Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Moxie Marlinspike Answers Your Questions

samzenpus posted more than 2 years ago | from the here's-the-scoop dept.

Privacy 76

A few weeks ago you asked security guru Moxie Marlinspike about all manner of security issues, being searched at the border, and how to come up with a good online name. He's graciously answered a number of your inquiries which you will find below.Who writes your paychecks?
SirGarlon

From your Web site it looks like you've worn a number of hats. How do you mainly earn your living by penetration testing, developing software as a contractor, or what? Or do you have a day job? (I won't ask where). Do you have any advice for software engineers seeking an independent career?

I was the CTO at WhisperSystems, which was just acquired by Twitter. In the past, I've done both contract and full-time software engineering work, and I've worked on boats and as a delivery captain. I've also spent a considerable amount of time being broke and living without money.

I don't think I have any particularly sage advice for software engineers looking to go independent, so I'll answer a different question: on a somewhat regular basis now, I receive inquiries from young people coming out of high-school or college, asking me what they should do to get started in their software or security career. My most common response is "don't do it." Or at least, not right now.

I think the biggest thing young people fail to realize is the interminable nature of a career. As a young person in the global north, your whole life is generally marked by periods with definite beginnings and endings: elementary school is 5 years, middle school is 3 years, high-school is 4 years. It's significant because when you're in high-school and hating the indignity of it all, there is at least a definite endpoint that you can look forward to. But if you're coming out of that, you might not fully comprehend that when you start a career, you're expected to do that... for the rest of your *life*! Don't be too anxious to jump into that, because it's not as different as what's come before as you might think.

A friend of mine recently quipped "most people working in software discovered technology before they discovered themselves." There are so many people in the industry working on projects without a real personal narrative as to *why* they're doing them, other than the intrinsic feeling that solving technical problems is fulfilling. There is a whole entrepreneurial scene in the Bay Area right now; I can understand the draw of building things, but the level of self-seriousness that people bring to something like a "customer loyalty" startup baffles me. Honestly, it's simply not true that this stuff is "changing the world," so don't be too concerned about missing out if you don't jump in as quickly as you can.

Please, don't spend your late teens or early twenties in front of your computer at a startup. If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work -- however that looks for you. Get an instrument, learn three chords, and go on tour; find a derelict boat and cross an ocean; hitchhike to Alaska; build a fleet of dirigibles; construct a UAV that will engage with the emerging local police UAVs; whatever -- but make it count.

security and society
xappax

In addition to being a very sharp security researcher, you seem to have a strong interest in issues of social and political control. What emerging security trends do you see as being most important or helpful for authoritarians (at home and abroad)? What security trends are most important for anti-establishment movements?

I'll mention a few things I think about:

1) A lot has been said from people like Clay Shirky about the horizontalizing effect of the internet. And while it's true that platforms have emerged on the internet which make horizontal coordination and communication possible, what's often glossed over is that the infrastructure of the internet itself is actually extremely hierarchical. I know this seems obvious, but it's not something that comes up in the dialog about this stuff very often. It's worth remembering that this is how things are currently structured, and that the dreams of the Clay Shirkies of the world can never be fully realized as long as that's true; especially since those in control of the infrastructure seem to be taking increasing notice of that fact.

2) It's also just more of what we've been seeing for years: the economics of "information capitalism" have created a world where data is for the most part unsellable, driving businesses towards surveillance and profiling of their users for targeted advertising as the only means of obtaining revenue. Perhaps this isn't so bad in itself, but it puts us in a dangerous position, because it means the data is there for the (very efficient) taking. This becomes a magnet for governments and attackers.

3) Security vulnerabilities have become more difficult to find and exploit. Rather than making things "secure," however, it's shifted the balance of who has access to these vulnerabilities. There are still plenty of dumb sqli bugs out there, but more and more it's shaping up to mean that those with the most money and resources will have access to the exploits, while everyone else will be vulnerable to them. Which is not the way I'd like to see it.

Hardware for the traveling hacker?
capnkr

I'd be interested to know more about the hardware and/or platform you use on a daily/regular basis to do your work/research. I would assume that with your 'itinerant' lifestyle you have had to make choices and compromises in this area. IIRC, you "temporarily bought" ;) a laptop to edit Hold Fast, but that isn't something you do on a regular basis is it? Are there any suggestions/tips/tricks about hardware or methods that you'd care to share for the traveling hacker with the above in mind?

As an aside - Thanks for all the good work and entertaining tales! :) Been using that Capt's license much lately?


I secretly hate technology, so I actually have a mostly boring setup. I just run Linux on a laptop, which I replace about every eight years. I'm pretty stubborn about making a laptop last; the one I have now has cooling problems, so every time I do a long compile I have to find an ice pack to put under it. In some small way, it probably makes me feel like my computer is accomplishing something really difficult.

Every once in a while I'll need to do something creative if my setup isn't cutting it. So yeah, it's true that I edited Hold Fast on a nice machine with a 14 day return policy. =)

These days I can't travel internationally without CBP wanting to search (or failing that, confiscate) my electronics on my return to the US. So I just don't travel with them if I'm leaving the country.

As for the captain's license, I still get out every now and then, but rarely make deliveries. There's an anarchist yacht clubb convergence happening in Guatemala at the end of February.

WhisperCore
dark_requiem

I really like the idea behind WhisperCore. The problem, as I see it, is that it's only available for two devices, and the Android source is updated regularly, making it difficult to keep WhisperCore up to date with the latest version of Android. Also, there are a wide variety of existing ROMs, each sporting its own array of features, but WhisperCore is the only one focusing on full-device encryption and a quality firewall interface. Given that security is becoming more critical on mobile devices, I would love to see WhisperCore's functionality integrated into every ROM. Have you given any consideration to integrating the WhisperCore project into an existing community such as CyanogenMod, or opening the source to build a community around WhisperCore? It would definitely help with making it available on more devices.

WhisperSystems was acquired by Twitter recently, so the answer to this question has changed a little for us. In general, though, we never saw WhisperCore as something that could be a pervasive aftermarket solution. We made it available on the Nexus devices with an aftermarket installer because we wanted to give something free to the security community and those devices make it easier with unlocked bootloaders. However, the bulk of our distribution efforts were spent trying to get the software through OEM channels, so that it would just appear on new devices.

CyanogenMod has done an excellent job of supporting a wide range of devices, but as you note, they are only able to do this because it's an open source project with enough volunteers to deal with all of the proprietary integration, build, and test issues. They only get access to the source after Google does public drops (that is to say, long after the rest of the industry does), and the device vagaries are endless. WhisperCore was a commercial product focused on the enterprise security market, and that market isn't particularly interested in reflashing ROMs onto their employee's phones. We were simply making it available in that form so that individuals could benefit from our work, but it wasn't our main focus. The other integration problem with CyanogenMod is that they are not a security-focused community, and have actually done a number of things to reduce the security of the platform (which is a shame, since the bar was low to begin with). So the interests of our user bases are fairly distinct, and actually in conflict on some important points.

WhisperCore - why not OSS?
nullchar

Are there business or technical reasons you do not want to open the source code for WhisperCore or any of the sub-projects like WhisperMonitor?

Same reason most enterprise software vendors' products aren't OSS, harder to sell software that way. =)

CarrierIQ nnet

Does Whisper Monitor stop CarrierIQ as well?

Haven't tested it, but it should. That said, it doesn't come with WhisperCore, so it seems unlikely that you'd encounter it on a device with WhisperMonitor.

Thoughts on TLS-SRP as a partial solution?
WaffleMonster

Most secure sites we normally depend on require you to establish an account. Rather than sending our passwords in the "clear" over SSL as everyone is foolishly doing today couldn't part of this problem be solved using trust previously established between you and the site in the form of mutually authenticated credentials?

The best case example would be an online banking site first requiring you to physically come into the office with proper ID. There would no longer be any need for this bank to need to trust or use any third party.

TLS-SRP RFCs have already been written, SSL stacks used by all popular browsers already patched with support... obviously this does not fully eliminate the need for trusted third parties.


I think these types of approaches are interesting for things like SSH, IMAPS, and SMTPS. The way that webapps tend to be architected and deployed, however, makes this tricky.

of trust versus online consensus
DamnStupidElf

PGP provides a model for partial trust in a public key based on the trust placed in signers of that key. I think a similar model would work much better for SSL certificates than either the current forest of fully trusted root CAs or projects like Convergence because it would allow long term trust in entities instead of merely the ephemeral keys used for SSL connections while also providing offline security and the ability to separate the keys used for privacy and identification.

If I wanted to validate the hypothetically secure https://slashdot.org/ I would be happy seeing an SSL certificate signed by Geeknet's PGP key (assuming they cared enough to be in the strong set), but even happier if it was also signed by a couple certificate authorities and some other folks in the strong set. I would assign partial trust to each of the certificate authorities' root certificates and use PGP to measure the partial trust of other signatures and set a threshold for the security of any SSL site, perhaps requiring "full trust" for automatic acceptance of an SSL certificate, a warning for marginal trust, and a bigger warning for anything less.

One of the primary advantages is separation of privacy and identification; the private key for identifying an entity would only be used to sign SSL certificates, reducing the likelihood of an attacker compromising an identity certificate. Notaries, as in Convergence, would simply be entities who sign a large number of SSL certificates after verifying the owner's identity through the existing trust network. The advantage for notaries is that they would not need to keep their private keys online and would only serve signatures. SSL sites could also just include the signatures in the initial SSL/TLS exchange, shifting bandwidth costs to the entities that benefit from the signatures. Site owners could also pre-distribute new SSL keys to certificate authorities and notaries to obtain signatures similar to the way that the existing PKI works, without relying on projects like Convergence to correctly identify a legitimate key change through heuristics.

The biggest advantage is a much more robust framework for trusting the privacy and identify of web sites. The likelihood of obtaining fraudulent SSL certificates signed by enough entities to achieve full trust is much lower than the likelihood of compromising a single fully trusted root CA or tricking a Convergence-style network into trusting a fraudulent SSL certificate by DNS poisoning or other methods.

Do you think this is a workable and, if so, good idea?


The MonkeySphere project is working on something quite similar to your proposal. Personally, I always have trouble with suggestions for bringing the "web of trust" to some new context, because I never found it workable in the context it was invented for. I use PGP more consistently for email than almost anyone else I know, and the truth is that I almost never find a new key with signatures that are meaningful to me.

While there are organizations and individuals I trust, there aren't thousands of them, and probably not even hundreds of them. I think that trust agility is essential to any solution moving forward, but as I see it trust agility requires two things:

1) The trust relationship has to be initiated by the client.
2) A trust decision can be easily revised at any time.

I don't believe that using WoT style signatures meets these requirements, at least in their most obvious form. In the WoT model, if I look up a certificate, I don't have any influence over who's chosen to sign it. I'm given the signatures I'm given, and that's that. If I decide to make it work by trusting some entity that has made it a habit to sign a bunch of certificates, untrusting them becomes difficult, because maybe the entity I'd really like to trust hasn't signed as many. And if it's a matter of manually evaluating the signatures I'm given for any site I visit, that sounds pretty unpalatable to me.

All that said, this idea is not incompatible with Convergence. Just build a MonkeySphere notary backend, and it'll plug right in alongside any other notary strategies you'd like to simultaneously query from your client. I anticipate that it would give you a lot of "stand aside" votes for the foreseeable future, however.

Is everyone just re-inventing _parts_ of the WoT?
Sloppy

It seemed to me that what Perspectives notaries do, as expressed in OpenPGP-speak, is act as sophisticated Robot CA. (Is this wrong?) Is a Convergence notary "merely" a more sophisticated Robot CA, or does it provide information which couldn't be represented in a Web of Trust?

Well, I dunno, on some level I think all knowledge can be expressed as simile through any particular domain of knowledge. It's important to remember that a Convergence notary isn't bound to any particular validation technique, meaning that not all notaries will use network perspective. I prefer to think of notaries as SSL Certificate Authorities with an inverted trust relationship. They're pretty similar, but rather than the server initiating the trust relationship, it's the client. It's a subtle but powerful change.

bootstrapping -- notary trust
Onymous Coward

Do you see the matter of how users come to trust the notaries themselves as a concern? What methods do you see for assuring users that a list of notaries is in fact recommended by a given party? I see notaries distributed with the Convergence plug-in (is the distribution signed?), but doubtlessly that's not meant as a steady-state solution as it does not promote trust agility.

Have you considered notary list configuration based on "subscriptions" a l AdBlock lists. For example, if the EFF periodically published a signed "EFF Trusted Notaries" list, as one of a number of organizations doing so?

And how much is a working web of trust required for this? Do you feel there is one?


Right now installing Convergence is a leap of faith, as is true for most software. I'm being intentionally inflammatory by making a point of not distributing it over SSL, because if you're installing it, you don't have it to validate your SSL connection yet. Once you have it, however, all updates are signed.

I don't actually see pre-distributed lists of trusted notaries as anathema to trust agility, however. It's nice for a user to be able to select who they trust, but it's also essential that browser vendors can revise those defaults as well. Right now that's not the case, and it means that a browser vendor's entire user base suffers.

I would like to imagine that one day browsers will ship with Convergence support built in, and that it will come with a list of default notaries that the browser has curated. If one of those notaries starts acting in bad faith, the browser can remove them. If you as a user would like to make different trust decisions, they can do that as well.

Notary subscription lists are a good idea. You can kind of do this with the HA Notary bundles right now, but it'd be better to break them out into a meta-bundle. In any case, the bundle auto-update logic is in there, so it wouldn't be too difficult (git pull requests gladly accepted!).

Switch from Perspectives?
Burz

I'm already using the Perspectives extension (and not sure what benefit I'm getting from that)... Why should I switch from Perspectives to Convergence?

Convergence is obviously inspired by Perspectives, but slightly more generalized (not tied to network perspective), and designed to address what I felt were shortcomings in the Perspectives protocol. The biggest differences are browser integration, notary lag, and privacy.

Perspectives doesn't work for any of the CSS/JS/Image content on a page load, only the initial GET. It will suffer from notary lag since it requires notaries to regularly poll target sites. And you'll leak your entire browsing history to notaries.

Choice of name?
Alioth

Completely unrelated to your work, but the name "Moxie Marlinspike" sounds wonderful. It's obvious why you chose "Marlinspike", after all as a sailor it's an object that you may have found useful (and it's not that uncommon to have a last name that is a tool or a trade). But the first name you chose - why did you choose it? Looking around for references to Moxie the most prominent one is for one of the earliest carbonated beverages sold in the world, which doesn't sound too probable as an origin.

Apparently the etymology of the word "moxie" is thought to originate with the soda, although there is some indication that it might have been a word from a native American language that meant "dark water." I actually know another person named Moxie in the Bay Area, and someone got us a six pack of Moxie Cola to split once. I couldn't even finish one!

I'd estimate that in roughly 1/3rd of the cases where I introduce myself to someone, they ask whether Moxie is my "real name." There are a few interesting things about this to me. First, apparently we're all so used to a limited pantheon of possible names that anything outside of it must be "not real." And second, that when people say "real," it seems that what they actually mean is "legal."

What's interesting to me about the corpus of "real sounding" names is that they're mostly drawn from the bible. The name my parents put on my birth certificate is "Matthew." For as long as I can remember, however, people have called me Moxie Marlinspike. There's obviously a story there, but it's actually not that interesting. In the end, it's just what stuck. I don't switch back to Matthew, however, because it's a biblical name. I'm not that inspired by the stories from the bible, so it feels counter-intuitive for me to literally identify with them. So while many people find my name "strange," what's more bemusing to me is that many of those same people *also* don't find the stories of the bible to be the major inspiration of their lives, and yet continue to be walking endorsements for them with every handshake.

The notion of "realness as legality" is interesting to me because it seems like it should be possible for reality to extend beyond whatever is defined by law, yet this seems to be the litmus in most people's minds. If I have a name which literally everyone in my life since childhood has known me by, it seems to me that this should be the definition of "reality," not whether the government (who, by contrast, has a pretty cold and distant relationship with me as far as acquaintances go) agrees.

cancel ×

76 comments

Sorry! There are no comments related to the filter you selected.

Dat name (-1, Troll)

dexomn (147950) | more than 2 years ago | (#38424456)

Because your online persona is always more important than real life security!

Damn Hippie Parents (0)

Anonymous Coward | more than 2 years ago | (#38424874)

I just want to know if he has a cousin named "Dr Pepper Whaletooth"

Re:Damn Hippie Parents (-1)

Ethanol-fueled (1125189) | more than 2 years ago | (#38425000)

He does have a girlfriend named Fanta Tunacunt.

Dear Moxie (-1)

Anonymous Coward | more than 2 years ago | (#38424512)

What are your feelings about ghetto niggers and their anti-achievement culture? What do you think of the harassment and intimidation and physical assaults (due to "acting white") they conduct against any black kid who wants to study and better himself and get ahead? They aren't niggers because they have dark skin color. They are niggers because they keep THEMSELVES down.

Re:Dear Moxie (-1)

Anonymous Coward | more than 2 years ago | (#38424810)

Well, putting aside all the racism in your rant, I can say for certain that black people don't make good sailors because they're afraid of water. And snakes, too.

-- Moxie

Re:Dear Moxie (-1)

Anonymous Coward | more than 2 years ago | (#38425090)

...afraid of water. And snakes, too.

Look, just get the MOTHERFUCKING SNAKES OFF THE MOTHERFUCKING PLANE and everything will be LIKE FONZIE! Also, who's fucking bright idea was it to GENETICALLY ENHANCE SHARKS BRAINS TO MAKE THE MOTHERFUCKERS SMART!? It had to be some cracker white-ass because no goddamn negro would be that stupid.

LOL (0)

zoomshorts (137587) | more than 2 years ago | (#38424536)

Who cares??? I mean WHO cares!!!!

Re:LOL (1)

Kenja (541830) | more than 2 years ago | (#38424780)

Who cares??? I mean WHO cares!!!!

Do they? While they can still rock a venue, they've not trashed a hotel room in a while now and I've never really thought of them in terms of computer security.

Re:LOL (1)

johanatan (1159309) | more than 2 years ago | (#38425422)

I think he was referring to World Health Organization.

Given The NSA : +5, Seditious (-1)

Anonymous Coward | more than 2 years ago | (#38424592)

Should we encrypt EVERYTHING in the former and now authoritarian U.S.A.??

Yours In Ashgebat,
K. Trout

Re:Given The NSA : +5, Seditious (1)

Larryish (1215510) | more than 2 years ago | (#38428928)

The short answer is YES.

The long answer is YES.

My question (-1)

Anonymous Coward | more than 2 years ago | (#38424680)

Why the fuck didn't Slashdot ask Moxie ~my~ question?
http://interviews.slashdot.org/comments.pl?sid=2541204&cid=38151524 [slashdot.org]

Re:My question (0)

Anonymous Coward | more than 2 years ago | (#38425842)

This is why I browse at -1...

Cue the whining non-graduates... (4, Insightful)

0xdeadbeef (28836) | more than 2 years ago | (#38424688)

Please, don't spend your late teens or early twenties in front of your computer at a startup.

Or you could, you know, go to college. You really can't beat all the drinking and sex and learning among the highest concentration of smart people you will ever know.*

*Some restrictions apply. Offer not valid at BYU, Liberty University, and Bob Jones University.

Re:Cue the whining non-graduates... (2, Funny)

Trepidity (597) | more than 2 years ago | (#38424820)

You really can't beat all the drinking and sex and learning among the highest concentration of smart people you will ever know.*

*Some restrictions apply. Offer not valid at BYU, Liberty University, and Bob Jones University.

Offer also subject to restrictions when redeemed at engineering schools...

Re:Cue the whining non-graduates... (0)

Anonymous Coward | more than 2 years ago | (#38433480)

true dat...

Re:Cue the whining non-graduates... (0)

Anonymous Coward | more than 2 years ago | (#38477502)

*Some restrictions apply. Offer not valid at BYU, Liberty University, and Bob Jones University.

Spoken like someone who's never been to BYU.

Boring as Fuck! (0)

Anonymous Coward | more than 2 years ago | (#38424770)

Matthew Marlinspike... Mark this a TLDR for yourselves... I wish I had...

Biblical names (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38424832)

Probably existed before the Bible. They show up there because they were in use.

Re:Biblical names (1)

unimacs (597299) | more than 2 years ago | (#38427664)

That's true. However, some Christian parents deliberately limit their name selection to not only biblical names, but names of recognized saints. Catholics are supposed to choose a patron saint for their child and name them accordingly.

And even though Moxie's parents may not have intentionally restricted themselves to saints, the pool of common names they were likely to choose from has certainly been made smaller due to our ancestors adherence to this policy.

My wife, who converted to Catholicism after our kids were born (and long after I last considered myself one), regrets the fact that we didn't name our kids after saints. The practice survives to this day.

Re:Biblical names (0)

Anonymous Coward | more than 2 years ago | (#38428572)

My mom's Catholic, and I was raised Catholic, yet I have my protestant father's name, and there isn't a saint to be seen. At Confirmation, everyone picked a saint name, and it wasn't really a big deal what your name was.

Re:Biblical names (0)

Anonymous Coward | more than 2 years ago | (#38433588)

Probably existed before the Bible. They show up there because they were in use.

We call them "Biblical" names out of tradition. Many of them have nothing directly to do with the Bible or Christianity or even Judaism.
For example the name Anthony is Roman, not Hebrew, as are Caesar and Julie.

I will point out to Moxie, should he happen to read this, that when people say "Your real name" what is meant is what name was given to you at birth. The name people use for you in everyday practice is your "nickname". Neither is necessarily your legal name, and you can in fact have more than one legal name.

Money? (1)

Anonymous Coward | more than 2 years ago | (#38424836)

"If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work"

All that sounds nice but requires quite a bit amount of money! That kind of travels you can only do in your forties.

Re:Money? (2)

Trepidity (597) | more than 2 years ago | (#38425146)

It actually probably requires less money in your twenties. In your forties, the average person wants money for their mortgage, cars, kids, whatever, and probably needs $50k/yr minimum, maybe $80k+ depending on your lifestyle and location. But a frugal group of twenty-somethings should be able to live on $10k/yr each, maybe less if they share accommodations, don't blow it on eating out, and live somewhere cheap (Moxie himself lived in a shared house in Pittsburgh, iirc). You can make that kind of money with some part-time jobs, freelancing, tutoring, whatever.

Re:Money? (1)

Ash Vince (602485) | more than 2 years ago | (#38428262)

"If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work"

All that sounds nice but requires quite a bit amount of money! That kind of travels you can only do in your forties.

Rubbish. When you are young you can live much more freely on very little money as you are unlikely to have the dependants (children, wife) that you have in your forties. Also, most people in our generations will be working their asses off throughout their forties desperately trying to make sure they are not going to starve in old age. The idea that you can accumulate enough money in your thirties to take any long periods of absence from work in your forties is gone in the current climate. Take too long off at that age and you can forget coming back to a tech career, there is just too much ageism in our workplace.

In your twenties however you can do things like hitch across foreign countries doing bar work to earn money. Or you can teach english as a foreign language and get some decent life experience. You twenties are a time to go and do a job that will not make you rich, but will be great fun and make you a more rounded individual. You might not end up as fabulously rich as Bill Gates, or the Google Twins or whoever, but you were hardly likely to become them anyway as they are the outliers of society, not the norm. Instead, just concentrate on enjoying yourself.

Personally I worked as a balloon modeller and stilt walker for several years after I left uni entertaining kids. I never made any real money but I had more fun than most and you are always able to just start on your chosen career a little later. Most older geeks find young arrogant Bill Gates wannabes annoying as hell anyway so getting a few more years of live experience under your belt before starting work might actually help your career in the long run as you will be a more rounded person.

Re:Money? (1)

kvvbassboy (2010962) | more than 2 years ago | (#38429788)

Yea, but you forget the huge loans that many of us accumulate after getting our degrees in engineering. It's just not easy t forget about it all and go hitchhiking across Europe. That said, once I do finish my loans I am going to do exactly that with a couple of friends.

Re:Money? (1)

Ash Vince (602485) | more than 2 years ago | (#38433548)

Yea, but you forget the huge loans that many of us accumulate after getting our degrees in engineering. It's just not easy t forget about it all and go hitchhiking across Europe. That said, once I do finish my loans I am going to do exactly that with a couple of friends.

I let my loans sit there accumulating vast amounts of interest, maybe not the wisest of moves but I certainly don't regret it. I will still be paying them off in my mid forties though.

The things is that if you put off going travelling until you have paid your loans you may well find that a wife and kids arrive on the scene before then as most womens biological bay clock starts to kick into high gear towards their mid twenties.

I don't understand. (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38424882)

What's interesting to me about the corpus of "real sounding" names is that they're mostly drawn from the bible. The name my parents put on my birth certificate is "Matthew." For as long as I can remember, however, people have called me Moxie Marlinspike. There's obviously a story there, but it's actually not that interesting. In the end, it's just what stuck. I don't switch back to Matthew, however, because it's a biblical name. I'm not that inspired by the stories from the bible, so it feels counter-intuitive for me to literally identify with them. So while many people find my name "strange," what's more bemusing to me is that many of those same people *also* don't find the stories of the bible to be the major inspiration of their lives, and yet continue to be walking endorsements for them with every handshake.

Really? Maybe they're just names. I find anti-religious zealots as distasteful as the religious ones, and if the Bible is the sole reason you have stayed away from the name "Matthew", I've got to say that's pretty stupid, through and through. Unless of course you're careful to also not to ever employ any expressions that originate from the Bible [phrases.org.uk] .

Re:I don't understand. (0)

Anonymous Coward | more than 2 years ago | (#38425168)

Right. And it's pretty obvious the real reason for his name is the same as for his pseudo-dreads: he craves attention. There's nothing wrong this that though; the problem is with the idiots who satisfy his craving.

Re:I don't understand. (4, Funny)

vlm (69642) | more than 2 years ago | (#38425264)

Really? Maybe they're just names.

LOL If he doesn't feel like being a human billboard for something he's not a fan of, what is the threat to you personally?

Are you also personally offended that I don't go by my given name, emacs?

Re:I don't understand. (0)

Anonymous Coward | more than 2 years ago | (#38426048)

So having a given name from a common source means that one is a human billboard? I'm a walking endorsement because I like the name my parents gave me, even though I don't subscribe to that faith? I would not have thought much of it had he introduced himself to me as "Moxie." I'd be curious, but I'd wait quite a while before asking if there was a story behind it. Conversely, he went out of his way to single out one particular faith and how he feels about people with names from it. He comes across as trying to pick a fight at the onset of meeting someone. If you think that I'm offended by how you preferred to be identified, then you haven't been paying attention.

Re:I don't understand. (1)

Anonymous Coward | more than 2 years ago | (#38425350)

Yeah, and what's really stupid is when he claims that people that go by their "biblical names" are endorsing the Bible and, by extension, it's religious precepts, but is apparently not concerned that people conversely might regard his name as an endorsement of drinking cans of diabetes-inducing, teeth-rotting, carbonated sugar water.

  And for my money, his name isn't half as cool as Tollef Fog Heen's.

Re:I don't understand. (0)

Anonymous Coward | more than 2 years ago | (#38425540)

This didn't sound like zealotry to me, just carefully considered choices for his own life.

Re:I don't understand. (0)

Anonymous Coward | more than 2 years ago | (#38425656)

As a lazy agnostic who pointedly doesn't believe in the Christian Skydaddy, I use the phrase, "God damn it" all the time.

Doesn't bother me one bit. You know why?

Because it's a common expression and nothing more. It isn't my name; it isn't part of my identity; it isn't how people identify me.

Trying to compare the two is asinine.

Re:I don't understand. (0)

Anonymous Coward | more than 2 years ago | (#38426132)

That's not what I took from that. All I got was, "this is what everyone has called me for as long as I can remember and I prefer it". As a bonus, he gets to (mostly) abandon the name nobody uses for him (and he doesn't particularly like for the reasons listed).

Why is this a problem? He's not burning down churches or anything... it's his name. Wanting to use a different name doesn't strike me as distasteful... people do it all the time.

Best Advice Yet (5, Insightful)

HangingChad (677530) | more than 2 years ago | (#38424896)

If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work -- however that looks for you. Get an instrument, learn three chords, and go on tour; find a derelict boat and cross an ocean; hitchhike to Alaska; build a fleet of dirigibles; construct a UAV that will engage with the emerging local police UAVs; whatever -- but make it count.

That's the best advice to young people I've ever heard that didn't come from Hugh Hefner.

Re:Best Advice Yet (1)

Pope (17780) | more than 2 years ago | (#38425004)

You forgot the previous sentence, which is all the more important.

Re:Best Advice Yet (1)

chrismcb (983081) | more than 2 years ago | (#38429710)

I agree with the comment that as a young person, you should go out and explore. It is easier while you are young, with no dependents. You can sleep on friends couches. It is easier to live on little money as you have no bills.

But you suggest to build a fleet or dirigibles, or construct a UAV, but DON'T build a company?

I think you should go out and do something, and that something could be join a startup. But go do something before you become a cog in corporate America

Re:Best Advice Yet (1)

TheLink (130905) | more than 2 years ago | (#38425058)

I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work

So my question to Moxie is "How do/did you get food and shelter when you don't/didn't have money?".

Re:Best Advice Yet (1)

StikyPad (445176) | more than 2 years ago | (#38425198)

What? Your parents didn't give you a yacht to pursue your endearing eccentricity? Surely you jest!

Re:Best Advice Yet (2)

Trepidity (597) | more than 2 years ago | (#38425618)

I believe he bought the yacht with money made from working on boats, and then used it himself to make money, doing deliveries.

Re:Best Advice Yet (1)

Plunky (929104) | more than 2 years ago | (#38426248)

You don't use your own yacht, when doing deliveries.. you sail the other persons boat from A to B and they pay you for doing that. Then you go back to your own boat in C and cruise for a while, spending the money.. (depending on the locations of A, B and C, the bit of time you can spend doing that can vary a lot :)

Re:Best Advice Yet (0)

Anonymous Coward | more than 2 years ago | (#38429160)

You really need to download and watch Hold Fast at http://www.blueanarchy.org/holdfast/. Moxie and the rest of the anarchist yacht club pooled their funds to buy an abandoned yacht for around $1,000, refurbished it to seaworthy condition, then sailed it around the Caribbean for several years. This is something quite a few people are doing these days, like the Free Yacht Project (http://www.instructables.com/id/How-to-Get-a-Free-Yacht/).

Re:Best Advice Yet (1)

vlm (69642) | more than 2 years ago | (#38425288)

So my question to Moxie is "How do/did you get food and shelter when you don't/didn't have money?".

Poverty provides an education of its own? I was pretty poor in my starving school years, certainly made be a tougher person. Debatable if it made me any better or worse, but tougher, yeah.

Re:Best Advice Yet (5, Insightful)

Jeremi (14640) | more than 2 years ago | (#38425440)

Poverty provides an education of its own? I was pretty poor in my starving school years, certainly made be a tougher person. Debatable if it made me any better or worse, but tougher, yeah.

Yes, poverty educates you as to the value of having an income and being able to eat and sleep indoors, as opposed to spending a year following your bliss (which is a luxury reserved for those who have some other means of support they can fall back on when they aren't earning an income).

Re:Best Advice Yet (1)

TheLink (130905) | more than 2 years ago | (#38425462)

Poverty provides an education of its own?

OK, so what did you do to get food and shelter?

I'm curious about what Moxie did too - since he said:

I've also spent a considerable amount of time being broke and living without money.

After all, why waste time making the same mistakes if you can learn from others? Then you can spend more time making new different mistakes :).

I know some places give out free food etc, but just curious on what he (and you) actually did.

Re:Best Advice Yet (0)

Anonymous Coward | more than 2 years ago | (#38425708)

http://crimethinc.com/books/evasion.html

"A 288 page novel-like narrative, Evasion is one person's travelogue of thievery and trespassing across the country, evading not only arrest, but also the 40-hour workweek and hopeless boredom of modern life. The journey documents a literal and metaphorical reclamation of an individual's life and the spaces surrounding them—scamming, squatting, dumpstering, train hopping and shoplifting a life worth living and a world worth the fighting for."

This describes quite well how one can function without income.

Re:Best Advice Yet (2)

TheLink (130905) | more than 2 years ago | (#38426010)

Well I'd prefer to avoid crime. I know some people who had to literally eat garbage (rotting food) because they were so hungry, and they never ever want to have to do that again (AFAIK they didn't steal or commit crimes).

I don't want to have to do that even once.

Re:Best Advice Yet (1)

Anonymous Coward | more than 2 years ago | (#38426390)

turn up when the market is closed, but before they clean up : free fruit and veg.

do some kind of street performance even if you suck: free money.

beg: free money. probably a better hourly wage than most unskilled jobs.

honestly i find it a bit weird that people here really have no idea about street punk culture.

*factoid, some street punks have expensive drug habits to pay for, others don't

Re:Best Advice Yet (2)

TheLink (130905) | more than 2 years ago | (#38426770)

honestly i find it a bit weird that people here really have no idea about street punk culture.

1) Living "on the street" is not the same around the world.
2) Just because I'm curious about how Moxie did it specifically, doesn't mean I have no idea about the "general solutions".

There might be interesting specific cases. e.g. Steve Jobs when he was poorer got a weekly free meal courtesy of the Hare Krishna. Maybe Moxie might know of even better options?

Re:Best Advice Yet (1)

SecurityTheatre (2427858) | more than 2 years ago | (#38428902)

If you read his website, there are plenty of stories about sleeping on the roof of a Blockbuster and eating stale bread from Subway dumpsters.

Answer it well enough?

Heh,.

Re:Best Advice Yet (1)

TheLink (130905) | more than 2 years ago | (#38431886)

It may not be stale if you time it right ;), and apparently some restaurant people are kind enough to pass the left-overs to you directly (and not via the dump).

There's also begging. But I think many beggars ruin things for those who are really down on their luck. Some are scammers - saying they need big bucks for a train or to take a taxi to a plane, etc.

Anyway back when I was a student I had a young "street lady/girl" ask me for money for food, I offered to buy her a kebab sandwich (which was what I was going to buy and eat near by), and she said she didn't like kebab sandwiches and wanted fried chicken. So I bought her fried chicken instead... So the saying beggars can't be choosers isn't true :).

Re:Best Advice Yet (2, Informative)

Anonymous Coward | more than 2 years ago | (#38425474)

This shouldn't be difficult for creative people willing to experiment. Moxie's website (http://www.thoughtcrime.org/stories.html) has stories about how he did this for himself, but those answers shouldn't be the same for everyone.

Re:Best Advice Yet (0)

Anonymous Coward | more than 2 years ago | (#38425546)

He got at least some shelter by breaking into other people's homes/buildings and living there:

http://www.thoughtcrime.org/stories.html

Re:Best Advice Yet (1)

Plunky (929104) | more than 2 years ago | (#38426294)

If you think about it, living in unused properties for free is some kind of social equalizer. If you think about it a bit further, you might wonder why the landowners would ever enact laws that legitimized that, but the laws exist nontheless and homeless squatters certainly didn't enact them.

Re:Best Advice Yet (1)

chrismcb (983081) | more than 2 years ago | (#38429748)

So my question to Moxie is "How do/did you get food and shelter when you don't/didn't have money?".

That is part of the adventure. When you are young and single you can live fairly cheaply. He didn't say this was going to be easy. You may have to work odd jobs while you hitchhike to Alaska. Or perhaps you sleep in the back of the workshop while you build the dirigibles. I know it can be done, because a lot of my friends have essentially followed Moxie's advice. I tell them to do it as long as they can.

Moxie (1)

linuxwrangler (582055) | more than 2 years ago | (#38425026)

Hmmm. A friend's daughter in the Bay Area is named Moxie. Wonder if that's the one or if there's (at least) three Moxies in the region. Till now, I'd never heard of Moxie soda - the only usage of moxie I'd heard was meaning courage/determination/energy. As of 2010, Moxie was a rare but not unknown name (1 in 40,000 for girls). A Google search will turn up plenty of companies and products with moxie in the name.

Re:Moxie (0)

Anonymous Coward | more than 2 years ago | (#38425236)

When I hear his name, all I can think of is Guys and Dolls.

What's playing at the Roxy?
I'll tell you what's playing at the Roxy.
A picture about a Minnesota man falls in love with a Mississippi girl
That he sacrifices everything and moves all the way to Biloxi.
That's what's playing at the Roxy.

Re:Moxie (2)

udoschuermann (158146) | more than 2 years ago | (#38425978)

Moxie was also one of the Hobbits in National Lampoon's "Bored of the Rings", a LotR spoof, and was named after the soda, AFAIK.

Re:Moxie (1)

Whibla (210729) | more than 2 years ago | (#38427666)

My only previous experience of the word moxie was as a 'primary attribute' in the classic rpg Paranoia:

"Moxie is a measure of a character's ability to comprehend unusual phenomena, learn new modes of communication, perceive important details, and correctly choose the right course of action in unexpected situations."

Along with Chutzpah (defined as the quality of a man who kills both his parents then pleads for mercy because he is an orphan) it was one of my favourite words for quite a while.

I had always assumed that the above was its 'original' meaning, but I do have a tendancy to live in a dream world

Would citizen Whibla-R-WUK-1 please report for termination immediately, Thank You. Have a nice day!

Re:Moxie (0)

Anonymous Coward | more than 2 years ago | (#38477652)

You might try Googling this: "Yiddish Moxie". First time I heard the word it was by someone who spoke Yiddish and used to describe me. The popular term today, is "balls-y". A Yiddish synonym, is Chutzpah. Seems to fit here, too. Check out the interview with Moxie Marlinspike on Youtube. (Discloser: I'm not affiliated with him. I was doing security work for [a seafaring organization] when news of his presentation hit the wire. His work and career are admirable, just as the fact that he stands up for his principles. Another trait that demonstrates moxie.)

realness as legality (1)

tobiasly (524456) | more than 2 years ago | (#38425258)

It seems like it should be possible for reality to extend beyond whatever is defined by law, yet this seems to be the litmus in most people's minds. If I have a name which literally everyone in my life since childhood has known me by, it seems to me that this should be the definition of "reality," not whether the government (who, by contrast, has a pretty cold and distant relationship with me as far as acquaintances go) agrees.

I'm guessing you'd find out rather quickly what the distinction is if (for example) a deceased relative willed part of their estate to "Moxie Marlinspike" and the government (regardless of how cold or distant) has no record of such a name. "Oh they really meant me, everyone knows that" may not hold up in probate. Why not just have your name legally changed?

Re:realness as legality (1)

vlm (69642) | more than 2 years ago | (#38425410)

Depending on your local court, having gone thru something tangentially related, the government simply doesn't care, its the executor who has to care, and as long as "everyone is happy" then there is no "hold up in probate". There was a stage early in the process where I/we had to file as interested parties and that is probably the stage where you'll have to prove your identify by either submitting paperwork or getting "everyone who knows him" to testify thats who he claims to be. My aunt's birth certificate name does not match her married name, a copy of the marriage certificate took care of that little problem. Moxie and moxie's lawyer will figure it out if necessary.

Re:realness as legality (1)

SecurityTheatre (2427858) | more than 2 years ago | (#38428976)

Actually, in common law, which most states at least have some basis in, the name you use is common practice can often be used as a legal name for things like probate documents, providing you can prove that you have used it for a specific period of time in the regular course of your affairs.

Moxie Marlinspike? (0)

Anonymous Coward | more than 2 years ago | (#38425476)

Who, the fuck, is that guy?

Re:Moxie Marlinspike? (0)

Anonymous Coward | more than 2 years ago | (#38425786)

My boyfriend you insensitive clod!

bible names shenanigan (1)

nazsco (695026) | more than 2 years ago | (#38426074)

no one cares about the bible. most people don't even realize the names are from the bible... they think it's the other way around...

the common source for names is simply to avoid you having to spell it everytime.

count how many times people have to spell the first, biblical or simply common, name, against the last, more broad one.

Re:bible names shenanigan (1)

TeknoHog (164938) | more than 2 years ago | (#38426828)

I wonder how many of the "biblical names" actually have a deep biblical meaning, or if they just happened to be common names of people at that time of history.

Re:bible names shenanigan (2)

pjt33 (739471) | more than 2 years ago | (#38427768)

It wasn't uncommon in antiquity for people's names to reference the names of gods. For example, a quick Google shows that Matthew, Moxie's original given name, comes from the Hebrew for "gift from Yahweh", so it is understandable that an atheist might not want it for a name.

Re:bible names shenanigan (1)

Em Adespoton (792954) | more than 2 years ago | (#38428856)

A mix of the first and the second; most English "old testament biblical" names are really English bastardizations of Latin bastardizations of Greek/Hebrew bastardizations of the original names. That's why you've got Jesus/Jeshu/Joshua, Moses/Moshi/Mushi, Johannes/Ian/John/Yanni, etc. Lots of names have roots that pass through the Bible, but usually it's just a case of cultural influence. After all, Flyboy is much preferred to Zebub (another biblical name) these days.

And then there's the fact that Biblical New Testament names just tended to be descriptors in the first place; Peter/Petra/Cephas "The Rock" Sim(e)on, for example. In this case, Moxie is actually following in strong biblical tradition, picking a name that is more an adjective than a noun with historical lineage.

Documentary (1)

Anonymous Coward | more than 2 years ago | (#38426088)

Moxie has a great documentary film, "Hold Fast" about one of his sailing journeys. I thoroughly enjoyed it. It's worth a watch. http://vimeo.com/15351476

Re:Documentary (0)

Anonymous Coward | more than 2 years ago | (#38428232)

thanks, really a great video

FRAUD (0)

Anonymous Coward | more than 2 years ago | (#38428786)

FTA: "Every once in a while I'll need to do something creative if my setup isn't cutting it. So yeah, it's true that I edited Hold Fast on a nice machine with a 14 day return policy. =)"

Really? Doesn't that make you somewhat of a thief or a fraud? Buying something with the intent on using it for a short while before returning it? And no less from a guy who can afford a computer. Do you get food stamps and social security too?

re:Choice of name? (0)

Anonymous Coward | more than 2 years ago | (#38429484)

I know the other Moxie that you know in the Bay Area. Small world. Awesome name IMO.

Plausible names (1)

Arancaytar (966377) | more than 2 years ago | (#38435758)

First, apparently we're all so used to a limited pantheon of possible names that anything outside of it must be "not real."

The alliteration and general euphoniousness of the name does more to make it sound implausible as a birth name as opposed to a chosen name, than "Moxie" not being contained in a predefined list of "biblical names".

overheated laptop (1)

dfries (466073) | more than 2 years ago | (#38467554)

My laptop had been having an overheating problem that wasn't obvious was a heat problem for months. I just started noticing that doing something intensive, yes like compiling the kernel, would cause the CPU MHz listed in /proc/cpuinfo to drop down, sensors listed the temperature going up, but it wasn't obvious what the range or limit was. In the end I went to replace the thermal paste on the CPU, but only got as far as removing the fan and seeing a huge buildup mat of dust and fiber blocking the heat-pipe fins. I removed that and the issue went away. There just isn't any way to see the area what was blocked until the fan was removed, and the rest of the system looked dust free, at least nothing to make me think there was a problem. If you're still reading this Moxie Marlinspike, you might want to check to see if your solution is as easy as mine.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?