Forum Settings
       
« Previous 1 2
Reply To Thread

Breaking teh interwebz - NSA styleFollow

#1 Sep 06 2013 at 4:38 PM Rating: Decent
**
563 posts
Unfortunaltely, Guardian ( and NYT ) decided not to publish the most interesting parts... ie. which parts are irrevocably broken.

I know, I know, you guys are all cool with implants in your asses monitoring your moves 24/7, but I am curious to what extent you are cool with the basic foundation of the internet ( trust ) being broken beyond simple repair. NSA managed to insert itself into standards producing body thus poisoning the entire security well. Any sensible security expert will tell you the simple truth that backdoors are typically a bad idea*.

Bad NSA, and even worse the engineers that participated in this.

*unless you are into that sort of thing, duh

____________________________
Your soul was made of fists.

Jar the Sam
#2 Sep 06 2013 at 4:40 PM Rating: Excellent
Avatar
******
29,886 posts
I have a computer monitor implanted in my ****. It saves time.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#3 Sep 06 2013 at 4:42 PM Rating: Good
**
563 posts
Dread Lörd Kaolian wrote:
I have a computer monitor implanted in my ****. It saves time.


Personally, at this point, whenever I get a new device, my first question always is: "does it do bjs?"
____________________________
Your soul was made of fists.

Jar the Sam
#4 Sep 06 2013 at 4:44 PM Rating: Excellent
Avatar
*****
11,253 posts
Whelp, time to EMP the planet and start over. Like **** am I having a monitor shoved in my ****; that may be Kao's thing but I prefer to have it where I don't have to bend around to see it, like in my urethra.
____________________________
Shaowstrike (Retired - FFXI)
91PUP/BLM 86SMN/BST 76DRK
Cooking/Fishing 100


"We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary."
— James D. Nicoll
#5 Sep 06 2013 at 4:46 PM Rating: Decent
******
21,717 posts
Meh. There's always sneakernet for the important stuffs.
____________________________
R.I.P. Jessica M. 5/3/2010
This post brought to you by Carl's Jr.
gbaji wrote:
You guys keep tossing facts out there like they mean something.


#6 Sep 06 2013 at 4:48 PM Rating: Excellent
Avatar
******
29,886 posts
Shaowstrike the Shady wrote:
Whelp, time to EMP the planet and start over. Like **** am I having a monitor shoved in my ****; that may be Kao's thing but I prefer to have it where I don't have to bend around to see it, like in my urethra.


Nah see, it's a touchscreen, so I can ban spammers by eating beans and emitting gas at them! All the forum admins have them these days.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#7 Sep 07 2013 at 1:24 PM Rating: Excellent
Avatar
*****
11,955 posts
So it's fair to say you **** in their general direction?

____________________________
Just as Planned.
#8 Sep 07 2013 at 1:48 PM Rating: Excellent
Avatar
******
29,886 posts
Only if their mother was a hamster.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#9 Sep 08 2013 at 2:50 AM Rating: Default
Avatar
****
8,970 posts
BrownDuck wrote:
Meh. There's always sneakernet for the important stuffs.

Don't underestimate sneakernet.

____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#10 Sep 09 2013 at 7:11 AM Rating: Good
******
43,650 posts
Dread Lörd Kaolian wrote:
Only if their mother was a hamster.
I've hidden the elderberries.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#11 Sep 09 2013 at 5:34 PM Rating: Default
Encyclopedia
******
31,593 posts
angrymnk wrote:
... I am curious to what extent you are cool with the basic foundation of the internet ( trust ) being broken beyond simple repair. NSA managed to insert itself into standards producing body thus poisoning the entire security well. Any sensible security expert will tell you the simple truth that backdoors are typically a bad idea*.


/shrug

Kinda have to look at the historical aspects of this. For a long time there was *no* security in the internet anyway. Ultimately, this doesn't represent any reduction in security. If you encrypt data from pointA and send it to pointB and decrypt it, the NSA will still have problems cracking it. And for those in the know, the list of crypto not to use is well understood (but still often ignored). It really shouldn't be surprising at all that the generic encryption systems are just tough enough to be difficult for a small time cracker to break, but weak enough for an agency with sufficient resources to break it easily, nor that an agency like the NSA would be involved in arranging for that. Um... But honestly, if you understand how encryption standards follow technology advances, you'd realize that it doesn't take much for this to happen anyway. "Standard" encryption will always trail behind the ability to crack it. All that need happen is for governing bodies to *not* push vendors kicking and screaming into implementing new/better encryption. So no real surprise.

As to backdoors, I suspect that most people (including reporters at the Guardian and NYT) really don't understand what this means. It's a term that is usually taken to mean a specific thing, but actually refers to a broad set of things. I don't think they're talking about software backdoors here. That wouldn't give the NSA any real advantage anyway. I'd also not be terribly concerned about that anyway.

Edited, Sep 9th 2013 4:35pm by gbaji
____________________________
King Nobby wrote:
More words please
#12 Sep 09 2013 at 9:23 PM Rating: Decent
**
563 posts
gbaji wrote:
angrymnk wrote:
... I am curious to what extent you are cool with the basic foundation of the internet ( trust ) being broken beyond simple repair. NSA managed to insert itself into standards producing body thus poisoning the entire security well. Any sensible security expert will tell you the simple truth that backdoors are typically a bad idea*.


/shrug

Kinda have to look at the historical aspects of this. For a long time there was *no* security in the internet anyway. Ultimately, this doesn't represent any reduction in security. If you encrypt data from pointA and send it to pointB and decrypt it, the NSA will still have problems cracking it. And for those in the know, the list of crypto not to use is well understood (but still often ignored). It really shouldn't be surprising at all that the generic encryption systems are just tough enough to be difficult for a small time cracker to break, but weak enough for an agency with sufficient resources to break it easily, nor that an agency like the NSA would be involved in arranging for that. Um... But honestly, if you understand how encryption standards follow technology advances, you'd realize that it doesn't take much for this to happen anyway. "Standard" encryption will always trail behind the ability to crack it. All that need happen is for governing bodies to *not* push vendors kicking and screaming into implementing new/better encryption. So no real surprise.

As to backdoors, I suspect that most people (including reporters at the Guardian and NYT) really don't understand what this means. It's a term that is usually taken to mean a specific thing, but actually refers to a broad set of things. I don't think they're talking about software backdoors here. That wouldn't give the NSA any real advantage anyway. I'd also not be terribly concerned about that anyway.

Edited, Sep 9th 2013 4:35pm by gbaji


Dude, it took you twenty sentences to say you don't care. Good job.

To be perfectly honest, I am not quite sure if I can classify you as an apologist, poster child for Stockholm syndrome, serial rape victim, some combination of the three, or a highly educated dunce.

Let us start at the beginning. If you want to look at this from "historical" perspective I can recommend several books on the history of the internet. My personal favorite is "Who controls the internet? - illusions of the borderless world" by Jack Goldsmith. Read it and understand it; then we can talk what it was meant to be, what were its foundations, what it has become, and exactly how it is not undermined by the current set of revelations.

With that out of the way, understand this, while NSA does employ a record number of PhD mathematicians, and other rather intelligent people, you will be surprised, nay, astounded to know, that, out there, in the wild wild west of the non-NSA world other intelligent people exist. Scary, no? Your weird assumption that three letter agency analyst is, by default, smarter than anyone else on the planet just does not
Oh, I know you are going to hang on onto the resources thing. True, it is a little hard to compete with a budget that dwarfs the one of NASA. Can't argue with you there. I would like to point something out however, Note that NSA actively undermined strong encryption standards. It obviously saw increased computing power available to the average Joe as a threat. Even NSA, even with its incredible budget can't decrypt every single little thing, if everyone is doing it, and happens to use strong encryption... (vide Snowden).

Now, please make an attempt to understand my argument here. If everything is to be on the internet, and heavens knows the current trend seems to be pushing us in that direction, then strong, and I don't mean, break it when we really want to know, security is actually a good idea. Otherwise, it only takes one Snowden to take the card house down. Do you understand why security by obscurity, planted zero day exploits, back doors, and low encryption standards may not be such a good idea?

Because it then only takes one bad actor. And these days, when the **** IV systems are connected, I want some basic assurance that it can't just be taken over. You are telling me it is cool, because only the NSA has access to it.

In summation,

If you are not concerned, then:

A) you have no self-preservation instinct
B) you welcome your NSA regime ( separate rant, because only **** would believe all that information would not be used for blackmail )
C) you are actively adjusting our world to that of Cyberpunk 2077 ( If that is your goal, then I salute you ).

K, I am going to bed. It was a long **** day.
____________________________
Your soul was made of fists.

Jar the Sam
#13 Sep 10 2013 at 7:39 AM Rating: Excellent
******
43,650 posts
angrymnk wrote:
Dude, it took you twenty sentences to say you don't care. Good job.
Took you like forty to say nuh uh.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#14 Sep 10 2013 at 3:16 PM Rating: Decent
Encyclopedia
******
31,593 posts
angrymnk wrote:
Let us start at the beginning. If you want to look at this from "historical" perspective I can recommend several books on the history of the internet. My personal favorite is "Who controls the internet? - illusions of the borderless world" by Jack Goldsmith. Read it and understand it; then we can talk what it was meant to be, what were its foundations, what it has become, and exactly how it is not undermined by the current set of revelations.


You're kidding, right? I think I'll stick to actual books that discuss actual security tools and cryptography and how they're used within a digital communications framework. Or, I don't know, I'll bring it up the next time I'm in a meeting and the topic of securing networks and data happen to come up among a group of people who do that for a living.

Quote:
With that out of the way, understand this, while NSA does employ a record number of PhD mathematicians, and other rather intelligent people, you will be surprised, nay, astounded to know, that, out there, in the wild wild west of the non-NSA world other intelligent people exist. Scary, no? Your weird assumption that three letter agency analyst is, by default, smarter than anyone else on the planet just does not


I didn't say that the NSA employes the smartest people. I said they have the most resources. I know that there's a common perception of the "genius hacker" who can bypass security protocols in seconds because he's just that good. Um... That's now how it works. Maybe in the movies or on TV, but in the real world, it's about spending time and resources to gain access. Smarts are important, and understanding what the **** you're doing is important, but none of those really help you if you don't have the resources to use. That means the right tools, knowledge, and with regard to the kind of high level security stuff we're talking about, significant resources.

There are a host of encryption technologies that are "broken" in the sense that they are crackable (DES is a great initial example). But that's really a relative statement. Crackable means "crackable in a useful amount of time using available computer resources". Your average hacker sitting in his parents basement isn't going to spend several billion dollars on a cpu farm so he can break "tough" encryption in a useful time (that's what's meant by "near real time" btw). The value of reading someone's email, or hacking their online accounts isn't worth the money you'd have to spend to do it.

But when the goal isn't money, the whole picture changes. The NSA can spend billions (or tens of billions) of dollars on the kinds of resources and tools needed to break most encryption in a reasonable amount of time (most of the time). And they'll spend millions more on their version of "social hacking" (which is any method used to get companies to provide them with information).

Quote:
Oh, I know you are going to hang on onto the resources thing.


Duh.

Quote:
True, it is a little hard to compete with a budget that dwarfs the one of NASA. Can't argue with you there. I would like to point something out however, Note that NSA actively undermined strong encryption standards. It obviously saw increased computing power available to the average Joe as a threat. Even NSA, even with its incredible budget can't decrypt every single little thing, if everyone is doing it, and happens to use strong encryption... (vide Snowden).


This is where the /shrug part comes in. Undermining strong encryption standards is a matter of opinion and perception. There is nothing preventing anyone from encrypting their own email with something stronger than what MS or Google uses by default. I get that by influencing standards, they can ensure that they're "just weak enough", and I said as much above. The problem is that this likely would happen even if the NSA didn't get involved. Security and usability are always at odds with each other. The more secure you make something, the less convenient it is to the customer, the more expensive it is, the more time it takes, etc. The standards in use today are the result of decades of compromise decisions within the industry. And if you knew just how silly some of the reasons for those compromises are, you'd laugh at the idea that the NSA had to do more than a bit of subtle nudging to accomplish such a thing.

Quote:
Now, please make an attempt to understand my argument here. If everything is to be on the internet, and heavens knows the current trend seems to be pushing us in that direction, then strong, and I don't mean, break it when we really want to know, security is actually a good idea. Otherwise, it only takes one Snowden to take the card house down. Do you understand why security by obscurity, planted zero day exploits, back doors, and low encryption standards may not be such a good idea?


Um... That's a great theory, but it has never been true. The one thing that every network security expert will tell you is that there's no such thing as a secure network. If you don't want something to be learned, don't put it on a network. Period. The choice is *always* about the value of securing data versus the value of it being usefully accessible. I'm directly involved in dealing with this exact issue with regards to the security of company IP versus the needs of allowing foreign consultants to be able to work on products that use that IP. It's a monetary consideration. How much do we risk losing if we don't meet a production time table versus (in this case) the risk that China will be able to steal enough information and be able to use it to help one of their companies catch up?

It's never a question of 100% security, but an assessment of relative risk and cost. So yeah, I laugh when folks try applying the reality of how and why our networks are secured against the actions of a government agency acting without regard to dollar costs.


Quote:
You are telling me it is cool, because only the NSA has access to it.


No. I'm telling you that it's cool because the security only has to good enough to make the cost of doing something higher than the value of doing that thing. The NSA doesn't care about cost, but it's also not seeking to steal the money in your bank account. And how much does a bullet cost? If someone wants to kill you, aren't there much easier ways to go about it than hacking your pacemaker?

You need to stop thinking that the real world works like bad film plots.

Edited, Sep 10th 2013 2:16pm by gbaji
____________________________
King Nobby wrote:
More words please
#15 Sep 10 2013 at 5:51 PM Rating: Decent
**
563 posts
lolgaxe wrote:
angrymnk wrote:
Dude, it took you twenty sentences to say you don't care. Good job.
Took you like forty to say nuh uh.


I am competitive by nature. Not even Gbaji out-gbajis me.
____________________________
Your soul was made of fists.

Jar the Sam
#16 Sep 10 2013 at 6:41 PM Rating: Decent
**
563 posts
Quote:
angrymnk wrote:
Let us start at the beginning. If you want to look at this from "historical" perspective I can recommend several books on the history of the internet. My personal favorite is "Who controls the internet? - illusions of the borderless world" by Jack Goldsmith. Read it and understand it; then we can talk what it was meant to be, what were its foundations, what it has become, and exactly how it is not undermined by the current set of revelations.


You're kidding, right? I think I'll stick to actual books that discuss actual security tools and cryptography and how they're used within a digital communications framework. Or, I don't know, I'll bring it up the next time I'm in a meeting and the topic of securing networks and data happen to come up among a group of people who do that for a living.


I am never kidding; ever. Before you can discuss cryptography and security mr fancy-fants ,who, no doubt, meets software engineers and security analysts on working lunches on a daily basis, should maybe, just maybe, consider the possibility, that before mr fancy-pants can discuss said problems mr fancy-pants could, and I do mean could, consider to learn some basic information about the subject at hand. Based on your previous responses, I was not sure you did.

If you did and chose not to disclose it, Touche, I, for one, was fooled.

Quote:
But when the goal isn't money, the whole picture changes.

Quote:
The NSA doesn't care about cost, but it's also not seeking to steal the money in your bank accoun


For once you are not wrong; well, not completely wrong. The goal is,obviously, nothing is mundane as money. Pfui -- only plebs worry about those. The object is information, and its derivative, power.

Quote:

This is where the /shrug part comes in. Undermining strong encryption standards is a matter of opinion and perception. There is nothing preventing anyone from encrypting their own email with something stronger than what MS or Google uses by default.


I guess it is my turn to go into "are you serious?" mode. I am not sure how young/old you are ( depending on your philosophical bent ), but I am sure a security expert such as yourself remembers the problems and legal hurdles the US government was creating for pgp creator. There is the might of the government telling you can't encrypt anything we can't decrypt. So what were you saying about nothing preventing me? Oh, you mean nothing stopping me from using tools that have been rendered less useful?

Quote:
Quote:
The standards in use today are the result of decades of compromise decisions within the industry. And if you knew just how silly some of the reasons for those compromises are, you'd laugh at the idea that the NSA had to do more than a bit of subtle nudging to accomplish such a thing.


Here you are correct. I know. The main reason I know is because of the same reason most people know: real life manifestation of Dilbert principles ( and immediate cost). I could tell you stories, but I don't want to bore everyone more than is strictly necessary.

Quote:
Now, please make an attempt to understand my argument here. If everything is to be on the internet, and heavens knows the current trend seems to be pushing us in that direction, then strong, and I don't mean, break it when we really want to know, security is actually a good idea. Otherwise, it only takes one Snowden to take the card house down. Do you understand why security by obscurity, planted zero day exploits, back doors, and low encryption standards may not be such a good idea?


Um... That's a great theory, but it has never been true, but it has never been true. The one thing that every network security expert will tell you is that there's no such thing as a secure network. If you don't want something to be learned, don't put it on a network. Period. The choice is *always* about the value of securing data versus the value of it being usefully accessible. I'm directly involved in dealing with this exact issue with regards to the security of company IP versus the needs of allowing foreign consultants to be able to work on products that use that IP. It's a monetary consideration. How much do we risk losing if we don't meet a production time table versus (in this case) the risk that China will be able to steal enough information and be able to use it to help one of their companies catch up?

It's never a question of 100% security, but an assessment of relative risk and cost. So yeah, I laugh when folks try applying the reality of how and why our networks are secured against the actions of a government agency acting without regard to dollar costs.


Huh? I am not sure you are deliberately misrepresenting my argument, misunderstanding it, or if you are carrying a different conversation on similar subject. I have not said anything about making bullet-proof network. I am arguing against making it vulnerable BY DESIGN. Do you see the difference? I am sure you do because in the very next sentence you paraphrase what I said... ie. don't put everything on the internet.

And last, but most certainly not least,
Quote:
but it has never been true
portion of your post. Never is a very long time. Unless you have some weird understanding of my "theory", the last time 'never' happened was when Snowden showed up. I can only assume you didn't communicate your point clearly enough for me to comprehend. Please try again. Remember, I am most definitely not a security expert; not completely unlike you.

Quote:
So yeah, I laugh when folks try applying the reality of how and why our networks are secured against the actions of a government agency acting without regard to dollar costs


If I am understanding you right.. you laugh because desperate laughter of a rape victim is certainly better than tears? Help me out here.

Quote:
You need to stop thinking that the real world works like bad film plots.


You will laugh, but maybe the problem is I do not watch enough movies.

But this is beside the point because, and pay attention here since it might just open your mind a little, life does not care whether the plot is good. Life does not care about the actors, extras, or even, gasp, the audience. Just because it sounds like something from a bad movie does not make it any less true ( if it is true ).

In other words, not bad for first effort. Rewrite and try again.
____________________________
Your soul was made of fists.

Jar the Sam
#17 Sep 10 2013 at 7:47 PM Rating: Good
I don't know how to break this to you angrymnk, so I'll just say it.









gbaji knows literaly 200x more about everything than the rest of us.


It's true because I read it on the internet.
____________________________
Allegory wrote:
Bijou your art is exceptionally creepy. It seems like their should be something menacing about it, yet no such tone is present.
#18 Sep 10 2013 at 8:01 PM Rating: Decent
**
563 posts
Friar Bijou wrote:
I don't know how to break this to you angrymnk, so I'll just say it.









gbaji knows literaly 200x more about everything than the rest of us.


It's true because I read it on the internet.


Doh, Why didn't nobody warn me? That's just mean.
____________________________
Your soul was made of fists.

Jar the Sam
#19 Sep 10 2013 at 8:40 PM Rating: Decent
Encyclopedia
******
31,593 posts
angrymnk wrote:
I am never kidding; ever. Before you can discuss cryptography and security mr fancy-fants ,who, no doubt, meets software engineers and security analysts on working lunches on a daily basis, should maybe, just maybe, consider the possibility, that before mr fancy-pants can discuss said problems mr fancy-pants could, and I do mean could, consider to learn some basic information about the subject at hand. Based on your previous responses, I was not sure you did.


I was talking about your choice of book to read to learn about the history of the internet and how security protocols get established. I happen to think you have it backwards though. One should start by understanding how packet based networks actually work, then how encryption works, then how to apply encryption to said packet based networks, and *then* you can start looking at the political side of things and assessing whether there's something horrible going on. Starting with the conspiracy and then working backwards is, well... backwards.

Quote:
If you did and chose not to disclose it, Touche, I, for one, was fooled.


I'm sorry. I wasn't aware I was supposed to provide a resume before posting. I thought that merely pointing out that one should actually understand the technology *first* before trying to figure out if it's being applied correctly or manipulated for some nefarious plot would have indicated that I actually do know a bit about this. And frankly, your recommended reading suggests that you *don't*.

Quote:
For once you are not wrong; well, not completely wrong. The goal is,obviously, nothing is mundane as money. Pfui -- only plebs worry about those. The object is information, and its derivative, power.


Which is no different today than it has ever been. Again... /shrug

Quote:
I guess it is my turn to go into "are you serious?" mode. I am not sure how young/old you are ( depending on your philosophical bent ), but I am sure a security expert such as yourself remembers the problems and legal hurdles the US government was creating for pgp creator.


None of which prevented a single person from actually using it though. Attempts to stop the spread of encryption were a joke then and are a joke now. And it ultimately had very little to do with preventing private parties from using encryption, and more to do with outdated laws being applied in inconsistent and really ridiculous ways.

Quote:
There is the might of the government telling you can't encrypt anything we can't decrypt. So what were you saying about nothing preventing me? Oh, you mean nothing stopping me from using tools that have been rendered less useful?


Er? Strong encryption is readily available. More available than ever before. So if anything the trend is towards folks having the capability of more privacy. The problem is that, as many actual security experts have predicted time and time again, people choose not to use it. They do so, not because of some evil government schemes to make sure they can read your emails, but because it's easier not to. ****, if it weren't for governments actually passing some regulations on the industry, most people wouldn't use encryption for anything at all. So complaining that the weak encryption we have in the default applications out there are some kind of plot by the government really is silly.

Quote:
Here you are correct. I know. The main reason I know is because of the same reason most people know: real life manifestation of Dilbert principles ( and immediate cost). I could tell you stories, but I don't want to bore everyone more than is strictly necessary.


I literally had a conversation with a principle engineer here just yesterday in which he was trying to argue that I should add a modification to everyone's login to a set of systems such that it would allow anyone else to be able to connect to their session without their permission and completely bypassing any password that user may have set. He was seriously arguing this. Without going into the details of why, his reasoning was purely about convenience (saving a couple minutes on these systems under certain conditions). I had to explain to him that this was in complete violation of our emedia policy, not to mention a direct violation of a number of legally binding documents I have to sign in order to have the authority to make this kind of system/account level change in the first place. If I were to do such a thing, I'd be lucky to *only* lose my job.

Point is that I had to argue this with him for quite some time before he agreed to let me find another solution to the problem he was running into. Most people put convenience ahead of security. Even when they should know better. It's what social networking is about as well btw. You don't need the NSA to do that. Just give people the option to hand their information over, and most will do it. Give people the choice to use a 4 digit or 10 digit pin on their ATM card, and want to bet what most will ask for? Give them a choice of numbers only, or numbers and letters, and guess what they'll pick?

****. Look at this picture. It's a keypad access to a car, right? Stop and think about it for a moment. It's got 5 buttons. Ask yourself why the buttons are labeled "1-2", "3-4", "5-6", "7-8", "9-0", instead of just 1, 2, 3, 4, 5? It's still just a combination of 5 keys, yet they labeled them such that the keys can represent any number in our decimal system. There's only one reason to do this and that's to allow people to use numbers that are significant to them, but which might require the numbers 6 through 0 instead of just 1-5. Um... Which is precisely what you're not supposed to do when picking a security code, right? Are the car companies intentionally wanting people to use less security? Cause that's the argument you're making with regard to the NSA.

Car companies design the keypads that way because even though they know they promote less security, they also know that customers want them. Customers want to be able to use their birthday, or whatever as their code, and keypads which don't provide this less secure functionality will lose out in the market versus ones that do. My point is that the average person demands a less secure environment if more security means less convenience or ease of use. Not just the average person, the overwhelming majority of people.

Again, the NSA doesn't have to do anything except *not* impose stronger standards. The people will tend to pick the least secure methods that do "just enough" to prevent just anyone from hacking into their stuff. Why? Because it's not worth their time and effort to do more. And the companies which make the operating systems, and web servers, and all that other stuff know this. And they know that if they attempt to impose stronger security, they will lose customers to the guy that uses the simplest, weakest, but easiest to use solution. Doesn't take a government conspiracy for this to happen.

Quote:
Huh? I am not sure you are deliberately misrepresenting my argument, misunderstanding it, or if you are carrying a different conversation on similar subject. I have not said anything about making bullet-proof network. I am arguing against making it vulnerable BY DESIGN. Do you see the difference? I am sure you do because in the very next sentence you paraphrase what I said... ie. don't put everything on the internet.


And as I said (but was apparently the one part of my post you didn't respond to), it's a matter of opinion and perspective. What is "vulnerable by design"? So if I currently have a network connection that uses zero encryption, and I implement a weak but easy to use encryption, but I could have used a much stronger, but harder to use/implement one, is my connection "vulnerable by design"? Depends on how you look at it, right? Technically, since it was designed, then every aspect of it is "by design". The question is whether the intent was to make it less secure than it could have been, or if I decided that it's "secure enough" for whatever data I'm transmitting along that connection.

Which is why I talked at length about relative costs. Convenience versus security.

Quote:
And last, but most certainly not least,
Quote:
but it has never been true
portion of your post. Never is a very long time. Unless you have some weird understanding of my "theory", the last time 'never' happened was when Snowden showed up. I can only assume you didn't communicate your point clearly enough for me to comprehend. Please try again. Remember, I am most definitely not a security expert; not completely unlike you.


I was referring to the fact that we have never had secure networks, so the idea that we're somehow "less secure" today is ridiculous. You're basically arguing reality against a possible alternative which never happened, but passing it off like we somehow moved in the wrong direction. As if somehow passing regulations which mandate X security level (instead of zero), is really making us less secure because they could have mandated something better. And then lumping in a bunch of conspiracy theories in to create a sinister motivation behind all of it.

I don't doubt for one moment that the NSA does have an interest in encouraging weak encryption around the world. I just question the degree to which they've actually had to work to make that happen. People will do this all on their own. You actually have to almost force them kicking and screaming to *not* use insecure methods.

Edited, Sep 10th 2013 8:54pm by gbaji
____________________________
King Nobby wrote:
More words please
#20 Sep 10 2013 at 9:03 PM Rating: Good
Lunatic
******
29,328 posts
As to backdoors, I suspect that most people (including reporters at the Guardian and NYT) really don't understand what this means. It's a term that is usually taken to mean a specific thing, but actually refers to a broad set of things. I don't think they're talking about software backdoors here.

You would be incorrect.


That wouldn't give the NSA any real advantage anyway.


Once again, you would be incorrect.


I'd also not be terribly concerned about that anyway.


Obviously not, you have a great handle on the NSA's technical capabilities and limitations and can easily avoid their efforts at invading your privacy should they choose to attempt to do so. Or you're an idiot. One of those two statements is clearly true.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a ****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ****. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#21 Sep 10 2013 at 10:19 PM Rating: Default
Encyclopedia
******
31,593 posts
Smasharoo wrote:
As to backdoors, I suspect that most people (including reporters at the Guardian and NYT) really don't understand what this means. It's a term that is usually taken to mean a specific thing, but actually refers to a broad set of things. I don't think they're talking about software backdoors here.

You would be incorrect.


Um... I realize that my use of pronouns wasn't clear, but while I'm sure "they" (the writers at the Guardian and NYT) were talking about software backdoors, "they" (the NSA) weren't talking about them with regard to their documents referring to means of obtaining data from networks in near real time. "They" (the NSA) were almost certainly referring to hardware taps into the backbone systems and physical encrypt/decrypt boxes used for point to point communications by large network users and not software backdoors in the latest version of office or something. "They" (the NSA again) aren't hacking into your home computer and rummaging around. What "they" are almost certainly doing is slurping up every bit of data that passes through a network link between the points at which they are encrypted for transmission and are decrypted at the other end and routing it to their own server farms.


Almost all large scale data companies (like google for instance) use hardware based encryption to secure data passing through their own WAN. It allows them to treat data crossing "public" network links as though it's internal to their own firewalls. Thus, there's very little reason to expend the effort to additionally encrypt the data moving across those links (beyond the stock relatively easy to crack with enough cpu time methods of course). And there are only a handful of companies that make those devices (honestly I think it's like three?). And it doesn't matter anyway, because these are typically installed and maintained by the backbone providers themselves. So you pay them for a point to point link and they provide the secure routers and physical hookups for that link. More or less exactly like how you pay for your cable company to run a cable to your house and put a cable box in so you can access their content (ok, not exactly, but you get the picture).

As more people use online services for everything from backing up their data, to handling their phone services, to looking up directions on their GPS device, those data services become central hubs for everything we do, even if we don't directly realize we're using them. When you place an order with Amazon for something, you may think that the connection between your web browser and their pos system is secure, and honestly it might be, but that's not the point. Amazon then internally manages your request within its own network, and makes backups, and otherwise moves every detail about what you did around multiple times behind the scenes.

That's how you grab large amounts of data. And it works for the NSA largely because the US is where most people put their data (or at least deal with US domained companies, which amounts to the same thing). Putting backdoors into every software tool and/or security protocol is the dumb way to do it that someone who doesn't think things through would come up with. It's too small scale really. But it's much easier to scare people about whether or not using https means their bank transaction is secure, than explain that this is only really a concern versus someone trying to steal your money and is not how the NSA would do it, nor would they have any reason to need to make that particular part of the equation less secure.


Quote:
That wouldn't give the NSA any real advantage anyway.

Once again, you would be incorrect.


No. I'd be correct. The only thing intentionally creating software backdoors and exploits in commercial software would do is maximize the likelihood that someone would notice this and cause all sorts of problems. This is precisely why we're hearing about this only because some guy who worked at the NSA leaked some documents that speak in really broad terms about gaining lots of data, and actually specifically says not to ask how, instead of some code monkey somewhere going "hey! I found this horrific exploit in 500 different software applications out there, and I traced the network calls using these exploits on a massive scale to this large and suspiciously government looking data farm...". Because that's what would happen if NSA were actually trying to access that volume of data using software backdoors.
____________________________
King Nobby wrote:
More words please
#22 Sep 11 2013 at 4:43 AM Rating: Good
Lunatic
******
29,328 posts
The only thing intentionally creating software backdoors and exploits in commercial software would do is maximize the likelihood that someone would notice this and cause all sorts of problems. This is precisely why we're hearing about this only because some guy who worked at the NSA leaked some documents that speak in really broad terms about gaining lots of data, and actually specifically says not to ask how, instead of some code monkey somewhere going "hey! I found this horrific exploit in 500 different software applications out there, and I traced the network calls using these exploits on a massive scale to this large and suspiciously government looking data farm...". Because that's what would happen if NSA were actually trying to access that volume of data using software backdoors.

You don't write code, do you. That's just dawning on me now from reading this. It's not part of your job, is it? You do some other admin thing that doesn't involve programing. We knew you weren't an engineer via your complete misunderstanding of logic, but I'd assumed that part of what you did involved creating software. I can see now that this is impossible. You learned some small amount of something along the way, in school, perhaps, but there is no way you could possibly be this ignorant and still have a job involving actual programing.

Thanks for the revelation, and good luck with your PowerPoint making, or fixing printers, or whatever it is you actually do.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a ****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ****. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#23 Sep 11 2013 at 5:43 AM Rating: Good
Soulless Internet Tiger
******
34,681 posts
gbaji wrote:
Starting with the conspiracy and then working backwards is, well... backwards.
Sound advice. Try it sometime.
____________________________
Donate. One day it could be your family.
Need a hotel at a great rate? More hotels being added weekly.

An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo

#24 Sep 11 2013 at 6:25 AM Rating: Decent
**
563 posts
gbaji wrote:
angrymnk wrote:
I am never kidding; ever. Before you can discuss cryptography and security mr fancy-fants ,who, no doubt, meets software engineers and security analysts on working lunches on a daily basis, should maybe, just maybe, consider the possibility, that before mr fancy-pants can discuss said problems mr fancy-pants could, and I do mean could, consider to learn some basic information about the subject at hand. Based on your previous responses, I was not sure you did.


I was talking about your choice of book to read to learn about the history of the internet and how security protocols get established. I happen to think you have it backwards though. One should start by understanding how packet based networks actually work, then how encryption works, then how to apply encryption to said packet based networks, and *then* you can start looking at the political side of things and assessing whether there's something horrible going on. Starting with the conspiracy and then working backwards is, well... backwards.

Quote:
If you did and chose not to disclose it, Touche, I, for one, was fooled.


I'm sorry. I wasn't aware I was supposed to provide a resume before posting. I thought that merely pointing out that one should actually understand the technology *first* before trying to figure out if it's being applied correctly or manipulated for some nefarious plot would have indicated that I actually do know a bit about this. And frankly, your recommended reading suggests that you *don't*.

Quote:
For once you are not wrong; well, not completely wrong. The goal is,obviously, nothing is mundane as money. Pfui -- only plebs worry about those. The object is information, and its derivative, power.


Which is no different today than it has ever been. Again... /shrug

Quote:
I guess it is my turn to go into "are you serious?" mode. I am not sure how young/old you are ( depending on your philosophical bent ), but I am sure a security expert such as yourself remembers the problems and legal hurdles the US government was creating for pgp creator.


None of which prevented a single person from actually using it though. Attempts to stop the spread of encryption were a joke then and are a joke now. And it ultimately had very little to do with preventing private parties from using encryption, and more to do with outdated laws being applied in inconsistent and really ridiculous ways.

Quote:
There is the might of the government telling you can't encrypt anything we can't decrypt. So what were you saying about nothing preventing me? Oh, you mean nothing stopping me from using tools that have been rendered less useful?


Er? Strong encryption is readily available. More available than ever before. So if anything the trend is towards folks having the capability of more privacy. The problem is that, as many actual security experts have predicted time and time again, people choose not to use it. They do so, not because of some evil government schemes to make sure they can read your emails, but because it's easier not to. ****, if it weren't for governments actually passing some regulations on the industry, most people wouldn't use encryption for anything at all. So complaining that the weak encryption we have in the default applications out there are some kind of plot by the government really is silly.

Quote:
Here you are correct. I know. The main reason I know is because of the same reason most people know: real life manifestation of Dilbert principles ( and immediate cost). I could tell you stories, but I don't want to bore everyone more than is strictly necessary.


I literally had a conversation with a principle engineer here just yesterday in which he was trying to argue that I should add a modification to everyone's login to a set of systems such that it would allow anyone else to be able to connect to their session without their permission and completely bypassing any password that user may have set. He was seriously arguing this. Without going into the details of why, his reasoning was purely about convenience (saving a couple minutes on these systems under certain conditions). I had to explain to him that this was in complete violation of our emedia policy, not to mention a direct violation of a number of legally binding documents I have to sign in order to have the authority to make this kind of system/account level change in the first place. If I were to do such a thing, I'd be lucky to *only* lose my job.

Point is that I had to argue this with him for quite some time before he agreed to let me find another solution to the problem he was running into. Most people put convenience ahead of security. Even when they should know better. It's what social networking is about as well btw. You don't need the NSA to do that. Just give people the option to hand their information over, and most will do it. Give people the choice to use a 4 digit or 10 digit pin on their ATM card, and want to bet what most will ask for? Give them a choice of numbers only, or numbers and letters, and guess what they'll pick?

****. Look at this picture. It's a keypad access to a car, right? Stop and think about it for a moment. It's got 5 buttons. Ask yourself why the buttons are labeled "1-2", "3-4", "5-6", "7-8", "9-0", instead of just 1, 2, 3, 4, 5? It's still just a combination of 5 keys, yet they labeled them such that the keys can represent any number in our decimal system. There's only one reason to do this and that's to allow people to use numbers that are significant to them, but which might require the numbers 6 through 0 instead of just 1-5. Um... Which is precisely what you're not supposed to do when picking a security code, right? Are the car companies intentionally wanting people to use less security? Cause that's the argument you're making with regard to the NSA.

Car companies design the keypads that way because even though they know they promote less security, they also know that customers want them. Customers want to be able to use their birthday, or whatever as their code, and keypads which don't provide this less secure functionality will lose out in the market versus ones that do. My point is that the average person demands a less secure environment if more security means less convenience or ease of use. Not just the average person, the overwhelming majority of people.

Again, the NSA doesn't have to do anything except *not* impose stronger standards. The people will tend to pick the least secure methods that do "just enough" to prevent just anyone from hacking into their stuff. Why? Because it's not worth their time and effort to do more. And the companies which make the operating systems, and web servers, and all that other stuff know this. And they know that if they attempt to impose stronger security, they will lose customers to the guy that uses the simplest, weakest, but easiest to use solution. Doesn't take a government conspiracy for this to happen.

Quote:
Huh? I am not sure you are deliberately misrepresenting my argument, misunderstanding it, or if you are carrying a different conversation on similar subject. I have not said anything about making bullet-proof network. I am arguing against making it vulnerable BY DESIGN. Do you see the difference? I am sure you do because in the very next sentence you paraphrase what I said... ie. don't put everything on the internet.


And as I said (but was apparently the one part of my post you didn't respond to), it's a matter of opinion and perspective. What is "vulnerable by design"? So if I currently have a network connection that uses zero encryption, and I implement a weak but easy to use encryption, but I could have used a much stronger, but harder to use/implement one, is my connection "vulnerable by design"? Depends on how you look at it, right? Technically, since it was designed, then every aspect of it is "by design". The question is whether the intent was to make it less secure than it could have been, or if I decided that it's "secure enough" for whatever data I'm transmitting along that connection.

Which is why I talked at length about relative costs. Convenience versus security.

Quote:
And last, but most certainly not least,
Quote:
but it has never been true
portion of your post. Never is a very long time. Unless you have some weird understanding of my "theory", the last time 'never' happened was when Snowden showed up. I can only assume you didn't communicate your point clearly enough for me to comprehend. Please try again. Remember, I am most definitely not a security expert; not completely unlike you.


I was referring to the fact that we have never had secure networks, so the idea that we're somehow "less secure" today is ridiculous. You're basically arguing reality against a possible alternative which never happened, but passing it off like we somehow moved in the wrong direction. As if somehow passing regulations which mandate X security level (instead of zero), is really making us less secure because they could have mandated something better. And then lumping in a bunch of conspiracy theories in to create a sinister motivation behind all of it.

I don't doubt for one moment that the NSA does have an interest in encouraging weak encryption around the world. I just question the degree to which they've actually had to work to make that happen. People will do this all on their own. You actually have to almost force them kicking and screaming to *not* use insecure methods.

Edited, Sep 10th 2013 8:54pm by gbaji


Gbaji.. I have real question for you. It is, admittedly, mildly unrelated. I am, however, curious. Can you tell me why, exactly, you, apparently, choose to be excessively verbose? For bonus points, do use twitter, and how do you deal with its severe limitations?

Ok, time to head for the azbestos factory; not all of us have jobs as network engineers.

____________________________
Your soul was made of fists.

Jar the Sam
#25 Sep 11 2013 at 7:23 AM Rating: Good
******
43,650 posts
Jesus, fucking, Christ, at, all, the, commas.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#26 Sep 11 2013 at 8:03 AM Rating: Good
Skelly Poker Since 2008
*****
15,896 posts
Those are carefully planned out thoughtful pauses indicating you should take in a long slow breath and think hard about what you're reading. ,

____________________________
Alma wrote:
Post and be happy!
#27 Sep 11 2013 at 8:05 AM Rating: Good
Skelly Poker Since 2008
*****
15,896 posts
angrymnk wrote:

Ok, time to head for the azbestos factory; not all of us have jobs as network engineers.

Are you Canadian?
____________________________
Alma wrote:
Post and be happy!
#28 Sep 11 2013 at 8:06 AM Rating: Good
******
43,650 posts
Uglysasquatch wrote:
gbaji wrote:
Starting with the conspiracy and then working backwards is, well... backwards.
Sound advice. Try it sometime.
Give him credit, he gets half of that equation all the time. Either the conspiracy or the working backwards part.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#29 Sep 11 2013 at 4:46 PM Rating: Decent
Encyclopedia
******
31,593 posts
Smasharoo wrote:
The only thing intentionally creating software backdoors and exploits in commercial software would do is maximize the likelihood that someone would notice this and cause all sorts of problems. This is precisely why we're hearing about this only because some guy who worked at the NSA leaked some documents that speak in really broad terms about gaining lots of data, and actually specifically says not to ask how, instead of some code monkey somewhere going "hey! I found this horrific exploit in 500 different software applications out there, and I traced the network calls using these exploits on a massive scale to this large and suspiciously government looking data farm...". Because that's what would happen if NSA were actually trying to access that volume of data using software backdoors.

You don't write code, do you.


Um... Yes. I do. You do understand that most of the protocols used for security have open source code, right? So you can't put a back door into say SSL and get away with it. Everyone who writes to that protocol knows where every single bit being transmitted is, and what it's used for, and how any application written to that standard will access it. I know that for people like you there's a layer of "magic" involved, but that's just not true.

In order to accomplish any sort of large scale data mining in anything like real time (as described via the bits of document Snowden has released) you can't do it using software backdoors. I mean, you could maybe get away with this on a few proprietary tools out there, but the bulk of what is actually used for encrypted communication on a network is fully understood source. This isn't Ritchie putting a backdoor into C back in the day, where he was literally the only person who'd ever viewed the full source code, and it was only actually being used for OS compiles on like 20 systems at one company. Today, you can't do that, but the myth of the "software backdoor" is ubiquitous.

You put backdoors in appliances, typically about 2-4 layers lower than the kind of software that most people think about when folks mention backdoors. Those are far more likely to be black box deals, far more likely to be small/closed proprietary systems, and far easier for a government agency to influence. And, most importantly, far far harder for any one of the million or so guys out there who actively look for signs of these sorts of things to find them. Combine that with parallel construction of government only backbone networks, and you can seamlessly slurp up arbitrarily vast amounts of data without leaving a single trace.

Any method done at a higher layer will leave signs, most obviously the massive amount of additional network traffic. Aligning your entry point to physical layers means you can avoid that. This doesn't preclude *also* using software hacks to get data, but by necessity that would have to be smaller scale and more of a per-use thing.
____________________________
King Nobby wrote:
More words please
#30 Sep 11 2013 at 5:18 PM Rating: Decent
Encyclopedia
******
31,593 posts
Let me add, before you go there, that I'm not a coder by profession. I don't sit around writing application code all day long. However, and perhaps more significant to this conversation, I do have a fairly complete understanding of network protocols, layers, packet layouts, etc. The data structures are relatively static. And since all code that uses those structures has to work within those confines and to those standards, the idea of a software level backdoor allowing one to break network communication security, while not impossible, is highly improbable. Someone would have spotted it. The scope of conspiracy required in order to maintain such backdoors would be ridiculously large. You'd need to have every single person who's written any version of software that utilizes a given security protocol to be in on it. So every guy who is involved in putting out a crypto library would have to be in on it. Or every guy writing an SSL application would have to look the other way (or fail to notice the extraneous code).

Network communication is not magic. It uses very strict rules and structures. There are potential exploits to be used of course, but again, when we're talking about massive collection and decryption of data in near real time, you just can't do it at the software layer. Too slow. Too many variables. Too many fingers in the pie. And too many signs that you're doing it. It's one thing to "hack in" and rummage around looking for something. It's a completely different matter to duplicate everything on a network and route it to some data farm somewhere. Even if you could get in via some backdoor in a software level security protocol, there's no way the site you're taking data from wont notice the massive increase of bandwidth usage required. Because to do it in software means you have to be physically accessing their site and pulling data out. If you do it at (or near) the hardware layer along the backbones, you can pull the data out at juncture points that physically intersect with your own physical cables. And if those juncture points are also encrypt/decrypt points, you can get that data "in the clear", and then only have to worry about the relatively small percentage of data traveling those links where the data itself is encrypted (usually using much weaker/faster on the fly encryption, so probably breakable).


I obviously have no clue how exactly the NSA collects data. But if we assume that they are collecting massive amounts of data and decrypting it in near real time, this is how they would likely do it. Not because I know that's what they're doing, but because it's how I would do it if I were tasked with collecting that much data in a useful manner. You just have to understand how data transfers across the net works to see this. But most people's understanding is based on watching TV and films, where it's always about "hacking in". But if you have the money and resources to physically layer yourself along the backbones of the internet, you don't need to do that. And as I said, that's what I would do if I were asked to build a system to collect as much internet traffic as possible in near real time. It's completely invisible.
____________________________
King Nobby wrote:
More words please
#31 Sep 11 2013 at 7:20 PM Rating: Decent
Lunatic
******
29,328 posts
Um... Yes. I do. You do understand that most of the protocols used for security have open source code, right? So you can't put a back door into say SSL and get away with it. Everyone who writes to that protocol knows where every single bit being transmitted is, and what it's used for, and how any application written to that standard will access it. I know that for people like you there's a layer of "magic" involved, but that's just not true.

You mean TLS, right? I had a mystic vision that SSL has been crackable by $1000 hardware setups for years. Regardless, both are cipher dependent. I'm not sure if you picked this example because it's idiotic to demonstrate what people don't understand or if you're just stupid, but we'll assume it's the former. That said, it would be fairly trivial for NIST to make AES-256 (or whatever) vulnerable to fast novel attacks. You don't understand cryptanalysis well enough for me to bother with going into this more deeply, but, basically, yes, if given sufficient influence over a standards body, ciphers can be modified to be easily breakable in ways that will not be apparent.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a ****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ****. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#32 Sep 11 2013 at 8:32 PM Rating: Decent
**
563 posts
gbaji wrote:
Let me add, before you go there, that I'm not a coder by profession. I don't sit around writing application code all day long. However, and perhaps more significant to this conversation, I do have a fairly complete understanding of network protocols, layers, packet layouts, etc. The data structures are relatively static. And since all code that uses those structures has to work within those confines and to those standards, the idea of a software level backdoor allowing one to break network communication security, while not impossible, is highly improbable. Someone would have spotted it. The scope of conspiracy required in order to maintain such backdoors would be ridiculously large. You'd need to have every single person who's written any version of software that utilizes a given security protocol to be in on it. So every guy who is involved in putting out a crypto library would have to be in on it. Or every guy writing an SSL application would have to look the other way (or fail to notice the extraneous code).

Network communication is not magic. It uses very strict rules and structures. There are potential exploits to be used of course, but again, when we're talking about massive collection and decryption of data in near real time, you just can't do it at the software layer. Too slow. Too many variables. Too many fingers in the pie. And too many signs that you're doing it. It's one thing to "hack in" and rummage around looking for something. It's a completely different matter to duplicate everything on a network and route it to some data farm somewhere. Even if you could get in via some backdoor in a software level security protocol, there's no way the site you're taking data from wont notice the massive increase of bandwidth usage required. Because to do it in software means you have to be physically accessing their site and pulling data out. If you do it at (or near) the hardware layer along the backbones, you can pull the data out at juncture points that physically intersect with your own physical cables. And if those juncture points are also encrypt/decrypt points, you can get that data "in the clear", and then only have to worry about the relatively small percentage of data traveling those links where the data itself is encrypted (usually using much weaker/faster on the fly encryption, so probably breakable).


I obviously have no clue how exactly the NSA collects data. But if we assume that they are collecting massive amounts of data and decrypting it in near real time, this is how they would likely do it. Not because I know that's what they're doing, but because it's how I would do it if I were tasked with collecting that much data in a useful manner. You just have to understand how data transfers across the net works to see this. But most people's understanding is based on watching TV and films, where it's always about "hacking in". But if you have the money and resources to physically layer yourself along the backbones of the internet, you don't need to do that. And as I said, that's what I would do if I were asked to build a system to collect as much internet traffic as possible in near real time. It's completely invisible.


Well, I ,for one, am convinced. Obviously, if Gbaji, our world renowned network expert ( to the extent that he has
Quote:
a fairly complete understanding of network protocols, layers, packet layouts, etc.
) then everything is fine. Go back to bed America. We figured it out.The government is in control again. Lets go home. Obviously, undermining the world wide network standards is nothing to worry about; Gbaji himself declared it to be so. Gathering data that the NSA supposedly was not supposed to gather, lying about the scope of the gathering to congress, and then, probably for sh*t and giggles, sharing it with Israel.

You are right. It is definitely worth a shrug. Could you tell me at what point would you consider any of it an issue? At this point, I am really curious.

As a side note, could you stop with discussion of the perception of hacker in the general populace. That perception, admittedly, does not help, but the general US populace is.. well, lets just say, I occasionally question whether Flynn effect is actually true. Speaking of a lone evil hacker, how about Snowden? Would you qualify him as such? After all, as far as we know, he merely used his sysadmin rights ( to pretend he is someone with more rights:P).

Edited, Sep 11th 2013 10:32pm by angrymnk
____________________________
Your soul was made of fists.

Jar the Sam
#33 Sep 12 2013 at 7:25 AM Rating: Good
******
43,650 posts
gbaji wrote:
However, and perhaps more significant to this conversation, I do have a fairly complete understanding of network protocols, layers, packet layouts, etc.
So you're telling us we should disregard what you're saying here. Got'cha.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#34 Sep 12 2013 at 7:28 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
His fancy book & job learnin' ain't no match for my common sense and intuition on what's really what!
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#35 Sep 12 2013 at 8:38 AM Rating: Decent
Lunatic
******
29,328 posts
So you're telling us we should disregard what you're saying here. Got'cha.

He's basically telling you he's a plumber who works with cables and less complex systems. When he claims to use code, he's talking about command line data entry from a manual or at best BASH scripts. Which is fine, and most people can't do that much, but it really doesn't offer much insight into cryptography any more than a the guy who pumps your gas has special insight into electric cars.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a ****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ****. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#36 Sep 13 2013 at 4:23 PM Rating: Decent
Encyclopedia
******
31,593 posts
Smasharoo wrote:
That said, it would be fairly trivial for NIST to make AES-256 (or whatever) vulnerable to fast novel attacks.


Not without about 10,000 people (at a minimum) knowing it though. Hence the problem.

Quote:
You don't understand cryptanalysis well enough for me to bother with going into this more deeply, but, basically, yes, if given sufficient influence over a standards body, ciphers can be modified to be easily breakable in ways that will not be apparent.


Er. It really sounds like it's *you* who doesn't understand cryptography though (which is what we're talking about here). The encryption itself is just math. Math doesn't have "backdoors". In this context, it does have stronger and weaker though, but those attributes are directly visible to anyone looking at the math function itself. What you seem to not understand is that from a software perspective, it's the crypto libraries that matter, since they actually implement any particular encryption for applications to use. But those are written by thousands of different people and backdoors would be spotted.

I am not arguing that the NSA couldn't influence standards to increase the adoption of weaker encryption. I'm saying that this is not the same as putting backdoors in place. A backdoor is something that is part of a larger system which allows anyone who knows where it is to bypass normal security. It can literally be a backdoor in a structure, or an open port built into a hardware device, or a listener app that allows specifically coded communication keys to gain entry to a software program.

Convincing the piggies to build their houses out of twigs instead of bricks is not the same as building a backdoor into their homes. I'm just pointing out your misapplication of the term.

Edited, Sep 13th 2013 3:42pm by gbaji
____________________________
King Nobby wrote:
More words please
#37 Sep 13 2013 at 4:41 PM Rating: Decent
Encyclopedia
******
31,593 posts
angrymnk wrote:
You are right. It is definitely worth a shrug. Could you tell me at what point would you consider any of it an issue? At this point, I am really curious.


Um... At the point where law enforcement begins doing it to charge people with crimes not related in any way to national security. I'm far less concerned about a super secret government agency slurping up massive amounts of network traffic and then sifting through it to look for folks the rest of the intelligence agencies should focus on than I am with say CCTV cameras being installed in cities so that police can watch where everyone goes, or our penchant to hand over so much information about ourselves that any investigator can find out exactly where you went yesterday, what you ate, who you spoke with, what purchases you made, etc, all without needing any massive computer farms anywhere. I'm far more concerned with a government that manipulates our environment in order to manipulate us than one that collects information about us.

What made Big Brother authoritarian wasn't that it was watching you all the time. Because that part of the story was demonstrably ineffective. It was Big Brothers control of media and information and even language that allowed it to control the people. I think a lot of people fail to grasp that. The real threat isn't information the government has about you, but government control of information you receive. We live in an age where we leave digital footprints everywhere we go. Trying vainly to secure that somehow is probably counterproductive. I'd much rather focus on making sure that the information we're exposed to is "free" in the sense that anyone can communicate what they want to anyone they want.


The day to be concerned is when you start seeing clamp downs on what you can read or watch.


Quote:
As a side note, could you stop with discussion of the perception of hacker in the general populace.


I'll stop the moment people stop assuming that an agency like the NSA gains information via the same methods.

Quote:
Speaking of a lone evil hacker, how about Snowden? Would you qualify him as such? After all, as far as we know, he merely used his sysadmin rights ( to pretend he is someone with more rights:P).


Of course he's not a hacker. He was given access to the data he stole. I don't consider him anything more than a guy who read a bunch of 10,000 foot documents about a subject he only half understood, and decided to panic and light his hair on fire and run around the room screaming that we're all going to die.
____________________________
King Nobby wrote:
More words please
#38 Sep 13 2013 at 5:42 PM Rating: Decent
**
563 posts
gbaji wrote:
angrymnk wrote:
You are right. It is definitely worth a shrug. Could you tell me at what point would you consider any of it an issue? At this point, I am really curious.


Um... At the point where law enforcement begins doing it to charge people with crimes not related in any way to national security. I'm far less concerned about a super secret government agency slurping up massive amounts of network traffic and then sifting through it to look for folks the rest of the intelligence agencies should focus on than I am with say CCTV cameras being installed in cities so that police can watch where everyone goes, or our penchant to hand over so much information about ourselves that any investigator can find out exactly where you went yesterday, what you ate, who you spoke with, what purchases you made, etc, all without needing any massive computer farms anywhere. I'm far more concerned with a government that manipulates our environment in order to manipulate us than one that collects information about us.
.


So are you ok NSA grunts spying on their exes? I mean it is not like anyone is suggesting any kind of slippery slope argument here... People are just people. If you give them vast, unchecked power, they will use it. I take it, LOVEINT is acceptable use of taxpayers money?

The fact, that you even draw a line crimes related to national security makes me chuckle. These days and age... everything is about national security. If you don't believe me, try submitting FOIA what is the most common excuse not to do anything. In case you did not notice, "because National Security" has long since replaced "because Communism!" .

As a side chuckle, for you to consider, I will add that national security made it kinda hard to know what is happening, what with secret courts and all that. Note that people who, for example, receive NSL, happen to receive, gag orders on the side. Yay, right?

Gbaji, when you started talking about network protocols, I figured I would spend some quality time with you, because if you were just some common ****, even if you spread this stupidity, it would not have mattered as much. Granted, you seem to behave more like a middle management type than an actual engineer, but we can't have you pollute other minds with this kind of filth. Or at least, make your filthy habits less palatable for the naive virgin non-asylumites that enter this forum by mistake.
____________________________
Your soul was made of fists.

Jar the Sam
#39 Sep 13 2013 at 5:53 PM Rating: Decent
**
563 posts
Quote:
he only half understood, and decided to panic and light his hair on fire and run around the room screaming that we're all going to die


Well, long term, we are all going to die. So you are wrong there as well. As for the half-understood comment, he only avoided detected doing something fishy in the NATIONAL SECURITY AGENCY; complete with rigorous checks, reviews, red flag alerts for farting, you name it.

Obviously, he also half understood what he was doing when he managed to show all this information to the journalist by being, at the time it would seem, mildly paranoid.

You were saying?
____________________________
Your soul was made of fists.

Jar the Sam
#40 Sep 13 2013 at 6:53 PM Rating: Decent
Encyclopedia
******
31,593 posts
angrymnk wrote:


Of course not. I'm also not ok with cable guys installing hidden cameras in people's dorm rooms. Or food preparers spitting in people's food. Or any of an endless list of ways that people can abuse their positions to engage in nefarious behavior towards other people. Point being that they're not supposed to be doing that and if caught can suffer loss of job and/or legal charges. I *could* browse though people's documents, email, etc at work. I don't because even though I have the power to do so, I'm not supposed to do so without permission. Same deal IMO.

Quote:
I mean it is not like anyone is suggesting any kind of slippery slope argument here... People are just people. If you give them vast, unchecked power, they will use it.


Er? Isn't that exactly what you're doing? Hey. We give cops the authority to pull people over too. And guess what? Every once in awhile a cop abuses that authority and rapes/kills someone. The problem is that we don't have an all or nothing solution to that problem.

Quote:
I take it, LOVEINT is acceptable use of taxpayers money?


No. But if we assume that there is a need to have intelligence agencies which must have access to "secret" data, then we have to have people who have access to that data. Which means opening ourselves up to the possibility of those people abusing the data they have access to. There's no way around that. You put what precautions you can in place, but that's all you can do.

Quote:
The fact, that you even draw a line crimes related to national security makes me chuckle. These days and age... everything is about national security. If you don't believe me, try submitting FOIA what is the most common excuse not to do anything. In case you did not notice, "because National Security" has long since replaced "because Communism!" .


Um... The national security excuse has been used since before either of us were born and will continue to be used long after we're both dead. This is nothing new. We're not talking about what you or I can find out about what they know, but how they can legally use the information they obtain. Currently, you can't use any information gained "illegally" to file criminal charges. It's why there's such a problem with the whole "treat terrorists as criminals" approach. Our legal system is not designed to work that way. We have very strict rules about evidence that can be used in a trial. Those rules require that data collected be collected legally. So you need warrants for searches of any kind (including electronic).

That's what I was speaking about with regard to national security. As long as those collecting information illegally can't use it for anything within our criminal justice system, I'm not super concerned about it. But if they can use that information to spot attacks before they happen (both traditional and terrorist), that's a good thing. Again, you just can't look at this as all or nothing. It's a matter of degrees. Unless you want to toss out any ability for our government to collect data and examine patterns in that data to spot possible threats to national security you can't ensure that no one who works at such an agency has the potential to abuse the data that they collect.

Quote:
As a side chuckle, for you to consider, I will add that national security made it kinda hard to know what is happening, what with secret courts and all that. Note that people who, for example, receive NSL, happen to receive, gag orders on the side. Yay, right?


Sure. I'm not sure why you feel the need to lump two completely different things together though. The degree to which joe average private citizen can find out what an agency is doing or knows is completely different from what information that agency knows or can access. I guess I just view this as very selective opposition to what is really a fairly normal function of government. By agreeing to be governed we accept that we're giving up some of our freedom in return for protection of the remainder. That's how the whole thing works. When I put a machine gun in the hands of our soldiers, I do with trusting them to use those weapons defending me from enemies and not turning them on me and the rest of the citizens. When I give the power to a legislator to write laws, I do so trusting him to write laws that will serve the cause of freedom/liberty/etc and not pass ones that round us into concentration camps.

Ultimately, governments always have power over the governed. Saying "OMG! They could abuse their power!!!" is somewhat meaningless. You have to put it in the context of what they're actually doing, and some kind of analysis of the relative harm/help of those actions. Hence my /shrug at this. There's an unending list of people saying that the government is stealing their private information for nefarious means. There's a very very very small list of people who can actually show how they were concretely harmed by this.


The question of "who watches the watchmen" should not drive us to eliminate all watchmen. Not unless we're really stupid, that is.
____________________________
King Nobby wrote:
More words please
#41 Sep 13 2013 at 7:00 PM Rating: Decent
Encyclopedia
******
31,593 posts
angrymnk wrote:
Quote:
he only half understood, and decided to panic and light his hair on fire and run around the room screaming that we're all going to die


As for the half-understood comment, he only avoided detected doing something fishy in the NATIONAL SECURITY AGENCY; complete with rigorous checks, reviews, red flag alerts for farting, you name it.


There was no "avoiding" anything. I thought I already said this: He was given access to that information. The difference between him and the other 50,000 people with access to the same data is that everyone else looked at it and said "This is the NSA, of course they collect data". Snowden, on the other hand, suddenly went "What!!!? You mean this agency I'm working for, which exists solely to collect vast amounts of data via clandestine methods and analyzes it for potential security threats is collecting vast amounts of data via clandestine methods? I must alert the media!!!".

He's an idiot. Everyone else "got it". He didn't.

Quote:
Obviously, he also half understood what he was doing when he managed to show all this information to the journalist by being, at the time it would seem, mildly paranoid.


No. He was more than mildly stupid. That's seriously it. He's like the guy who joins the military and then is shocked when he's expected to actually fight. What! You mean I have to hold... a... WEAPON! And shoot it? At people!????

Yeah. He's that dumb. Or perhaps amazingly naive. But I'm going with dumb.

Quote:
You were saying?


Thought I was already clear about what I was saying.
____________________________
King Nobby wrote:
More words please
#42 Sep 13 2013 at 7:18 PM Rating: Decent
**
563 posts
gbaji wrote:
angrymnk wrote:
Quote:
he only half understood, and decided to panic and light his hair on fire and run around the room screaming that we're all going to die


As for the half-understood comment, he only avoided detected doing something fishy in the NATIONAL SECURITY AGENCY; complete with rigorous checks, reviews, red flag alerts for farting, you name it.


There was no "avoiding" anything. I thought I already said this: He was given access to that information. The difference between him and the other 50,000 people with access to the same data is that everyone else looked at it and said "This is the NSA, of course they collect data". Snowden, on the other hand, suddenly went "What!!!? You mean this agency I'm working for, which exists solely to collect vast amounts of data via clandestine methods and analyzes it for potential security threats is collecting vast amounts of data via clandestine methods? I must alert the media!!!".

He's an idiot. Everyone else "got it". He didn't.

Quote:
Obviously, he also half understood what he was doing when he managed to show all this information to the journalist by being, at the time it would seem, mildly paranoid.


No. He was more than mildly stupid. That's seriously it. He's like the guy who joins the military and then is shocked when he's expected to actually fight. What! You mean I have to hold... a... WEAPON! And shoot it? At people!????

Yeah. He's that dumb. Or perhaps amazingly naive. But I'm going with dumb.

Quote:
You were saying?


Thought I was already clear about what I was saying.


Interesting, I can only assume that the corollary to Snowden being dumb and/or naive is NSA being incompetent ( for letting dumb naive person access that data )? If not, what other inference would you draw?
____________________________
Your soul was made of fists.

Jar the Sam
#43 Sep 13 2013 at 7:22 PM Rating: Decent
**
563 posts
gbaji wrote:
angrymnk wrote:


Of course not. I'm also not ok with cable guys installing hidden cameras in people's dorm rooms. Or food preparers spitting in people's food. Or any of an endless list of ways that people can abuse their positions to engage in nefarious behavior towards other people. Point being that they're not supposed to be doing that and if caught can suffer loss of job and/or legal charges. I *could* browse though people's documents, email, etc at work. I don't because even though I have the power to do so, I'm not supposed to do so without permission. Same deal IMO.

Quote:
I mean it is not like anyone is suggesting any kind of slippery slope argument here... People are just people. If you give them vast, unchecked power, they will use it.


Er? Isn't that exactly what you're doing? Hey. We give cops the authority to pull people over too. And guess what? Every once in awhile a cop abuses that authority and rapes/kills someone. The problem is that we don't have an all or nothing solution to that problem.

Quote:
I take it, LOVEINT is acceptable use of taxpayers money?


No. But if we assume that there is a need to have intelligence agencies which must have access to "secret" data, then we have to have people who have access to that data. Which means opening ourselves up to the possibility of those people abusing the data they have access to. There's no way around that. You put what precautions you can in place, but that's all you can do.

Quote:
The fact, that you even draw a line crimes related to national security makes me chuckle. These days and age... everything is about national security. If you don't believe me, try submitting FOIA what is the most common excuse not to do anything. In case you did not notice, "because National Security" has long since replaced "because Communism!" .


Um... The national security excuse has been used since before either of us were born and will continue to be used long after we're both dead. This is nothing new. We're not talking about what you or I can find out about what they know, but how they can legally use the information they obtain. Currently, you can't use any information gained "illegally" to file criminal charges. It's why there's such a problem with the whole "treat terrorists as criminals" approach. Our legal system is not designed to work that way. We have very strict rules about evidence that can be used in a trial. Those rules require that data collected be collected legally. So you need warrants for searches of any kind (including electronic).

That's what I was speaking about with regard to national security. As long as those collecting information illegally can't use it for anything within our criminal justice system, I'm not super concerned about it. But if they can use that information to spot attacks before they happen (both traditional and terrorist), that's a good thing. Again, you just can't look at this as all or nothing. It's a matter of degrees. Unless you want to toss out any ability for our government to collect data and examine patterns in that data to spot possible threats to national security you can't ensure that no one who works at such an agency has the potential to abuse the data that they collect.

Quote:
As a side chuckle, for you to consider, I will add that national security made it kinda hard to know what is happening, what with secret courts and all that. Note that people who, for example, receive NSL, happen to receive, gag orders on the side. Yay, right?


Sure. I'm not sure why you feel the need to lump two completely different things together though. The degree to which joe average private citizen can find out what an agency is doing or knows is completely different from what information that agency knows or can access. I guess I just view this as very selective opposition to what is really a fairly normal function of government. By agreeing to be governed we accept that we're giving up some of our freedom in return for protection of the remainder. That's how the whole thing works. When I put a machine gun in the hands of our soldiers, I do with trusting them to use those weapons defending me from enemies and not turning them on me and the rest of the citizens. When I give the power to a legislator to write laws, I do so trusting him to write laws that will serve the cause of freedom/liberty/etc and not pass ones that round us into concentration camps.

Ultimately, governments always have power over the governed. Saying "OMG! They could abuse their power!!!" is somewhat meaningless. You have to put it in the context of what they're actually doing, and some kind of analysis of the relative harm/help of those actions. Hence my /shrug at this. There's an unending list of people saying that the government is stealing their private information for nefarious means. There's a very very very small list of people who can actually show how they were concretely harmed by this.


The question of "who watches the watchmen" should not drive us to eliminate all watchmen. Not unless we're really stupid, that is.



We are finally getting somewhere. You are not ok with abuse. Good to hear this. Now, I hope you recognize that it is tad difficult to spot the abuse in the NSA system. Note that Snowden went public with his abuse. Imagine what a secretive person would do?:>

____________________________
Your soul was made of fists.

Jar the Sam
#44 Sep 13 2013 at 8:14 PM Rating: Decent
Encyclopedia
******
31,593 posts
angrymnk wrote:
We are finally getting somewhere. You are not ok with abuse. Good to hear this. Now, I hope you recognize that it is tad difficult to spot the abuse in the NSA system.


Of course.

Quote:
Note that Snowden went public with his abuse.


No. He went public with the shocking information that the NSA was collecting data. Abuse would be if they used the data they collected on *you* (for example) to blackmail you in some way. Has Snowden provided any information about uses of the data collected by the NSA to do anything nefarious and outside their national security role?

Quote:
Imagine what a secretive person would do?:>


A secretive person would recognize that he works for an agency that collects lots of data for use with national security goals and would keep a look out for abuses/misuse of that data and make a decision whether to blow the whistle on that kind of activity when it happens (and yes, this sort of whistle blowing has occurred before Snowden came along). He would understand that as an agency with that sort of access, comes the responsibility to use that access correctly and responsibly and not take advantage of it for personal reasons. Obviously, humans being flawed, some people aren't going to be able to handle that level of responsibility.

I think the difference is that I don't view the NSA collecting the data as abuse by itself. In more or less the same way I don't view a cop pulling someone over as abuse by itself either. Having power isn't the same as abusing power.
____________________________
King Nobby wrote:
More words please
#45 Sep 13 2013 at 11:33 PM Rating: Excellent
gbaji wrote:
I guess I just view this as very selective opposition to what is really a fairly normal function of government. By agreeing to be governed we accept that we're giving up some of our freedom in return for protection of the remainder. That's how the whole thing works. When I put a machine gun in the hands of our soldiers, I do with trusting them to use those weapons defending me from enemies and not turning them on me and the rest of the citizens. When I give the power to a legislator to write laws, I do so trusting him to write laws that will serve the cause of freedom/liberty/etc and not pass ones that round us into concentration camps.
I'll never wrap my head around the fact that you can objectively view government functions like the ones being discussed here in a rational and clear way (and for the record, I'm not disagreeing with you here at all) and then turn around and be absolutely unable or unwilling to apply it to things like using taxes to help the poor.
____________________________
Allegory wrote:
Bijou your art is exceptionally creepy. It seems like their should be something menacing about it, yet no such tone is present.
#46 Sep 14 2013 at 8:46 AM Rating: Decent
Lunatic
******
29,328 posts
Er. It really sounds like it's *you* who doesn't understand cryptography though (which is what we're talking about here). The encryption itself is just math. Math doesn't have "backdoors". In this context, it does have stronger and weaker though, but those attributes are directly visible to anyone looking at the math function itself.

No. I'm not going to respond to any more "you don't understand this as well as I do after goggling for ten seconds." I've spent a fair amount of time on cryptanalysis. It's never been my primary concentration academically or professionally, but I've worked in many environments where a working knowledge was beneficial. Were what you've mistakenly stated here correct, novel fast attacks wouldn't exist and the only way to break cyphers would be brute force attacks. This isn't the case. Can you see why? Just kidding, you obviously can't. Key length isn't a magic bullet. If there's a classified fast novel attack that NSA knows, it's useful until someone else discovered it. Generally, given the amount of talent in this area that's collected there, they are about 2 yearssih ahead.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a ****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ****. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#47 Sep 16 2013 at 7:17 AM Rating: Good
******
43,650 posts
Friar Bijou wrote:
I'll never wrap my head around the fact that you can objectively view government functions like the ones being discussed here in a rational and clear way (and for the record, I'm not disagreeing with you here at all) and then turn around and be absolutely unable or unwilling to apply it to things like using taxes to help the poor.
There's no clear side so he's forced to flip a coin and go with whatever it decides.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#48 Sep 16 2013 at 7:27 AM Rating: Good
Skelly Poker Since 2008
*****
15,896 posts
Friar Bijou wrote:
gbaji wrote:
I guess I just view this as very selective opposition to what is really a fairly normal function of government. That's how the whole thing works. When I put a machine gun in the hands of our soldiers, I do with trusting them to use those weapons defending me from enemies and not turning them on me and the rest of the citizens. When I give the power to a legislator to write laws, I do so trusting him to write laws that will serve the cause of freedom/liberty/etc and not pass ones that round us into concentration camps.
I'll never wrap my head around the fact that you can objectively view government functions like the ones being discussed here in a rational and clear way (and for the record, I'm not disagreeing with you here at all) and then turn around and be absolutely unable or unwilling to apply it to things like using taxes to help the poor.
I think this is backwards....
Quote:
By agreeing to be governed we accept that we're giving up some of our freedom in return for protection of the remainder.
I don't give up freedoms in agreement to be governed. We will be governed. That's inevitable as long as we choose to live among other peeps. We agree to be governed by a democratic institution in exchange for allowing us basic freedoms.





Edited, Sep 16th 2013 3:27pm by Elinda
____________________________
Alma wrote:
Post and be happy!
#49 Sep 16 2013 at 4:34 PM Rating: Decent
Encyclopedia
******
31,593 posts
Friar Bijou wrote:
gbaji wrote:
I guess I just view this as very selective opposition to what is really a fairly normal function of government. By agreeing to be governed we accept that we're giving up some of our freedom in return for protection of the remainder. That's how the whole thing works. When I put a machine gun in the hands of our soldiers, I do with trusting them to use those weapons defending me from enemies and not turning them on me and the rest of the citizens. When I give the power to a legislator to write laws, I do so trusting him to write laws that will serve the cause of freedom/liberty/etc and not pass ones that round us into concentration camps.
I'll never wrap my head around the fact that you can objectively view government functions like the ones being discussed here in a rational and clear way (and for the record, I'm not disagreeing with you here at all) and then turn around and be absolutely unable or unwilling to apply it to things like using taxes to help the poor.


Three main reasons:

1. Because the former affects us all and protects us all equally, while the latter affects us unequally and protects us unequally. It is innately problematic to have a government that targets one group of people for negative effects and "balances" that by targeting another group with positive effects. This is even more problematic when the system of government is democratic in nature.

2. As I have attempted to explain numerous times on this forum, there is a huge difference between protecting someone from a negative effect and providing a positive one to them. Passing a law which protects someone from having their stuff stolen is radically different from passing a law which gives people stuff in the first place. This is really a fundamental concept of liberalism and it's frankly alarming how many people in our society simply don't understand it at all.

3. I disagree with the assumption that what we use that tax money for actually helps the poor. And this is usually situational and a matter of degrees for me. I have never argued against tax grants for charitable organizations running soup kitchens, halfway houses, retraining facilities, etc. What I argue against most is the "free money" programs. Many of these are designed to provide aid to people while still allowing them to maintain the illusion of the same kind of life a working person would have. We even retooled foodstamps to use cards that look like credit cards, specifically because it's somehow cruel for people to have to suffer the stigma of using food stamps at the check out line. I think that's counterproductive. You want to prevent people from starving on the street, but you also want to make poverty a condition that they'll work as hard as possible to get out of. So yeah, I vehemently oppose spending that seems designed to simply make poverty a way of life for many people, not because I hate poor people, but because I believe that you're hurting those people in the long run by doing that.



Good enough?

Edited, Sep 16th 2013 3:35pm by gbaji
____________________________
King Nobby wrote:
More words please
#50 Sep 17 2013 at 7:41 AM Rating: Good
******
43,650 posts
gbaji wrote:
Good enough?
If you convinced yourself, then you've convinced one person.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#51 Sep 17 2013 at 7:47 AM Rating: Decent
Lunatic
******
29,328 posts
I disagree with the assumption that what we use that tax money for actually helps the poor. And this is usually situational and a matter of degrees for me. I have never argued against tax grants for charitable organizations running soup kitchens, halfway houses, retraining facilities, etc. What I argue against most is the "free money" programs. Many of these are designed to provide aid to people while still allowing them to maintain the illusion of the same kind of life a working person would have. We even retooled foodstamps to use cards that look like credit cards, specifically because it's somehow cruel for people to have to suffer the stigma of using food stamps at the check out line. I think that's counterproductive. You want to prevent people from starving on the street, but you also want to make poverty a condition that they'll work as hard as possible to get out of.

You could literally build a homeless shelter with all of the papers done on this. The best way to encourage class mobility is to move the poor upwards toward the middle class. The most efficient and effective way to do this is to JUST GIVE THEM MONEY. There's no evidence based debate. What you're advocating simply DOES NOT WORK. Not, in any way, an open question. If you want to have some sort of "moral" objection to what you've outlined above, feel free. The idea that it's less effective is simply false. Provably false. Has been proven false over and over.

http://scholar.google.com/scholar?q=effect+of+stigma+on+class+mobility&hl=en&as_sdt=0&as_vis=1&oi=scholart&sa=X&ei=Ll04UrX1Dvbd4APhiYD4Bg&ved=0CCoQgQMwAA

You could start here, but there's literally too much to cite effectively. You're, in effect, arguing that motivation is the primary factor in overcoming poverty, which was a laughable idea in 1954. It's almost offensive now.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a ****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ****. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

« Previous 1 2
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 38 All times are in CDT
Poldaran, trickybeck, Anonymous Guests (36)