Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Crime Encryption NASA Security

Whom Must You Trust? 120

CowboyRobot writes: 'In ACM's Queue, Thomas Wadlow argues that "Whom you trust, what you trust them with, and how much you trust them are at the center of the Internet today." He gives a checklist of what to look for when evaluating any system for trustworthiness, chock full of fascinating historical examples. These include NASA opting for a simpler, but more reliable chip; the Terry Childs case; and even an 18th century "semaphore telegraph" that was a very early example of steganographic cryptography. From the article: "Detecting an anomaly is one thing, but following up on what you've detected is at least as important. In the early days of the Internet, Cliff Stoll, then a graduate student at Lawrence Berkeley Laboratories in California, noticed a 75-cent accounting error on some computer systems he was managing. Many would have ignored it, but it bothered him enough to track it down. That investigation led, step by step, to the discovery of an attacker named Markus Hess, who was arrested, tried, and convicted of espionage and selling information to the Soviet KGB."'
This discussion has been archived. No new comments can be posted.

Whom Must You Trust?

Comments Filter:
  • by Petron ( 1771156 ) on Friday June 06, 2014 @12:35PM (#47180561)

    But I know what I've been up to...

    • "But I know what I've been up to..."

      So does the NSA and they don't trust you either. In fact, they don't trust any of us. To them we're the (potential) enemy.
  • Correct usage? (Score:3, Informative)

    by bluefoxlucid ( 723572 ) on Friday June 06, 2014 @12:39PM (#47180605) Homepage Journal

    The predicate comes first in this sentence?

    • Re: (Score:3, Funny)

      by Aighearach ( 97333 )

      Off the lawn you will get. Put up with this I will not!

      • Re: (Score:2, Funny)

        by Opportunist ( 166417 )

        You need to stop using RPL, that reverse polish notation is not good for you.

      • by gewalker ( 57809 )

        Use this simple test for 99% of the who/whom selection cases. Rephrase the sentence use Thee or Thou. If Thou is correct, use Who, When Thee is indicated, use whom -- The article title is the 1% case when you actually have to understand the grammar enough to distinguish subject vs. object usage.

        The rules for selecting Thee vs. Thou are the same, Thou=subject, Thee=object.

        For those of you not raised on Thee & Thou, can use the more modern Him and He. He=Who, Him=whom.

    • by Anonymous Coward

      No, the actual article says Who. The moron changed it to Whom because grammar is so hard.

    • by Livius ( 318358 )

      Yes. Interrogative word movement is very common in English. As in practically every non yes-no question.

  • Whom you trust ... ? (Score:4, Informative)

    by jamesl ( 106902 ) on Friday June 06, 2014 @12:40PM (#47180625)

    Who vs. Whom

    This rule is compromised by an odd infatuation people have with whom -- and not for good reasons. At its worst, the use of whom becomes a form of one-upmanship some employ to appear sophisticated. The following is an example of the pseudo-sophisticated whom. []

    • by XanC ( 644172 )

      But in the case of the title of this article, "whom" is entirely correct.

    • Watch the first 60 seconds of this: []

      I know the quality is terrible, but you'll get the idea.

    • by Anonymous Coward

      I see that alot.

    • I was reading this to find out how to determine whom to trust. I didn't learn much on that topic (Basically, trust no one.) I did, however, learn plenty about "who vs whom."

    • I don't know what this "grammarbook" you're using is, but I suggest you stop using it, 'cause it's crap. "Whom" is used when the word the object of a sentence, as it is here. Its position in the sentence as such is irrelevant. The title is completely correct.

    • I think you misread the grammarbook entry.

      All but the very end of her description is an unremarkable explanation of the accusative of “who”, which is a perfectly ordinary word.

      Only at the end did she write, "This rule is compromised by an odd infatuation people have with whom”. And there she described a pretentious and incorrect usage. This is similar to people using “myself” when they mean “me” (then again, Emily Dickenson did this too).

      I find it odd you would co

  • by istartedi ( 132515 ) on Friday June 06, 2014 @12:46PM (#47180703) Journal

    What do you want?

  • Once it's gone, it's gone.

  • Why 'must' I trust? (Score:2, Interesting)

    by jkrise ( 535370 )

    The headline indicates a necessity to trust anybody or any entity. There is no necessity to trust anyone. Least of all myself, because time plays tricks with me and I keep changing all the while.

    • Depends on semantics.

      I must trust everyone on this bus not to pull out a gun and steal my tablet. Otherwise I wouldn't have taken it out.

      I must trust the guy at the corner store, because I believed that after I paid for some goods, he wouldn't come running after me calling me a thief.

      On the other hand, must I trust anyone or any entity to do the same thing they did in the past? Well only to the extent that it fits with their own best interests. Unfortunately the more removed they are from my circle of influence, the less likely that their best interests coincide with mine.
      Still I must trust that the sky wont fall, otherwise I'd never get out of the house.

    • You must have a LOT of time on your hands. I have to trust a lot of people and organizations. The guy delivering my pizza that he abstains from putting poison on it, the garage that services my car that they actually service and not wreck it, the manufacturer of my door lock that they don't keep a spare key, the water company that they don't lace it with LSD or send H2SO4 instead of H2O, and of course every single person I meet on my way to work that they don't pull out a gun and kill me.

      When you think abou

    • Of course you have to trust a bunch of people, most of whom you don't know. You put your life in their hands every time you use certain items (eg your assumption that your new appliance is not laced with explosives). When it comes to knowledge, you can't verify everything yourself and trust that what you were told isn't wildly inaccurate (eg most of science).

    • There is no necessity to trust anyone.

      Well, you're commenting on slashdot, so firstly, even if you've validated all your apps and system software against certificates, you're trusting a hardware vendor.

      You're also trusting Dice Media not to /dev/null arbitrary comments.

  • by Chas ( 5144 ) on Friday June 06, 2014 @01:04PM (#47180875) Homepage Journal


  • by Mark P Neyer ( 3659539 ) on Friday June 06, 2014 @01:20PM (#47180989)

    imagine something like linkedin's 'how are you connected to this person' - except instead of 'we worked together' the edges are all of the form 'i trust this person to this extent.'

    you take a bunch of statements of this form (node X trusts node Y with level 0.4), all signed by private keys. if you meet someone else, you can see all of the trust paths from you to them, to decide how much you trust them, and to what extent.

    then, instead of having to personally know someone else personally, i can say 'there are 300 paths from me to this woman. 250 of them are strictly positive with trust levels over 0.7 which is my default threshold for comfort. all of the negative ones turn negative over two hops from me, and only three are intensely negative. i already had weak trust levels for intermediary nodes between myself and the negative inbound edges to her. she's fine, and i have more confidence in my negative assessment of those intermediary nodes.'

    this could be huge. it would let us have more trust in strangers, and it would let us do things like this:

    • 'this lawyer has 50 inbound links from people i'm relatively close to, that all rated him as an asshole. i wont work with him'
    • 'this guy i'm serving at the restaurant has 30 level-4 links out who've said he helped them when they didn't offer anythign in return. i'll service him better than this other guy over where who's been rated as rude and elitist by some closer level links to me'
    • lets look at the yelp reviews of these restaurants, weighted by the trust scores i give users who've left the reviews. hmm, all of these reviews are from identities i only have a few paths to, with all of those paths passing through my SEO friend, who i thought might be black hat. drop this guy's trust level to negative and mark all of those reviews as untrusted by me. don't want my friends to waste their time with that.
    • by jdunn14 ( 455930 )

      God this sounds familiar..... and that's because I wrote a PhD thesis about building a system to do something a lot like this. It involved a fairly mediocre web interface wrapping a database of trust relationships specified by end users. A trusts B for 0.7 and B trusts C for 0.6 then you can put together a trust level between A and C by multiplying those together with some user-tweakable distance dropoff. Those trust levels were then measured against the levels required for access to shared data. Maybe

      • God this sounds familiar..... and that's because I wrote a PhD thesis about building a system to do something a lot like this. It involved a fairly mediocre web interface wrapping a database of trust relationships specified by end users. A trusts B for 0.7 and B trusts C for 0.6 then you can put together a trust level between A and C by multiplying those together with some user-tweakable distance dropoff. Those trust levels were then measured against the levels required for access to shared data. Maybe you would allow anyone with a 0.7 or higher to read a given document and a 0.9 or higher to contribute to it. It was an interesting idea, but man did I get tired of it by the end. If for some bizarre reason anyone wants to read bits of it google books has some indexed [] and I probably have a pdf laying around somewhere....

        I figured it could be quite useful, but I was so fed up with the work in mid-2007 that I never looked back at it.

        Thanks for laboring through a thesis on the topic, it's an occasional daydream of mine and I would love a copy. :-)

  • Arthur remained very worried.

    "But can we trust him?" he said.

    "Myself I'd trust him to the end of the Earth," said Ford.

    "Oh yes," said Arthur, "and how far's that?"

    "About twelve minutes away," said Ford, "come on, I need a drink."

  • Seriously, if Bruce Schneier can't be trusted, who can?

  • Anyone demanding my trust, automatically loses it. Same goes for respect.
  • by rossdee ( 243626 ) on Friday June 06, 2014 @02:07PM (#47181455)

    Who do you serve, and who do you trust? - Galen

  • The Computer is your friend.
  • The linked article, which I did read, seems to have no thesis. It meanders from "C compilers can be subverted" to "see if people leave their purses out to judge if a neighborhood is safe". It is as if a high schooler had to write a paper on trust, and cut a paragraph out of each of the top 20 web search results.

  • by Cliff Stoll ( 242915 ) on Friday June 06, 2014 @02:21PM (#47181593) Homepage

    It's been a quarter century since I chased down those hackers. Hard to think back that far: 2400 baud modems were rarities, BSD Unix was uncommon, and almost nobody had a pocket pager. As an astronomy postdoc (not a grad student), I ran a few Unix boxes at Lawrence Berkeley Labs. When the accounting system crashed, my reaction was curiosity: How come this isn't working? It's an attitude you get from physics -- when you don't understand something, it's a chance to do research. And oh, where it led...

    Today, of course, everything's changed: Almost nobody has a pocket pager, 2400 baud modems are a rarity, and Berkeley Unix is, uh, uncommon. What started out as a weirdness hiding in our etc/passwd file has become a multi-billion dollar business. So many stories to tell ...

    I've since tiptoed away from computer security; I now make Klein bottles and work alongside some amazing programmers at Newfield Wireless in Berkeley. Much fun debugging code and occasionally uncorking stories from when Unix was young.

    Warm cheers to m'slashdot friends,

    • by cpghost ( 719344 )

      It's been a quarter century since I chased down those hackers.

      I saw a translation of The KGB, the Computer, and Me [] that aired back then on German TV, and it was fascinating! Great to see you here on Slashdot Cliff!

      • Thanx!

        I saw a short section of the German version of that Nova show ... apparently I speak fluent German in the that version!

        Mit den besten Wünschen,

    • I still remember the fascination from when I first watched The KGB, the Computer, and Me. It was many years later that I finally read The Cuckoos Egg, and I found that even more enjoyable - a fascinating story, well told. I still have it on my bookshelves today.

      I also have one of the Klein bottles - a very nifty product, entertaining and educational at the same time.

      Thank you for making such rich contributions to the world.

    • by yanyan ( 302849 )

      Hello Cliff, awesome to see you on here. I read "The Cuckoo's Egg" at least once every two years. Never gets old and it's truly a story for the ages. :-)

  • ACM seems like a reputable publication so I was going in to it thinking I was about to read some interesting stuff, and then this happened:

    Even the time of day can be exploited. In 2013 a network attack known as NTP Amplification used Network Time Protocol servers across the Internet in a distributed denial-of-service attack. By spoofing the IP address of a requester, an ever-larger stream of packets could be aimed at a target, swamping the target's ability to respond to TCP/IP requests.

    lolwut. The time of day was not exploited, not even a little. The boneheaded "Feature" of having a command to recall a large chunk of data via unauthenticated UDP was exploited. They go on to explain a basic denial of service attack and finish it off by misusing a term as basic as TCP/IP (it doesn't matter what protocol you are using when you are the target of a DDOS, y

  • I generally don't trust anyone who says "Trust me".

  • "Trust no one." :P

Competence, like truth, beauty, and contact lenses, is in the eye of the beholder. -- Dr. Laurence J. Peter