I don't find this particular lawsuit or issue all that interesting or important, but there is a curious meta-topic surrounding its reception on HN and Reddit. Users on Reddit are claiming that admins (note, employee admins, not mods) are censoring the subject, and I noticed a highly upvoted story about it here on HN the other day vanished as soon as it hit the top spot. Any admins or mods here want to weigh in on why this can't be discussed?
Edit: It seems like this thread is already sliding down the rankings against its popularity. Is this due to people flagging it or has a mod/admin set it to fall faster manually?
Hot topics usually do slide down the rankings pretty quickly, pg and dang mentioned this over the years. You probably remember when bitcoin, NSA and Assange were like every other article on the home page a few years back.
In the US, the lower economic rungs are either working incredibly hard for little gains (try making a livable wage when most employers only offer part time hours that are constantly changing, preventing you from getting health insurance or secondary jobs), living off of welfare, or some combination thereof and also working in the drug/sex/theft trade.
That to me shows that most people have a natural interest in gain above the minimum for survival and an interest in working for it. Unfortunately, most of that work isn't really benefiting society or the people doing it, and it creates a poverty loop.
Even if you believe humans are naturally lazy, what is the takeaway? When their labor value decreases to next to nothing, what value is all their willingness to work for survival?
The most important part of a universal basic income, in my opinion, is to not provide it for people under 18, otherwise, you're incentivizing people to have more children (which in many macro cases is a good thing, but in practice in the US would probably have immediate negative impacts).
In reality, birthrates in every developed country have crashed below extinction level; providing an actually universal basic income might help reverse that.
But if that's not going to be the case, if 'universal' is going to be a lie, then I'm opposed to the whole concept. Our society has too much bullshit ageism as it stands. The current social welfare system, flawed as it is, is better than bringing in more.
To clarify, the scenario isn't that the Nazis just picked up existing technology-- They had to have direct dealings with IBM for the scope and implementation of the process, which was largely involved with sorting census data to figure out who the Jews and other targeted ethnicities were, shipping them to various concentration camps, and determining where and how to "exhaust" these resources. Just imagine being one of the programmers tasked with that.
The book details how Thomas Watson was directly involved in all this, and when the US made Nazi dealings illegal, he handed over direct control of his Nazi business to local branches instead of halting the relationship. After the war, those local branches all rejoined greater IBM.
It's kind of crazy to see how IBM has avoided scrutiny and continues to celebrate Watson through their naming conventions.
The etymology is important. Private vs. public is the difference between the individual and the group. What makes us individuals is that we exist independently from the public. If our actions, thoughts, opinions, and histories are public, we cease to be individuals. In practice, that means that differences between people will become a thing of the past either due to being "corrected" by the public or when we feel we must change ourselves to conform to fit in with the public.
It was criticized on academic and theoretical grounds. In his field (International Relations) there are hundreds if not thousands of people all producing a lot of dialogue and research relating to overarching models for how states interact. They've been at this for a very long time.
If you want a book deal, though, you ditch all of this work and just paint broad, easily-digestible strokes over everything. In this case, he's throwing social constructivist research into norms and sub/super-state influencers out the window and claiming the world runs on civilizations. You can probably think through how this might not be the case by considering the role of economics, individuals, and strategic alliances in international politics.
Not to mention it's also easy to spoof your IP address if you are traversing out of a DC or node that does not do egress filtering (meaning you don't even have to proxy through the proper IP/country... you just make it up).
Shaky evidence? You bet ya. (and it seems this is the only evidence offered as an explanation so far)
Also, if N. Korea really was behind this "attack" of a private company with no US Gov't ties, why would they not claim responsibility and tout their "Cyber Attack" skills? They do for just about everything else (even failed missile launch attempts). Fear of retribution? No way, this is/was a private company... the US Gov't could not respond with any kinetic weaponry attack and look good on a geopolitical scale.
N. Korea also offered to send personnel to help the FBI in the attack investigation, which is extremely uncharacteristic of N. Korea to say the least... normally they'd just praise the attack flatout.
It is _not_ easy, or even possible, to "make up" an IP address that works for receiving data across the public Internet. The responses to packets you send from such an address will not come back to you. This doesn't thwart all attacks (DNS query amplification, general flooding, etc), but their hack involved transmitting AND receiving data (ssh, http, etc).
What is _easy_, however, is determining which country is using a given IP address. Particularly when the searching party is a superpower and the country they're investigating is known for having very few links to the Internet. And what connections they do have are severely restricted. I imagine it would be very difficult to find a reliable, exploitable proxy server inside North Korea that is accessible across the public Internet.
> And why do you have attack in quotes? Do you believe Sony wasn't actually attacked?
No, I think it's plenty clear that they were. It's just that "attack" has a certain stigma to it, and what happened to Sony was not some grand attack, but rather a run-of-the-mill hack against a company with extremely poor security.
> they just simply aren't the "bad guys" we are looking for in this specific case.
You seem to be awfully certain. Frankly, I have no idea and am quite skeptical of people who profess such certainty in the face of so few facts. Seems to be the kind of thinking where you have a conclusion and look around for facts to support it.
Perhaps I overspoke a tad. I'm awfully skeptical is better put.
We're largely a scientific community here at HN. Something is False until proven True. You may have a hypothesis, but it's just that, an educated guess as-to the result.
To prove something True you must present overwhelming evidence. We have none of that here... What we do have is a hypothesis being perpetuated as fact in the face of almost zero concrete evidence.
The FBI first says "there is zero evidence to suggest North Korea has anything to do with the hack". Then some "high level anonymous White House official" "leaks" to the NY Times that they believe it's North Korea, and it takes the FBI 3 full days to change their public announcement, yet present zero concrete evidence. This was a rudimentary hack against a private company, there's nothing that would be classified or kept top secret here. Sony should do a full disclosure. Until then, we can not be certain of anything.
Fully agree with your technical AND political analysis. I commented along the same lines when the attacks were first announced and got downvoted. When a way of thinking is too far ahead of the crowd, the HN algorithm fails.
If somebody were to want to frame the North Koreans, what would stop a motivated attacker (perhaps a nationstate) from just abusing BGP to spoof source IPs? How hard would that be to detect, particularly if you controlled direct peers?
As I understand it, China would be able to do so easily and convincingly, since most (all?) of NK's traffic passes through China. That may even be a good theory. China might not want to directly attack US industry in this way, but might "assist" North Korea in doing so.
Funny, when the IP addresses weren't NKorea, as earlier highly voted HN articles have told us, it was proof that it wasn't NKorea. Now that they do, its somehow further proof that it wasn't N Korea.
I understand knee-jerk anti-US comments are karma gold here, but I don't think you guys realize how ridiculous you sound to the rest of us. I think its pretty difficult to arm-chair analyze this stuff and come out with a definitive answer, especially considering a lot of this stuff will never be declassified, but the Alex Jones-like conspiracy thinking here really brings the discourse down to a reddit-like level.
Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here. This analysis of how it must have been anyone but NKorea, especially considering NKorea's reputation, is highly questionable to the unbiased observer.
Who is saying this is proof that it wasn't NKorea? Straw man. People on HN are just more likely to believe Schneier or other respectable security people, and not government agencies who by their very nature are going to have their own agenda and not be 100% honest.
As far as consequences that actually happened -- Do you mean to say that theaters that showed the film were bombed? Or are you referring to embarassing email leaks which would have no doubt been released anyway?
First, mentioning Occam's Razor isn't really helpful in realpolitik discussions and certainly not helpful in discussions involving DPRK since they are well-known irrational actors. Occam's Razor only states that the scenario with the fewest assumptions is likely correct. That isn't really useful when your scenario involves an unpredictable state actor.
Second, if you need to set up a fall guy, then implicating a nation state as historically secretive, aggressive, and isolated as the North Koreans is actually a pretty good idea.
"Do something bad and blame the weird kid" isn't a new idea.
I don't know who did it, but both arguments seem plausible.
I'm not sure how anything I said was anti-US. Is being at all reluctant to believe everything one hears anti-US to you? I'm wondering who is bringing discourse down here besides the person attacking commenters instead of discussing the content of their comments.
This is supposed to be a technical forum, but any post now related to the US government or the NSA too many people here now throw all of their technical know-how out the door and everything becomes conspiracy theory. Yet somehow Joe Random bloggers repudiations of said government are not met with any skepticism. Confirmation bias in full effect in these threads these days.
Confirmation bias is definitely in full effect... My comment was on the technical aspects of the story and specifically highlighted the non-technical evidence as substandard. Joe Random bloggers who I've seen repudiate the government have by and large been well-known security experts compared to the nameless hand-waving of the FBI. I think what it comes down to is the question of whether educated people, after Snowden, WMDs, torture, and so on are better off presuming the accuracy or inaccuracy of the government's statements.
This type of thinking is the exact problem that I'm highlighting. I respect Schneier and have read his stuff for a long time, and even gone to see him speak, but believing him over the FBI is just an appeal to authority when he is just another outsider without having access to any first-hand knowledge of what evidence the FBI possesses.
Also now after Snowden everything the USG does is to be doubted (I'm guessing since his revelations affect the internet and this is the first issue that has directly affected people on HN), and now everything they do can somehow be traced back to trying to suppress, hamper, weaken and spy on you via internet.
Watching the theories that somehow we'd try to use N Korea who have zero value economic value to the USA, or actually posing a threat as some kind of scapegoat to hinder online speech is more entertaining than anything else.
Because the real world doesn't fit nicely into theoretical boxes. I'd like to have their facts as well, but you cannot seriously expect the government to potentially lose future sources of information or even risk people's lives by handing out every bit of info they have. Some things are classified for a very good reason and should stay so for some time.
It's really not, the justification is obvious; revealing information may very well also reveal how it was obtained. I understand the skepticism, and obviously this justification could easily be abused, but it's not some imaginary thing.
My wife worked in Navy intelligence for six years. She was privy to classified information. She, at times, knew where information was coming from, and it is obvious that the information itself would have implicated its source if it were to be released.
I'm not saying that's the case here. I'm pretty damn skeptical of my government as well. That said, the Fed is under no obligation to reveal all of the information it has. I think we'll be in the dark on this one for some time unless things change in such a way that would require more information to be released.
I think we'll be in the dark on this one for some time unless things change in such a way that would require more information to be released.
I strongly dislike this paternalistic approach, and I'm rather tired of the people being treated like children. We know things are complicated. We know geopolitics are more complex than "USA good, NK bad" or vice versa. They could say a lot more than they are saying without compromising their intelligence gathering capabilities.
If the US government wants support and trust, it needs to earn it from every new generation of citizens. If it doesn't care about support and trust, it has overstepped its bounds as a representative government and should be reeled in.
> Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here. This analysis of how it must have been anyone but NKorea, especially considering NKorea's reputation, is highly questionable to the unbiased observer.
The correct response to "who was responsible for this" is "who cares". The FBI seems to think it matters, so people are refuting their evidence. And are reasons for that.
The government has no credibility in this area. Iraq didn't have weapons of mass destruction. This has the same ring to it. They have a lot of the same incentives. It doesn't even matter whether they're intentionally misleading us or just incompetent, the solution in either case is to disregard whatever they say.
And they can't actually tell where the attack came from. That's not how it works -- especially if the attacker is trying to disguise their true location as they have every incentive to do. Computers in North Korea are not immune from the myriad Java and Flash vulnerabilities, and once you pop one machine you can put ssh on a VM and stage your attack from it. Distinguishing that from the attacker being physically in the same room as that machine is not going to happen based on an analysis of network traffic or anything to do with IP addresses. Anyone who claims otherwise could be malicious or just wrong, but it's at least one of those.
None of that proves it wasn't North Korea. The point is that it doesn't matter. What are you going to do differently if it was, as opposed to being some troll in Florida? The only sensible things to do are the same in either case. Stop using ridiculously bad passwords, etc. What changes if it was North Korea? Are we going to invade? Should we give the FBI new powers of cyber warfare? That's what people are afraid of, because those are profoundly stupid ideas.
The earlier set of IP addresses was pretty conclusively not North Korea. The new set of IP addresses is ... undisclosed, so until that changes, they can say whatever they like without any "danger" of being checked.
(Not buying "sources and methods" as a reason for failure to disclose in this case -- I may not know what IP addresses are conclusively tied to North Korea, but the North Koreans themselves certainly do, and they must assume that the NSA does as well. Particularly if, as Comey claims, the use of those addresses "unshielded" was an error that they immediately recognized as such, and rectified post haste.)
I would disagree on your point that "knee-jerk anti-US comments are karma gold here" on 2 notes, 1 that being anti-US-administration is not being anti-US, and 2 that most unsubstantiated comments that are critical of government actions almost always get down voted to oblivion.
Everyone knew that North Korea had it out for Sony, what's to stop a network security enthusiast from stirring the pot by performing the attack and planting "evidence" that it was coming from North Korea. I don't think it's far fetched to think that many young security enthusiasts would get excited to think about causing such a stir.
Timing correlation. If you are monitoring traffic in/out of NK, you can correlate traffic by similar sequence of sized packets going into one IP and then coming out of another.
This is the "secret sauce" that the FBI says they cannot tell anyone imo. Doing this is nothing new and I am sure they've been doing it for ages though.
The problem is that if you assume the FBI is doing this ( which any skilled hacker would assume ) then you can easily get around it by sending a sequence of instructions ahead of time, and then having them playback at what seems like a reasonable rate at a later time. ( making it seems as if you are on site and didn't set it up ahead of time )
If the NSA has taps sitting on all the routers that are a hop away from NK, they can probably nail it down just from timing, right? If the packets were being proxied through an NK IP, I would think it would be easy to tell the difference (if you're the NSA, anyway).
I can't help your moral quandary, but the rationalization should really go both ways in that both technologies give the populous some measure of control against a possibly oppressive government (be it minuscule and ineffective or not). The right to bear arms in the constitution wasn't written for hunters-- it was written as another check and balance for the government.
Agreed, and this point is often misunderstood by gun control advocates in the US (it's completely unfathomable outside of the US). Saying "I don't like that guns are used to kill people, therefore I'm okay with guns meant for hunting but these guns designed for people should be regulated or banned" completely misses the point. The Lockean philosophy behind the 2nd amendment is that individuals should have the means to protect themselves independent of (and even from) the state. We need guns in case we need to lead another revolution. Similarly, the state should always be aware that its citizens have the capacity to revolt effectively. We know that having this right means bad things will happen -- guns will be available for criminals to use, for example. If you believe in Liberal gun rights, you think that the evil that happens when guns are freely available is an acceptable price to pay for an important freedom.
In the same way, that's why we need Tor -- because citizens need to be able to communicate and organize absent of government surveillance and interference. Tor is not important "even though" it can be used to avoid law enforcement. It is important "because" it can be used to evade law enforcement, because one day we may have to.
I mean, of course, a purely hypothetical revolution. I am serious when I say, however, that the framers of the Constitution wanted future US governments to be constrained by the power of the citizens, and so they gave the citizens guns. They also guaranteed the right to assembly and free association (1st amendment) and the right to be free from search or seizure (4th amendment). Inter-citizen communication free from government surveillance is implied there, I think.
I am really confused as to why the security community is obsessed with the term "nation state". Every single publication or quote from security researchers that wants to attribute some worm or attack to a country incorrectly calls it a nation state.
A nation state is a specific thing that is not just a pompous way of saying state or country.
If you're wondering, you can check the Wikipedia entry on it. There's nothing inherent about any type of technical attack that could connect to a nation state.
It's sort of a shibboleth of someone who is self-important and doesn't fact-check.
What's even more problematic is that you have been downvoted on a community that was founded by people who participated in building the tech responsible for forging history's first self-sustaining post-nationalist identity (the internet) in history.
The nation-state must be the enemy, which can only be defeated by a nation-state... because the concept of a nation-state is dying and is engaging in full blown Hegelian dialectics to keep itself afloat. Unions, nationalists, and identity zealots have been having a field day with HackerNews as of late.
This is technically correct in concept, but not in practice, as organized religion existed long before the formalization of the nation-state. In fact, one can even argue that nationalism is an agnostic subdivision of organized theology since it utilizes identical symbol worship mechanisms.
Wouldn't the definition then mean that you should say "state" or "state actor"? To attribute a worm or attack to a country would only mean that it originated there, not that it was created by the well-resourced state organization that is associated with that country (which is what the people using the "nation-state" label seek to imply).
I'd put it down to the aesthetics of common usage. 'Nation state' looks and sounds better than the alternatives. Words mean whatever their users intend them to mean regardless of whether the usage is technically, or historically, incorrect.