-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James: I sympathize. There are indeed quite a a few whacky ideas out there that are surprisingly pervasive. It's frustrating, but that's how things are. We can't control the minds and ideologies of others, but we can control how we react to ideas that are presented to us.
One way to react would be to make personal, ad hominen attacks. There are already plenty of people who do that, and, in my humble experience, they're not worthy of being emulated or admired. On the other hand, there's something to be said for giving reasoned responses to differing view points in a way that is patient and non-offensive (the set of people in the population who do that consistently is disturbingly small, unfortunately). - -- Regarding WEP, it's like any other product/feature that comes out. Commercial products that are produced are not created for their own sake or in their own universe. Companies or individuals produce software within a broader context. Economic factors such as liability and ROI play into products. "Perfect" products are rarely produced due to the subjectivity of the term and the lack of demand for perfection. Security-wise, WEP was considered "good enough" (even in light of known theoretical attacks against WEP that have now become optimized and practical). Most home users don't even enable the security that's available on their routers, and hence the demand for greater security is fairly light. *Despite* that fact, WPA and WPA2 improve radically on WEP, though there is still the issue of WPA-PSK being broken due to the weak passwords that people use (despite the availability of random password generating programs). G - ----- Original Message ----- From: "James A. Donald" <[EMAIL PROTECTED]> To: <fde@www.xml-dev.com> Sent: Tuesday, August 05, 2008 10:12 PM Subject: Re: [FDE] software defense for "cold boot" attack? > Garrett M. Groff wrote: > > First, nastiness and ridicule stifle reasoned > > discussions and push intelligent people away from > > participating. They (invariably) break down into > > emotionally-charged, ad hominem attacks rather than > > discussions of abstract topics. > > Some ideas are worthy of rebuttal. Some are more > appropriately dealt with by unmasking and ridicule. > > Hobbes published on a wide range of topics. On those > topics where he got called a lunatic, physics and > mathematics) we now have high quality information. On > those topics where his writings were treated > respectfully, we have a load of moldy bananas. > > The Royal Society used to have a motto, "nullius in > verba", which means "take no-one's word for it", and its > journals used to have a policy that authors must comply > with any reasonable request by other researchers for > materials, methods, or data necessary to verify the > conclusion of the article. Unfortunately, papers coming > to politically correct conclusions could seldom comply > with such requests, so the Society quietly ceased to > enforce that policy, and issued a new postmodern > translation of their motto. > > There are a lot of moldy bananas in circulation. We are > seriously overdue for some garbage removal. > > Faced with a confident assertion from an academic, and > the beliefs of the general public, on past performance > the first three people one meets in a pub are likely to > be more reliable than the first professor from Academia. > The garbage is not being collected and dumped. > > > Regarding the Wi-fi reference, I contend that > > economic/business factors, primarily, led to the > > release of weak security protocols (WEP). > > Untrue. WEP was just stupidity, and WPA was some more > stupidity. We could have had exactly the same user > interface and behavior as WPA personal with the same > hardware, but prevented an offline dictionary attack. > The problem and the solution were well known. If anyone > had asked me, I could have told them what they were > doing wrong, and how to do it right. > > > Technology does not exist in a vacuum, though > > tech/geek types (including myself) often do not > > consider the broader context in which the IT world > > operates. > > So what was stopping them from doing it right, other > than ignorance and stupidity? > > Today, every sophisticated traveller has a dictionary > attack program to access some free wifi bandwidth > wherever he may be. I am sure that was not the industry > intention. > > Where we see hard science, we see a certain amount of > ruthless brutality given to crap, as for example Thomas > Hobbes being called a lunatic in "The proceedings of the > royal society". Where we don't see ruthless brutality, > the truth eventually gets covered in great piles of > chicken droppings, for example string theory. If > everyone gets respect, pretty soon no one deserves > respect. For the graduates, we get grade inflation, for > the postgrads, "courtesy". Both make it hard to discern > actual expertise, leading to disasters such as the > wifi standard. > _______________________________________________ > FDE mailing list > FDE@www.xml-dev.com > http://www.xml-dev.com/mailman/listinfo/fde -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) - not licensed for commercial use: www.pgp.com Charset: utf-8 wj8DBQFImbVaSGIRT5oVahwRAhKrAJ94REhEamvyzUJPdt3Y8QfyctxjKACg18fJ ww8SbuttGk9ZyWv1PNCBBKU= =qJRC -----END PGP SIGNATURE----- _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
