IWETHEY v. 0.3.0 | TODO
1,095 registered users | 3 active users | 2 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Was it accident or malice?
If this was an accident, then "Can we build a secure internet?" is the right question.

If, as several people have speculated, this was in fact an intentional back door, then the right question is, "*Will* we create a secure internet?"
--

Drew
New Most of the informed speculation I've seen seems to lean toward "accident".
Then again, you could of course question how much of an accident such an accident is: It's always a product of the circumstances and environment it happens in and the forces which shape that environment.

Like "greed for speed" (which expands into greed --> competitive pressure to sell --> speed as sales argument); engineering machismo; corporate structures which reward "performance" (of staff) over honesty, leading to rush jobs and possibly cover-ups (first internal, then external), etc etc.

We've pretty much designed our economies and societies -- or at least allowed them to evolve -- that way, so we've only got ourselves to blame. In the sense of "Nope, this wasn't really an accident; it was 'an accident' waiting to happen, and you knew (or should have known) it."

(Like so much else, from climate change and oceans of plastic, via black lives not mattering to the police and lead in the water, to Trump and Roy Moore. None of them really "accidents", are they?)
--
Christian R. Conrad
Same old username (as above), but now on iki.fi

(Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
New Oh, who wants "informed" speculation ... I'll take the good old "wild" myself
--

Drew
New This.
What are the incentives? Cui bono?

If security is valued less than speed/efficiency/cost then things will be less secure.

It's good that the more serious one is more difficult to exploit. And it's good that things like this (might?) make designers take security more seriously. But it's hard to believe that the three-letter agencies won't continue to demand/find flaws in our electronics and communications systems. It is their job, after all...

Just my $0.02. I have no special knowledge.

Cheers,
Scott.
New No, that's not their job
Their job is to make "our" stuff more secure while finding ways to exploit "their" stuff. Look at what they're trying to exploit to determine who they view as "us" and "them".
--

Drew
New But "our" stuff _i_s_ "their" stuff nowadays.
Did that Elbrus processor thingy ever take off? Don't think so, haven't heard of it for... A decade or so? (Except the name popped up somewhere the other day, probably in a rhetorical question like this, otherwise I wouldn't even have remembered it to mention here.)

So, assuming every PC in Russia isn't running on an Elbrus or something, they use the same Intel (and some AMD) and variosly-branded ARMs as everyone else. If anyone doesn't, it might be the Chinese, but I'm guessing the situation is pretty much the same there, too. More domestic ARM cloners than in Russia, probably.

So finding or inserting backdoors in "our" stuff is inserting backdoors in "their" stuff.
--
Christian R. Conrad
Same old username (as above), but now on iki.fi

(Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
New Perspicuous fork, there
Just maybe.. also too, others who suspect the typical devious-$or Power-oriented options will persevere in er, Niti Niti [not This.. not-That..] Should no Mc Guffins be spotted
by all who serve that pursuit, mayhap we can rest on laurels/thus on piecemeal polishing of existing implementations as now.

Still, given the likely irreversible trend --> Weaponizing abso-fucking-lutely every object in sight, does it not seem foolish to put off truly sufficient funding of
Intarweb-the-Second, post-haste? Just in Case some Clever-Lad arabesque over-night, should render the current house-of-cards instantly useless. 😈



Were I elected Dictator-post-Drumpf ...
     Intel keeps on giving - (scoenye) - (23)
         17-33% hit to processing speed? This is going to hurt me -NT - (boxley) - (2)
             Same. - (malraux) - (1)
                 we have both kinds of VMs oversubscribed and thin provisioned -NT - (boxley)
         "Speculative Executionâ„¢" ... whazzup? with a self-parody like That. Love. It. Roll dice, croupier! - (Ashton)
         Not just Intel: everyone gets to play with Spectre! -NT - (pwhysall)
         has anyone looked at the source code of the linux patches to see what they are doing yet? - (boxley) - (5)
             I wouldn't know what I was looking at - (drook) - (3)
                 I understand the summaries and I used to build drivers (a long time ago) - (boxley) - (2)
                     some code snippets on explaining the issue issue from google - (boxley) - (1)
                         A site with lots of information about the two flaws, links to vendor info, etc. - (Another Scott)
             Patch source - (scoenye)
         Given the accelerating, historical skull-buggery of the species, immanent-in and causal - (Ashton) - (7)
             Was it accident or malice? - (drook) - (6)
                 Most of the informed speculation I've seen seems to lean toward "accident". - (CRConrad) - (4)
                     Oh, who wants "informed" speculation ... I'll take the good old "wild" myself -NT - (drook)
                     This. - (Another Scott) - (2)
                         No, that's not their job - (drook) - (1)
                             But "our" stuff _i_s_ "their" stuff nowadays. - (CRConrad)
                 Perspicuous fork, there - (Ashton)
         Some more benchmarks - (malraux)
         Once again, die intel die! -NT - (a6l6e6x) - (2)
             Once again.. we'unses placed Too-Many eggs in one human-flawed basket. -NT - (Ashton)
             And AMD, and Apple, and POWER... -NT - (pwhysall)

I ripped my pants!
108 ms