Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

tylerni7 Re:Wait, wait... (132 comments)

If other people are attacking you, should you lay down all your weapons and hope they do the same?

Are people attacking Exodus via TOR? If not, then what ethical justification does it have for involving itself as the NSA's mercenary?

I'm all for self-defense; it's aiding aggression that I find unethical.

I don't think it matters whether we take Exodus or the US Government. I'm not really sure why being a mercenary is so bad? What is the difference if the US Government pays Exodus or hires the people working for Exodus to write exploits directly?
And yes, people are using Tor to fight against the US; certainly hackers and terrorists use Tor. (I don't believe more than a small fraction of Tor users are malicious, but malicious users undoubtedly exist.

Clearly, I'm failing to understand -- what is there about your hypothetical situation that precludes responsible disclosure?

Also, responsible disclosure is sort of tautologically ethical because it does consider context (that's what the "responsible" part means). If you're not sure what kind of disclosure is responsible, then the only ethical option would be to forgo the hacking.

If you have responsibly disclosed every exploit you know about, you are not going to be able to hack into the computer which triggers the bomb. I'm not sure why this isn't obvious. Unless somehow your "responsible disclosure" allows for holding on to exploits until you need them for dire situations, you have no way to stop such a computerized device.

Let's be more concrete here: someone has hooked up a Raspberry Pi to detonate a bomb, which is triggered, say, over Tor. Whoever made this wasn't stupid: it has a heartbeat which will detonate the bomb if it fails, so you can't just jam it or cut off internet access. It has normal motion sensors, etc. You have 1 hour to disable it.
I propose that given the possibility of such a scenario (or scenarios like this; obviously this is an extreme and contrived example to try to prove a point), it is ethical to withhold disclosure of vulnerabilities. In your proposed scenario, the government has "emptied its cyber arsenal". It has nothing it can do to prevent such an attack. I believe it is superior to have the capability to prevent such an attack.

Being forced to choose the lesser of two evils doesn't mean you should become the active accomplice of that evil.

Besides, on a more practical note, you're also failing to consider the rest of the collateral damage. By supporting Exodus's position, you're saying that hypothetically saving the lives of the Iranian scientists is worth hypothetically risking the lives of TOR users worldwide.

Except it isn't that simple.. one side has to win. If the US Government doesn't have people writing exploits, they are losing tools that help them to fight $ENEMY.

It's like saying we shouldn't have fought in Wold War II against Hitler, because war is bad. The Allied forces were the "lesser of two evils"--evil, of course, because war is unethical just like hacking is. Why choose to actively help the lesser of two evils? We should have remained neutral.
We can ignore any historical facts for the sake of hypothetical arguments and say Hitler would have succeeded with 100% certainty without US support. In this sort of scenario are you trying to say that the ethical thing to do is nothing? It really sounds like we have some huge differences of opinion in all of this, so this probably isn't going anywhere.

about 2 months ago
top

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

tylerni7 Re:Wait, wait... (132 comments)

Ugh, maybe on this computer my replies will show up with my user account (I don't mind a bit of bad karma every now and then, and I think it is hard to have an actual discussion with an AC post). Anyway..

Didn't your parents ever ask you rhetorical questions like "if your friends all jumped off a bridge, does that mean you should do it too?" or tell you "the ends do not justify the means" when you were a kid?

I think this is more akin to "an eye for an eye makes the whole world blind". But obviously, just because something is a catchy statement, that doesn't mean it's good advice.
If other people are attacking you, should you lay down all your weapons and hope they do the same? Maybe, but it's not a cut and dry situation like you make it out to be. I agree that in an ideal world, no one would exploit anyone, and all of our software would be bug free. But it seems naive to base our actions off of that world view when it is not the case. Is fighting and war bad? Yes. But I don't think a Ghandi approach will work in all situations, and sometimes fighting back is necessary. (That doesn't mean all cases, of course.)

Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant.

I think this is an incredibly bold statement. I think it's a bit hard to judge the ethics of exploiting a computer "in a vacuum", the context certainly matters. Let's take a hypothetical situation: if a computer was used as the trigger for a bomb which was going to go off and kill 100 people, would it not be ethical to hack in to the computer and disable it? [we can assume it also has all the fancy triggering mechanisms in place.. capacitive sensing in case someone gets too close, tilt/shock sensors in case something tries to move it, etc]
I find that belief absurd. And while I'm sure that wasn't the situation you envisioned when you made that claim, I think it's important to note there are cetainly extreme cases where hacking into a computer is clearly ethical.
If we're able to agree that
sometimes computer hacking is ethical, then it just becomes a question of where the line is drawn. How much personal information needs to be on the computer about to detonate a bomb before you decide it isn't The Right Thing To Do to hack in? I am sure there are cases where the government is happy to hack into something that I think is ethically dubious, but again, I think it is absurd to say it is never ethical.

The other thing is you have to consider that "cyber weapons" mean governments can gain intelligence or affect systems without hurting people. Stuxnet is an interesting example. How many lives would have been lost if instead someone bombed the Iranian nuclear facility, or killed off Iranian scientists (yes, I know this still happens anyway, sadly)? Stuxnet was a virus that infected the public's computers as well.
Based on our discussion so far I would expect you to say something like "well sure, maybe it's better than bombing, but having neither would be even better". That's a totally understandable stance, but again, that isn't the world we live in. I think it's a step in the right direction to at least try to minimize deaths.


Anyway, it doesn't sound like we're going to come to an agreement on anything, and that's fine. I definitely understand how hacking can be a moral grey area, and not everyone has to agree. However, I just hope people will accept that it is at least a moral grey area, rather than a moral black area.

about a month ago
top

Researchers Find Crippling Flaws In Global GPS

tylerni7 Re:Demoed at TEDxAustin (179 comments)

The TEDxAustin talk you mentioned is focused on GPS spoofing to make a receiver think that it is somewhere else. Spoofing in that sense has been around for a long time, and while it is very cool and everything, it isn't what is novel about this paper/attack.
This paper goes from just making a GPS receiver think it is located somewhere else to actually exploiting software vulnerabilities in GPS receivers to cause them to crash and things like that. The attacks are related, but the position based spoofing is just a subset of this work.

about 2 years ago
top

Researchers Find Crippling Flaws In Global GPS

tylerni7 Re:Well, duh. (179 comments)

I don't think you looked at the paper really. GPS spoofing and jamming are nothing new (as is mentioned in the paper). The new aspect is that there are software attacks that can be done on the receivers. For example, one of the divide by zero errors will cause a denial of service attack on some receivers. This is vastly different from jamming, because the DoS continues even after the transmitter is shut off. Jamming would obviously stop as soon as the transmitter is turned off. That is the new, exciting, and dangerous part of all this.

about 2 years ago
top

'Antimagnet' Cloak Hides Objects From Magnetic Fields

tylerni7 Re:Airport security? (87 comments)

No look, this is perfect. We convince DHS that the terrorists are trying to develop room temperature superconductors to subvert metal detectors and security checkpoints.

Then, clearly the solution is for DHS to start giving obscene amounts of money to physicists in the USA to develop the technology first! It's pretty much a win-win-win situation.

more than 2 years ago
top

Scientists Create World's Tiniest "Ear"

tylerni7 Noise (64 comments)

How do you deal with noise for something this sensitive? If you're trying to measure the sound of a bacterium, and someone coughs, or walks by the room, or a truck drives by, how do you cancel that out?

I guess I just don't see how their SNR can be high enough with something that sensitive.

more than 2 years ago
top

Vanity Fair On the TSA and Security Theater

tylerni7 Re:Get a clue Big Sis (256 comments)

Although 12 million is certainly a large number, the US has many more travelers than that. In 2009, Atlanta's airport had something like 90M travelers use the airport. That means that one airport has more traffic than all of the airports combined in Israel.

I agree that their airport security model is superior, and maybe it can scale to large airports in the USA, but if we have dozens of airports with more traffic than their busiest airport, scaling is very far from a simple task.

Source

more than 2 years ago
top

Qualcomm's Butterfly Wing Display Gets Nearer

tylerni7 Re:E-ink like power consumption? (168 comments)

Awesome, thanks! I just looked a bit on their website and didn't see that page where they say it's bistable. That definitely makes it harder for e-ink to compare with this.

more than 2 years ago
top

Qualcomm's Butterfly Wing Display Gets Nearer

tylerni7 E-ink like power consumption? (168 comments)

What does the article mean by e-ink like power consumption? I can't tell if this technology requires power to remain in a given state, or whether it can be static like e-ink. Although the low power consumption of e-ink displays is largely due to their lack of a backlight, being able to display static content with 0 power consumption is really one of the coolest parts about e-ink tech.

I read the article but it didn't seem to answer this, do any readers know? If it could display static content for free then that would be incredibly awesome.

more than 2 years ago
top

Making Sensitive Data Location Aware

tylerni7 Previous work (69 comments)

I don't see too many details in this article, but there was something that sounds awful similar from Carnegie Mellon University a little while back called MULE (Mobile User Location-specific Encryption). http://sparrow.ece.cmu.edu/group/pub/studer_wisec10.pdf [pdf warning]

more than 2 years ago
top

California County Bans SmartMeter Installations

tylerni7 Re:This has no impact (494 comments)

ZigBee generally operates at 250mW/24dBm max power. Obviously some devices can be made to broadcast higher energy levels, but a quarter watt tends to be used.

I suppose a citation would be nice, but if you google it, you will find most chipsets have that as their maximum power rating. (And as the signal only needs to reach the home, there is no reason for a stronger signal to be used.)

more than 3 years ago
top

X Particle Might Explain Dark Matter & Antimatter

tylerni7 Re:Kindof Summary (285 comments)

One step at a time. If it exists, then we can try to understand it more deeply.

more than 3 years ago
top

Space-Time Cloak Could Hide Actual Events

tylerni7 Red-shift (129 comments)

Correct me if I'm wrong, but this sort of invisibility cloak would not be perfect as described.

As light is initially slowed down to make "room" for the invisible event to take place, there is going to be a red-shift in the light because the waves must start arriving more slowly. While this change can be made subtle, that means that an "attacker" needs to either spend a long time slowing down the light, or the "attacker" would only create a small gap in time in which to work.

Still very cool though!

more than 3 years ago
top

Obama May Toughen Internet Privacy Rules

tylerni7 The bigger picture (222 comments)

I'm all for more privacy, but all this means is the NSA and those other three letter agencies have decided it's easier to snoop on us without asking Facebook and others simply hand over the data they need.

Great. Now where did I put that tinfoil hat...

more than 3 years ago
top

Military Uses 'Bat-Hook' To Tap Power From Lines

tylerni7 Re:Yeah right. (282 comments)

So basically what you're saying is that exercising sound ethical judgement is a bad thing

I think it's pretty clear that is not what I am saying.

you consider it respectable for a person to sign up to take part in an oppressive foreign occupation because their motive may be to "protect us?"

Yes. If their motivation for signing up is to "protect us", then I have a great deal of respect for them. My respect for people willing to give their lives to serve others is not dependent on whether or not the services they provide do us good.

Consider the following scenario. Alice is crossing the street right as an oncoming bus approaches. Bob sees this, jumps in the middle of the road, and pushes Alice out of the way.
Whether or not the bus stops (meaning whether or not Alice was in any real danger). If Bob's intention was to give up his life to save Alice's, then I would have respect for him.

In real life, it's actions that matter, not words.

more than 3 years ago
top

Military Uses 'Bat-Hook' To Tap Power From Lines

tylerni7 Re:Yeah right. (282 comments)

The troops can choose to participate as the "sword" of you will, hoping that they can have a positive effect on their country. While someone who signs up for the military now is most likely going to fight in Iraq or Afghanistan, it doesn't change the fact that our armed forces are there to protect us, even if that isn't what our leaders task them to do.

I have a lot of respect for anyone willing to risk their life to try to make our country safer, and whether or not they actually make us safer is irrelevant, so long as their intention is to protect us.

more than 3 years ago
top

Google Patches 10 Chrome Bugs, Pays Out $10K

tylerni7 Re:Money talks. (95 comments)

One could fairly easily sell these sorts of bugs for much more than a "modest sum." I believe the common counter argument is that those finding these bugs should be given something closer to the "market price" (for bugs in something as wide-spread as IE, this can be on the order of hundreds of thousands of dollars).

I don't really agree with this argument, just thought I'd fill you in on why some people would be complaining. The fact that these bugs were found and patched means that it can't be a horrible arrangement though.

more than 4 years ago
top

Nokia and RIM Respond To Apple's Antenna Claims

tylerni7 Re:Nokia and RIM Respond To Apple's Antenna Claims (514 comments)

(Note: IANARFE)
There is a difference between prioritizing antenna performance over physical design, and maximizing antenna performance. Maximizing antenna performance isn't really necessary if the signal is "good enough", meaning you wouldn't drop calls when you hold the phone, for example. Prioritizing would mean "this adjustment would look nicer, but we would start to drop calls if we did it", and they are suggesting those adjustments would not be made.

Also, I believe the older rod antennas would be for the 900MHz spectrum, rather than the more modern 2.4GHz spectrum. You can fit an entire quarter-wave antenna inside of the case of a cell phone easily now (although of course having an antenna that extends above the head to get a clearer signal would still be beneficial)

more than 4 years ago
top

Linux 2.6.34 Released

tylerni7 Re:I, for one... (268 comments)

Finally! Then this will certainly be the Year of the Linux Desktop!

more than 4 years ago

Submissions

tylerni7 hasn't submitted any stories.

Journals

tylerni7 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>