Help Create Some Neil deGrasse Tysonisms: Tautologically Meaningless Solutions To All The World's Problems
from the good-luck dept
A few months ago, we wrote about some fairly ridiculous statements from rockstar astrophysicist Neil deGrasse Tyson, which showed that he was rather ignorant about how innovation worked. As we said at the time, it’s great that we even have what’s considered a “rockstar astrophysicist” today, and I really appreciate the work that he’s done to get people interested in science, but when it comes to fields like innovation, it appears that Tyson does not use the same rigor in making sure he actually understands what he’s talking about (and, apparently the same is true in other areas as well). For a guy who famously went crazy until James Cameron put the correct star patterns in the background sky in Titanic, you’d think he’d be a little more careful about making nutty statements. But then he launched this one on Saturday morning:
Obama authorized North Korea sanctions over cyber hacking. Solution there, it seems to me, is to create unhackable systems.
We’ve already discussed the pointless sanctions, but the real whopper is the second sentence in that tweet. This is the kind of thing that people totally ignorant of the subject would say. It’s not hard to demonstrate why by applying the same logic to other fields — like, say, astrophysics:
Getting to other galaxies is hard. Solution there, it seems to me, is to build faster-than-light spaceships.
Or, how about death:
Dying sucks. Solution there, it seems to me, is to create immortality.
Violence?
There is too much violence in the world. Solution there, it seems to me, is to create people who are only nice.
Education?
Too many people are uneducated. Solution there, it seems to me, is to create people who learn better.
Go ahead and create your own…
Filed Under: it seems to me, neil degrasse tyson, solution, sony hack, unhackable
Comments on “Help Create Some Neil deGrasse Tysonisms: Tautologically Meaningless Solutions To All The World's Problems”
Hacked? Solution there, it seems to me, is to disconnect system from the Internet. Booom! You are unhackable. Actually this should be applied to any critical system.
Re: Re:
Not totally unhackable, as the system can still be compromised by an inside job, but certainly a significant improvement in security.
Re: Re: Re:
Or a system designed to get around “air-gaps”. See Stuxnet, for example.
Re: Re:
The disconnect in the Sony case is not so much the network, but the network management team who appear to think its cheaper to insure against the loss than prevent the loss. The lax network structure and security is the product of uncritical doublethink in the boardroom. Unlikely that they’ll revisit that once they have put out all the fires…
Re: Re: Re:
See? That’s why they should disconnect from the Internet. Added bonus: they won’t be missed.
Re: Re: Re:
The disconnect in the Sony case is not so much the network, but the network management team who appear to think its cheaper to insure against the loss than prevent the loss.
Only because their management fired the previous network management team because they were too expensive and went with the lowest bidders to replace them. The blame for this really is on the managers of the network management team.
The lax network structure and security is the product of uncritical doublethink in the boardroom.
Bingo. It is also a lack of planning and a dangerous lack of enforced security policy. People were putting vital information in unencrypted text files and running trojan horses sent to them via email, and nobody saw this as a problem despite years of best practices and public education into the dangers of the internet. I suspect there were a lot of people higher up in the organization who thought security policy is that thing that makes it difficult to get your job done, so Sony shouldn’t have one, too.
Unlikely that they’ll revisit that once they have put out all the fires…
At some point it will become too expensive for them to continue doing this. Sadly, instead of disappearing, I suspect they will just go to their friends in government and have them change the world to make it safer for Sony to live (because that has worked so wonderfully in the past.)
Re: Re:
Not remotely. Just call up the office at night and have the security guard give you access (cf. Hackers). Or if it’s on some internal network, get on that network (especially if it’s something like a power grid that necessarily crosses lots of land).
A little miffed about someone else getting attention? Solution there, it seems to me, is to engage in reductio ad absurdum.
The truth is, he’s not wrong. Isn’t that EXACTLY how innovation works? We build a rocket that doesn’t go all the way into space, then we build a better rocket. Computer systems aren’t as robust as they need to be? Build better computer systems. Try, fail, learn, try again. That’s EXACTLY how innovation works.
Re: Re:
Try, fail, learn, try again. That’s EXACTLY how innovation works.
If that’s what he was advocating, that would be right.
But it’s not. He’s advocating a tautology. Tautology is not innovation it’s stating the same thing twice. He’s not talking about improving systems, he’s just saying “hey, don’t do this.” “Want to live? Don’t die.” That doesn’t help an innovator in any way. It’s useless.
Re: Re: Re:
You ASSUME that’s what he’s advocating. The truth is, unless you were inside his head when he was typing, from 140 characters, you really don’t know exactly what he was advocating.
Re: Re: Re: Re:
You ASSUME that’s what he’s advocating. The truth is, unless you were inside his head when he was typing, from 140 characters, you really don’t know exactly what he was advocating.
I’m sorry, are you arguing that there’s some other world in which his words don’t mean what they say? He stated a tautology.
Re: Re: Re:2 Re:
I’m sure there is some multi-dimensional theory in which his words mean something completely different.
He’s pretty smart with that kind of thing.
Re: Re: Re:3 Re:
He’s pretty smart with that kind of thing.
or maybe not -after all if he applies the same careless logic to his day job he’ll make a lot of mistakes there too.
Re: Re: Re:4 Re:
Depends — this sort of talent is highly sought after by the US government these days… maybe he’s looking for a government contract?
Re: Re: Re:3 Another gas giant.
He doesn’t even get the basic philosophy of science right. This gets easily missed because the population at large is largely ignorant. He’s like a journalist spouting off. The vast majority really has no way to fact check him. This would be especially true for what is degree is actually in rather than the random tangents he typically spews about.
Re: Re: Re:4 Another gas giant.
What do you mean he doesn’t even get the basic philosophy of science right?
Most people have no way to fact check any scientific claim, what’s that got to do with Neil?
Re: Re: Re:2 Re:
Stated a problem as a tautology? Solution there, it seems to me, is to state problem as a tautology.
Re: Re: Re: Re:
That IS what he’s advocating. Whether that’s what he intended to advocate is a different question. As an effective science writer, however, I tend to assume that he is good at saying precisely what he means. Also, he has a pretty long history of making specious or uninformed comments regarding fields he’s not an expert in.
Re: Re: Re:2 Re:
Him and every other physicist in the world. And a lot of the engineers. And tons of actors. And many politicians. There was a SMBC comic that dealt with this. It turns out that experts tend to be INSANELY GOOD at one or two things. Otherwise they’re just as stupid as anyone else, and in many cases dumber because they put so much time and effort into their particular field that they’re worthless in many other ways.
Why does anyone care what a rock star physicist has to say about hacking? Or what an electrical engineer has to say about how to fix the economy? Or what an actor thinks about the current political climate? Anyone who really thinks this is a good idea should be beaten with the stick of knowledge. Listen to experts about their field. Disregard everything else they say.
Re: Re: Re:3 Re:
“Him and every other physicist in the world. And a lot of the engineers. And tons of actors. And many politicians.”
Indeed. And they get equally ridiculed when they spout nonsense.
“Why does anyone care what a rock star physicist has to say about hacking?”
Because he’s not just a scientist, but a scientist who has made it his business to explain science topics to the public and whom the public has great trust in. He is rightfully held to a higher standard on these sorts of things than actors, etc.
Look at the shoes he’s trying to fill: Carl Sagan. Carl Sagan almost never made public assertions of fact without being able to support them. Tyson would do well to follow in that path — it would enhance his own stature and would go much further in terms of actually educating people.
Re: Re: Re:4 Re:
I respect what you’re saying. However, I think people put too much credence in what others say about topics that aren’t in that person’s chosen field.
Re: Re: Re:4 Re:
Re: Re: Re:
I disagree.
I think his point is that, since it is impossible for Sony to create an unhackable system (especially since they’re not even trying), it therefore becomes impossible for NK to avoid frivolous and unfounded sanctions by the US.
In sarcasm, a tautology can be your friend…
Re: Re: Re:
“Want to live? Don’t die.”
Solution there, it seems to me, is to use health potions wisely. Or not touching enemies when not powered up by weed or mushrooms. Or not touching enemies with zero rings. Hah, this can be entertaining!
Re: Re: Re: Re:
Mario Bros, Resident Evil and Sonic has more to teach us than this Tyson guy in fields other than astrophysics.
Re: promoting the fallacy
“Technology isn’t focused on the real problems in the world. Solution there, it seems to me, is to innovate more usefully.”
Thing is, you’re both wrong. Innovation in technology doesn’t arise from need per se and in general. That fallacy comes from not looking at innovation as it is, in the particular and actual manner that it occurs.
Innovation is based on the manner in which technology itself appears. Technological things have an ontological oddity in that they can “stand-in” for technology itself. Other things cannot. The result is that any given technology produces the potential that innovation innovates to replace it with. What produces the features in the next iPhone, or produced the iPhone, iPad and various other things from the Apple Newton? That they dfemonstrate their own inadequacy in an immediate and tangible way and thus in a sense create the need to innovate.
Need in general has never been the prod to innovation, specific needs that first become thinkable only on the basis of an inadequacy of any given technology in realizing the essence of technology are always the prod of actual, particular innovations.
Re: Re:
The problem is, in this area, we don’t learn.
There are two very simple fixes that would eliminate the vast majority of hacks and security vulnerabilities on the entire Internet. Everyone knows it, and has known it for decades, and yet we haven’t implemented either one.
The two largest sources of devastating security hacks over a network involve compromising the application server via buffer attacks (a venerable technique dating back to the 1980s and the Morris Worm) and compromising the database via SQL injection.
SQL injection is very simple. Without getting too technical, you can stop it in its tracks by using something called Parametrized Queries. If you properly set up parameters on every bit of SQL you write, it’s 100% impossible for your site to get hacked by SQL injection. The problem is, parametrization is not an obvious process, and a lot of people create SQL injection vulnerabilities out of pure ignorance: they just don’t know that the obvious way is wrong, or how to do it the right way.
This could be fixed by having a mode in the database server–which is on by default and can only be turned off by someone who knows what they’re doing–that will reject any query that’s not properly parametrized with an error message stating that you need to use parameters. Goodbye SQL injection! But we’ve never done it.
Buffer overflows, likewise, have a very simple solution, because they stem from a very well-defined problem, and that problem is people creating poorly-managed buffers in C and closely related languages. In most languages outside the closest relatives of C, buffer overflows are either flat-out impossible or take some real effort to create because of improved memory management baked in at the language level. But in C, it’s so easy to get wrong that not only can an ignorant developer who doesn’t know what he’s doing easily screw it up, but people with years of experience who honestly do know better can and do make the same mistakes, consistently!
This is where a good number of those security patches you get every month comes from. The devastating Heartbleed vulnerability was a buffer overrun bug. They’ve been making the Internet insecure for a quarter-century now, and all along the solution has been obvious: stop using C for network-facing software!
But we haven’t.
Fixing those two simple things would instantly clear up the majority of all hacks. It wouldn’t magically “create unhackable systems” like Tyson seems to think is possible, but it would get us pretty darn close, and it would be easy! But we haven’t done it.
Try, fail, learn, try again. That’s how innovation works, but in computer security, we seem to keep falling flat on our faces at the “learn” step.
Re: Re: Re:
The two largest sources of devastating security hacks over a network involve compromising the application server via buffer attacks (a venerable technique dating back to the 1980s and the Morris Worm) and compromising the database via SQL injection.
Don’t forget social engineering. More difficult to solve.
Re: Re:
Reminds me of the almost-immortal Cave Johnson:
http://www.portal2sounds.com/135#q=science&w=cave%20johnson
V/I Ratio
If every village is to have its village idiot it seems to me that the obvious solution is to build a LOT more villages..
His wording was poor, but I think the point deGrasse Tyson was trying to make is the same been made here before: if Sony doesn’t want to be repeatedly hacked, they should actually invest in some real cybersecurity. Storing passwords in plaintext files in a folder named ‘Passwords’ isn’t going to cut it.
Re: Re:
if Sony doesn’t want to be repeatedly hacked, they should actually invest in some real cybersecurity. Storing passwords in plaintext files in a folder named ‘Passwords’ isn’t going to cut it.
Eh, I don’t think so. There’s a big difference between better security and “unhackable.” And the difference is important. It gets back to Schneier’s discussions on airport security. People keep trying to set up airport security with the ridiculous claim that no bad guys can get through, but that’s impossible and stupid. The way you do that is you don’t let anyone fly.
The point is, if you want the benefits of air travel, you have to admit that there’s some risk and then try to minimize it, while balancing the inconvenience/problems that creates. You don’t try for perfect. You balance the tradeoffs.
Same with computer security. But the point NDT is making here ignores those tradeoffs completely.
Re: Re: Re:
It seems to me that his point was a bit muddled by his attempt to be pithy. Investing in better security is obviously a better use of resources than pointlessly sanctioning NK. (Are there any sanctions we aren’t already using?)
This is just nitpicking about a poor choice of phrase.
Re: Re: Re: A fundemental misunderstaning of the subject.
You can’t make Sony absolutely secure. They are too juicy of a target. Someone will ALWAYS want a piece of them. The best they can do is make things more difficult. This goes for ANY sort of security and isn’t just limited to computer tech.
As a public figure with a target on his back, Tyson should understand this better.
The little people can get away with a couple of locks. Celebrities and the 1% can’t.
Re: Re: Re:2 A fundemental misunderstaning of the subject.
There is no such thing as absolute security. Period, full stop. It doesn’t matter how big or how small the target is.
That said, why should NDT know better? He’s not a security expert, he isn’t even in the IT field. He’s a frakking astrophysicist. Because he’s a celebrity, suddenly that means he has to be absolutely accurate 100% of the time, without leaving any room in his statements for misinterpretation? Just as the only unhackable system is one that doesn’t exist, the only person who hasn’t made a mistake in his statements is one that has never spoken. Why are people surprised that he’s human? Why attack him just because he isn’t infallible, when he never claimed to be?
The basic premise of NDT’s statement is sound, even if he screwed up in the delivery.
Re: Re: Re:3 A fundemental misunderstaning of the subject.
Can you provide some references? Although I’m perfectly comfortable with the idea that the task is very hard, and we don’t know how to build unhackable systems yet, I have yet to see a proof or even a particularly good argument that it is actually IMPOSSIBLE to build a perfectly secure system.
Note that I’m really talking about absolute mathematical or physical impossibility, as in faster-than-light travel, as opposed to really, really hard or even the strong suspicion that it’s impossible. Remember the famous words of Lord Kelvin: “Heavier-than-air flying machines are impossible.” … it appears that this learned and experienced man was slightly in error.
Perhaps the issue is that we need a good operational definition of an unhackable system against which to test.
Re: Re: Re:4 A fundemental misunderstaning of the subject.
“I have yet to see a proof or even a particularly good argument that it is actually IMPOSSIBLE to build a perfectly secure system.”
There are such mathematical arguments, but I’ll address the “good argument” part. Here’s why it’s impossible to build a perfectly secure system that remains usable:
In a usable system (I’m talking about all security systems here, not just computer security), there must be a way that authorized access can take place. This point of access is precisely what makes perfect security impossible.
There must be some means for a system to differentiate between legitimate and illegitimate access. With your front door, this way is likely a physical key. That differentiation is impossible to do perfectly in a usable system. All usable authentication methods can be spoofed, and the nature of things ensures this will always be true. If you come up with a system that is actually unspoofable, you’ve also come up with a system that isn’t usable because the rate of false positives that lock out legitimate users will be too high. All methods of authentication must include room for error. Keys get worn, biometric markers change, etc.
Re: Re: Re:5 A fundemental misunderstaning of the subject.
“All methods of authentication must include room for error”
Not all. Nuke codes are single-use. Zero room for error, and they are usable. Single use security (i.e. one time pad or something like that) is one option.
Mind you, the system isn’t friendly by any stretch. But if you want “unhackable” security, then a one-time pad with dual-person physical access via simultaneous hardware activation by armed personnel is pretty damn hard to get past.
Of course that would be overkill for a company to use for simple business data that doesn’t have the capability of killing millions of people.
Re: Re: Re:6 A fundemental misunderstaning of the subject.
Not really: the codes were all 00000000 for 20 years, because the Air Force was “worried that in times of need the codes would not be available”.
Re: Re: Re:7 A fundemental misunderstaning of the subject.
Scary
Re: Re: Re:7 A fundemental misunderstaning of the subject.
heh. Why does that not surprise me?
Re: Re: Re:6 A fundemental misunderstaning of the subject.
So, knowing the code does guarantee the person giving the code has the authority to start a nuclear war.
Re: Re: Re:6 A fundemental misunderstaning of the subject.
“Not all. Nuke codes are single-use. Zero room for error, and they are usable.”
How does that make for zero room for error? Being single-use (or even tying the specific code to a specific nuke) doesn’t eliminate the possibility that the codes get leaked or stolen.
Single use security (i.e. one time pad or something like that) is one option.
Properly done OTPs are mathematically unbreakable, but they have a enormous weakness nonetheless: the distribution of the key. A OTP cipher (like any other cypher) is only as secure as the key distribution method. In the case of OTPs, the key distribution method is such a huge problem that an entire branch of cryptography was invented just to mitigate the problem: public key encryption.
“But if you want “unhackable” security, then a one-time pad with dual-person physical access via simultaneous hardware activation by armed personnel is pretty damn hard to get past.”
Indeed — but even that is a far cry from actually being unhackable. Unhackable is, as far as we know, an impossibility. That’s why security is about economics: you are trying to make it so expensive to get around the security that doing so isn’t worth it. That’s a different thing than being unhackable, though.
Re: Re: Re:7 A fundemental misunderstaning of the subject.
“security is about economics: you are trying to make it so expensive to get around the security that doing so isn’t worth it”
Agreed, but what if the expense of breaking something is so enormous, that the entire planet’s supply of natural/economic resources could not approach 10% of the cost of breaking it, then isn’t it effectively unhackable?
Re: Re: Re:8 A fundemental misunderstaning of the subject.
Temporarily, yes, although practically speaking, I can’t think of any security system that manages to achieve anything even remotely close to that level. But don’t forget the old saw about scientific impossibilities: if a scientist says something is impossible, there is no hope. If a scientist says something is too expensive, then there is hope. Economics constantly change, and sometimes do so suddenly and greatly.
Thus, there is a risk in considering anything “unhackable” when it’s just uneconomical. If you really think something is unhackable, then you are guaranteeing that you will be caught completely unaware and defenseless when the hack eventually happens.
This is all related to a fundamental paradox of security: the minute that you believe you are secure is the minute that your actual security is in great danger.
Re: Re: Re:
From some of the comments, it seems some people are saying that you aren’t understanding what Tyson intended to say. Even if that is the case, I maintain that he has failed to be clear and precise in his communication. If what he intended to communicate was not what he said, the failure is in his phrasing.
If you want people correctly understand what you say, create statements that cannot be misunderstood…
Re: Re: Re: Re:
I agree NDT could have used better phrasing, though he only has 140 characters to use. IMO, Mike is just nitpicking. Instead of using it as a chance to talk about improved security options that could be employed to make a system far more difficult than it is worth for hackers to hack.
Re: Re: Re:2 Re:
The problem, of course, is that (whatever he meant), Tyson is calling for the impossible: unhackable systems. That is not a starting point for a meaningful conversation about security (except perhaps amongst security geeks). It’s just going to get everyone correctly pointing out that he’s asking for something that cannot exist.
Re: Re: Re:3 Re:
“Unhackable system” is semantically a slightly weaker version of “bug-free system,” which I’ll agree is impossible to achieve 100%. However, it doesn’t mean we should simply throw up our hands in despair. Two simple changes could eliminate the bugs responsible for the vast majority of hacks: making SQL database engines reject non-parametrized queries by default, and abandoning the use of C and its unsafe kin in network-facing software. (See my comment above.)
It wouldn’t magically make everything perfect, but it would be a vast improvement. Low-hanging fruit, as developers like to say.
Re: Re: Re:2 Re:
If NDT wants to make a coherent, non-ambiguous statement about computer security, he should simply use more than 140 characters in his tweet.
Re: Re: Re:2 Re:
the guy holds a M.Phil & Ph.D- he should have known better phrasing was needed
by the way- my above point? 78chtrs. it can be done.
Re: Re: Re:3 Re:
As an astrophysicist, he shouldn’t be commenting about fields he knows little or nothing about. With 30 years experience in computers and networking, I’m barely qualified to even enter into high-level technical discussions on network security. I would not comment professionally about any astrophysical discussions, and he shouldn’t comment about network security.
Re: Re: Re:4 Re:
I don’t entirely agree here. He, along with everyone else, should be able to comment on anything that he wants. What he should do is avoid stating things as fact when they’re just speculation or opinion. I sympathize with him — I make this error all the time and it’s a very hard habit to break. However, I am not a famous science spokesperson so I can afford to be a bit more reckless.
Your point about specialty knowledge is right on the money. Everyone understands the problem with specialists when it comes to medicine: specialist doctors tend to be less informed about medical things that don’t fall into their specialty than generalist doctors, and so their opinions outside their specialty are not held to a high standard. What everyone needs to understand is that this is how it works with specialists in all fields, not just medicine.
Re: Re: Re:5 Re:
Very true, and it can be a bit of a shock when you finally discover this principle. Specialists can be even more ignorant than average people because they’ve chronic tunnel vision. They manage to excel in their chosen field by actively ignoring anything they consider extraneous.
Try being the IT guy herding scientists, doctors, or lawyers. It can be quite comical watching these “masters of the Universe” in their chosen field fall flat on their faces every time they step outside it, and I do mean every time. They think Benny Hill is great comedy. They think Karl Marx got a bad rap. They’re often racist, misogynist, can’t for the life of them remember their mother’s birthday, etc., ad infinitum.
“The Absent Minded Professor” was a somewhat funny idea for a movie, but I hated it for glorifying this practice. Nobody should get a pass to ignore all the stuff everybody else has to deal with just because they’ve learned how to specialize better than their competition. Give me a polymath instead anyday.
To make it unhackable, you’d need to prevent access (physical and virtual) to all sorts of folks, you know, customers, the internet, workers, and most especially, management.
You’ll achieve total security. You won’t meet any other business objectives.
Re: Re:
Even just management-proofing a system would get rid of 90% of the threat.
Re: Re:
Indeed. Security is the enemy both of convenience and usability, which is why consumer-aimed products have traditionally been so poor at it. A system that’s usable is one that’s vulnerable.
It’s long been a truism that the only way to make a system truly unhackable via the internet is to disconnect it from the internet. If it’s accessible in any way, there are risks. You can minimise those risks in many ways, but nothing is “unhackable”. Doubly so if there’s human interaction with the system at any point, since they’re the usual vector for attack if a direct attack is too difficult.
Re: Re: Re:
“It’s long been a truism that the only way to make a system truly unhackable via the internet is to disconnect it from the internet.”
That’s only the first part of the truism. The rest of it is: then encase your computer in a block of concrete and drop it to the bottom of the Marianas trench.
Re: Re: Re: Re:
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts.” – Gene Spafford, “Computer Recreations: Of Worms, Viruses and Core War” by A. K. Dewdney in Scientific American, March 1989, pp 110. (From Gene Spafford’s personal quote list.)
Re: Re: Re:
Re: Re: Re: Re:
It is not a false dichotomy at all. Security (even good security) and convenience are always at odds with each other. Bad security is even more inconvenient than good, but that doesn’t mean that good security isn’t inconvenient.
“For example, 2-factor key fobs. Done well they are so much easier to use than complex passwords.”
I disagree completely with your example. First, 2 factor security is inherently more inconvenient than 1 factor (for obvious reasons). Second, a key fob is only more convenient in a certain use case. If you lose or destroy that fob, you will discover that just having a password memorized is much more convenient in other use cases.
As a security engineer, I would love to be proven wrong on this point. Can you demonstrate a generalized case where increasing security does not decrease convenience (either in the electronic or physical world)?
Re: Re: Re:2 Re:
I forgot another point about key fobs: they present a new security threat in that they are easier to steal.
man
He isnt that far off you know. Yes you cant make unhackable systems buy you can do better a whole lot better. Stop letting the NSA get away with weakening the systems we use, and stop them from inserting backdoors and we all need to stop using windows crap. Its windows that is the problem here. Microshill is still selling out to the NSA, so stop using their crap software.
Re: man
Microsoft (!) is still complying with US gov’t demands via National Security Letters to sell out its customers in the interests of national security, so stop using their crap software.
I don’t like MS either, but I don’t blame this on them any more than I blame Google, Apple, AT&T, …
A scientist keeps saying absurdly stupid things. Solution there, it seems to me, is to tell the scientist to STFU and go back to science-y things.
we’re already pretty safe from North Korea. The sanctions are bs. I read the tweet as ‘make it too hard to hack to make it worthwhile’, which should be achievable. Just stop paying the agencies for weakening systems and start paying them (after sending appropriate people to prison, and disbanding the others) to add some real security.
Re: Re:
Yes, the NK sanctions are complete bullshit for a number of reasons. Topping that list is that there is substantial reason to doubt that NK was even behind the hack. Second on that list was that the hack was not even remotely a national security issue.
Evolution
Evolution isn’t working fast enough. We should pre-determine the weaker species (and members of each remaining species), then simply eliminate them proactively.
Re: Evolution
Are you a Rockefeller?
Re: Re: Evolution
Not that I know of, but I am full of snark ☺
Look out, we got a dumbass over here!
“He stated a tautology?” Solution there, it seems to me, is to use proper grammar.
Some problems are insoluble. Solution there, it seems to me, is to solve them.
Re: Re:
Just add Dihydrogen Monoxide, it’s a universal solvent.
Is your sarcasm meter broken today, Mike?
The First Rule of Tautology Club Is....
Lacking knowledge on a subject? Solution there, it seems to me, is either learn more or hire someone who knows.
It seems that too many people are pirating films. The simplest solution, I would imagine, is to make movies worth paying for.
Someone else found out how to make money, instead we should make them not able to make money.
Tautologies
People make life more difficult. Solution there, it seems to me, is just to not create people. All purpose.
unfair
Seems a little unfair to say he went crazy until the stars were fixed in Titanic. That’s a hyperbolic retelling of his own amusing story.
As for his tweet, I’d be more worried about it if it was someone who was supposed to know about computer security, I also don’t hold people to their 140 character brain farts.
Tautology yes, but not quite the same as your examples ...
While certainly a less than useful comment, “… create unhackable systems” is not in the same class as “… build faster-than-light spaceships” or “… create immortality.” Faster-than-light travel and immortality (at least in the literal sense) are known to be physically impossible (that’s not just an opinion, as it’s supported by a great deal of real evidence, but as with all scientific knowledge it’s subject to revision.) Creating unhackable systems is not, however, known to be impossible; we just don’t know how to do it yet.
Re: Tautology yes, but not quite the same as your examples ...
Creating unhackable systems is not, however, known to be impossible; we just don’t know how to do it yet.
I believe it’s impossible to create a totally unhackable system, personally.
It’s related to the old programming axiom: “As soon as you make a program idiot-proof, someone makes a better idiot.”
Re: Tautology yes, but not quite the same as your examples ...
“Creating unhackable systems is not, however, known to be impossible; we just don’t know how to do it yet.”
Creating perfectly secure systems has been known to be impossible for as long as people have been looking at the issue.
Re: Re: Tautology yes, but not quite the same as your examples ...
Hopefully, the definition for “unhackable” is not the same as for “idiot proof”, since my original reply to your post was mistakenly placed here.
Perhaps I’m proving Gwiz’s point. 🙂
Re: Re: Re: Tautology yes, but not quite the same as your examples ...
Even if people aren’t generally idiots they will slip every once in a while. And when there’s a new “unhackable” system there will be shitloads of people trying to hack it. Eventually it will be done and the cycle begins anew. Or the technology has evolved to create the next level of unhackable systems. The fact is any system will be hacked at some point either by vulnerabilities, hardware improvements (brute force) or because someone put an infected pen drive in.
We don't know if P = NP
But the solution would be to prove that is or isn’t.
One does not simply create unhackable systems
Gandalf authorizes quest over ring.
Solution there, it seems to me, is to walk into Mordor.
http://memegenerator.net/instance/57758883
Re: One does not simply create unhackable systems
You shall not pass!
Tech writer judges a person's thinking based on 140 character tweet. GIF at 11.
Do I detect a tech writer’s nose out of joint over an astrophysicist’s tweet? Don’t like it ? You are supposedly a journamalist–go interview him and ask him what he meant. And then write a story without all the hipster angst. That would be better than going insanely crazy over a tweet. Also, more professional and more service to your readers.
Re: Tech writer judges a person's thinking based on 140 character tweet. GIF at 11.
Awesome new word of the day — journamalist
Assuming you meant to suggest Mike is a journalist, Mike has repeatedly corrected this false assumption. This is and always has been an opinion blog. Don’t like it? Go read a newspaper.
Re: Re: Tech writer judges a person's thinking based on 140 character tweet. GIF at 11.
Awesome new word of the day — journamalist
journamalist – noun
You’re too harsh to him, Mike. I get that there CAN’T be “unhackable” systems. But I think what he meant is that US should focus on increasing cyber DEFENSES…not doing stuff like increasing it cyber OFFENSES or applying sanctions…
You disappoint me, Mike.
Open to interpretation
My first thought was that it was a dig on all the back doors the NSA slips/forces/coerces into software and systems that can also allow the bad guys in.
Regardless, this seems like a sentence that is open to a number of interpretations, and to spend the time calling it out and dissecting it strikes me as a bit silly.
I think all he was saying is that sanctioning NC will prove as fruitful as endeavoring to create an “unhackable” system.
I think you are missing the gist of post. Both are meaningless and useless attempts that have zero chance of accomplishing their goal.
But if you are doing something that has no chance of accomplishing it’s goal, trying to build an unhackable system might actually spin off some usable elements. Further sanctions against NK will not.
Don’t criticize what you don’t understand.
Have you considered the possibility that he was taking the piss?
I don’t always understand sarcasm. Solution, no one should use sarcasm when I might not understand it.
Frequently using repetition in sentences? Solution there, stop repeating yourself.
I understood the tweet as meaning ‘the gov helping improve computer security would make much more sense then sanctioning NK’.
Hard to argue with that…
Seams to me that ‘hacking’ has become too generic of a term. I think NDT meant ‘create computers that can’t be remotely exploited’. -and he probably didn’t understand that it wasn’t an exploit that lead the sony breach. exploit != (does not equal) remote exploit != unauthorised access != social engineering, and yet these are often all lumped into the same category of ‘hacking’, which makes the word rather amorphous and hard to generalise about.
The biggest (only?) threat to eventually having non-remote exploitable computers is gov/industry backdoors. Openbsd, might even get you there now- or it might be back doored, lol- but it’s known for having had almost no known exploits over the years. So anyway, ‘unhackable’ -if you mean it in this limited context, doesn’t seam so far-fetched a goal.
hehe
too many people have car accidents, solution there is to have people walk…..
Obama’s lack of transparency hurts the democratic process. Solution there, it seems to me, is [redacted].
Re: Re:
Hah!
“Astrophysicist has his foot in his mouth? Create astrophysicists with smaller mouths and bigger feet!”
—
NDT does need to hold himself to the same standards he holds others.
Tyson is great in his area, but he’s no all spanning genius. And I don’t know why most people haven’t caught on. Whenever I hear him talk about his field of work I’m like “wow, that’s super interesting and well said!”
Just about ANYTHING else I sit there and go “Uhhhhh… if I didn’t know who he was I’d wonder why anyone bother recording this crazy person.”
He’s rather a normal person with his inane thoughts in anything outside of astrophysics.
The pioneer paves the way for others to follow
Not enough blacks get degrees in STEM. Solution there it seems to me is every black child should be me, Neil deGrasse Tyson.
What's next
Typical double standard!
Rock stars
Mah science teecher sez there ain’t no rock star fizzicists, ’cause stars ain’t made outa rocks. They’s made outa hot gas. Maybe this Neil guy is made outa hot gas, ’cause he shore keeps spoutin’ that stuff.
(Judgin’ by thet name, tho, he’s prob’ly made outa chicken.)
different AC here…
“Can you demonstrate a generalized case where increasing security does not decrease convenience (either in the electronic or physical world)?”
A bee keepers suit. a welding mask. a flood dyke. -more generally- ANY security where the consequences, from lack there of, results in a net reduction of convenience or lack of utility. A valid question is, on what time frame does one measure convenience? One might argue, that dealing with the fallout of a breach/hack would be far more inconvenient then implementing the security necessary to avoid such.
Re: Re:
You’re confusing security with safety.
SEEMS TO ME THAT SONY
Sony’s solution to security issues seems to me is not lay off the IT staff warning them
Mike had sense of humour fail
Solution: slap him until he wakes up to himself
Are we sure...
he’s not just making a tongue-in-cheek statement? He’d probably never do that, right?
Re: Are we sure...
Neil deGrasse Tyson famously has no sense of humour whatsoever, so it seems unlikely that he was joking.
security != safety?
“You’re confusing security with safety.”
Am I? where is that line drawn exactly? I think maybe you miss the point/weight of the analogies. sony has been hacked over 50 times in the last decade…
Politics is full of corruption. Solution there, it seems to me, is to vote for honest politicians.
Am I doing it right?
Seems to me...
that SOMEBODY should be sending some of these examples to Tysons’ twitter feed.
He does have a point in that it would be more helpful to work on defensive security instead of cracking back in revenge.
People are too single focused.`
“People are only experts in one or at most two areas for the most part, leading to idiocy when they speak on other topiccs. Solution there, it seems to me, is to only trust polymaths.”
A few malcontent terrorists are blowing sh*t up...
the solution is to have a war to end all terrorism.