Posts by Charles 9 16605 publicly visible posts • joined 10 Jun 2009
"Arguing about the technology is largely missing the point: users want to be able to use the phone in some situations without having to unlock it."
Problem is, those VERY situations can be exploited, and we KNOW criminals to be patient enough to wait for just the right moment.
"However, briefly raising light levels (e.g. using the flash) will make the pupil contract, which is fairly trivial to detect."
I would think it's also pretty easy to fake with an appropriate aperture and a photometer hidden behind the image. Frankly, I have my doubts as to the inability to fake vein patterns as well. Something I've heard often: what man can create, man can RE-create. And all these detectors are man-made.
And they NEED a secure device. So how do we propose going about this if ALL they have is what they ARE (since they can't reliably KNOW anything and can't be counted on to keep something to HAVE due to that memory).
That's my problem. I have friends and family I'm trying to protect, and some of them are VERY far away.
"Only if you ignore the heat death of the universe."
Unless you take scientific advances into consideration: advanced beyond our current scope and therefore ability to predict. Unless one can scientifically prove there will be no such thing as a password version of Shor's Algorithm or something more significant, then one cannot use computational infeasibility as a safety net.
"If you think it's compromised, you need to change it whether or not you're certain, or "it's that time"."
But the thing is, how do you know it's compromised or not. I thought that was the point behind periodic password changes: to deal with undetected breaches by either closing them (the user changes the password) or making IT aware of them (the hacker changes the password and locks out the real user).
But as we've seen, laws in the end are just ink on a page. Big business has found the solution to Sherman: control the government and they play YOUR tune. They're amassing enough power to do just that if not become pseudo-sovereign unto themselves a la Google. Once they're firmly established, complete with killer drones to defend themselves, it's going to be extremely difficult to stop the vicious cycle.
"As the line speed is based on physical attributes of a given property (which ISP's are available and what speeds can they offer based on the distance from exchange, number of other subscribers sharing the service etc) other than offering "better than 2Mbps downstream" what would be an accurate offer?"
A CONSERVATIVE one: one that the vast majority of ALL in their service area can expect even under worst-case conditions: perhaps with service obligations to prevent cherry-picking. Terms can perhaps limit it to their physical infrastructure which can be tested occasionally and without notice to make sure they're up to standard. If there's no way to assure say a baseline speed within their physical infrastructure, there can be case to say they're not fit for purpose.
Yes, Internet connections can be affected by things beyond their control, but in those cases the ISP can probably ask up and pinpoint significant trouble spots if they arise (say an upstream provider went on the blink or there was a major power failure).
Those countries tend to be very dense to begin with, not to mention usually very SMALL (South Korea, for example, is only the size of the state of Illinois). Smaller countries are cheaper to wire up while denser countries provide more potential return for that investment. This is one reason the US has trouble staying up on the list: vast sparsely-populated areas to cover.
"Most people have a poor grasp of statistics, and won't recognise the difference between mean and median."
Thus you always take the LOWER of the two.
"Best of all to have a simple, honest statement. "Our network uses technology that can support up to X. On your line we can provide Y"."
"Also, as you note, there is an incentive for the ISPs to bump up the median value by declining to serve customers whose lines will only support low speeds. They won't care about flak from those people, they aren't customers."
They'll care because bad press spreads quicker than good press, and non-customers (or worse, EX-customers) can create network effects, meaning not just fewer potential customers but also defections (LOST customers). Look what's been happening recently with sexual abuse scandals: network effects in action.
But as you've said, your mileage may vary for reasons beyond the provider's control, and there may be no simple way to give a concrete answer. I'm saying for anything they can't concretely answer (the "up to" part), they need to say things in the conservative (IOW, in terms they're MORE likely to achieve rather than LESS) to prevent misleading the customer (intentionally or not).
""up to" some value depending on the line is an honest and accurate statement.
No, it's a misleading half-truth (and you know the saying, half the truth, twice the lie) and needs to be replaced with TWO measurements: a mean/median speed (whichever is lower) with a legally-binding guaranteed minimum speed. This should keep the ISPs honest since those who advertise higher speeds by excluding customers will soon get flak from those excluded customers.
It's like with infomercials where in small print on the bottom you read, "Results are atypical." Advertisements should be considered cases before the public and subject to extremely tight levels of scrutiny concerning honesty. All testimonials need to be of typical results, and all claims need to be made in the conservative, worst-case terms. Better to be pleasantly surprised than to be disappointed.
"We need to make 'computers' that can't be compromised by opening an email attachment or clicking on a malicious web-link in yer 'browser'."
That's like saying you need a front door that can't be kicked in. The basic problem behind the problem is that it requires fixing Stupid. Got any ideas that don't involve culls?
No, what you REALLY need are Breaking News events where hacks KILL PEOPLE...DIRECTLY. Such as a hospital losing control of equipment causing patients to die. Or air traffic controllers getting messed up and causing a mid-air collision. Or a major power plant exploding. It only gets serious when PEOPLE DIE.
"BTW, if a bug is completely unknown it can't be actively exploited because nobody knows it to exploit it."
Unknown to YOU, but NOT to whoever found AND exploited the bug without your knowledge. THAT'S the kind of threat you face with zero-day (remember, zero-day means it's being used in the wild BEFORE you know about it) vulnerabilities, and since you don't know about the bug that's creating the exploit, the ONLY way you can safeguard yourself is to watch for unusual behavior and shut down these potential avenues that may well be exploits you don't know about yet. IOW, some of the hardening is meant to safeguard against UNKNOWN (to you, not to the enemy) threats. How else can you safeguard against unknown threats when waiting to identify and fix the bug is a lot like shutting the door long after the horse has bolted?
"It's a false dichotomy. The effort that goes into the break it now fix should go into the fix it properly fix. What I want, and which I expect Linus to provide, because of this approach, is a system that works and can be trusted."
But then you hit Trolley Problem territory where you CAN'T have both, because of stuff like true zero-day vulnerabilities which are UNKNOWN bugs that are being ACTIVELY exploited. You can't fix a bug you don't know about yet, yet you can't just let it lie, either. It's like police being tipped off to suspicious activity yet they don't investigate it as it considered too minor and then BOOM! The Las Vegas shooting and so on. There are times when one MUST err on the side of caution. So having the ABILITY to perform some kind of hardening is necessary as a kind of vigilance. I think the chief complaint is that there needs to be some more control of these features in case there's a situation where high availability happens to be more important.
"As you like posing hypotheticals here's one for you: There's a bug in the OS that runs your intensive care monitoring system which could lead to it being pwned. Shall we shut it down, just to be safe?"
If shutting it down isn't an option, then something else needs to be done, such as isolating it, taking it offline so no one can connect to it. It's still possible to do intensive care monitoring without networking (What happened BEFORE then?), but you're getting yourself into serious Trolley Problem territory if you leave them online since someone could be getting ready to raise hell in your hospital right now (something one MUST assume in a high-security environment), and malpractice and negligent death lawsuits can be crippling, especially if done en masse.Look at all the mega-leaks that have happened already with the fallout still being assessed on them. We're fortunate so far there hasn't been a megahack that is directly responsible for lots of deaths, and I seriously doubt any hospital wants the ignominy of being the first.
The TLDR version: If your operations can't continue without being seriously vulnerable, what you REALLY need is a Plan B.
The problem here is the delay between it being actively exploited and KNOWING it's being actively exploited: potentially long enough to exploit it into something that can persist even AFTER the original bug gets fixed. Thus the paranoia. Besides, if an exploit is used, what's to say the users and/or their interfaces can be considered trustworthy anymore?
"We all choose where we work, nobody comes along with a M16 shouting "Sign THAT", they don't threaten your family if you don't obey."
No, they put price tags and taxes on everything, and no one else is willing to hire you. Ethics start going out the window when you can't put food on the table. Desperation is one of the greatest motivators for turning to crime.
Well, if things like tagged memory are so cheap to implement, why haven't they been implemented in an opt-in fashion already and sold as a business security point (unlike consumers, businesses will at least have an eye on security--to keep company secrets being wired out the door)? Maybe the change would be too radical and could break legacy implementations that don't expect stuff like this. Another possibility may be to implement this at an OS level to make it less architecture-dependent. But either approach is probably going to break some things which makes it risky.
"Oh, yes they can."
Name an instance where a computer directly killed a user (analogous to when a car crashes into a tree or the like).
"Security is also the balance between making computing easy for a legitimate user, but as hard as possible for a malicious attacker. As far as the legitimate user is concerned security facilities built in at lowest levels, such as bounds checking, actually makes no difference and certainly does not adversely impact anything that is computable. In fact, in addition to security, it helps developers develop correct programs."
And yet you don't see things like tagged memory in most processors? Why? Because of the other two legs of the triangle: cost and performance. You either take a noticeable performance hit or pay through the nose. And yes, people pay attention to those two. Media encoding jobs (such as home video editing) still take time even on relatively recent hardware (last I checked, you still can't do realtime 1080p HEVC even on an i7, let alone 4K down the road). And of course, there's still gaming, business calculations, and so on. At the same time, people don't want to spend a lot on their computers because, unlike things like cars, computers can't kill them. Wanting peace of mind takes a direct threat to make it desirable. Otherwise, it isn't worth it.
As for balancing between ease of use and difficulty, remember there's always the dreaded overlap. The paths you MUST leave for the users to get through can just as easily become the way in for the enemy, and there's no real way to stop this because there's no real way to prevent a sufficiently-disguised imposter (and we already know adversaries are ready, willing, able, and even eager to steal identities for this purpose, no matter how insignificant the identity).
But how will they ever AGREE to something sensible without it getting shoved down their throats by something like incompetent governments. Different members of the discussion have different, often-conflicting needs. The problem with trying to get a consensus is that, sometimes, you just can't get there from here.
The big problem is rural coverage. It's a money sink under normal circumstances so the capitalist approach would be to not cover them at all. The ONLY way private ISPs will cover the vast swaths of rural America is to get sweetheart deals to make the outlay of infrastructure and so on worthwhile. Asking the states to chip in on their tight budgets is a pipe dream most of the time, so these rural communities are left with few options, none of them very good for the people in general: go begging at the state capital if it's at all possible, submit to onerous terms with private companies...or go without and risk people (and their tax dollars) moving away.
"Genuine curiousity. This table of International Broadband speeds shows 19 countries with faster average download speeds than the US (and 30 faster than the UK)."
Tell me. Given the costs of infrastructure, how many of those 19 countries are BIGGER than the US? Wiring up a country like Japan (the size of California) or South Korea (about the size of Illinois) is one thing. Try one with vast stretches of sparse, rural population and population centers thousands of miles away (say, New York to Los Angeles or Miami to Seattle).
And the next step I suppose will be to severely throttle all encrypted traffic so as to make stuff like SSH proxies and VPNs impractical for those except the big businesses who rely on them enough to be able to afford the metered business Internet rates (or like Google actually own their own physical infrastructure).
"They might note notice the law going it but expect the mass market to get rapidly furious when they feel the bite."
You underestimate the ability of the proletariat to organize on their own. Most need the help of charismatic leaders, and currently most of them are in corporate pockets.
The problem is, ultimately, the government, for better or worse, IS the law. Any law you could establish to keep them honest, they can repeal, and since Amendments have to go THROUGH them (and before you consider the Convention avenue, state governments are just as divided as well, and you have to get 34 of them to support you), you're more likely to see them use their charisma and corruption to push through just the opposite. Plus, at the ultimate extreme, someone with enough sheer power can just push the "ink on a page" aside.
"But evidence is evidence. If I trespassed on your property and saw you stabbing someone, does it mean that it didn't happen because I shouldn't have been there?"
That's not considered Fruit of the Poisoned Tree. It covers police procedure in that they have to play things by the book. That means they can't seize evidence without proper authorization (such as a search warrant or acting in the immediate context of an arrest), interviews can only be conducted after the speaker is fully aware of his/her rights (the Miranda decision et al), and so on.
To understand it a little better, consider the Adam-12 episode "Courtroom" (Season 2, episode 9; Adam-12 is well-recognized for its attention to realism). A man was arrested in his house for outstanding traffic warrants, but during the follow-up, an illegal pill mill was discovered and confiscated. Since the confiscation was not germane to the original arrest (and a search warrant was not obtained to confiscate it properly), the evidence was declared inadmissible due to Fruit of the Poisoned Tree, and the case of illegal drug manufacturing was subsequently dismissed.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
