Video Suggestion The Wendell ramble hour

Can wendell just make a video once a week rambling on about a topic for an hour or so? I think it might be something good to leave on in the back ground, like a movie review from spoony.

I would watch this. Wendell is awesome. 

Assuming he has time, this would be great.

Also, it does not need to be weekly, just ad-hoc when there is something he feels is worth ranting on. Though saying that, that is what Rant:30 is all about - but with both Logan and Wendell.

I would watch it, although I would prefer the topics be tech related in some way shape and or form. The real question though is, does Wendell the great have the time for such a series?

 

I WANT IT

I don't think it would take much effort, just gotta hit record and upload when finished.

I would like to see/hear this.

lol. Hmm. I need to re-read the story of ken: http://c2.com/cgi/wiki?TheKenThompsonHack 

The short version: He was like the super administrator programmer of Unix (olllld school unix) and wrote a backdoor into the login program. But as C source code was provided with unix, so it could be audited, he also wrote a back door into the C compiler so that it knew when it was compiling the login program, to insert the trojan. Of course he also modified the compiler to know when the compiler was being compiled.. so the code to that adds the trojan bits to login program when its compiled would also be added. 

Re-read that a few times, think about the implications. 

Ouch, the implications of this concept are to vast  for me to want to attempt to comprehend beyond that of a master key.

However this type of scenario does speak to the current volatile nature of our  interconnected word, and we are thus forced into this circular logic society where we have to trust because we need to trust. That technology is progressing far beyond a simple comprehension to the point that we are no longer able to fully comprehend what is outside of our trust levels forcing us to use what might be corrupt programs to check if programs are corrupt . In essence if you don't write the code yourself then you have no idea if is valid and secure. 

As technology progresses The Ken Thompson Hack in concept will become all the more possible, and it would be naive at the least to assume that it is not all ready implemented or can be in some way. With that said there is no true solution to this problem and it cannot be solved but that does not mean that you should change your daily computing habits, with the exception of  the possible wearing of a tin foil hat, because there is no true defense against this type of intrusion. 

However if it is necessary to be completely secure, then buddy i have some bad news, it will never be completely secure, because you will always rely on trust, so if you want to try and reinvent the wheel then go ahead, it is going to be one hell of an oval then.

 

Oh and the Show; want it.

I would definitely like to see a Wendell ramble hour

If you have a busy job, it's not that simple. It's probably not as simple as going "yeah, I can squeeze another half hour out of my day".

The ultimate Ken Thompson hack has succeeded, the obfuscation of the malware doesn't happen in computer software any more, but in the brain of the users, that just won't see what's in front of their eyes any more. Trojan planted in human brains: check...

It's the same as that joke from the Tom Cruise movie of a few years back: "if someone says he's a government agent and tells you you're safe, start running because they're going to kill you". The analogy stands for a lot of things. If security software tells you your system is secured, that's when you reformat your drives and reflash the BIOS. It's the oldest trick in the book: when the wise marketeers that set up Christianity for the people that wanted to buy power and take over the Roman Empire were ordered to come up with a system that would make sure that every subject would tell all of its darkest secrets to the Christian leaders, secrets they didn't even tell their parents or spouses, they had to come up with a system like that. So they convinced the people that they had nothing to fear, as long as they would avoid taking the burden of their secrets to the grave, and because they could die any day, they had to run to a priest as fast as they could, and tell the priest all of their secrets, and it would never leave the confession box... and Christianity became hugely successful because everyone and their dog told all of their secrets to the Christian agents voluntarily, without coercion, and as soon as they could. Then the Christian marketeers made a rule that every child had to be loaded with that same obfuscation code, by telling everyone that they only could go to heaven if they were baptized and followed the Christian rules, so people baptized their children as soon as they were born and made them go to Christian schools. Yet, in the ten commandments, there is nothing about all of this, the trojan implant happens when the kernel source (the ten commandments) are compiled into the individual systems, and nobody has ever even made the remark that the self-propagating surveillance trojan isn't part of the ten commandments...

Yes, I want to see it too.

+1

 

Why? Do i agree with that. The whole idea of secure internet is something thats never existed before? Why would you think your going to get it now. Its not that the people that built it where evil , its just thats it not perfect

Interesting argument!

In my opinion, it's like Von Jhering's hammer and shield. I would recommend reading "Der Kampf ums Recht" to anyone by the way. Von Jhering said that law is a a shield to some and a hammer to others, it can be used for defense or for offense. (Beware that the word "law" is not the same as "Recht", because it is both "Recht" and "Gesetz", which are totally different things, "Gesetz" being either precedent law (common law, doesn't exist anymore since the French Revolution in Continental Europe, a few ver limited exceptions aside) or statute law, and "Recht" being more than "Right")

This is true for everything that offers a person some kind of power or capability. A gun for instance can be used for defense and used in a safe manner, or it can be abused for offense and used in an unsafe and reckless manner. An that's the bottom line: recklessness.

The Internet can be used safely, even if it's not perfect. The problem is recklessness. For instance: since the beginning of 2013, the number of users that use full encryption on the Internet in Europe, has more than tripled, whereas it has hardly risen in the US. That's a matter of education and awareness, just like safe gun handling is a matter of education and awareness. Pretty much all over the world, it is a recognized principle that you have to take some kind of education and skill examination to handle potentially dangerous things. Until the seventies, you could just buy a car and drive, now you have to take an exam to prove that you have the skills. For any kind of firearm, and in the US depending on which state for more powerful firearms, you also have to prove that you have the skills to handle it safely. This is not any different for the Internet. The Internet is a powerful tool, it can be used for expanding your cultural and intellectual horizon and for communicating more efficiently, but it can also be used to DDoS people or to steal their data and to do them harm.  For the Internet, it's not only a matter of end-user education, but also of provider safety, just like there are regulations for safety features in cars and firearms. On the one hand, using full encryption is an education requirement for the end-users, and on the other hand, complying with safety standards is a requirement for software, hardware and services providers.

Just like with cars, it's not possible to close-source security features. If a car manufacturer invents a great new security feature, he is required to "open source" that. That's pretty much accepted everywhere. For firearms, it's the same thing. Why should it be any different for computers, routers, email services, web services or software? That's why Europe is moving so fast in adopting full encryption, why they're now moving away from CA's and starting to use DANE on email services, why countries are prohibiting closed source software in governmental supply chains and computer systems, etc... and in the end, a few years from now, it will be seen as totally self-evident that closed source software can never guarantee an acceptable degree of safety as required by society. This goes hand-in-hand with the idea that is growing in the society that the use of the Internet is a fundamental right, just like it is a fundamental right to defend yourself when your life is endangered by a perpetrator, or like it is a fundamental right to go wherever you want to go (again, in Europe, this was expanded to the right to conduct business or work wherever you want to and to travel without needing papers or permissions, or even be submitted to registration or identity controls at borders within Europe and even beyond through the Schengen Agreement, which was also ratified by Norway, Iceland and Switzerland). And Europe is on the verge of deciding that access to the Internet is a fundamental right, which is normal, in that it is no different from the right to visit a library and read books, receive education, or write letters. As society evolves in it's perception of the Internet, the technology and technology providers just have to adapt or perish. Of course they don't like that, because it means that they can't abuse the rights of the users any longer to feed their greed, but they will simply have no choice but to comply. It will take a lot longer in the Ango-American world, which is very conservative and not as human rights-centric as for instance historically regularly war-devastated Continental Europe, but since the EU is now a larger market than the US, the dice has already been thrown, and all we have to wait for is for the rolling dice to come to a halt.

Does this mean that the Internet will ever become completely safe? Of course not, just like law is still being used as a hammer, cars are still involved in accidents and guns still cause a lot of death and destruction. But it will become manageable, whereas right now it's a very bad situation. In fact, the software and service providers are the main human right violators of the Western world in the 21st Century. The amount of human rights violations of Microsoft, Google, Facebook, Yahoo, the NSA, Intel, etc... greatly surmount any other massive human rights violation in the history of mankind, not yet in gravity, but in numbers of victims, and the amount of damage is rising every day, and it's really important to remedy that situation before it becomes an actual holocaust, because that's exactly what it's heading for: a global cyber-holocaust. What is the difference between publicly tagging someone on a social network or returning undesirable search results of private data of a person and making that person wear a David star on his coat? What's the difference between analyzing someone's private email communications and eavesdropping on their telephone calls and reading their letters? What's the difference between burning books and censoring data in search results and censoring books on online book repositories? What's the difference between locking people's capability to access content in with DRM and registering their data/media consumption through "phone home" features, and denying people access to books, education and art, say freedom of speech and freedom of expression? What's the difference between building a data bubble around people based on their gender, sexual preferences, social status, health situation, and locking people up in ghettos and concentration camps? This needs a lot of reflection and careful intelligent analysis, and a suitable equilibrium needs to be found, before it's too late.

 

A Zoltan ramble hour would be good too. Well said /\

Well said.