This forum is in permanent archive mode. Our new active community can be found here.

Bitcoin

1356789

Comments

  • edited May 2011
    I don't know... That right there shows to me that Schneier is dubious about Gibson's claims that XP's raw sockets are the end all be all of the problems he's seeing. Granted, he did say that the analysis, etc., in Gibson's article is good, so I'll give you that. Schneier also isn't the type to flame someone for being wrong.
    He also won't back away from outright saying someone is wrong, foolish, silly, strange, whathaveyou - He's polite about it, but that doesn't mean he won't call a spade a spade. It's hard to tell what he's responding to exactly, simply because Gibson's essay that he links to doesn't exist there anymore - It's propably somewhere, but I'm not going hunting for it at this point, because frankly it doesn't fucking matter if he said something a bit wrong - which a number of people agreed with him about - a fucking decade ago. However, I got the impression he was giving credit to both sides - that he was somewhat dubious about Gibson's dire assessment of the situation, but also agreeing with Gibson saying that at the time, it was extremely bad, and agreeing with Gibson that XP would undoubtedly make it worse.
    If you want something more recent, how about the fact that he was totally wrong about what Metasploit does.
    Yep, He fucked up. So, your point is, what, that he's not infallible, just like everyone else? I'm astounded. I'm not astounded, however, that the hobby site that lists him as a charlatan fails to mention that two sentance or so later, he gets what metasploit does pretty right, in the very next episode, gets it exactly right. Or how on his site, you can find three pages of links to where he's apparently correctly said what metasploit does, before and after what they list. But no, It's more important that he misspoke a single time, than that he got it right before and after that. Because nobody's allowed to make mistakes.

    Now go back, and Read what I wrote - Actually, let me save you the trouble, I'll just quote it -
    I'm not saying Gibson is perfect, But he's nowhere near as bad as these guys are making him out to be.
    The Guy isn't the fucking be all and end all of computer security, and I never even implied that he was - literally all I am saying here is that he's not as bad as he's being made out to be by these pricks. That's it and fuck all else. If you're going to provide actual hard evidence of exactly what they're claiming - Ie, that he's essentially the satan of computing - feel free, if you're just going to link to more bollocks, Just don't bother, for fuck's sake.
    Post edited by Churba on
  • The Guy isn't the fucking be all and end all of computer security, and I never even implied that he was - literally all I am saying here is that he's not as bad as he's being made out to be by these pricks. That's it and fuck all else. If you're going to provide actual hard evidence of exactly what they're claiming - Ie, that he's essentially the satan of computing - feel free, if you're just going to link to more bollocks, Just don't bother, for fuck's sake.
    My issue with him is that he claims to be the be all and end all of security. I do regret that the Radsoft site was probably not the best choice to provide evidence that he doesn't know what he's talking about anywhere near as well as he claims. The fact is that there is evidence that he's sensationalist at best and an outright charlatan at worst, and someone who doesn't know anywhere near as much about security as he claims in general, although he has toned down his rhetoric for the most part in the past 5 years or so. Security circles being what they are, you'll often get people flaming him because, well, that's the kind of person who often writes exploit code and probes security vulnerabilities these days. They generally aren't the type who have mastered the social graces. Schneier is a bit of rarity in that he is both technically savvy and a gentleman.

    Now what kind of evidence would satisfy you that he is not the security expert he claims to be? Would you consider Rob Rosenberger of Vmyths.com (a guy who's been researching viruses since the 80's) a valid source? What about Thomas C Greene from the Register -- would more of his articles (or any other articles from The Register) suffice? Apparently Fyodor, the author of the nmap port scanning software, isn't good enough for you so we'll leave him out of the discussion.

    About the only good thing I can say about Gibson on security is that he is a very charming speaker who does make very reasonable suggestions for the layman to secure his/her computer.
  • My issue with him is that he claims to be the be all and end all of security.
    Where does he do this?
  • edited May 2011
    My issue with him is that he claims to be the be all and end all of security.
    Where does he do this?
    He doesn't exactly do this, but he's pretty much referred to as a "security guru" by Leo Laporte at the beginning of each of his podcasts and he does like to portray himself in that light via all the "research" he has done, such as writing his security tools of questionable quality (did you know that you could use ShieldsUp! as a remote port scanner tool that wouldn't trace back to your machine in its early days? No idea if this bug has been fixed though) and also some of his questionable analyses of security issues (the classic WMF vulnerability analysis is one, as well as his claim that raw socket support in Windows XP would destroy the internet as we know it). He has also claimed to "invent" new technologies that were already in existence several years before his claims (the syncookies incident).

    Now allowing yourself to be called a "security guru" may not mean exactly the same as claiming you're the be all and end all of security. However, he does like to foster an air that he is a security expert when, in actuality, his security knowledge probably isn't significantly better than the average technically inclined participant in this forum.

    It's a shame in a way, really. He does seem like a nice guy overall, and I do think he is quite smart (although his views on assembly language programming are horribly outdated, IMHO, and really only apply to the 80386 and earlier chips in the x86 family). However, he should probably stick to what he knows best -- assembly programming, hard drives, and general PC/computing knowledge. He took up security rather late in the game and it shows by his lack of real knowledge in the area.

    I wonder if the reason why he's trying to branch out into security software is because he sees the writing on the wall for his one money-making product, Spinrite. He himself has admitted that it is useless on SSDs and once spinning magnetic disks are completely replaced with flash he'll be out of a cash cow.
    Post edited by Dragonmaster Lou on
  • edited May 2011
    Now what kind of evidence would satisfy you that he is not the security expert he claims to be?
    I'm not making any such claim - Let me repeat in giant fluorescent-colour letters for the fucking reading impaired -


    I'm not saying Gibson is perfect, But he's nowhere near as bad as these guys are making him out to be.
    Post edited by Churba on
  • I apologize for any misunderstanding. I had assumed that you still thought his claim as to being a security expert was valid. If you feel that he's just a decent guy who knows a fair bit about tech and a little about security (but who is not an expert) who likes to puff up his own ego (with help from his friends and fans) about security, I can agree to that.

    I do admit some of the claims against him are full of hyperbole, but that's just the style of the folks who make the claims against him. Can't say I agree with the style, but many of them did bring up valid points. Oh, and I'm still angry at him over his XP raw socket bullcrap, but that's neither here nor there (and easily rectified by installing winpcap).
  • I apologize for any misunderstanding. I had assumed that you still thought his claim as to being a security expert was valid. If you feel that he's just a decent guy who knows a fair bit about tech and a little about security (but who is not an expert) who likes to puff up his own ego (with help from his friends and fans) about security, I can agree to that.
    The only thing I can attest to is that he's been involved in the industry for quite a few years now - because that's objective fact, and takes no expertise - in which I'm somewhat lacking - to judge the truth of. I'm sorry for getting frustrated with you so quickly.
    I do admit some of the claims against him are full of hyperbole, but that's just the style of the folks who make the claims against him. Can't say I agree with the style, but many of them did bring up valid points.
    Some of them do, yes. However, I'd go beyond just that it's hyperbole, but outright say that quite a bit of it is nothing more than unwarranted cheap shots, like the metasploit example listed above - if he's bought it up correctly more than once before and after that, it's much more reasonable to assume that he misspoke or made a minor mistake, rather than that he doesn't know what metasploit does, which would require that he forgot something he's demonstrated he knows, and then immediately re-learned it shortly after.
    Oh, and I'm still angry at him over his XP raw socket bullcrap, but that's neither here nor there (and easily rectified by installing winpcap).
    I have no opinion on it, simply because I don't have the knowledge to form any sort of useful or worthwhile opinion, it's just well Outside of my expertise at this time.
  • Fair enough -- I guess we both got a bit too heated here in our own ways. It happens. :)

    I'm also not quite a fan of the cheap shot attitude in some of the claims, but that just seems to be general attitude of many folks in the security industry. I'm not saying it's right -- just a matter of life. Some of them also did have valid reasons to be upset with him at a personal level, however. His yelling and screaming over raw socket support in Windows XP (which was all over the computer press at the time) probably contributed to Microsoft's decision to remove the feature in XP SP2. This broke many legitimate security tools such as the nmap port scanner and the Wireshark packet sniffer which required raw sockets in order to work and many of the folks complaining were the authors of those tools, like Fyodor. However, once winpcap provided open source third party raw socket support for XP, these tools were able to be ported to use winpcap and to work again, rendering the issue partly moot.
  • My issue with him is that he claims to be the be all and end all of security.
    Where does he do this?
    He doesn't exactly do this
    Then don't say that he does ;-).
  • I guess the question is at what point do we draw the line between someone explicitly claiming to be something (the "be all and end all of security") and someone implicitly claiming to be that same something by his actions (appearing as a security expert on podcasts, TV shows, news sites, etc.)?
  • Well, Ben Laurie has some interesting things to say about Bitcoin(Part one, Part Two, Part three) from a position of more expertise regarding cryptocurrency than most people who have commented on it - as He previously had his own Cryptocurrency, Lucre, which has become the basis for OpenTransaction, which is what the bitcoin system has wet dreams about.
  • from a position of more expertise regarding cryptocurrency than most people who have commented on it
    Well, when he opens with something like this:
    I have to ask: why? What has changed in the last 10 years to make this work when it didn’t in, say, 1999, when many other related systems (including one of my own) were causing similar excitement? Or in the 20 years since the wave before that, in 1990?

    As far as I can see, nothing.
    I basically stop reading. That is laughably easy to take apart.

    Since I did read on, I managed to see him contradict himself a couple of times and also catch this:
    At any one time, in a privacy preserving way, it would in theory be possible to know who was in the UK.
    Tracking users while preserving privacy? How pray is this done?

    He basically poo-poos the two major technological advances bitcoin has over his creations and tries to suggest a ludicrous (see the tracking comment) alternative that is barely thought out.

    Again, I can't wrap my head around crypto people trying to take down bitcoin with feeble technical arguments (like taking over the chain of trust) when the economic failures of the system are so blatantly obvious. I could understand crypto people mounting good technical arguments against bitcoin but I haven't seen any yet.
  • edited May 2011
    I basically stop reading. That is laughably easy to take apart.
    I didn't say he's right, just that it's interesting. For all I know, his objections could just be sour grapes, since Lucre was never as successful as bitcoin, even after it's been incorporated into a bigger project. I said is that he's got more expertise than most commentators, which I say simply because he's actually been there, done that, and got the T-shirt, unlike most people who have commented on the issue. I should have been a bit more clear there.
    Tracking users while preserving privacy? How pray is this done?
    Well, I don't know, but I would guess that one could reduce each user to a randomized number or key which has no real link back to the person's identity for the purposes of keeping the coins, and then having each transaction in the bitcoin style with a different key for the transaction each time. Though, I think with both systems - whatever you want to call his idea and Bitcoin - it would be possible to figure out who the user is, it'd be difficult and hard work to do so. I'm better at tracking someone in the real world than on the internet like that, so I'd have to do a fair bit of research to be sure.
    Edit - Since he's apparently a core member of the OpenSSL team and a does Security Research with Google as a freelance consultant, and is the Director of Security for The Bunker Secure Hosting, I'd say the bloke knows a bit more than either of us about the topic, and would know exactly how that could be done.
    I also Guessed another method - Instead of saying "John White is in the UK" it could be "Owner of GBP note (serialNumber) is in the UK." What will it say if the owner of that note gives it to someone else? The exact same thing. It could be anyone, since you're tracking only the very general location of the notes - Like "In the UK" - and if the note is owned by someone other than the issuing or monitoring authority.

    Bonus Edit - I also Suggest you read the PDF he attached to the first post, regarding the Proof-of-Work system bitcoin is partially based on - Called "Proof of work Proves not to work". Again, I don't make any claims for the accuracy of it, simply that it's interesting to me, and might be to you.
    Post edited by Churba on
  • At least three BB posts in the last 24 hours have been about Bitcoin. Fuck that noise.
  • BitCoin miners mistaken for Pot Farmers.
    Marketing pseudo-article. Likely untrue.
  • Marketing pseudo-article. Likely untrue.
    Can you write a bit more about this subject?
  • RymRym
    edited May 2011
    Marketing pseudo-article. Likely untrue.
    Can you write a bit more about this subject?
    At least in the US, there is a common situation where articles about topic x will suddenly start appearing, with different (but similar) content in numerous media outlets, usually revolving around a particular product offering. They usually stand out for their cookie-cutter writing and irrelevance to other articles in the same section, and tend to specifically note the name of one particular company or product while masquerading as an article about the existence of said product in the first place, or the "new trend" related to it.

    These article clusters are easily purchased from PR firms, who have writers with various contacts submit fluff articles to build the brand or trend until there is sufficient critical mass to pretend that this is evidence of a long term trend or grassroots movement.

    A good example would be, say, an article about how you can hire a bartender for private parties in your apartment. It would point out how surprisingly common and affordable this is, and how it's the hot thing for x demographic to be doing. It will then happen to mention one particular company offering for-hire bartenders (ostensibly as an example), and that same company will happen to be mentioned by any testimonials they include. You'd see dozens of articles like this in a cluster, mostly in mid-level press outlets, for a few weeks, and then a major-press article using all of them as "evidence" that this trend" is really popular.

    In the case of bitcoin, there are a great many articles about it that don't actually say anything, yet seem to be constructed only to make people believe that the project is more popular or well known than it actually is. The aforementioned article has several of the warning signs. Its primary evidence for the premise -- that Bitcoin miners are being busted (note the "?" in the headline to avoid having directly made the claim) -- is from a screenshot of an IRC conversation where someone says that their friend was busted. There's no evidence that anything of the sort is happening, and a lot of jumps to make it seem like it's prevalent in the article.

    I doubt that many people are actually mining bitcoins in any quantity (except perhaps a few crazies), and it is my opinion that this particular article is part of a soft media campaign to make it seem like Bitcoin is:

    1. Subversive
    2. Therefore cool.
    3. Worth pursuing.
    4. All the awesome hackers are doing it.
    5. The man wants to keep it down.
    Post edited by Rym on
  • There's no evidence that anything of the sort is happening, and a lot of jumps to make it seem like it's prevalent in the article.
    Also, it doesn't make sense if you know a damned thing about Growhouses - You'd need a small server farm to be pulling the same amount of power as a small grow-house, and the heat wouldn't be anywhere near the same, since a growhouse usually uses a lot of large, powerful heat-lamps to simulate 24 hour sunlight. If the cops actually mistook a bitcoin miner for a Pot-farmer, then either someone has pulled a masterful prank on you, or congratulations, your city is being protected by the Keystone Kops.
  • We all know that BitCoin is colossally stupid, but if anyone had any doubt, let an economist explain why.
  • A smart, well written analysis on Bitcoin, including the long term viability of bitcoin and How bitcoin isn't really decentralised.
  • Apparently the bitcoin market crashed. That's all I need to say about that.
  • Apparently the bitcoin market crashed. That's all I need to say about that.
    Apparently, Lulzsec might have something to do with it, too.
    image
  • Not only was there recently the first major bitcoin theft, apparently there is now a Bitcoin trojan that sends your money to the attacker.

    I'm actually more interested in bitcoin now than I was before - simply amusing myself observing the flailing.
  • I wish there was some bookie that was taking bets a year ago on whether or not Bitcoin would succeed or fail.
  • I wish there was some bookie that was taking bets a year ago on whether or not Bitcoin would succeed or fail.
    You might have trouble finding a reliable one - The majority of people paying more than minor attention to it are mostly BIG-L libertarians, who swear up and down it's not dying, it's actually succeeding brilliantly, it's doing fantastic, thank you, nothing to see here, move along. You'd never get your money out till the last bitcoin finally vanished, and even then, you'd probably not get it back.

    Regular bookies? Well, most of them wouldn't bother with this sort of thing, and the ones that did wouldn't give you very good odds, if they'd give you odds enough to bet at all.

    Also, amusingly, Ron Paul is taking donations in Bitcoins.
  • edited March 2012
    The only two things Bitcoin appears to be good for these days is the online black market, and wasting your money.
    Post edited by WindUpBird on
  • Bitcoin: world's fastest growing currency migrates off the internet - video about bars and cafes and shops in my neighborhood in Berlin accepting bitcoins.
  • edited April 2013
    Post edited by Nuri on
Sign In or Register to comment.