Urgent: skype vulnerability?
Locked
123
123
Re: Democracy + Market Economy == Open Source Governance?
 
|
Proprietary Code (PC :-) has a place if people are willing to put up with it, but then most people don't realize there are alternatives. That old Freedom vs. Security thing seems apropos here. Many people are quite willing to put up with a little less freedom for a little more security. I'm not sure where I come down on the issue of whether or not those who are so disposed deserve neither. Sometime I empathize a lot with the libertarians, but given our millions of years of evolution, largely as a communal species, I suspect that libertarian thinking is mostly an adolescent point of view.
Gary Sent from my PC email client (Mail.app) running on a PC OS (Mac OS) running PC hardware (MacBook Pro) - geez, what a hypocrite I am :-) On Sep 13, 2013, at 7:11 PM, Steve Smith <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Hardware Trojans - was:] Urgent: skype vulnerability?
|
|
In reply to this post by glen ep ropella
On 9/13/13 10:02 AM, glen e. p. ropella wrote:
> But I'm too ignorant to understand the utility of the side-channel use > case. How would the black hat get the chip into the right place? The > same way? By flooding the target with chips that all contain the > hidden side channel? > Install staff at foundries that provide chips to infrastructure/software as a service companies, and then use those same companies to listen-in on the side channels to collect keys..? I've found the instrumentation underlying IPMI monitoring for monitoring cluster health to be pretty high variance, but perhaps as voltage regulators get integrated into the chip (and mobile use-cases make people very sensitive about power usage), it would be possible to observe a physical compute node's power draw from one virtual machine vs. a target's virtual machine? Spend some money signing up for all the popular cloud computing companies and go fishing for signature power variations.. Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
In reply to this post by glen ropella
On 9/13/13 6:40 PM, glen wrote:
>> Membership in the cabal comes from cognitive investment, not capital. > > I disagree. Membership in the set of cabal _tools_ ... the > technically competent person, comes from cognitive investment. > Ownership/control of those tools comes from capital, usually in the > form of "golden handcuffs". What percentage of geeks do you know that > wouldn't opt for a 6 figure salary in exchange for their indentured > servitude? ... at least for a little while? What kind group would contain an instance of such a cabal? An open source development team at Intel or Google? A big university software team? I can't think of a lot of examples of open source development done for its own sake. I agree about this distinction between a cabal purposes vs. the human tools that achieve it. Usually the technological tools are closed too (with open as the exception), serve the human resource tools, which then serve the cabal (e.g. the company's deciders). I'm talking about a different sort of cabal, like the folks that develop and direct a large package like LLVM, Postgres, GHC, or R. These projects involve developers that span universities and corporations. The software serves as a research vehicle, and/or the basis for another specialized product. The people that work on these packages may even work for competing companies that provide the golden handcuffs (and jump between the companies to the extent their aren't legally restricted from doing so). Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
In reply to this post by glen ropella
On 9/13/13 6:40 PM, glen wrote:
> So, it would work fairly well without a requirement for absolute > transparency. If the goal is to develop versatile technical language, and someone effectively owns a bunch of the useful words (interfaces , ...) that is an impediment to giving everyone a fair shake at doing technical work. Those that can afford to license the useful interfaces at least aren't at a deficit compared to those that cannot. The worse part is that certain interfaces become less mutable than others. If the licensed interfaces aren't the perfect ones, then the sellers and customers of those words will try to keep them around even if they lack deep merit. If, on the other hand, the useful parts of the interfaces can be recast in another way, and understood in isolated bits then better interfaces can be built around them. The frozen language (interfaces, ..), I think, tends to limit the imagination of the users. The split between users and implementers or vendors and customers, is artificial. The ethic of absolute transparency says that if you want something, you don't need to bitch to someone to get it, you can just go make it. This was the original appeal of computers to me: Imagination -> Reality Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Democracy + Market Economy == Open Source Governance?
|
|
In reply to this post by Gary Schiltz-4
Some Incomplete and Scattered Thoughts
I missed some of the discussion and will have to catch up once I get the number of unread emails I have at least less than the current year :P but I don't see why true transparency wouldn't affect people becoming dominant through a better understanding of the system - would not that understanding be public knowledge if indeed all parts of the system were transparent? Unless we are talking about gut instinct / intuition, in which case inequality is probably unavoidable.
I think Mr. Franklin's point was that you get what you deserve (which is true only in narrow contexts) and they will certainly get neither. In other words, if you want something done right, do it yourself :P
Many people would agree with you, but I also think the whole point of
community is that we keep each other "in check", that is, on the path
towards some goal. We can't do that if we don't have the freedom to be
different from one another, which requires some degree of autonomy. It's
like balancing an ecosystem. At the risk of mixing metaphors, there
have to be enough wolves to keep the sheep in check but also few enough
to keep them from hunting the sheep to extinction (of both populations). No, I think that definitely mixed the metaphors / crossed the streams. Oh well. Anyway, my point was that adolescence is often claimed to be one of the most formative parts of people's lives, along with maturity, if/when that comes along.
As I think you were heading towards with your previous comments, one shouldn't be faulted for the shortcomings of the system wherein one resides, in this case the consumer computer market that makes a couple sub-prime setups most convenient.
Still puzzling over that title, but then I was in and out of the room while my parents were watching the show.
I find it interesting and maybe (or maybe not) significant that criminal justice seems to have a less clear role in this analogy. Perhaps this relates to how varied the number of opinions one can find regarding it's purpose are?
I think several related projects have been discussed on this list (FOSS Estonian voting software, Citizens Elect [right name?]), but I think none of them get at what you are saying. I think the problem is that (like microchips and the computers that play a major role in designing / building them) society is a lower-level construct which produces the higher-level construct of technology, and (unlike microchips, perhaps) we want / expect society to work even when tech does not, rather than the other way around (with some exceptions, I suppose. Zombie knives? I can't really think of any non-trivial examples. I guess some more realistic survival gear like water filters). -Arlo James Barnes ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Democracy + Market Economy == Open Source Governance?
|
|
In reply to this post by Steve Smith
On 9/13/13 6:11 PM, Steve Smith wrote:
Democracy itself is the act of writing code; the rules of execution of everything from government itself (compilers, interpreters, system libraries, OS) to economics to criminal justice (exception handling?)Ok, criminal Justice is more like crude block-device virus scanning for `bad' signatures. It doesn't prevent problems (stop the malware from entering in the first place), it tries to mop up afterward. To me, the debate about the FISA court & government overreach, is analogous to what devices are allowed to be scanned what what signatures constitute badness, and _who_ defines that. The NSA, not even metaphorically, is concerned getting access to the space of physical memory to get lookahead on badness, and our democracy says there there should be protection rules on those pages. Law is about laying out how privilege escalation in the operating system works, when exceptions can be issued in user space (longjmp, signal handlers), and when they are issued to processes or the kernel (NMIs, termination). And national security is about keeping the machine room a reasonable temperature and ensuring their is power! But I don't agree that democracy is the act of writing code, in reality it's more like `core war', a process of finding the best (or just dominant) programs through competition. Everyone with influence wants less competition, whether they are governing or not. That's the biggest risk to finding the best programs IMO. Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Democracy + Market Economy == Open Source Governance?
|
|
Markus...
No... I still think it is like an exception detection/handling process... enforcement is roughly detection and handling is roughly courts and penal? Intelligence is more like virus-scanning...Democracy itself is the act of writing code; the rules of execution of everything from government itself (compilers, interpreters, system libraries, OS) to economics to criminal justice (exception handling?)Ok, criminal Justice is more like crude block-device virus scanning for `bad' signatures. It doesn't prevent problems (stop the malware from entering in the first place), it tries to mop up afterward. To me, the debate about the FISA court & government overreach, is analogous to what devices are allowed to be scanned what what signatures constitute badness, and _who_ defines that. The NSA, not even metaphorically, is concerned getting access to the space of physical memory to get lookahead on badness, and our democracy says there there should be protection rules on those pages. Law is about laying out how privilege escalation in the operating system works, when exceptions can be issued in user space (longjmp, signal handlers), and when they are issued to processes or the kernel (NMIs, termination). And national security is about keeping the machine room a reasonable temperature and ensuring their is power!Yes, national (foreign and domestic) security is like malware scanning... But I don't agree that democracy is the act of writing code, in reality it's more like `core war', a process of finding the best (or just dominant) programs through competition.Well, politics is like core-wars but democracy itself (writing your own rules, including rules about how to write rules whether directly or by proxy-representatives) still seems a lot like writing code to me. The interpreters/compiler/system drivers may be a lot buggier than what we are used to... but ... ? Everyone with influence wants less competition, whether they are governing or not. That's the biggest risk to finding the best programs IMO.So I guess I agree that "psuedo-democracy-as-we-practice-it" is very much like self-modifying code, etc. - Steve ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Democracy + Market Economy == Open Source Governance?
|
|
On 9/13/13 10:14 PM, Steve Smith wrote:
No... I still think it is like an exception detection/handling process... enforcement is roughly detection and handling is roughly courts and penal? Intelligence is more like virus-scanning...Crimes are punished and criminals contained -- security theater for an audience that needs to see `something is being done'. But the deed is already done. In the analogy, the bits have already been written to disk. Then you have to hunt evidence and then the bad actor from the evidence (which is to find the signature in the pool of storage). More modern virus scanners intercept the bad bits before they hit disk (as they are coming on the network) and don't torture users of the system as the cops run around looking the same suspects (disk blocks) over and over and over. Disk heads flying all over the place, I/O bandwidth saturated and CPUs wasting cycles looking for known-bad patterns. Like our apparent insatiable need for security, this is a huge distraction from actually getting work done. Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Democracy + Market Economy == Open Source Governance?
|
|
In reply to this post by Arlo Barnes
The "code" for democratic capitalism was written at Bretton Woods in 1944. It followed the initiation and rapid rise of consumer advertising and public relations, which began in the '30s and picked up steam in the '40s. I gave a TEDx talk in Albuquerque last weekend in which I put out a call for a "Bretton Woods 3.0." The talk should be posted on-line next week. Merle Lefkoff On Fri, Sep 13, 2013 at 9:38 PM, Arlo Barnes <[hidden email]> wrote:
Merle Lefkoff, Ph.D. President, Center for Emergent Diplomacy Santa Fe, New Mexico, USA [hidden email] mobile: (303) 859-5609 skype: merlelefkoff ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Democracy + Market Economy == Open Source Governance?
|
|
> The "code" for democratic capitalism was written at Bretton Woods in
> 1944. It followed the initiation and rapid rise of consumer > advertising and public relations, which began in the '30s and picked > up steam in the '40s. I gave a TEDx talk in Albuquerque last weekend > in which I put out a call for a "Bretton Woods 3.0." The talk should > be posted on-line next week. > > Merle Lefkoff I'm wondering if Bretton Woods is "code" or more of a "design pattern"? I realize this all gets fuzzy with many levels of abstraction. I look forward to your TEDx talk when it comes online. - Steve ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Hardware Trojans - was:] Urgent: skype vulnerability?
|
|
In reply to this post by Marcus G. Daniels
Marcus G. Daniels wrote at 09/13/2013 05:44 PM:
> Install staff at foundries that provide chips to infrastructure/software as a service companies, and then use those same companies to listen-in on the side channels to collect keys..? I've found the instrumentation underlying IPMI monitoring for monitoring cluster health to be pretty high variance, but perhaps as voltage regulators get integrated into the chip (and mobile use-cases make people very sensitive about power usage), it would be possible to observe a physical compute node's power draw from one virtual machine vs. a target's virtual machine? Spend some money signing up for all the popular cloud computing companies and go fishing for signature power variations.. OK. Thanks. I can see how, say, China, Apple, or our own beloved CIA might credibly adopt something like this as a tactic. Is it solely a corporate/state tactic? Or do you think a group like anonymous or the syrian electronic army could pull it off? -- ⇒⇐ glen e. p. ropella Fade away, fade away ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
In reply to this post by Marcus G. Daniels
Marcus G. Daniels wrote at 09/13/2013 08:14 PM:
> What kind group would contain an instance of such a cabal? Perhaps a decent example might be ALEC <http://www.alec.org/> or, perhaps, funders of the Cato Institute or Heritage Foundation. The point is that they may well lobby/advocate for absolute transparency _and_ integration of tools, perhaps actively working against unifying standards (because unification is antithetic to individualism). These people would argue for absolute transparency and would have the resources to maintain large corporate machinery/bureaucracy to keep track of and manipulate the ecology of tools. Any asymmetrically weaker entity would, in principle, be able to dig into any aspect of the system. But such an entity would be incapable of grokking the whole system, at least as well as the army of lawyers, accountants, auditors, programmers, etc. who worked on behalf of the cabal. And even if an entity like the EFF or ACLU _could_ compete on understanding the system, they could not compete in the public outreach (advertising during the super bowl, lobbying for net neutrality, etc.). -- ⇒⇐ glen e. p. ropella Shadow of the New Praetorian ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Hardware Trojans - was:] Urgent: skype vulnerability?
|
|
In reply to this post by glen ropella
OK. Thanks. I can see how, say, China, Apple, or our own beloved CIA might credibly adopt something like this as a tactic. Is it solely a corporate/state tactic? Or do you think a group like anonymous or the syrian electronic army could pull it off?Anonymous already has and they are going to kick everyone's ass... let's just hope they don't lose their aesthetic and I suppose "ethic" when they take over the banking system and the power grid. I'm guessing that someone should train a facial recognition scanner on Guy Fawkes (masks) and run chipsets through it under a microscope. I'm sure someone studies Anonymous (and it's relations... LOLZSec, et al) relatively objectively (not just as "a dangerous terrorist organization" or "the best thing since sliced bread"). Time weighed in last year giving them a seat in their "top 100 most influential people" . But since there is no "there, there", who knows? - Steve ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Hardware Trojans - was:] Urgent: skype vulnerability?
|
|
In reply to this post by Steve Smith
"Or do you think a group like anonymous or the syrian electronic army could
pull it off?" I imagine SEA can collect enough vulnerabilities and phishing victims without even developing their own software exploits. But it would be a mistake to assume that a small group could not in the not-so-distant future create hardware exploits too. Now that it possible to contract out fab services, and even at a small scale (MOSIS), it is conceivable that malicious counterfeit chips could be produced, even on a modest budget. For example in the HPC market there's the Parallela floating-point accelerator project that was done by (I think) two or three people. The various bitcoin hardware companies are small shops too. Marcus -------------------------------------------------------------------- mail2web LIVE Free email based on Microsoft® Exchange technology - http://link.mail2web.com/LIVE ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
In reply to this post by Nick Thompson
"Any asymmetrically weaker entity would, in principle, be able to dig into
any aspect of the system. But such an entity would be incapable of grokking the whole system, at least as well as the army of lawyers, accountants, auditors, programmers, etc. who worked on behalf of the cabal. " Such a Beast will be slow moving. All those people need to be motivated to clarify and then solve some problem posed to them. But, it's surely true that the very best experts in something have been employed doing that thing for decades, and that small organizations can't afford to support that. The SEA `researchers' are surely eclipsed by the NSA researchers across many dimensions. That doesn't many there aren't asymmetric opportunities. Groking a big system isn't just a question of insisting on interfaces owned and implemented by 3rd parties. Interfaces are the easy part, IMO. Marcus -------------------------------------------------------------------- myhosting.com - Premium Microsoft® Windows® and Linux web and application hosting - http://link.myhosting.com/myhosting ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Hardware Trojans - was:] Urgent: skype vulnerability?
|
|
In reply to this post by Steve Smith
Steve Smith wrote at 09/16/2013 02:24 PM:
> Anonymous already has Seriously? Anonymous has used doping to create hidden side-channels and crack into someone's infrastructure? -- ⇒⇐ glen e. p. ropella I got my face in the furnace, I got my snake in a sleeve ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
In reply to this post by Marcus G. Daniels
[hidden email] wrote at 09/16/2013 02:53 PM:
> Such a Beast will be slow moving. All those people need to be motivated to > clarify and then solve some problem posed to them. I'm not so sure. I admit that the current trend toward flat corporate hierarchies works toward the requirement to motivate all those people. But the old style, autocratic, specialize everything, command and control structure doesn't need such motivation. Incentive satisfices. There only need be an elite core (cybernetically augmented with their data warehouses) of people who understand how every specialized piece fits into the whole. And that elite core can be relatively small. I don't have a concrete example of it. But I hear enough people chanting about how they want to be paid more to do their mindless jobs, that I can imagine there are enough people willing to be paid to do whatever they're told ... of course, those tools don't mix well with the tools who do invest their energies into learning technology. But, again, it strikes me that an organization like Cato could lure those (often libertarian minded) tools in, hypnotize them with naive rhetoric, then reinforce their training with high salaries. > That doesn't many there aren't asymmetric opportunities. > > Groking a big system isn't just a question of insisting on interfaces owned > and implemented by 3rd parties. Interfaces are the easy part, IMO. I agree on both counts. I'm just talking it out to see where I might fit in. -- ⇒⇐ glen e. p. ropella I can tell just by the climate, and I can tell just by the style ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
In reply to this post by Nick Thompson
Glen wrote:
"But the old style, autocratic, specialize everything, command and control structure doesn't need such motivation." Well, I mean some mental models have to develop at the various levels of the organization. I used the term `motivation' to mean the process of understanding enough of a sub-problem to propose a solution. If the problem is hard, the it may have to be sent out to all of the leaves of the organization and come back to even determine feasibility. On the other hand, if there is a small super-knowledgeable and super-capable cadre of workers, there is less of this percolation to wait on.. Marcus -------------------------------------------------------------------- mail2web.com Enhanced email for the mobile individual based on Microsoft® Exchange - http://link.mail2web.com/Personal/EnhancedEmail ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: [EXTERNAL] Urgent: skype vulnerability?
|
|
[hidden email] wrote at 09/16/2013 03:45 PM:
> Well, I mean some mental models have to develop at the various levels of > the organization. I used the term `motivation' to mean the process of > understanding enough of a sub-problem to propose a solution. If the > problem is hard, the it may have to be sent out to all of the leaves of the > organization and come back to even determine feasibility. On the other > hand, if there is a small super-knowledgeable and super-capable cadre of > workers, there is less of this percolation to wait on.. Ah! OK. I admit there's a type of latency in the cabal/incentive structure that wouldn't exist in the more dynamic "extracurricular" ecology you propose. But I think it's more than compensated for by other latencies in the latter. -- glen e. p. ropella, 971-255-2847, http://tempusdictum.com We must respect the other fellow's religion, but only in the sense and to the extent that we respect his theory that his wife is beautiful and his children smart. -- H.L. Mencken ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Hardware Trojans - was:] Urgent: skype vulnerability?
|
|
In reply to this post by glen ropella
>> Anonymous already has > > Seriously? Anonymous has used doping to create hidden side-channels > and crack into someone's infrastructure? > Just making the point that if Anon works they way they intend to, no reason to believe that people who *are* in touch with such tech *aren't* also part of Anon... whether they have actually exploited or not... the power of Anon is just that... they could be anybody/everybody. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
«
Return to Friam
|
1 view|%1 views
| Free forum by Nabble | Edit this page |