Forgot your password?
typodupeerror

Comment: Re:Wait, wait... (Score 1) 132

by tylerni7 (#47512101) Attached to: Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

If other people are attacking you, should you lay down all your weapons and hope they do the same?

Are people attacking Exodus via TOR? If not, then what ethical justification does it have for involving itself as the NSA's mercenary?

I'm all for self-defense; it's aiding aggression that I find unethical.

I don't think it matters whether we take Exodus or the US Government. I'm not really sure why being a mercenary is so bad? What is the difference if the US Government pays Exodus or hires the people working for Exodus to write exploits directly?
And yes, people are using Tor to fight against the US; certainly hackers and terrorists use Tor. (I don't believe more than a small fraction of Tor users are malicious, but malicious users undoubtedly exist.

Clearly, I'm failing to understand -- what is there about your hypothetical situation that precludes responsible disclosure?

Also, responsible disclosure is sort of tautologically ethical because it does consider context (that's what the "responsible" part means). If you're not sure what kind of disclosure is responsible, then the only ethical option would be to forgo the hacking.

If you have responsibly disclosed every exploit you know about, you are not going to be able to hack into the computer which triggers the bomb. I'm not sure why this isn't obvious. Unless somehow your "responsible disclosure" allows for holding on to exploits until you need them for dire situations, you have no way to stop such a computerized device.

Let's be more concrete here: someone has hooked up a Raspberry Pi to detonate a bomb, which is triggered, say, over Tor. Whoever made this wasn't stupid: it has a heartbeat which will detonate the bomb if it fails, so you can't just jam it or cut off internet access. It has normal motion sensors, etc. You have 1 hour to disable it.
I propose that given the possibility of such a scenario (or scenarios like this; obviously this is an extreme and contrived example to try to prove a point), it is ethical to withhold disclosure of vulnerabilities. In your proposed scenario, the government has "emptied its cyber arsenal". It has nothing it can do to prevent such an attack. I believe it is superior to have the capability to prevent such an attack.

Being forced to choose the lesser of two evils doesn't mean you should become the active accomplice of that evil.

Besides, on a more practical note, you're also failing to consider the rest of the collateral damage. By supporting Exodus's position, you're saying that hypothetically saving the lives of the Iranian scientists is worth hypothetically risking the lives of TOR users worldwide.

Except it isn't that simple.. one side has to win. If the US Government doesn't have people writing exploits, they are losing tools that help them to fight $ENEMY.

It's like saying we shouldn't have fought in Wold War II against Hitler, because war is bad. The Allied forces were the "lesser of two evils"--evil, of course, because war is unethical just like hacking is. Why choose to actively help the lesser of two evils? We should have remained neutral.
We can ignore any historical facts for the sake of hypothetical arguments and say Hitler would have succeeded with 100% certainty without US support. In this sort of scenario are you trying to say that the ethical thing to do is nothing? It really sounds like we have some huge differences of opinion in all of this, so this probably isn't going anywhere.

Comment: Re:Wait, wait... (Score 1) 132

by tylerni7 (#47510561) Attached to: Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS
Ugh, maybe on this computer my replies will show up with my user account (I don't mind a bit of bad karma every now and then, and I think it is hard to have an actual discussion with an AC post). Anyway..

Didn't your parents ever ask you rhetorical questions like "if your friends all jumped off a bridge, does that mean you should do it too?" or tell you "the ends do not justify the means" when you were a kid?

I think this is more akin to "an eye for an eye makes the whole world blind". But obviously, just because something is a catchy statement, that doesn't mean it's good advice.
If other people are attacking you, should you lay down all your weapons and hope they do the same? Maybe, but it's not a cut and dry situation like you make it out to be. I agree that in an ideal world, no one would exploit anyone, and all of our software would be bug free. But it seems naive to base our actions off of that world view when it is not the case. Is fighting and war bad? Yes. But I don't think a Ghandi approach will work in all situations, and sometimes fighting back is necessary. (That doesn't mean all cases, of course.)

Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant.

I think this is an incredibly bold statement. I think it's a bit hard to judge the ethics of exploiting a computer "in a vacuum", the context certainly matters. Let's take a hypothetical situation: if a computer was used as the trigger for a bomb which was going to go off and kill 100 people, would it not be ethical to hack in to the computer and disable it? [we can assume it also has all the fancy triggering mechanisms in place.. capacitive sensing in case someone gets too close, tilt/shock sensors in case something tries to move it, etc]
I find that belief absurd. And while I'm sure that wasn't the situation you envisioned when you made that claim, I think it's important to note there are cetainly extreme cases where hacking into a computer is clearly ethical.
If we're able to agree that
sometimes computer hacking is ethical, then it just becomes a question of where the line is drawn. How much personal information needs to be on the computer about to detonate a bomb before you decide it isn't The Right Thing To Do to hack in? I am sure there are cases where the government is happy to hack into something that I think is ethically dubious, but again, I think it is absurd to say it is never ethical.

The other thing is you have to consider that "cyber weapons" mean governments can gain intelligence or affect systems without hurting people. Stuxnet is an interesting example. How many lives would have been lost if instead someone bombed the Iranian nuclear facility, or killed off Iranian scientists (yes, I know this still happens anyway, sadly)? Stuxnet was a virus that infected the public's computers as well.
Based on our discussion so far I would expect you to say something like "well sure, maybe it's better than bombing, but having neither would be even better". That's a totally understandable stance, but again, that isn't the world we live in. I think it's a step in the right direction to at least try to minimize deaths.


Anyway, it doesn't sound like we're going to come to an agreement on anything, and that's fine. I definitely understand how hacking can be a moral grey area, and not everyone has to agree. However, I just hope people will accept that it is at least a moral grey area, rather than a moral black area.

Comment: Re:Demoed at TEDxAustin (Score 2) 179

by tylerni7 (#42239077) Attached to: Researchers Find Crippling Flaws In Global GPS
The TEDxAustin talk you mentioned is focused on GPS spoofing to make a receiver think that it is somewhere else. Spoofing in that sense has been around for a long time, and while it is very cool and everything, it isn't what is novel about this paper/attack.
This paper goes from just making a GPS receiver think it is located somewhere else to actually exploiting software vulnerabilities in GPS receivers to cause them to crash and things like that. The attacks are related, but the position based spoofing is just a subset of this work.

Comment: Re:Well, duh. (Score 4, Interesting) 179

by tylerni7 (#42238557) Attached to: Researchers Find Crippling Flaws In Global GPS
I don't think you looked at the paper really. GPS spoofing and jamming are nothing new (as is mentioned in the paper). The new aspect is that there are software attacks that can be done on the receivers. For example, one of the divide by zero errors will cause a denial of service attack on some receivers. This is vastly different from jamming, because the DoS continues even after the transmitter is shut off. Jamming would obviously stop as soon as the transmitter is turned off. That is the new, exciting, and dangerous part of all this.
Displays

Disney Research Can Turn Nearly Any Surface Into a Touch Screen 96

Posted by timothy
from the even-your-keyboard dept.
surewouldoutlaw writes "Remember that scene in Fantasia where Mickey turns all the brooms into an army of workers? Well, Disney isn't quite there, yet. But scientists with the company's research lab at Carnegie Mellon University in Pittsburgh have been able to turn virtually any surface, including liquid water and the human body, into a multi-touch interface. The new system is called Touché, and it is as awesome as it sounds."

Comment: Re:Airport security? (Score 5, Insightful) 87

by tylerni7 (#39451479) Attached to: 'Antimagnet' Cloak Hides Objects From Magnetic Fields
No look, this is perfect. We convince DHS that the terrorists are trying to develop room temperature superconductors to subvert metal detectors and security checkpoints.

Then, clearly the solution is for DHS to start giving obscene amounts of money to physicists in the USA to develop the technology first! It's pretty much a win-win-win situation.

Comment: Re:Get a clue Big Sis (Score 4, Interesting) 256

by tylerni7 (#38473582) Attached to: Vanity Fair On the TSA and Security Theater
Although 12 million is certainly a large number, the US has many more travelers than that. In 2009, Atlanta's airport had something like 90M travelers use the airport. That means that one airport has more traffic than all of the airports combined in Israel.

I agree that their airport security model is superior, and maybe it can scale to large airports in the USA, but if we have dozens of airports with more traffic than their busiest airport, scaling is very far from a simple task.

Source

Comment: E-ink like power consumption? (Score 2) 168

by tylerni7 (#38068920) Attached to: Qualcomm's Butterfly Wing Display Gets Nearer
What does the article mean by e-ink like power consumption? I can't tell if this technology requires power to remain in a given state, or whether it can be static like e-ink. Although the low power consumption of e-ink displays is largely due to their lack of a backlight, being able to display static content with 0 power consumption is really one of the coolest parts about e-ink tech.

I read the article but it didn't seem to answer this, do any readers know? If it could display static content for free then that would be incredibly awesome.

Comment: Re:This has no impact (Score 1) 494

by tylerni7 (#34795984) Attached to: California County Bans SmartMeter Installations
ZigBee generally operates at 250mW/24dBm max power. Obviously some devices can be made to broadcast higher energy levels, but a quarter watt tends to be used.

I suppose a citation would be nice, but if you google it, you will find most chipsets have that as their maximum power rating. (And as the signal only needs to reach the home, there is no reason for a stronger signal to be used.)

Comment: Red-shift (Score 1) 129

by tylerni7 (#34269164) Attached to: Space-Time Cloak Could Hide Actual Events
Correct me if I'm wrong, but this sort of invisibility cloak would not be perfect as described.

As light is initially slowed down to make "room" for the invisible event to take place, there is going to be a red-shift in the light because the waves must start arriving more slowly. While this change can be made subtle, that means that an "attacker" needs to either spend a long time slowing down the light, or the "attacker" would only create a small gap in time in which to work.

Still very cool though!

... when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. -- Fred Brooks

Working...