|There are great benefits to connectedness, but we haven't wrapped our minds around the costs.
|a path to vast wealth and economic power
| 6:49 am EST, Nov 10, 2015
If you don't treat [software] security like a religious fanatic, you are going to be hurt like you can't imagine.
Software is the oil of the information revolution. Companies that control the software infrastructure of the information revolution will sit back and collect the economic surplus of the information revolution and that will be a path to vast wealth and economic power.
I like to think of myself as an oilman. As an oilman, I hope that you'll forgive just good old fashioned plain-speaking.
The Economist, in 2015:
The notion of shared public ledgers may not sound revolutionary or sexy. Neither did double-entry book-keeping or joint-stock companies. Yet, like them, the blockchain is an apparently mundane process that has the potential to transform how people and businesses co-operate. Bitcoin fanatics are enthralled by the libertarian ideal of a pure, digital currency beyond the reach of any central bank. The real innovation is not the digital coins themselves, but the trust machine that mints them -- and which promises much more besides.
The Economist, in 2008:
Financial progress is about learning to deal with strangers in more complex ways.
Money for me, databases for you.
|the incentives are totally backward
| 6:48 am EST, Nov 10, 2015
People don't really care that much. All of the incentives are totally backward, and the money isn't going where it's supposed to. The problem is just going to perpetuate itself.
Computing has become infrastructure, but it doesn't work like infrastructure.
Fifty years' worth of attempts to turn software development into a legitimate engineering practice have failed.
Engineering has always been a well-paid profession, but computing is turning it into a type of speculative finance rather than a calling.
No reasonable person would want MacGyver building their bridges or buildings. Or software!
If you love a medium made of software, there's a danger that you will become entrapped in someone else's recent careless thoughts. Struggle against that!
|a series of inherently nuanced trade-offs
| 6:47 am EST, Nov 10, 2015
Linus Torvalds' broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities -- such as speed, flexibility and ease of use -- in a series of inherently nuanced trade-offs.
At a time when leading computer scientists are debating whether the Internet is so broken that it needs to be replaced, the network is expanding faster than ever, layering flaw upon flaw in an ever-expanding web of insecurity.
Torvalds has often said -- and reiterated after the meeting in Seoul -- that he is open to new kernel defenses if the cost in performance is reasonable. But debate remains about what qualifies as "reasonable."
The average time between an attacker breaching a network and its owner noticing the intrusion is 205 days.
Many companies do not have a proper understanding of the threat they face. Eventually, they will become choosier and thriftier. But for now, cyber-security companies of all kinds can feast on misfortune.
Almost as soon as one hole is closed, hackers find a new one.
Over the weekend, a researcher demonstrated two unpatched weaknesses that Web masters can exploit to track millions of people who visit their sites. Taken together, the attacks allow websites to compile a list of previously visited domains, even when users have flushed their browsing history, and to tag visitors with a tracking cookie that will persist even after users have deleted all normal cookies. Ironically, the techniques abuse relatively new security features that are already built into Google Chrome and Mozilla Firefox and that may make their way into other mainstream browsers in the future.
|the most exciting and creative parts
| 3:24 pm EST, Nov 8, 2015
Instead of focusing on the commercial impact of cyberweapons, nation leaders need to focus on scaling back the infiltration of each other's technological infrastructure.
US officials say the IRGC has developed an army of cyberattackers, trained by Russia, who have focused on targets as varied as Wall Street banks, Saudi oil companies and both internal and external opponents of the regime. A spokeswoman for Russia's Foreign Ministry denied Moscow trained Iranians in cyberwarfare and said such attacks are illegal under Russian law.
In a meeting in Annapolis, Maryland, on January 16, 2015, Kroll investigators asked former Hacking Team employees Alberto Velasco and Alberto Pelliccione, who was connected via Skype, whether [their new cybersecurity product] ReaQta could block Hacking Team's malware. The two, according to the firm's report, "laughed nervously." Pelliccione then said that indeed, ReaQta could neutralize Hacking Team's tools.
To grow sales, FireEye's Dave DeWalt has to say he can stop the hackers. But for sales to keep growing, the hackers can't actually stop.
Science is not concerned only with things that we understand. The most exciting and creative parts of science are concerned with things that we are still struggling to understand. Wrong theories are not an impediment to the progress of science. They are a central part of the struggle.
We are not natural falsificationists: we would rather find more reasons for believing what we already believe than look for reasons that we might be wrong.
|an infinitely reasonable creature
| 3:22 pm EST, Nov 8, 2015
Our military could be confronted by a tough cyber adversary at any moment.
The draft bill's measures include: A legal duty on British companies to help law enforcement agencies hack devices to acquire information if it is reasonably practical to do so.
So convenient a thing it is to be a reasonable Creature, since it enables one to find or make a Reason for every thing one has a mind to do.
The human capacity for post-hoc rationalization is basically infinite.
| 7:26 am EST, Nov 4, 2015
Financial progress is about learning to deal with strangers in more complex ways.
Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!
Bekrar declined to identify the team that won the prize, as well as details about the exploits they found. He also declined to say how much he is planning to sell this exploit for.
There are different ways to control a narrative.
Silence is one way to keep a secret.
Talking is another.
And they are not mutually exclusive.
| 7:11 am EST, Nov 4, 2015
Anonymity is becoming a luxury. Where it will never be possible to forget or get lost ever again. Finding patterns from these trillions of megabytes of data has become the biggest asset of the 21st century.
At the lower end of the surveillance market are small firms that provide products designed to spy on people. These firms are in the so-called "lawful interception" business, selling malware and spyware to the police and other law enforcement agencies in the United States and Europe, as well as to governments. The interception industry is growing rapidly, with worldwide sales estimated to reach $1.3 billion by 2019, according to Markets and Markets, a research firm.
Welcome to the world of automatic facial recognition.
Without meaningful regulation, we're moving into a world where governments and corporations will be able to identify people both in real time and backwards in time, remotely and in secret.
Police sources expect the new bill to require communication firms to retain data on website addresses for a year.
I've come to believe that a lot of what's wrong with the Internet has to do with memory.
How wonderful it felt when I first realized the permanent record didn't exist.
And then when I grew up, I helped build it for real.
|it's supposed to be difficult
| 7:08 am EST, Nov 4, 2015
We're all busy. We've all taken on too much. Saying yes to less is the way out.
Once you reach a decent level of professional success, lack of opportunity won't kill you. It's drowning in 7-out-of-10 "cool" commitments that will sink the ship.
Make your peace with the fact that saying 'no' often requires trading popularity for respect.
If you take something seriously, you're ready to encounter difficulty, run the risk, whatever. I mean, when people are turning in on themselves -- and God knows, arming themselves and so on -- against the imagined other, they're not taking their Christianity seriously.
It's supposed to be difficult. It's supposed to be a challenge.
Anything that doesn't take years of your life and drive you to suicide hardly seems worth doing.
|for the love of gatherings
| 7:18 am EST, Nov 2, 2015
What's most telling is often what is absent. The closer you get to someone else, the more you realize the distance separating you.
The data under scrutiny is, as usual, the data that can be gathered. Unfortunately the data that can't be gathered is where the insight into what is happening may lie.
Tim Kreider's married friend:
It's not as if being married means you're any less alone.
| 7:17 am EST, Nov 2, 2015
Only full visibility allows detection, everything else will inevitably fail.
Fear operates as an appetite or an addiction. You can never be safe enough.
Reports coming out of Ukraine suggest that the US is falling behind Russia in terms of cyber-warfare capabilities, while the importance of such capabilities is increasing.
The United States is currently in a deep deterrence hole with respect to China in the cyber domain ...