at the worst neighbourhood at their town.
| Iberia it's far more secure than Latin America by a huge
| margin. The most dangerous issue on any bad town would be
| either a pickpocket/non-violent rob of watching some low tier
| drug dealers doing their stuff and maybe some very late night
| rape issue over months if not years. Far less than anything
| you would get in Buenos Aires.
|
| Unless, as I said, you really want to mess up your like with
| some sketchy people, the ones you would spot from meters
| away, especially in remote/nearly hidden taverns/pubs where
| drug dealing it's widely known. For example, if some pub it's
| accesed by walking down some stairs into a basement, (where
| you can't see anything from the outside without going down);
| even if it looks good, clean, modern, maintained... run away.
| kragen wrote:
| > _On Argentina, except for a die hard Ghetto like the
| '3000 viviendas' and Canada Real, every Argentinian would
| love to stay in Spain even at the worst neighbourhood at
| their town. Iberia it's far more secure than Latin America
| by a huge margin._
|
| https://en.wikipedia.org/wiki/List_of_countries_by_intentio
| n... lists Argentina at 4.31 murders per 100k population
| per year, a bit lower than the US's 5.76, while Spain is
| way down at 0.69, so I think that's sort of true. 6x is
| sort of "a huge margin". I'm pretty sure there are
| neighborhoods in Argentina that are lower than 0.69,
| though, and neighborhoods in Spain that are over 4.31.
|
| On the other hand, 4.31 is already low enough that I don't
| know anybody who's gotten murdered, although when I
| volunteered in the die-hard ghettos I met people whose
| _children_ had been murdered before I met them. In https://
| en.wikipedia.org/wiki/List_of_countries_by_mortality... we
| can see that Argentina's crude death rate is 728 deaths per
| 100k population per year, so 99.4% of deaths are from non-
| murder causes. If you somehow acquired immunity to all
| causes of deaths other than murder, and you lived in 02025
| Argentina until someone murdered you (through some kind of
| time-travel Groundhog Day thing, I guess) your life
| expectancy would be 23000 years. Real-life people who get
| heart disease and cancer don't really need to worry about
| getting murdered in Argentina unless they start dating a
| _machista_.
|
| Consequently, murder is not a major reason that people
| leave Argentina. (Contrast Honduras at 31.4 murders; Belize
| with 27.8; South Africa with 45.5; Memphis, Tennessee, with
| 48.0; or St. Louis, Missouri, with 87.8.)
|
| No, the reason every Argentinian would love to stay in
| Spain is that _Spain has an economy_.
| coolThingsFirst wrote:
| Another example of power resides where men believe it resides.
|
| Americans are just very scared of Mossad. Tons of money goes into
| Holywood to make them appear invincible to the world. Fun fact,
| they aren't.
|
| Intelligence agencies have great capabilities no doubt they get
| billions of $$$ and have utter immunity to do whatever they want
| in the name of national security. Why is only Mossad scary? I'd
| be more scared of the CIA and KGB than of Mossad.
|
| US has never been in existential threat like Israel has been, if
| it were I wouldn't want to stand in their way.
| wk_end wrote:
| > Americans are just very scared of Mossad. Tons of money goes
| into Holywood to make them appear invincible to the world.
|
| I don't believe I've _ever_ seen Mossad depicted in a Hollywood
| movie? I guess there was Munich. Are there specific movies /TV
| shows that you're thinking of?
|
| Americans, by and large, don't even think about Mossad.
| Certainly not the way they're aware of the CIA and KGB - which
| no one should be scared of at the moment since it hasn't
| existed since 1991, though obviously there are modern
| successors.
| cool_man_bob wrote:
| > Are there specific movies/TV shows that you're thinking of?
|
| Not GP, but NCIS is the big one offhand. Of course that show
| has simply gotten more and more ridiculous on general over
| the years
| teddyh wrote:
| Despite his somewhat annoying style, that article has many good
| points about the aloofness of security researchers. However, I
| will disagree on two points which the article contains:
|
| 1. Tor is (rightly) used by anyone who has a good reason for
| remaining anonymous. (See [REALNAMES] for who this can be.)
| Anyone trying to smear Tor as only used by drug dealers and other
| unsavory types are themselves suspect of having an agenda of
| discouraging Tor use for anyone lest they be suspected. This can
| only lead to an installation of Tor being viewed as a suspicious
| thing in itself; who would want that?
|
| 2. His threat model of Mossad or not-Mossad leaves out one
| important actor, which we can call the NSA. They, and others like
| them, unlike Mossad, are not after you personally in that they
| don't want to _do_ anything to you. Not immediately. Not now.
| They simply want to get to know you better. They are gathering
| information. All the information. What you do, what you buy, how
| you vote, what you think. And they want to do this to _everybody,
| all the time_. This might or not bite you in the future. He seems
| to imply that since nothing immediately bad is happening by using
| slightly bad security, then it's OK and we shouldn't worry about
| it, since Mossad is not after us. I think that we should have a
| slightly longer view of what allowing NSA (et al.) to know
| everything about everybody would mean, and who NSA could some day
| give this information to, and what _those_ people could do with
| the information. You have to think a few steps ahead to realize
| the danger.
|
| [REALNAMES] _Who is harmed by a "Real Names" policy?_
| <https://geekfeminism.fandom.com/wiki/Who_is_harmed_by_a_%22R...>
|
| (Repost of <https://news.ycombinator.com/item?id=23572778>)
| reedf1 wrote:
| honestly I find any idiosyncratic style refreshing in AI slop
| world
| bitbasher wrote:
| My favorite talk by Mickens (https://vimeo.com/95066828), also
| talks about Mossad.
| singular_atomic wrote:
| When we need him the most (a world overrun in llms and AI slop)
| it seems like he's vanished...
| tomhow wrote:
| Previously:
|
| _This World of Ours (2014) [pdf]_ -
| https://news.ycombinator.com/item?id=27915173 - July 2021 (6
| comments)
| some_random wrote:
| Where does this deification of Mossad come from anyways? They've
| done a lot more than western intel agencies post cold war but
| that's absolutely come with failures just like every other intel
| agency in existence.
| pinebox wrote:
| This all seemed very clever until I read the bio and learned that
| the author works for Microsoft -- the _last_ company that has
| _any_ business being flip about security. Bro needs to STFU and
| get on with the security drudgery, because his customer 's
| opposition very definitely _is_ the Mossad.
___________________________________________________________________
(page generated 2025-10-27 23:01 UTC)