_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI This World of Ours (2014) [pdf]
pinebox wrote 1 day ago:
This all seemed very clever until I read the bio and learned that the
author works for Microsoft -- the last company that has any business
being flip about security. Bro needs to STFU and get on with the
security drudgery, because his customer's opposition very definitely is
the Mossad.
some_random wrote 1 day ago:
Where does this deification of Mossad come from anyways? They've done a
lot more than western intel agencies post cold war but that's
absolutely come with failures just like every other intel agency in
existence.
tomhow wrote 1 day ago:
Previously:
This World of Ours (2014) [pdf] - [1] - July 2021 (6 comments)
URI [1]: https://news.ycombinator.com/item?id=27915173
singular_atomic wrote 1 day ago:
When we need him the most (a world overrun in llms and AI slop) it
seems like he's vanished...
bitbasher wrote 1 day ago:
My favorite talk by Mickens ( [1] ), also talks about Mossad.
URI [1]: https://vimeo.com/95066828
teddyh wrote 1 day ago:
Despite his somewhat annoying style, that article has many good points
about the aloofness of security researchers. However, I will disagree
on two points which the article contains:
1. Tor is (rightly) used by anyone who has a good reason for remaining
anonymous. (See [REALNAMES] for who this can be.) Anyone trying to
smear Tor as only used by drug dealers and other unsavory types are
themselves suspect of having an agenda of discouraging Tor use for
anyone lest they be suspected. This can only lead to an installation of
Tor being viewed as a suspicious thing in itself; who would want that?
2. His threat model of Mossad or not-Mossad leaves out one important
actor, which we can call the NSA. They, and others like them, unlike
Mossad, are not after you personally in that they don't want to do
anything to you. Not immediately. Not now. They simply want to get to
know you better. They are gathering information. All the information.
What you do, what you buy, how you vote, what you think. And they want
to do this to everybody, all the time. This might or not bite you in
the future. He seems to imply that since nothing immediately bad is
happening by using slightly bad security, then itâs OK and we
shouldnât worry about it, since Mossad is not after us. I think that
we should have a slightly longer view of what allowing NSA (et al.) to
know everything about everybody would mean, and who NSA could some day
give this information to, and what those people could do with the
information. You have to think a few steps ahead to realize the danger.
[REALNAMES] Who is harmed by a "Real Names" policy? < [1] >
(Repost of < [2] >)
URI [1]: https://geekfeminism.fandom.com/wiki/Who_is_harmed_by_a_%22Rea...
URI [2]: https://news.ycombinator.com/item?id=23572778
reedf1 wrote 1 day ago:
honestly I find any idiosyncratic style refreshing in AI slop world
coolThingsFirst wrote 1 day ago:
Another example of power resides where men believe it resides.
Americans are just very scared of Mossad. Tons of money goes into
Holywood to make them appear invincible to the world. Fun fact, they
aren't.
Intelligence agencies have great capabilities no doubt they get
billions of $$$ and have utter immunity to do whatever they want in the
name of national security. Why is only Mossad scary? I'd be more scared
of the CIA and KGB than of Mossad.
US has never been in existential threat like Israel has been, if it
were I wouldn't want to stand in their way.
wk_end wrote 1 day ago:
> Americans are just very scared of Mossad. Tons of money goes into
Holywood to make them appear invincible to the world.
I don't believe I've ever seen Mossad depicted in a Hollywood movie?
I guess there was Munich. Are there specific movies/TV shows that
you're thinking of?
Americans, by and large, don't even think about Mossad. Certainly not
the way they're aware of the CIA and KGB - which no one should be
scared of at the moment since it hasn't existed since 1991, though
obviously there are modern successors.
cool_man_bob wrote 1 day ago:
> Are there specific movies/TV shows that you're thinking of?
Not GP, but NCIS is the big one offhand. Of course that show has
simply gotten more and more ridiculous on general over the years
anthk wrote 1 day ago:
Ah, very Germanic tactics against some Mediterranean foe. Us, Southern
Mediterranean/half Atlantic guys, we have it easier. We would just put
fake data, hints and traces untl they get mad and paranoid between
themselves, we are experts on that since forever.
Also, the Southern part of the country (which I am pretty much not
related culturally at least on folklore and tons of customs) managed to
bribe even the Russian mafias. They were that crazy, it's like a force
of nature. OFC don't try backstabbing back these kind of people, some
'folklorical' people are pretty much clan/family based (even more than
the Southern Italians) and they will kick your ass back in the most
unexpected, random and non-spectacular way ever, pretty much the
opposite of the Mexican cartels where they love to do showoff and
displays. No, the Southern Iberians are something else, mixed along
Atlantics and Mediterranean people since millenia and they know all the
tricks, either from the Brits/Germanics to Levantine Semitic foes...
You won't expect it. You are like some Mossad random Levi, roaming
around, and you just met some nice middle aged woman on a stereotyped
familiar bar where the alleged ties to some clan must be nearly zero,
and the day after some crazy Islamic terrorist wacko with ties to drug
cartels will try to stab you some Sunday in the morning and he might
try to succeed with the dumbest and cheapest way ever.
No, is not an exaggeration. We might not be Italy, but don't try to
mess up with some kind of people. My country is not Mafia-bound, but
criminal cartels, mafias and OFC some terror groups from the Magreb
(and these bound to the Middle East ones) have deals with each other
because of, you know, weapons and money. And Marbella it's pretty much
a hub.
kragen wrote 1 day ago:
This explains a lot about Argentina.
anthk wrote 1 day ago:
Half of Iberians can't stand the rascal (picaresca) tradition from
the other half. Specially the heavy industrialized North.
We are not as divided as Italy, as Spain has powerhouses in the
South as Airbus and the like, but, yes, there's a 'climatological
gap' between the different 'Spains' across the mountains.
Not Ethnics, but kinda like what would happen in Italy if the North
wasn't as developed (the North of Spain isn't bad but you can't
compare it against the Franco-German-Austrian-Italian industrial
hub) and the South had their Mafias shut down in the 19th century
and if they were more developed than they are compared to the
Southern Spain.
The South here isn't a shithole as Napoli and the like but some
Andalusian coastal places can be far more dangerous than the Basque
Country/Navarre in the 80's (terror attacks) for a policeman.
OTOH, Belgium it's far closer to be a Narcostate than some
microrregions in Spain such as Algeciras in Cádiz (Andalusia) were
you can read about the Militarized Police fighting drug boats
almost as a daily chore.
On Argentina, except for a die hard Ghetto like the '3000
viviendas' and Cañada Real, every Argentinian would love to stay
in Spain even at the worst neighbourhood at their town. Iberia it's
far more secure than Latin America by a huge margin.
The most dangerous issue on any bad town would be either a
pickpocket/non-violent rob of watching some low tier drug dealers
doing their stuff and maybe some very late night rape issue over
months if not years. Far less than anything you would get in Buenos
Aires.
Unless, as I said, you really want to mess up your like with some
sketchy people, the ones you would spot from meters away,
especially in remote/nearly hidden taverns/pubs where drug dealing
it's widely known.
For example, if some pub it's accesed by walking down some stairs
into a basement, (where you can't see anything from the outside
without going down); even if it looks good, clean, modern,
maintained... run away.
kragen wrote 23 hours 15 min ago:
> On Argentina, except for a die hard Ghetto like the '3000
viviendas' and Cañada Real, every Argentinian would love to stay
in Spain even at the worst neighbourhood at their town. Iberia
it's far more secure than Latin America by a huge margin. [1]
lists Argentina at 4.31 murders per 100k population per year, a
bit lower than the US's 5.76, while Spain is way down at 0.69, so
I think that's sort of true. 6Ã is sort of "a huge margin".
I'm pretty sure there are neighborhoods in Argentina that are
lower than 0.69, though, and neighborhoods in Spain that are over
4.31.
On the other hand, 4.31 is already low enough that I don't know
anybody who's gotten murdered, although when I volunteered in the
die-hard ghettos I met people whose children had been murdered
before I met them. In [2] we can see that Argentina's crude
death rate is 728 deaths per 100k population per year, so 99.4%
of deaths are from non-murder causes. If you somehow acquired
immunity to all causes of deaths other than murder, and you lived
in 02025 Argentina until someone murdered you (through some kind
of time-travel Groundhog Day thing, I guess) your life expectancy
would be 23000 years. Real-life people who get heart disease and
cancer don't really need to worry about getting murdered in
Argentina unless they start dating a machista.
Consequently, murder is not a major reason that people leave
Argentina. (Contrast Honduras at 31.4 murders; Belize with 27.8;
South Africa with 45.5; Memphis, Tennessee, with 48.0; or St.
Louis, Missouri, with 87.8.)
No, the reason every Argentinian would love to stay in Spain is
that Spain has an economy.
URI [1]: https://en.wikipedia.org/wiki/List_of_countries_by_inten...
URI [2]: https://en.wikipedia.org/wiki/List_of_countries_by_morta...
drdrek wrote 1 day ago:
The point about the lay person not needing massive parallelism was very
true, until it was not :D
kragen wrote 1 day ago:
Both Assange and Snowden are apparently alive and well, despite
Mossad-like agencies wishing otherwise, largely thanks to Tor; and
Hamas, whose adversary was in fact the Mossad, apparently still exists.
Hizbullah has hopefully taught us all a good lesson about supply-chain
attacks.
Debian is probably the only example of a successful public public-key
infrastructure, but SSH keys are a perfectly serviceable form of
public-key infrastructure in everyday life. At least for developers.
Mickens's skepticism about security labels is, however, justified; the
problems he identifies are why object-capability models seem more
successful in practice.
I do agree that better passwords are a good idea, and, prior to the
widespread deployment of malicious microphones, were adequate
authentication for many purposesâif you can avoid being phished. My
own secure password generator is [1] , and some of its modes are
memorable correct-horse-battery-staple-type passwords. It's arguably
slightly blasphemous, so you may be offended if you are an observant
Hindu.
URI [1]: http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords.py
uvaursi wrote 1 day ago:
Neither Assange nor Snowden are a threat anymore. They are contained
and have next to no ability anymore. So it would be a waste of
resources to pursue them. The lackeys (police etc) are all thatâs
needed here to harass them and make their lives miserable. Whatâs
Mossad going to do? Kill them with explosives? That takes all the fun
out of torturing them and making their lives miserable by proxy.
The only thing I see is that both are contained and quarantined. The
threat of both has been neutralized to the degree where I think the
espionage agencies of all these countries are playing along together
to keep the engine of their craft going uninterrupted without fuss.
In other words, you have to be gullible to think an embassy cares
about protecting Assange. Itâs a phone call from the secret service
director saying âKeep him there for now, itâs where we want
him.â
psunavy03 wrote 1 day ago:
The idea that either of them are at risk of being whacked is utter
tinfoil-hattery. The worst Snowden has to fear is being convicted
and jailed, and it says a lot about him that he fled to Russia of all
places instead of manning up and facing trial.
BLKNSLVR wrote 22 hours 3 min ago:
It was the US that forced Snowden into Russia.
alwa wrote 1 day ago:
Being convicted and jailed can be pretty bad. Didnât Robert
Hanssen end up in Florence ADMAX until he died [0]? And, maybe a
more direct comparison, Wikileaker Joshua Schulte [1]?
[0] [1]
URI [1]: https://en.wikipedia.org/wiki/ADX_Florence
URI [2]: https://en.wikipedia.org/wiki/Joshua_Schulte
willmarch wrote 1 day ago:
Snowden didnât choose Russia as a destination. He left Hong Kong
for Latin America and got stranded in Moscow when the U.S. revoked
his passport mid-transit. He spent weeks in the airport transit
zone while seeking asylum from multiple countries; Russia gave him
temporary asylum after that.
âManning up and facing trialâ sounds fair in theory, but under
the Espionage Act thereâs no public-interest defense. Heâd be
barred from explaining motive or the public value of the
disclosures, much of the case would be classified, and past
national-security whistleblowers have faced severe penalties.
Thatâs why he sought asylum.
eykanal wrote 1 day ago:
> ...Assange and Snowden...
I'd argue that for every Assange and Snowden, there are 100 (1k?
100k?) people using Tor for illegal, immoral, and otherwise terrible
things. If you're OK with that, then sure, fine point.
> SSH keys
Heartbleed and Terrapin were both pretty brutal attacks on common PKI
infra. It's definitely serviceable and very good, but vulnerabilities
can go for forever without being noticed, and when they are found
they're devastating.
yapyap wrote 1 day ago:
If you truly have a secure tool you wonât be able to control what
your users do with it.
kragen wrote 1 day ago:
Mickens was arguing that security was illusory, not, as you are,
that it was subversive and immoral. My comments were directed at
his point. I am not interested in your idea that it would be
better for nobody to have any privacy.
eykanal wrote 1 day ago:
> ...who non-ironically believes that Tor is used for things
besides drug deals and kidnapping plots.
That was the quote I was referring to. Also, of course I didn't
say that no one should have any privacy; I simply implied a high
moral cost for this particular form of privacy.
atomic128 wrote 1 day ago:
Continuously updated HTTP response dumps from all the major Tor
hidden services: [1] It is accurate to say that Tor's hidden
service ecosystem is focused on drugs, ransomware,
cryptocurrency, and sex crime.
However, there are other important things happening there. You
can think of the crime as cover traffic to hide those important
things. So it's all good.
URI [1]: https://rnsaffn.com/zg4/
JohnBooty wrote 1 day ago:
Definitely some heinous-sounding stuff.
The third result was "FREE $FOO PORN" where $FOO was
something that nearly the entire human race recognizes as
deeply Not Okay and is illegal everywhere.
I wonder what % of the heinous-sounding sites are actually
providing the things they say they are.
I'm sure that some (most?) of them actually offer heinous
stuff. But surely some of them are honeypots run by law
enforcement and some are just straight up scams. However, I
have no sense of whether that percentage is 1% or 99%.
prometheus76 wrote 1 day ago:
> prior to the widespread deployment of malicious microphones, were
adequate authentication for many purposes
Can you elaborate on this? I don't understand the context for
malicious microphones and how that affects secure passwords.
kragen wrote 1 day ago:
Oh, well, it turns out that keyboard sounds leak enough entropy to
make it easy to attack even very strong passwords.
Microphones on devices such as Ring doorbell cameras are explicitly
exfiltrating audio data out of your control whenever they're
activated. Features like Alexa and Siri require, in some sense,
24/7 microphone activation, although normally that data isn't
transmitted off-device except on explicit (vocal) user request.
But that control is imposed by non-user-auditable device firmware
that can be remotely updated at any time.
Finally, for a variety of reasons, it's becoming increasingly
common to have a microphone active and transmitting data
intentionally, often to public contexts like livestreaming video.
With the proliferation of such potentially vulnerable microphones
in our daily lives, we should not rely too heavily on the secrecy
of short strings that can easily leak through the audio channel.
antonvs wrote 1 day ago:
Using a password manager is an easy and useful protection against
audio leaks of passwords.
But this is an example of the kind of thing the OP is talking
about. You're probably not at a very realistic risk of having
your password hacked via audio exfiltrated from the Ring camera
at your front door. Unless it's Mossad et al who want your
password.
kragen wrote 1 day ago:
Like "you're probably not at a very realistic risk of having
your phone wiretapped", this is overindexing on past
experienceâremember that until Room 641A commenced operations
in 02003 ( [1] ), you weren't, and after it did, your phone was
virtually guaranteed to be wiretapped. Similarly, you aren't
at a very realistic risk of having your password hacked via
audio, until someone is doing this to 80% of the people in the
world. As far as we know, this hasn't happened yet, but it
certainly will.
URI [1]: https://en.wikipedia.org/wiki/Room_641A
antonvs wrote 15 hours 36 min ago:
But again, thatâs the Mossad scenario - NSA in this case.
Youâre essentially reinforcing the OP point. There are
three threat models given in Figure 1 of the OP doc, and what
youâre saying really only applies to the third.
kragen wrote 14 hours 13 min ago:
No, their Mossad threat model is that the Mossad wants to
kill particular people, not steal the passwords of
literally every single person on Earth.
sigwinch wrote 1 day ago:
Why did you choose randomâs SystemRandom rather than secrets?
kragen wrote 1 day ago:
What?
Oh, you mean PEP 506. I wrote this program in 02012, and PEP 506
wasn't written until 02015, didn't ship in a released Python until
3.6 in 02016, and even then was only available in Python 3, which I
didn't use because it basically didn't work at the time.
PEP 506 is just 22 lines of code wrapping SystemRandom. There's no
advantage over just using SystemRandom directly.
_zoltan_ wrote 1 day ago:
what is 02012 and why write it so strange?
dredmorbius wrote 1 day ago:
< [1] >
< [2] >
< [3] >
URI [1]: https://news.ycombinator.com/item?id=45505856
URI [2]: https://news.ycombinator.com/item?id=43463920
URI [3]: https://news.ycombinator.com/item?id=39175614
will4274 wrote 1 day ago:
It's the long now foundation thing. The long now foundation
encourages writing years with five digits to encourage readers
to think about long term planning, to plan for a future of
humanity that is measured in more than thousands of years.
URI [1]: https://en.wikipedia.org/wiki/Long_Now_Foundation
ahoka wrote 1 day ago:
Obviously it's octal and the person is a time traveler from the
11th century.
namibj wrote 1 day ago:
They want to feel like they matter in over 10k years from now,
where a 4-digit year would start to wrap.
zahlman wrote 1 day ago:
In fact that will be not even 8k years from now.
sigwinch wrote 1 day ago:
Iâll be very embarrassed when Iâm still writing 9999 on
my checks.
contrarian1234 wrote 1 day ago:
I think the central premise is a "wrong". The "point" of science isn't
really to do useful things. Framing things from that angle is in subtle
ways dangerous bc that shouldnt be part of the incentive structure.
you dont understand the mating behaviors of naked mole rats bc of some
sense of "usefulness". Its just an investigation of nature and how
things work. The usefulness comes out unexpectedly. Like you find out
naked mole are actually maybe biologically immortal
You should just find interesting phenomena and invetigate. Capitalism
figures out the usefulness side of things
wmwragg wrote 1 day ago:
Yeah, Science shouldn't be concerned with usefulness, just like Art.
It's the application of those fields which should concern itself with
usefulness i.e. applied science, engineering, design etc. I'm not
saying that scientific research shouldn't be carried out by companies
with specific goals in mind, just that it shouldn't be the expected
default.
dnlserrano wrote 1 day ago:
Mickens essays are always a good read
jones89176 wrote 1 day ago:
I enjoyed "The Night Watch" a lot: [1] > A systems programmer will know
what to do when
society breaks down, because the systems programmer already lives in a
world without law.
URI [1]: https://scholar.harvard.edu/files/mickens/files/thenightwatch....
Havoc wrote 1 day ago:
I see this on reddit a lot in self hosting context.
The range of things people do on security is wild. Everything from
publicly expose everything and pray the apps login function some random
threw together is solid to elaborate intrusion detection systems.
zkmon wrote 1 day ago:
Security is a problem caused by ownership of some usefulness. Sometimes
solution can be around addressing these two causes.
tarjei_huse wrote 1 day ago:
Do you have a concrete example?
zkmon wrote 1 day ago:
Do not have concentrated usefulness and do not have concentrated
ownership.
ChrisMarshallNY wrote 1 day ago:
I've always enjoyed Mikens' writing. He has a great sense of humor.
I like his using Mossad as the extreme. I guess "Mossad'd" is now a
verb.
gjvc wrote 1 day ago:
this guy's stuff reads like word salad and people lap it up. I've
never understood why.
torginus wrote 1 day ago:
He wrote quirky internet humor before it was mainstream, in fact he's
a victim of his own success - when this article came out this
would've been considered funny and witty writing, but has become
tired and derivative enough today to provoke a negative reaction.
EdwardDiego wrote 1 day ago:
Because it's a funny rant.
Havoc wrote 1 day ago:
Despite word salad it is entertaining and the core message is valid
smashah wrote 1 day ago:
Very true, unfortunately there's no password strong enough to stop
Malaysian Airlines ground crew from loading a pallet full of
Mossad-rigged walkie talkies on my flight from Kuala Lumpur to Beijing
via conveniently-placed-NATO-AWACS-infested airspace.
2FA isn't going to protect me from cruising altitude walkie talkie
detonation and having the debris scattered over an impossibly wide
area.
I guess the best thing to do is not take an airline of a country that
has recently showed public support for Gaza specifically during a
humanitarian visit in the months prior to my flight.
Thankfully none of this is true and everything the mainstream media and
governments tell us are true - imagine if things weren't as they
seemed?.. Craziness... Back to my password manager!
mike_hearn wrote 1 day ago:
It's hilarious, but the hilarity gets in the way of recognizing how
much insight there is also there. It makes serious points. This part
about the Mossad is especially astonishing given the pager attack:
> If your adversary is the Mossad, YOUâRE GONNA DIE AND THEREâS
NOTHING THAT YOU CAN DO
ABOUT IT. The Mossad is not intimidated by the fact that you employ
https://. If the Mossad wants your data, theyâre going to use a drone
to replace your cellphone with a piece of uranium thatâs shaped like
a cellphone
It's like a Mossad agent read this paper and thought hey that's
actually not a bad idea.
But the core rant is about dubious assumptions in academic cryptography
papers. I was also reading a lot of academic crypto papers in 2014, and
the assumptions got old real fast. Mickens mocks these ideas:
⢠"There are heroes and villains with fantastic (yet oddly
constrained) powers". Totally standard way to get a paper published.
Especially annoying were the mathematical proofs that sound rigorous to
outsiders but quietly assume that the adversary just can't/won't solve
a certain kind of equation, because it would be inconvenient to prove
the scheme secure if they did. Or the "exploits" that only worked if
nobody had upgraded their software stack for five years. Or the systems
that assume a perfect implementation with no way to recover if anything
goes wrong.
⢠"you could enlist a well-known technology company to [run a PKI],
but this would offend the refined aesthetics of the vaguely Marxist but
comfortably bourgeoisie hacker community who wants everything to be
decentralized", lol. This got really tiresome when I worked on Bitcoin.
Lots of semi-technical people who had never run any large system
constantly attacking every plausible design of implementable complexity
because it wasn't decentralized enough for their tastes, sometimes not
even proposing anything better.
⢠"These [social networks] are not the best people in the history of
people, yet somehow, I am supposed to stitch these clowns into a rich
cryptographic tapestry that supports key revocation and verifiable
audit trails" - another variant of believing decentralized cryptography
and PKI is easy.
He also talks about security labels like in SELinux but I never read
those papers. I think Mickens used humor to try and get people talking
about some of the bad patterns in academic cryptography, but if you
want a more serious paper that makes some similar points there's one
here:
URI [1]: https://eprint.iacr.org/2019/1336.pdf
commandlinefan wrote 1 day ago:
> going to use a drone to replace your cellphone with a piece of
uranium
That's assuming they can figure out who you are in the first place.
My pipe dream for the internet (that I thought we were getting way
back in the 90's) is total anonymity. You can say whatever you like
about the mossad, or the NSA or the KGB or whatever you like, and
they'll never be able to figure out whose cellphone to replace with a
piece of uranium.
We have the technology to make it happen (thanks to the paranoid
security researchers!) just not the collective will to allow it.
ikamm wrote 1 day ago:
If you think the bots and bad actors are bad now...
nathan_compton wrote 1 day ago:
The biggest social challenge to this is astro-turfing, from my own
point of view. Even total anonymity with proof of work doesn't
solve the problem. Like the idea we want is that people can speak
truth to power. But total anonymity makes it quite difficult to
figure out if its power speaking lies to create a false perception
of the truth.
I mean go read 4chan, a place where there is something like total
anonymity. Those people are constantly imagining that half the
comments on the site are generated by intelligence agencies and,
who knows, maybe they are right? I really do wonder if there is any
way to reap the rewards of total anonymity without the poison of
bad actors.
I'm somewhat moderate on the issue from a practical point of view.
I think citizens have a right to some sort of reasonable privacy
and I don't think laws which try to regulate the technical
mechanisms by which we can have it make sense, no matter how evil
the use of the technology is. But I don't think that, in the end,
it is beyond the remit of authority to snoop with, for example, a
court order, and the means to do so. I expect authority to abuse
power, but I don't think that technological solutions can prevent
that. Only a vigilant citizenry can do it.
jojobas wrote 1 day ago:
It is kinda funny, but cost and benefit analysis is not foreign even
to Mossad. Mossad would prefer quite a few people's data stolen, but
they are not going to carry out a black abroad for most of them.
ta1243 wrote 1 day ago:
> you could enlist a well-known technology company to [run a PKI],
If you have a single company, then that's easy enough for a group
like Mossad to infiltrate. Probably easier than a distributed system.
mike_hearn wrote 1 day ago:
The best known PKI (webtrust) is many companies, not a single
company. So it's distributed but that makes it easier to hack not
harder because you have many possible targets instead of just one.
Yizahi wrote 1 day ago:
> Lots of semi-technical people who had never run any large system
constantly attacking every plausible design of implementable
complexity because it wasn't decentralized enough for their tastes,
sometimes not even proposing anything better.
And for added fun, that same radical decentralization crowd, finally
settling on the extremely centralized Lightning crutch, which is not
only centralized but also computationally over complicated and buggy.
torginus wrote 1 day ago:
If your adversary is a state intelligence agency, you're probably a
high ranking politician and a boomer who is clueless about computers,
and has demonstrably terrible opsec, either through government
incompetence of your own agencies, or not following the terribly
cumbersome opsec procedures, either because of inconvenience, the
policies being terrible or sheer incompetence.
The amount of examples we've seen of this is staggering.
sigwinch wrote 1 day ago:
That sounds like an elected legislator, not like the kind of person
with close access to compartmentalized info. And its the form of a
leak of policy or some covert program; details which could also be
bought; so itâs called âretailâ compared with systematic.
torginus wrote 1 day ago:
I think saying that people like Hillary Clinton, Trump, Biden or
Bolton didn't have access to highly sensitive information is not a
reasonable stance (and those are just the ones we know about).
sigwinch wrote 1 day ago:
Itâs good that no one is arguing that. But your argument
isnât strong. Youâre saying that numbers matter. Those kinds
of people go in and out of SCIFs. If they belch a secret at
lunch, maybe it has lobbying implications, but it wasnât
compartmentalized. It can even be disinfo.
The real ROI is to land a Jonathan Pollard. Not even a million
Hegseths can leak enough info to collect into one Pollard.
lifestyleguru wrote 1 day ago:
Then how it's possible Mossad didn't know about what had happened on 7
October 2023?
smashah wrote 1 day ago:
They didn't know about Hannibal Directive Celebration Day? Who told
you that?
IAmBroom wrote 1 day ago:
Lack of omniscience, infinite computing power, and yottabyte storage
facilities?
lifestyleguru wrote 1 day ago:
Dunno, Microsoft was quite generous with their cloud plan.
drdrek wrote 1 day ago:
Actually Gaza and the West Bank are handled by the "Shabak" agency
which is the equivalent of the FBI while the "Mossad" agency is only
for foreign operations and is equivalent to the CIA
And asking how did they miss something is like asking how come AWS
has downtime. But I'm sure you could come to this conclusion on your
own if you didn't really want the answer to be something else.
torginus wrote 1 day ago:
And the article is a huge rant about why security people are stupid
for worrying about the most clearly implausible shit ever.
smashah wrote 1 day ago:
They didn't know about the pretense they wanted to spend the
following 2+ years making unlimited fallacious justifications for
committing a live-streamed holocaust of children? Who told you that?
2rsf wrote 1 day ago:
a. I am too lazy to search but they probably did, the problem was
what was done with the information. Same with 8200 the all mighty
signal intelligence corps
b. The Mossad is the equivalent of the CIA, they are not meant to act
inside Israel
ta1243 wrote 1 day ago:
> b. The Mossad is the equivalent of the CIA, they are not meant to
act inside Israel
For that purpose is Gaza inside or not inside Israel?
rgblambda wrote 1 day ago:
Shin Bet (Israeli internal security service) have an Arab desk
that covers the West Bank & Gaza.
lifestyleguru wrote 1 day ago:
Israel would probably dispute it, but for most of the world Gaza
in relation to Israel is "abroad" and not "domestic".
2rsf wrote 1 day ago:
Yes (TBD)
throwaway_dang wrote 1 day ago:
Maybe they did but it was permitted to happen to provide the pretext
to expand those Greater Israel borders.
bbarnett wrote 1 day ago:
The same way the US didn't know about 9/11. Intelligence failures.
(Portions of the US intelligence apparatus knew, but that knowledge
didn't transition into action)
energy123 wrote 1 day ago:
Israel's intelligence services (not Mossad) did collect valid
signals, such as sim cards in Gaza being swapped out for Israel sim
cards, but it was ignored as another false positive. What the
public don't see are all the false positives (like many drills for
an attack that don't materialize) that drown out valid signals when
the attack is actually going to happen. There's also hesitancy to
act on signals because drills are used to expose intelligence.
It's one of the many asymmetries that changes when you are the
defender versus the attacker. As the defender, you have to be right
100% of the time. As the attacker, you have the luxury of being
right only 30% of the time. The law of large numbers is on the side
of the attacker. This applies to missile offense/defense and to
usage of intelligence.
This information asymmetry is also one of the key drivers of the
security dilemma, which in turn causes arms races and conflict. The
defender knows they can't be perfect all the time, so they have an
incentive to preemptively attack if the probability of future
problems based on their assessment of current information is high
enough.
In the case of Gaza there was also an assessment that Hamas were
deterred, which were the tinted glasses through which signals were
assessed. Israel also assumed a certain shape of an attack, and the
minimal mobilisation of Hamas did not fit that expected template.
So the intelligence failure was also a failure in security doctrine
and institutional culture. The following principles need to be
reinforced: (i) don't assume the best, (ii) don't expect
rationality and assume a rival is deterred even if they should be,
(iii) intention causes action, believe a rival when they say they
want to do X instead of projecting your own worldview onto them,
(iv) don't become fixated on a particular scenario, keep the
distribution (scenario analyses) broad
IAmBroom wrote 1 day ago:
> As the attacker, you have the luxury of being right only 30%
of the time.
Interesting number you suggested. That's a pretty normal success
rate for a carnivore attacking prey.
dominicrose wrote 1 day ago:
Avoiding a car accident has a low cost, you just have to take it
slowly and be 1 min late to your meeting or whatever, but
deciding wether you should attack first based on a small
suspicion, that a hell of a problem, because if you're wrong,
you're seen as the bad guy. And maybe even if you're right and
can't prove it.
energy123 wrote 1 day ago:
> because if you're wrong, you're seen as the bad guy. And
maybe even if you're right and can't prove it.
An example of this is France cutting off all support after
Israel's initiation of the Six Day War, which followed signals
such as Egypt massing troops on the border. The problem for
Israel was the lack of strategic depth combined with the
geographical low ground, which creates these hair trigger
scenarios with no room for error, reducing the threshold to act
preemptively. The more abstract problem was the absence of a
hegemon in the late 20th century that had security control over
West Asia, which is a necessary and sufficient condition for
resolving the security dilemma.
ozirus wrote 1 day ago:
Domestic intel = Shin Bet, not Mossad
INTPenis wrote 1 day ago:
This is exactly the type of comment that will get you mossad'd.
lifestyleguru wrote 1 day ago:
ok I'll keep you updated, but I don't own any real estate they
could "de-Hamasify"
impossiblefork wrote 1 day ago:
The Mossad part is a very silly element of the text. Many organizations
have to defend against US intelligence, Israeli intelligence etc., and
I'm sure, that they, with the exception of some very terrible countries
with a lot of incompetence or full of disloyal people likely to become
infiltrators, are quite successful.
Actual security is possible even against the most powerful and
determined adversaries, and it's possible even for you.
IAmBroom wrote 1 day ago:
Well, data security. Right up until the wetware is included.
impossiblefork wrote 22 hours 46 min ago:
I think, a lot of people imagine these people as very capable, and
they think of things like those pagers etc., but when I think of
them I think of the Lillehammer affair and a bunch of other
similarly silly business, so I'm much less impressed with them,
feeling that they're basically silly people.
There's so many cock-ups etc. that you can read about Wikipedia
that I don't understand why people hold these people highly and
imagine them to be so able. They simply aren't.
megous wrote 1 day ago:
Not sure what audience he is talking to. Experts deal with a lot more
issues that sit between choosing a good password + not falling for
phishing and "giving up because mossad". The terminology that he
sprinkles about suggests the audience is experts.
rini17 wrote 1 day ago:
The article actually addresses this -- that all these extra issues
are not manageable for mere mortals anyway and/or perfectly spherical
cows are involved.
megous wrote 1 day ago:
It does not. It just invents a bunch of straw men, and then mocks
them.
IAmBroom wrote 1 day ago:
Literally what you are doing with the article right now.
megous wrote 8 hours 17 min ago:
Pretty sure I'm not literally inventing actual straw men here.
:-)
rini17 wrote 1 day ago:
Such as?
eirini1 wrote 1 day ago:
Never agreed with this logic. For a lot of people (anyone that does
political activism of some sort for example) the threat model can be a
lot more nuanced. It might not be Mossad or the CIA gunning for you,
specifically, but it might police searching you and your friend's
laptops or phones. It might be burglars targetting the office of the
small organization you have and the small servers you have running
there.
some_random wrote 1 day ago:
Yeah it's extremely immature, even within police agencies there's a
huge variation on their ability to perform digital forensics.
Furthermore, just because the feds don't like you for whatever reason
doesn't mean they're going to deploy their top-of-the-line exploits
against you, or detain and torture you, or whatever magic voodoo
bullshit the author thinks the Mossad can do.
shermantanktop wrote 1 day ago:
The third mode is enabled by scale of data and compute. If enough
data from enough sources is processed by enough compute, Mossad does
not need to have a prior interest in you in order for you to fit a
profile that they are interested in.
Anyone else see all the drones flying over a peaceful No Kings
assembly?
YesThatTom2 wrote 1 day ago:
I'm pretty sure his point was that security labels are a dead end.
(Have you ever attended an academic security conference like Usenix
Security?)
bell-cot wrote 1 day ago:
Yep. While there might be some use cases for his ultra-simplistic
"Mossad/not-Mossad duality" - say, convincing Bob Jones that
"b0bj0nes" is not a great password - it's 99% fairy tale.
And even if the CIA/Mossad/NSA/whoever is "interested" in you - this
is the era of mass surveillance. The chances that you're worth a
Stuxnet level of effort is 0.000000001%. Vs. 99.999% chance that
they'll happily hoover up your data, if you make it pretty easy for
their automated systems to do that.
zahlman wrote 1 day ago:
> Yep. While there might be some use cases for his ultra-simplistic
"Mossad/not-Mossad duality" - say, convincing Bob Jones that
"b0bj0nes" is not a great password - it's 99% fairy tale.
Honestly, the oversimplification here reads to me more like
something Bob Jones could use to justify not caring about
"b0bj0nes" not being a great password.
bell-cot wrote 1 day ago:
I was thinking, "Bob, stop making excuses about how it's
hopeless, and you'd need a
'U0hBNTEyICgvdmFyL2xvZy9tZXNzYWdlcykgPSBjNGU2NGM1MmI5MDhiYWU3MDU5
NzdlMzUzZDlk'-level password to be safe. That 'b0bj0nes' is so
easy that a bored kid might get it in a few dozen guesses, and
you need to change it to something better."
wpollock wrote 1 day ago:
That password should include symbols too! Without symbols,
each character is one of 62 values (sticking to ASCII letters
and digits). Including symbols makes it much harder to guess
passwords of a given length. Even better would be Unicode
letters, digits, and symbols, even if you stick to the Basic
Multilingual Plane.
Best would be non-text, binary strings. Since I already use a
password manager, I don't really need to type passwords by
hand. But I do understand most people prefer text passwords
that could be entered by hand if necessary.
bell-cot wrote 1 day ago:
Except that's exactly what the Mossad will be expecting us to
use, for our uber-secure password! By eschewing symbols and
binary, we are actually meta-out-smarting their ultimate
giga-quantum nuclear crypto cracker.
Or: This is Bob "Dim Bulb" Jones we're talking to. KISS,
and maybe we can convince him to upgrade his password to
"iwantacoldbeernow".
jasomill wrote 1 day ago:
âiwantacoldbeernowâ
Sorry, your password does not meet complexity requirements
because it does not contain at least one of each of the
following: uppercase letters, lowercase letters, numeric
digits, nonalphanumeric symbols.
âI want 1 cold beer now.â
Sorry, your password may not contain spaces.
âIwant1coldbeernow.â
Sorry, your password is too long.
âIwant1beernow.â
Sorry, your password is too long.
â1Beer?â
Sorry, your password is too short.
âPassword1!â
Thank you. Your password has been changed.
tonnydourado wrote 1 day ago:
Also worth noting that Mossad/CIA/etc. are not monoliths. Maybe you
got a top agent assigned to you, but maybe your file is on the desk
of the Mossad's version of Hitchcock and Scully from Brooklyn 99.
rini17 wrote 1 day ago:
You did not write what you actually disagree with....
coldtea wrote 1 day ago:
the maximalist false dillema of "all or nothing": either it's a
super-poweful super-human agency and you can't do anything, else
any half-measure is fine
turboturbo wrote 1 day ago:
The false dichotomy
rini17 wrote 1 day ago:
The dichotomy between what average people(including political
activists) can actually handle and stuff proposed by security
researchers is real.
anonym29 wrote 1 day ago:
The idea that average people can't handle incremental
improvements like a password manager, MFA, full disk
encryption, etc is unhealthy infantilization of people who are
entirely capable of understanding the concepts, the benefits,
the risks they address, and appreciating the benefits of them.
Most people just don't care enough until after they're hacked,
at which point they care just enough to wish they'd done
something more previously, which is just shy of enough to start
doing something differently going forward.
It's not that normies are too stupid figure this out, it's that
they make risk accept decisions on risks they don't thoroughly
understand or care enough about to want to understand. My
personal observation is that the concept of even thinking about
potential future technology risks at all (let alone considering
changing behavior to mitigate those risks) seems to represent
an almost an almost pathological level of proactive preparation
to normies, the same way that preppers building bunkers with
years of food and water storage look to the rest of us.
rini17 wrote 1 day ago:
I do understand the concepts and exactly because of that I
doubt I myself would be able of airtight opsec against any
determined adversary, not even state-level one. I think it's
humility, you think I infantilize myself lol.
I do use password manager and disk encryption, just for case
of theft. Still feels like one stupid sleepy misclick away
from losing stuff and no amount of MFAs or whatever is going
to save me, they actually feel like added complexity which
leads to mistakes.
edu wrote 1 day ago:
That's a fun take, similar to the classic XKCD 538: Security.
URI [1]: https://xkcd.com/538/
dominicrose wrote 1 day ago:
this is why you need a fake password that provides access to fake
content that looks like the real content
hshdhdhehd wrote 1 day ago:
The 4096 bits just stops it being so easy to surveil you that it is
hyper-automated. So there is some use. The $5 wrench needs a million
dollar operation to get that guy to your house.
ta1243 wrote 1 day ago:
Depends how strong the protections of your civil society is, but it
doesn't cost $1m to send a goon with a crowbar or shotgun. Sure
that doesn't scale, but if you are a target you're screwed
hshdhdhehd wrote 1 day ago:
The $1m is the stuff they did to the point where they knew where
to send the goon.
If you are a target you are screwed. But clever crypto isn't
useless.
sigwinch wrote 1 day ago:
Probably used to average over $1m. Nowadays, those operations
(polonium, novachuk, expending expensive KGB resources) send a
signal. Otherwise, swatting your home while they drain your
wallets; or threatening to swat; quite inexpensive.
bbarnett wrote 1 day ago:
Oh come on, that's way over budget! Every time I managed such an
operation, we'd just rent a van and... uh, I mean, um, I heard it
costs less.
hshdhdhehd wrote 1 day ago:
Its a million dollars to the defense contractor who lobbies for
more wrench attacks.
broodbucket wrote 1 day ago:
Remember, you don't have to be unhackable, just sufficiently
unimportant to not be worth burning any novel capability on
lisbbb wrote 1 day ago:
I like the "gray man" concept, but can't predict when you end up on
the radar or why. As a young graduate student, I once wrote an
article that rebuffed the government's "Total Information Awareness"
trial balloon and suddenly found myself embroiled in much unexpected
controversy, including some big name journalists e-mailing me and
asking questions. You just never know when you stumble into
something that you're not supposed to know about and what might
happen.
andai wrote 1 day ago:
So the advice would be for an activist to choose extremely boring
forms of activism? ;)
broodbucket wrote 23 hours 1 min ago:
If you're at that level where some powerful entity really takes an
interest in you, you just have to operate as if you're always
compromised, I think.
itsnowandnever wrote 1 day ago:
I think people don't understand what this means either. the
nation-state "agencies" that can and will get into your
network/devices can do so because they would employ tactics like
kidnapping and blackmailing a local telco field technician. or if
it's your own government, they can show up with some police and tell
them to do whatever and most will comply without even receiving a
proper court order.
so unless you're worth all that trouble, you're really just trying to
avoid being "low hanging fruit" compromised by some batch script
probing known (and usually very old) vulnerabilities
red-iron-pine wrote 1 day ago:
plenty of big telcos push back to gub'mnt orders. they usually get
a warrant.
or they just pay the $2100 per API call to download it from the
telco or social media company.
it's not improper if you agreed to give a company the ability to
sell your data to anyone -- the government is anyone, and they have
the money.
shiandow wrote 1 day ago:
Given that choice I'd rather choose to be unhackable.
aa-jv wrote 1 day ago:
I think the more important maxim to follow is this: if you didn't
manufacture your own sillicon, you are infinitely more hackable than
if you did.
Alas, no matter how hard we try to trust our compilers, we must also
adopt methods to trust our foundries.
Oh, we don't have our own foundries?
Yeah, thats the real problem. Who owns the foundries?
smithkl42 wrote 1 day ago:
Nah, if I manufactured my own silicon, I'd be infinitely more
hackable than I am right now - just like if I wrote my own crypto
code. 99.9999% of people are going to be more secure if they just
rely on publicly accessible cryptography (and silicon). Otherwise
you're just going to be making stupid mistakes that real
cryptographers and security folks found and wrote defenses against
three decades ago.
MomsAVoxell wrote 1 day ago:
If you could make your own silicon, you could create a guild or a
federation to audit it, and then your trust circle would be
smaller and therefore safer.
>Otherwise you're just going to be making stupid mistakes that
real cryptographers and security folks found and wrote defenses
against three decades ago.
Yeah, thats the point, learn those same techniques, get it in the
guild, and watch each others backs.
Rather than just 'trusting' some faceless war profiteers from the
midst of an out of control military-industrial complex.
pydry wrote 1 day ago:
When has anybody ever been hacked via a foundry?
While having your own foundry is undoubtedly a good thing from the
perspective of supply chain resiliency, if hacking is what you're
worried about there are probably easier ways to mitigate (e.g. a
bit more rigor in QC).
purplehat_ wrote 1 day ago:
Not exactly what you're asking, but multiple CVEs have been found
in Intel's Management Engine (ME) which have been used in
spyware.
It might not be an intentional backdoor, but it very much seems
designed with out-of-band access in mind, with the AMT remote
management features and the fact that the network controller has
DMA (this enables packet interception).
kragen wrote 1 day ago:
Roughly everybody you've ever met, 100% of the time.
There's a reason the NSA can get Intel CPUs without IME and you
can't. Given the incentives and competence of the people
involved, it's probably an intentional vulnerability that you
can't escape because you don't fab your own chips. There's
strong circumstantial evidence that Huawei got banned from
selling their products in the US for doing the same thing. And
the Crypto AG backdoor (in hardware but probably not in silicon)
was probably central to a lot of 20th-century international
relations, though that wasn't publicly known until much later.
And this is before we get into penny-ante malicious hardware like
laser printer toner cartridges, carrier-locked cellphones, and
HDMI copy protection.
No amount of QC is going to remove malicious hardware; at best,
it can tell you it's there.
IAmBroom wrote 1 day ago:
"When" is what we will likely never know, given the subterranean
depth of trust and visibility there. Probably never...
aa-jv wrote 1 day ago:
Do you know what "your" CPU is doing? Do you really?
lisbbb wrote 1 day ago:
I always figured the spy crap was programmed right in to the
chips themselves and the BIOS.
INTPenis wrote 1 day ago:
That's right, just keep your head down, smile and nod, do your job
and nothing will ever go wrong. /s
impossiblefork wrote 1 day ago:
I don't think that's the interpretation, but make your computer
systems disconnected from what you do.
If relevant adversaries don't know which computer to burn the
exploit on, then they won't burn it on the right one.
GreenWatermelon wrote 1 day ago:
You /s but this is actually valid advice for someone who just wants
to get by in life and is content.
ragazzina wrote 1 day ago:
>someone who just wants to get by in life and is content
"Itâs the reductionist approach to life: if you keep it small,
youâll keep it under control. If you donât make any noise,
the bogeyman wonât find you. But itâs all an illusion,
because they die too, those people who roll up their spirits into
tiny little balls so as to be safe. Safe?! From what? Life is
always on the edge of death; narrow streets lead to the same
place as wide avenues, and a little candle burns itself out just
like a flaming torch does."
lisbbb wrote 1 day ago:
That's stupid. It's not all an illusion. The scale definitely
matters. If you are buying stocks you can make a profit as a
little guy that if the big guys tried to do it they would
quickly become the "market maker" and the strategy would not
scale up. It's the same with criminal activity or
insurgency--small mosquitoes are ignored while the major
threats get swatted hard.
INTPenis wrote 1 day ago:
True enough. I'm content as long as I don't hear the news
anywhere. Recently had my dad over and he can't go 5 minutes
without the news on in the background. Really hard to be content
then.
throwaway_dang wrote 1 day ago:
Do the bombs dropping in war zones avoid apolitical people? If
not, when is the appropriate time to get sufficiently political
to avoid having a bomb dropped on one's head?
GreenWatermelon wrote 1 day ago:
"Keeping your head down" means not doing anything that would
cause a government (especially your own) to want to disappear
you.
If you vocally oppose your tyrannical government, you won't
avoid a bomb on your head. In the best case you'll get a bullet
through your head. Worst case, you spend a lifetime in a
prison.
adrianN wrote 1 day ago:
Very few individuals can influence whether or not bombs drop.
The best way to avoid having bombs dropped on your head is
moving to a place where fewer bombs are dropped.
jimnotgym wrote 1 day ago:
But many people together, although none of them individually
influencial enough, certainly can influence where bombs get
dropped.
When you start successfully reaching many people you can be
sure that security agencies will start watching you.
adrianN wrote 1 day ago:
In areas where bombs are dropped there is generally a large
majority in favor of stopping that, but they have little
influence.
energy123 wrote 1 day ago:
Downvoted, but so much evil is caused by people due to their
distorted yet sincerely believed moral virtues. Not due to an
absence of morality but because of it. Whatever you have in your
mind as the image of quintessential evil is probably caused by
those people's sincerely held moral system, a moral system they
believed in as strongly as you do yours. So people who just live
their lives and do not grasp on external change are fine by me.
6510 wrote 9 hours 9 min ago:
Unless you believe in the extinction of bad people the burden
of restoring normality is for everyone else. Those who are not
part of the solution are not part of the problem, they are the
problem. You cant have the problem without them and you cant
have them without having the problems.
GreenWatermelon wrote 1 day ago:
are you saying that you've downvoted me, or just pointing out
that I've been downvoted? If the former, why?
brigandish wrote 1 day ago:
A more charitable view would be to act like a zebra in a herd of
zebra rather than a zebra in a herd of horses.
IAmBroom wrote 1 day ago:
Charitable, but also privileged. Many people only have the option
of looking like a cow in a cattle yard.
optimalsolver wrote 1 day ago:
I think fighting Israel is kind of a glimpse into what trying to fight
a malevolent AGI will be like.
Expect to lose in highly surprising ways.
speedgoose wrote 1 day ago:
I don't know, driving a big truck into AWS' us-east-1 power supply
section sounds more than enough to take down internet for a while.
red-iron-pine wrote 1 day ago:
ITT: we've never spent time around ashburn va data centers.
most have big heavy barriers and multiple bollards and fences.
some of the reston va data centers have big glorious planters out
front and weird angles to walk up to the mantrap -- to prevent
trucks from driving through. the generators usually have some sort
of fence or bollards, and most are on multiple power sources from
the local and airport grids.
source: used to manage nova data centers and did plenty of attack
surface mapping. the truck-through-front-door approach is
consistently considered.
WJW wrote 1 day ago:
Of course, but that's the point. Actual AGI wouldn't need to limit
itself pointlessly in ways that would make it obvious to every
internet rando how to hit it. Just as you cannot kill an
intelligence agency with a single strike, it could distribute
itself over many secret locations.
ta1243 wrote 1 day ago:
I would hope that data centre has multiple power supplies from
multiple locations - as well as UPS and on site generators,
certainly mine do.
However given AWS is so complex (which is required because they
want to be a gatekeeping platform) leading the uptime to struggle
to match a decent home setup, I'm not sure. I'm sure there's no 6
figure bonus for checking the generators are working, but a rounded
corner on a button on an admin page?
tuzemec wrote 1 day ago:
Somewhat related video:
URI [1]: https://vimeo.com/95066828
samlinnfer wrote 1 day ago:
This will always be my favourite Mikens essay (The Slow Winter):
URI [1]: https://www.usenix.org/system/files/1309_14-17_mickens.pdf
purplehat_ wrote 1 day ago:
If people want to read all six, here they are! [1] My favorite is The
Night Watch.
URI [1]: https://mickens.seas.harvard.edu/wisdom-james-mickens
isoprophlex wrote 1 day ago:
> [...] itâs pretty clear that compilers are a thing of the past,
and the next generation of processors will run English-level
pseudocode directly.
hilarious AND scary levels of prescient writing...
chao- wrote 1 day ago:
Mine as well.
I have a fond memory of being at a party where someone had the idea
to do dramatic readings of various Mickens Usenix papers. Even just
doing partial readings, it was slow going, lots of pauses to recover
from overwhelming laughter. When the reading of The Slow Winter got
to "THE MAGMA PEOPLE ARE WAITING FOR OUR MISTAKES", we had to stop
because someone had laughed so hard they threw up. Not in an awful
way, but enough to give us a pause in the action, and to decide we
couldn't go on.
Good times.
purplehat_ wrote 1 day ago:
Bit of an aside, but I'm wondering in what city this was in.
I'm going to be job hunting soon and I was planning to prioritize
the Bay Area because that's the only place I've encountered a
decent density of people like this, but maybe I'm setting my sights
too short.
chao- wrote 1 day ago:
Houston, Texas.
There are nerds everywhere.
eeeficus wrote 1 day ago:
Sounds like you found nerd heaven. I couldn't imagine a situation
like yours in my world! :)
DIR <- back to front page