Was it accident or malice?

Post #422,061 by drook 1/5/18 9:17:56 AM 1/5/18 9:17:56 AM Reply	Was it accident or malice? If this was an accident, then "Can we build a secure internet?" is the right question. If, as several people have speculated, this was in fact an intentional back door, then the right question is, "Will we create a secure internet?" -- Drew
Post #422,063 by CRConrad 1/5/18 9:54:59 AM 1/5/18 9:54:59 AM Reply	Most of the informed speculation I've seen seems to lean toward "accident". Then again, you could of course question how much of an accident such an accident is: It's always a product of the circumstances and environment it happens in and the forces which shape that environment. Like "greed for speed" (which expands into greed --> competitive pressure to sell --> speed as sales argument); engineering machismo; corporate structures which reward "performance" (of staff) over honesty, leading to rush jobs and possibly cover-ups (first internal, then external), etc etc. We've pretty much designed our economies and societies -- or at least allowed them to evolve -- that way, so we've only got ourselves to blame. In the sense of "Nope, this wasn't really an accident; it was 'an accident' waiting to happen, and you knew (or should have known) it." (Like so much else, from climate change and oceans of plastic, via black lives not mattering to the police and lead in the water, to Trump and Roy Moore. None of them really "accidents", are they?) -- Christian R. Conrad Same old username (as above), but now on iki.fi (Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
Post #422,068 by drook 1/5/18 10:48:56 AM 1/5/18 10:48:56 AM Reply	Oh, who wants "informed" speculation ... I'll take the good old "wild" myself -- Drew
Post #422,069 by Another Scott 1/5/18 10:51:09 AM 1/5/18 10:51:09 AM Reply	This. What are the incentives? Cui bono? If security is valued less than speed/efficiency/cost then things will be less secure. It's good that the more serious one is more difficult to exploit. And it's good that things like this (might?) make designers take security more seriously. But it's hard to believe that the three-letter agencies won't continue to demand/find flaws in our electronics and communications systems. It is their job, after all... Just my $0.02. I have no special knowledge. Cheers, Scott.
Post #422,072 by drook 1/5/18 11:54:41 AM 1/5/18 11:54:41 AM Reply	No, that's not their job Their job is to make "our" stuff more secure while finding ways to exploit "their" stuff. Look at what they're trying to exploit to determine who they view as "us" and "them". -- Drew
Post #422,103 by CRConrad 1/8/18 4:31:45 AM 1/8/18 4:31:45 AM Reply	But "our" stuff _i_s_ "their" stuff nowadays. Did that Elbrus processor thingy ever take off? Don't think so, haven't heard of it for... A decade or so? (Except the name popped up somewhere the other day, probably in a rhetorical question like this, otherwise I wouldn't even have remembered it to mention here.) So, assuming every PC in Russia isn't running on an Elbrus or something, they use the same Intel (and some AMD) and variosly-branded ARMs as everyone else. If anyone doesn't, it might be the Chinese, but I'm guessing the situation is pretty much the same there, too. More domestic ARM cloners than in Russia, probably. So finding or inserting backdoors in "our" stuff is inserting backdoors in "their" stuff. -- Christian R. Conrad Same old username (as above), but now on iki.fi (Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
Post #422,079 by Ashton 1/6/18 1:04:22 AM 1/6/18 1:04:22 AM Reply	Perspicuous fork, there Just maybe.. also too, others who suspect the typical devious-$or Power-oriented options will persevere in er, Niti Niti [not This.. not-That..] Should no Mc Guffins be spotted by all who serve that pursuit, mayhap we can rest on laurels/thus on piecemeal polishing of existing implementations as now. Still, given the likely irreversible trend --> Weaponizing abso-fucking-lutely every object in sight, does it not seem foolish to put off truly sufficient funding of Intarweb-the-Second, post-haste? Just in Case some Clever-Lad arabesque over-night, should render the current house-of-cards instantly useless. 😈 Were I elected Dictator-post-Drumpf ...

Welcome to IWETHEY!