Whom Must You Trust? 120
CowboyRobot writes: 'In ACM's Queue, Thomas Wadlow argues that "Whom you trust, what you trust them with, and how much you trust them are at the center of the Internet today." He gives a checklist of what to look for when evaluating any system for trustworthiness, chock full of fascinating historical examples. These include NASA opting for a simpler, but more reliable chip; the Terry Childs case; and even an 18th century "semaphore telegraph" that was a very early example of steganographic cryptography. From the article: "Detecting an anomaly is one thing, but following up on what you've detected is at least as important. In the early days of the Internet, Cliff Stoll, then a graduate student at Lawrence Berkeley Laboratories in California, noticed a 75-cent accounting error on some computer systems he was managing. Many would have ignored it, but it bothered him enough to track it down. That investigation led, step by step, to the discovery of an attacker named Markus Hess, who was arrested, tried, and convicted of espionage and selling information to the Soviet KGB."'
I would trust me.... (Score:5, Funny)
But I know what I've been up to...
Re: (Score:2)
Re:Uplink was visionary (Score:5, Insightful)
Trust is a necessity. People do not have infinite time and skill available. At some point, I must trust someone or something. I must trust my mechanic that he doesn't cut my brakes. I must trust the pizza delivery guy that he doesn't sprinkle his pizza with E605. Of course you can opt to trust NOBODY, but, bluntly, that would indeed leap over the border to paranoia.
But just as you have to pick your battles, you have to pick who to trust and who not to. A good starting point is usually the "cui bono" approach. What's in it for my pizza guy to kill me? Nothing. So I guess it's safe to assume that he wants to continue bringing me pizza because he wants more of my money.
OTOH, with the current situation, I wouldn't trust any government any further than I can throw up.
Re: (Score:2)
Given how I feel about governments, it is most likely the second.
Re: (Score:2)
Like a mixed metaphor whooshing over an Anonymous Coward's head.
Re: (Score:2, Informative)
https://en.wikipedia.org/wiki/... [wikipedia.org]
It makes many of the same arguments as the previous post in a rigorous way, drawing on social science research and game theory for support. Well worth reading for those interested in trust and security.
Posting anonymously to not loose my mods.
Re: (Score:2)
Interesting how Bruce and I tend to have the same ideas. :)
Correct usage? (Score:3, Informative)
The predicate comes first in this sentence?
Re: (Score:3, Funny)
Off the lawn you will get. Put up with this I will not!
Re: (Score:2, Funny)
You need to stop using RPL, that reverse polish notation is not good for you.
Re: (Score:1)
Use this simple test for 99% of the who/whom selection cases. Rephrase the sentence use Thee or Thou. If Thou is correct, use Who, When Thee is indicated, use whom -- The article title is the 1% case when you actually have to understand the grammar enough to distinguish subject vs. object usage.
The rules for selecting Thee vs. Thou are the same, Thou=subject, Thee=object.
For those of you not raised on Thee & Thou, can use the more modern Him and He. He=Who, Him=whom.
Re: (Score:1)
No, the actual article says Who. The moron changed it to Whom because grammar is so hard.
Re: (Score:1)
Yes. Interrogative word movement is very common in English. As in practically every non yes-no question.
Whom you trust ... ? (Score:4, Informative)
Who vs. Whom
This rule is compromised by an odd infatuation people have with whom -- and not for good reasons. At its worst, the use of whom becomes a form of one-upmanship some employ to appear sophisticated. The following is an example of the pseudo-sophisticated whom.
http://www.grammarbook.com/gra... [grammarbook.com]
Re: (Score:1)
But in the case of the title of this article, "whom" is entirely correct.
Re: (Score:1)
Pro tip: use 'whom' when it's merited at the end of a sentence
That's a bad tip. First, that's not how the usage is determined, and second, you haven't cleared up the issue of "when is it merited?"
I believe the rule is that you use "whom" when it's the direct object of a verb or preposition.
Re: (Score:2)
Exactly. Like, for example, in the title of this article.
Re: (Score:1)
Pro tip: use 'whom' when it's merited at the end of a sentence
That's a bad tip. First, that's not how the usage is determined, and second, you haven't cleared up the issue of "when is it merited?"
I believe the rule is that you use "whom" when it's the direct object of a verb or preposition.
My simpe rule of thumb is this: does a "to" in front of who/whom in the sentence fit? If so, then "whom" is the more proper word. For example "(to) Whom did you give this?" sounds more correct than "(to)Who did you give this?". So in the case of the title, "who" sounds more correct than "whom" (now, if the title had said in whom must you place your trust, it would be more correct). I know this is basically what you said, I just felt like resaying it without all those fancy English terms :)
Re: (Score:2)
Actually, we apparently disagree. I believe that between "Who do you trust?" and "Whom do you trust?" it is more correct to use "whom". "Whom" is the direct object of "trust". The standard test applies: when you answer the question, would you use "he" or "him"?
Who is trustworthy?
He is trustworthy.
Whom do you trust?
I trust him.
Now, that's the issue of which is more correct. I wouldn't jump down your throat for asking, "Who do you trust?" but I think "whom" is actually more correct, so I wouldn't correct someone for saying it either.
Re: (Score:2)
Re: (Score:1)
Watch the first 60 seconds of this:
https://www.youtube.com/watch?... [youtube.com]
I know the quality is terrible, but you'll get the idea.
Whom you trust ... ? (Score:1, Funny)
I see that alot.
Re: (Score:2)
I was reading this to find out how to determine whom to trust. I didn't learn much on that topic (Basically, trust no one.) I did, however, learn plenty about "who vs whom."
Re: (Score:1)
I don't know what this "grammarbook" you're using is, but I suggest you stop using it, 'cause it's crap. "Whom" is used when the word the object of a sentence, as it is here. Its position in the sentence as such is irrelevant. The title is completely correct.
Re: (Score:1)
I think you misread the grammarbook entry.
All but the very end of her description is an unremarkable explanation of the accusative of “who”, which is a perfectly ordinary word.
Only at the end did she write, "This rule is compromised by an odd infatuation people have with whom”. And there she described a pretentious and incorrect usage. This is similar to people using “myself” when they mean “me” (then again, Emily Dickenson did this too).
I find it odd you would co
Yes I'm here (Score:3)
What do you want?
Trust is a virgin (Score:1)
Once it's gone, it's gone.
Re:Trust is a virgin (Score:5, Funny)
You could have phrased that better, such as "Trust is like virginity. Once you get fucked, it's gone."
Are you guys too young or what? (Score:2)
TRUST NO ONE [nocookie.net]
Re: (Score:3)
Keep your laser handy. [tvtropes.org]
Why 'must' I trust? (Score:2, Interesting)
The headline indicates a necessity to trust anybody or any entity. There is no necessity to trust anyone. Least of all myself, because time plays tricks with me and I keep changing all the while.
Re: (Score:2)
Depends on semantics.
I must trust everyone on this bus not to pull out a gun and steal my tablet. Otherwise I wouldn't have taken it out.
I must trust the guy at the corner store, because I believed that after I paid for some goods, he wouldn't come running after me calling me a thief.
On the other hand, must I trust anyone or any entity to do the same thing they did in the past? Well only to the extent that it fits with their own best interests. Unfortunately the more removed they are from my circle of influence, the less likely that their best interests coincide with mine.
Still I must trust that the sky wont fall, otherwise I'd never get out of the house.
Re: (Score:2)
You must have a LOT of time on your hands. I have to trust a lot of people and organizations. The guy delivering my pizza that he abstains from putting poison on it, the garage that services my car that they actually service and not wreck it, the manufacturer of my door lock that they don't keep a spare key, the water company that they don't lace it with LSD or send H2SO4 instead of H2O, and of course every single person I meet on my way to work that they don't pull out a gun and kill me.
When you think abou
Re: (Score:2)
Of course you have to trust a bunch of people, most of whom you don't know. You put your life in their hands every time you use certain items (eg your assumption that your new appliance is not laced with explosives). When it comes to knowledge, you can't verify everything yourself and trust that what you were told isn't wildly inaccurate (eg most of science).
Re: (Score:2)
Well, you're commenting on slashdot, so firstly, even if you've validated all your apps and system software against certificates, you're trusting a hardware vendor.
You're also trusting Dice Media not to /dev/null arbitrary comments.
To quote The Wizard's doorman (Score:3)
NOT NOBODY!
NOT NOHOW!
Trust networks can fix this (Score:5, Interesting)
imagine something like linkedin's 'how are you connected to this person' - except instead of 'we worked together' the edges are all of the form 'i trust this person to this extent.'
you take a bunch of statements of this form (node X trusts node Y with level 0.4), all signed by private keys. if you meet someone else, you can see all of the trust paths from you to them, to decide how much you trust them, and to what extent.
then, instead of having to personally know someone else personally, i can say 'there are 300 paths from me to this woman. 250 of them are strictly positive with trust levels over 0.7 which is my default threshold for comfort. all of the negative ones turn negative over two hops from me, and only three are intensely negative. i already had weak trust levels for intermediary nodes between myself and the negative inbound edges to her. she's fine, and i have more confidence in my negative assessment of those intermediary nodes.'
this could be huge. it would let us have more trust in strangers, and it would let us do things like this:
Re: (Score:2)
Wouldn't you just lower your trust level between you and that person, then? In other words, if you have a trust network A - B - C where B reports trusting C 100% but A thinks B is lying, then A reduces his trust in B to zero and the amount that B trusts C no longer matters.
Re: (Score:1)
Which would work well if you could trust people to consistently submit "trust statements" truthfully and accurately. Sometimes people lie when they tell you who they trust and who they don't.
People lie but no so much when their lies are detremental to them. Such a web of trust could only be conned by 'fake' nodes which would have a very hard time developing any links to 'real' nodes.
Re: (Score:2)
God this sounds familiar..... and that's because I wrote a PhD thesis about building a system to do something a lot like this. It involved a fairly mediocre web interface wrapping a database of trust relationships specified by end users. A trusts B for 0.7 and B trusts C for 0.6 then you can put together a trust level between A and C by multiplying those together with some user-tweakable distance dropoff. Those trust levels were then measured against the levels required for access to shared data. Maybe
Re: (Score:1)
God this sounds familiar..... and that's because I wrote a PhD thesis about building a system to do something a lot like this. It involved a fairly mediocre web interface wrapping a database of trust relationships specified by end users. A trusts B for 0.7 and B trusts C for 0.6 then you can put together a trust level between A and C by multiplying those together with some user-tweakable distance dropoff. Those trust levels were then measured against the levels required for access to shared data. Maybe you would allow anyone with a 0.7 or higher to read a given document and a 0.9 or higher to contribute to it. It was an interesting idea, but man did I get tired of it by the end. If for some bizarre reason anyone wants to read bits of it google books has some indexed [google.com] and I probably have a pdf laying around somewhere....
I figured it could be quite useful, but I was so fed up with the work in mid-2007 that I never looked back at it.
Thanks for laboring through a thesis on the topic, it's an occasional daydream of mine and I would love a copy. :-)
On trust (Score:2)
Arthur remained very worried.
"But can we trust him?" he said.
"Myself I'd trust him to the end of the Earth," said Ford.
"Oh yes," said Arthur, "and how far's that?"
"About twelve minutes away," said Ford, "come on, I need a drink."
Bruce Schneier (Score:2)
Seriously, if Bruce Schneier can't be trusted, who can?
"must" trust? (Score:2)
Who (Score:3)
Who do you serve, and who do you trust? - Galen
Trust the Computer (Score:1)
No good comments? Not a comment worthy article. (Score:2)
The linked article, which I did read, seems to have no thesis. It meanders from "C compilers can be subverted" to "see if people leave their purses out to judge if a neighborhood is safe". It is as if a high schooler had to write a paper on trust, and cut a paragraph out of each of the top 20 web search results.
Re: (Score:2)
Just enough history on todays enemy, the tech to do the work needed and the correct collection of happy short tech stories from the past.
Thanks to the work of whistleblowers the world now understands:
https://www.eff.org/deeplinks/... [eff.org]
Different govs, the US, UK have total mastery of the 'net' via local shared facilities and people.
http://www.theregister.co.uk/2... [theregister.co.uk] (3 Jun 2014) http://www.nytimes.com/2014/04... [nytimes.com] (APRIL 23, 2014) The standard cr
Well, yes, I was there... (Score:5, Interesting)
It's been a quarter century since I chased down those hackers. Hard to think back that far: 2400 baud modems were rarities, BSD Unix was uncommon, and almost nobody had a pocket pager. As an astronomy postdoc (not a grad student), I ran a few Unix boxes at Lawrence Berkeley Labs. When the accounting system crashed, my reaction was curiosity: How come this isn't working? It's an attitude you get from physics -- when you don't understand something, it's a chance to do research. And oh, where it led...
Today, of course, everything's changed: Almost nobody has a pocket pager, 2400 baud modems are a rarity, and Berkeley Unix is, uh, uncommon. What started out as a weirdness hiding in our etc/passwd file has become a multi-billion dollar business. So many stories to tell ...
I've since tiptoed away from computer security; I now make Klein bottles and work alongside some amazing programmers at Newfield Wireless in Berkeley. Much fun debugging code and occasionally uncorking stories from when Unix was young.
Warm cheers to m'slashdot friends,
-Cliff
Re: (Score:2)
(blush). Thanks!
Now it's your turn: Go forth and make our networked community friendlier, stronger, more trustworthy, and more useful.
Best wishes,
-Cliff
PS: Of course, you raise a fascinating, self-referential question. How can you tell if this posting is from the real Cliff Stoll? I know it's me - and it's easy to prove in person, but difficult online. For the best proof, well, stop by for coffee. Way more fun than posting online.
Re: (Score:2)
And my thanks back to you, oh Anonymous Coward: The 15 cents in royalties from your purchase of m'book is now helping my kids attend college. Uh, it'll last about 1.3 minutes.
You say that you're managing firewalls - all sorts of possibilities! I had the honor of working with Van Jacobson at LBL when he first researched TCP/IP traffic jams and compression. I was amazed at how much could be done by looking at traffic and thinking about the interaction of traffic, buffers, routers, and network congestion.
Re: (Score:2)
I saw a translation of The KGB, the Computer, and Me [youtube.com] that aired back then on German TV, and it was fascinating! Great to see you here on Slashdot Cliff!
Re: (Score:2)
Thanx!
I saw a short section of the German version of that Nova show ... apparently I speak fluent German in the that version!
Mit den besten Wünschen,
-Cliff
Re: (Score:2)
I still remember the fascination from when I first watched The KGB, the Computer, and Me. It was many years later that I finally read The Cuckoos Egg, and I found that even more enjoyable - a fascinating story, well told. I still have it on my bookshelves today.
I also have one of the Klein bottles - a very nifty product, entertaining and educational at the same time.
Thank you for making such rich contributions to the world.
Re: (Score:2)
Hello Cliff, awesome to see you on here. I read "The Cuckoo's Egg" at least once every two years. Never gets old and it's truly a story for the ages. :-)
You had me going there (Score:2)
ACM seems like a reputable publication so I was going in to it thinking I was about to read some interesting stuff, and then this happened:
Even the time of day can be exploited. In 2013 a network attack known as NTP Amplification used Network Time Protocol servers across the Internet in a distributed denial-of-service attack. By spoofing the IP address of a requester, an ever-larger stream of packets could be aimed at a target, swamping the target's ability to respond to TCP/IP requests.
lolwut. The time of day was not exploited, not even a little. The boneheaded "Feature" of having a command to recall a large chunk of data via unauthenticated UDP was exploited. They go on to explain a basic denial of service attack and finish it off by misusing a term as basic as TCP/IP (it doesn't matter what protocol you are using when you are the target of a DDOS, y
My 2 cents (Score:2)
I generally don't trust anyone who says "Trust me".
As Fox Mulder says... (Score:2)
"Trust no one." :P
hosts is on a read-only file system (Score:2)
[To configure Android's DNS resolver], a devtool like ADB and its 'pull' command will do
But when I try to adb push a file back, I get an error "Read-only file system". Google apparently doesn't want end users to be able to specify whom to trust. Apparently I have to back everything up, wipe the device, and pray that everything restores properly before I'm allowed to edit system files.
Re: (Score:2)
Look into OTHER commands like chmod existing in the ADB commandset then
chmod won't do anything if a whole file system is read-only. To make /system writable, it must be remounted, and only root can do that. The key difference between GNU/Linux and Android is that on GNU/Linux, the owner of the PC has root by default.
All I know is, I did ADB 'pull' on my nephews phone
Was it rooted? That's what I meant by the backup requirement: to root a Nexus 7 tablet, you need to unlock the bootloader (fastboot oem unlock), and that wipes the device.
Re: (Score:2)
Well, have fun blocking only on specific urls, basically every time something "unwanted" and "wanted" share a hostname.
OTOH, a hosts file does have it's own use, you can apply it easily enough for a WLAN, while filtering on http urls is way uglier, without running an application level proxy on your router, which again is far from trivial.
The APK link on the other hand looks a little bit like spam to me.