D19:00:20 TimFreeman What's your diet like?
19:00:33 HarveyNewstrom I see hkhenson all over the groups. I have only met people in person at Extro-5.
19:00:33 thefirstimmortal You look very young in your photo's
19:00:54 HarveyNewstrom Yes, I have had doctors claim that I have the body of a 25-30 year old. I am 40 years old.
19:01:11 TimFreeman Eliezer: Do you have an understanding of why lies would help politicians?
19:01:15 HarveyNewstrom I am vegetarian, low-calorie (bordering on calorie restriction), high anti-oxidants
19:01:18 hkhenson it is probably more important how long your grandparents lived.
19:01:28 thefirstimmortal That's why I was asking about the Vity use
19:01:44 BJK Harvey, that's really great to hear
19:01:45 MikeL Keith, are you still hiding in Canada these days?
19:01:49 HarveyNewstrom I have a BAD family history. Heart-attacks, emphasema, lung cancer, throat cancer, skin cancer, etc.
19:01:59 HarveyNewstrom I am paranoid about trying to avoid my genetic predispisitions.
19:02:03 TimFreeman Harvey: Did they smoke?
19:02:06 hkhenson not hiding, but still here
19:02:10 BJK welcome rewt.. what brings yout to ImmInst chat?
19:02:16 HarveyNewstrom Yes, they smoked, and I hope this explains all their problems!
19:02:18 hkhenson I was going to say, all those are from smoking
19:02:26 hkhenson and too much sun.
19:02:32 HarveyNewstrom My diet is also low fat, following Kurzweil's 10% solution.
19:02:36 John_Ventureville I can vouch for Harvey looking great for his age
19:02:52 serenade paleo diet here
19:02:56 BJK where do you live Harvey?
19:03:00 HarveyNewstrom Yes, smoking and sun. I don't smoke and I avoid the sun. I am pale, skinny, and young looking.
19:03:09 hkhenson LOL!
19:03:11 hkhenson kids?
19:03:12 BJK paleo/atkins diet = good
19:03:18 HarveyNewstrom I am in West Melbourne, Florida. East coast near Orlando
19:03:19 HarveyNewstrom no kits
19:03:24 BJK Harvey has no kids
19:03:25 John_Ventureville kits?
19:03:31 HarveyNewstrom I have a love/hate with the atkins diet
19:03:35 HarveyNewstrom Low carb = good
19:03:38 HarveyNewstrom High fat = bad
19:03:42 BJK hmm..
19:03:54 HarveyNewstrom Or actually, there are good fats and bad fats, good carbs and bad carbs
19:03:56 hkhenson people can lose weight on a diet of grease
19:04:02 thefirstimmortal I'm on a Atkins like diet
19:04:10 HarveyNewstrom Any diet that tries to lump one whole macronutrient group as good or bad is too simplistic.
19:04:22 HarveyNewstrom I believe each macronutrient group has a continuum from good to bad.
19:04:28 BJK agree
19:04:55 HarveyNewstrom I have my own food chart with proteins, fats, carbs, fiber, water showing different types from good to bad. This makes more sense to me than foud groups or pyramids.
19:04:57 BJK Harvey, what can the cryonics community do to be more successful
19:05:13 BJK in gaining membership
19:05:15 hkhenson harvey, just out of curiosity, do you ever see too much security?
19:05:18 HarveyNewstrom To be honest, I don't think cryonics is intersting to people
19:05:31 hkhenson bjk, alcor is doing ok
19:05:32 HarveyNewstrom Never too much security. Always, the wrong security.
19:05:39 BJK * BJK nods to Keith
19:05:42 John_Ventureville Cryonics is just not sexy enough!
19:05:50 hkhenson they have about as much growth as they can deal with.
19:06:02 hkhenson ah. good point.
19:06:07 HarveyNewstrom For example, airport metal detectors are *detectors* not *preventors* People can just walk through with guns visible.
19:06:08 BJK should we open a new cronics organization?
19:06:19 HarveyNewstrom Yes, none of our stuff is sexy enough
19:06:27 BJK heh
19:06:41 hkhenson not likely bj, been done and remember what happened.
19:06:55 John_Ventureville we need supermodel with an MBA to lead Alcor!!
19:07:02 John_Ventureville that will do the trick!
19:07:02 Utnapishtim Hey John
19:07:09 John_Ventureville hello
19:07:14 hkhenson well, there is a reason, not even the most dedicated cryonics sort wants it.
19:07:18 HarveyNewstrom I have helped Alcor with security issues in the past. Our groups all need to beef up security. We are just no prepared for when reporters want to snoop or bad employees want revenge.
19:07:18 MikeL NO way, look what happened to ExI
19:07:27 hkhenson it is just the second worse thing that can happen to you.
19:07:34 BJK Harvey you ever meet Saul Kent per chance?
19:07:48 John_Ventureville what happened to Exi??
19:08:05 HarveyNewstrom Yes, I have been down to his place in Ft. Lauderdale, been to South Florida Cryonics meetings before they merged into Alcor, etc.
19:08:33 HarveyNewstrom My interest in nutrition lead me to Saul and LEF, lead me to cryonics, lead me to transhumanism in that order.
19:08:40 BJK nice
19:08:42 hkhenson harvey *is* there any way to deal with snoops or revenge employees?
19:09:17 HarveyNewstrom Control their access to stuff. Limit them to their job only , instead of having all internal files available to everyone.
19:09:28 serenade HarveyNewstrom, is social engineering a major threat these days
19:09:32 John_Ventureville the FBI learned that lesson the hard way
19:09:42 HarveyNewstrom It is hard to tell if an employee will turn bad. I do not believe Alcor could have detected or prevented anything based on my knowledge.
19:09:53 hkhenson that was the stituation at alcor, so Larry didn[t get all he might have got.
19:09:54 HarveyNewstrom Social engineering is the number one threat
19:10:04 HarveyNewstrom People are always the weakest link, and the easiest to be scammed.
19:10:15 HarveyNewstrom People break the rules, act inconsistent, etc.
19:10:16 BJK define social eng?
19:10:16 serenade very true
19:10:21 hkhenson hmm.
19:10:29 HarveyNewstrom A basic piece of equipment, like a lock, is much better at consistency
19:10:33 John_Ventureville Did the rejection of Suspended Animation in Boca Raton surprise you?
19:10:41 hkhenson it should be noted that it took 11 years for the stuff that caused problems at alcor to get out.
19:10:41 HarveyNewstrom Social engineering is scams or confidence games.
19:11:03 HarveyNewstrom I was not suprised at Boca Raton's rejection.
19:11:08 John_Ventureville why?
19:11:19 hkhenson I don't know how many could have been leak sources, but there must have been close to a dozen potential sources.
19:11:20 BJK cronics is not sexy
19:11:32 John_Ventureville lol
19:11:37 John_Ventureville that can't be the sole reason
19:11:42 HarveyNewstrom They are so strict at their image control, that they limit what plants you can have outside, what color your house is, and fast-food restaurants can't use their trademark unique looking buildings.
19:11:51 serenade BJK, an example is posing as an employee for a company to gain access to secure information
19:11:54 John_Ventureville very anal!
19:12:01 serenade over the phone or in person
19:12:09 HarveyNewstrom A community that controlling of image was never going to be able to stand the publicity that freezing dead people would bring.
19:12:25 hkhenson harvey, have you ever seen a time vs failure for humans?
19:12:35 John_Ventureville what town/city would you recommend to Saul and SA?
19:12:37 HarveyNewstrom hkhenson, what do you mean?
19:12:51 hkhenson what I am interested in is how long a person should be a member before alcor takes them on as an employee?
19:13:02 HarveyNewstrom A big town like Miami that has diverse populations that tolerate each other would be much better.
19:13:02 hkhenson this last case was under a year I think.
19:13:04 hkhenson but not sure.
19:13:04 John_Ventureville lol
19:13:09 HarveyNewstrom Any city with weirdos, but allow weirdos.
19:13:12 John_Ventureville *or be a president?*
19:13:32 BJK seems a city close to the ocean would be open to environmental threats
19:13:33 HarveyNewstrom Oh, a trial period of three months might be good to get to know anybody.
19:13:46 hkhenson hmm didn't work this time.
19:13:59 HarveyNewstrom Also, standard accounting/audit practices requires each employee to take a regular vacation. Someone else fills in for them, and you will see if anything strange is going on.
19:14:05 hkhenson of course, the fbi has had people go bad after ten years
19:14:17 hkhenson and more
19:14:39 hkhenson openness helps too.
19:14:47 HarveyNewstrom Right. I can't speak of specifics, but there were no warning signs for Alcor. The problems came up later and activities seemed to occur later. The initial period seemed to have been legit.
19:15:13 hkhenson the Ted W business started it?
19:15:14 BJK with your phychology background, have you thoughts on free will vs determinism?
19:15:17 HarveyNewstrom Openess is good. If you don't have hidden secrets, they can't be exposed.
19:15:26 hkhenson right.
19:15:42 HarveyNewstrom handling employees better is good too. If they don't get so angry and vengeful, they won't take revenge.
19:15:43 hkhenson alcor kind of got stuck unfortunately.
19:16:04 BJK do you know the new alcor pres?
19:16:21 HarveyNewstrom I have no technical beliefs on free-will vs. determinism. I think they are semantic errors where we can't conceive the right question to ask, so it appears to be a paradox.
19:16:35 HarveyNewstrom Sort of like what was it like for me before I was born? Invalid question, not an unknown.
19:16:40 BJK wonderful answer
19:16:42 BJK thank you
19:16:49 hkhenson harvey, have you read what marvin minsky has written on this topic?
19:16:54 BJK that hits to the root of the problem
19:17:04 hkhenson bj, have you?
19:17:16 BJK free will?
19:17:22 hkhenson right.
19:17:26 HarveyNewstrom No, I have not met the new alcor prez. I knew a close runner up that lives here in Melbourne
19:17:28 BJK from Marvin?.. ah don't think so
19:17:57 hkhenson you do know marvin is signed up I presume?
19:18:07 BJK Melbourne is Australia right?
19:18:13 HarveyNewstrom I have not read Marvin's stuff for many many years. I don't remember it enough to comment.
19:18:22 BJK Marvin is an Alcor Advisor i believe
19:18:29 HarveyNewstrom Melbourne, Florida, sorry!
19:18:37 BJK ah, k
19:18:40 John_Ventureville dang!!
19:18:45 hkhenson Marvin's signup was anounced at an extro
19:19:10 BJK care to share his name?
19:19:13 HarveyNewstrom I would love to visit austrailia. Anybody got a job there for a security pro? As an independent contractor, I am always looking for my next contract.
19:19:21 HarveyNewstrom James Clement
19:19:23 John_Ventureville Harvey, do you have plans to attend an upcoming extro or other transhumanist conference?
19:19:29 BJK ah.. sounds familar..
19:19:40 Eliezer Hm, today's Dilbert is quite appropriate to the chat:
http://www.unitedmed...comics/dilbert/ 19:19:47 HarveyNewstrom He flew out to Alcor for interview, has a strong business and financial background, and very involved in longevity, diets and cryonics.
19:20:15 HarveyNewstrom I have not made plans yet for conferences. I would like to, but I am finishing a contract and can't predict my schedule now.
19:20:50 hkhenson Free Will
19:20:50 hkhenson ... Pinker, like his colleague Marvin Minsky, supposes that we ... we must pretend to have
19:20:50 hkhenson free will, even ... any plunge into pessimism that determinism might engender ...
19:20:50 hkhenson
http://www.naturalism.org/freewill.htm - 19k - Cached - Similar pages
19:21:26 BJK thanks Keith
19:21:40 HarveyNewstrom That Dilbert cartoon is my life with my clients. Most of them think I am a whiner and a complainer because all I do is point out problems. They don't realize that this is my job (plus developing solutions to the problems I find).
19:22:40 BJK i bet
19:22:45 hkhenson you should retire
19:22:57 hkhenson and exploit the holes to make big buck$
19:23:00 hkhenson :-)
19:23:14 BJK dangerious mind there keith
19:23:34 hkhenson can't get much worse, already a refugee
19:23:45 HarveyNewstrom I wish I could afford to retire.
19:24:05 HarveyNewstrom People ask me all the time why I don't make money via security exploits.
19:24:21 Eliezer maybe... he's not evil? sheesh.
19:24:22 hkhenson they are actually hard to do.
19:24:37 hkhenson it is not so hard to *cost* companies big money.
19:24:46 BJK off the wall question, but do you know Steve Jerveston per chance?
19:24:48 hkhenson but to get it into your pockets, that's the hard part
19:24:53 HarveyNewstrom Actually, security exploits are very easy to do. The hard part is not getting caught later!
19:25:02 hkhenson right.
19:25:41 HarveyNewstrom Most people don't know this. They think the fact that I can get real money is significant.
19:25:59 HarveyNewstrom The fact that they could trace me later with ISP logs, phone logs, bank traces, etc., is the real limiting factor.
19:26:01 hkhenson though it is amazing how much cash it takes before someone notices.
19:26:07 HarveyNewstrom (Plus I'm not evil.)
19:26:16 outlawpoet meh
19:26:31 outlawpoet it's just money.
19:26:35 hkhenson I was amused by a tapping story I recently ran into.
19:26:51 BJK what will happen to money with nanotech success?
19:26:57 hkhenson guy had used a pre paid cell phone as one link
19:27:01 HarveyNewstrom I wrote a program in 1980 to recover fractional pennies due to rounding errors for First American Bank. My program saved the pennies until they reached a full penny and then added them to the transfers so the rounding error would not be lost.
19:27:24 HarveyNewstrom I don't think nanotech will eliminate money.
19:27:40 BJK damn, harvey you're a real genius
19:27:41 hkhenson paid with cash. no link to trace when they found the tap.
19:27:46 HarveyNewstrom Nanotech will produce products controlled by large companies. Even if the stuff is cheap to produce, they will charge for it.
19:28:04 hkhenson we could see some extreme deflation though
19:28:07 HarveyNewstrom Just like automation hasn't reduced our work week. We now work more hours per week to run the machines than when we manually did everything.
19:28:32 hkhenson harvey, have you ever looked here www.badgecam.com
19:28:33 outlawpoet Well, we do a lot more things, also.
19:28:36 outlawpoet more range.
19:28:40 outlawpoet more scope
19:28:42 outlawpoet more everything
19:28:50 outlawpoet so it's not as if we do more work for the same results.
19:29:04 HarveyNewstrom Look at modern healthcare for an example. The same medicines cost much more in the US than elsewhere. Manufacturing costs is not an issue, so Nanotech won't change much in the prices.
19:29:33 BJK perhaps medicine is not a good judge?
19:29:34 HarveyNewstrom No, but the concept of such cameras is intersting.
19:29:48 HarveyNewstrom I don't know if I want a transparent society with no privacy or not.
19:30:11 BJK truth rings and badgcams for everyone
19:30:18 MikeL Hey, remember when David Brin assaulted me at Extro5????
19:30:19 hkhenson david brin says there is no choice
19:30:20 BJK not a good world, eh?
19:30:25 hkhenson he did?
19:30:26 HarveyNewstrom True, medicine may not be a good example. But I think it indicates that strangenesses occur. We can't predict things just by what makes logical sense or what we would think
19:30:30 hkhenson wow.
19:30:40 HarveyNewstrom Assaulted you???
19:30:44 MikeL Yeah, screamed at me even... well, he just apologized to me for it..
19:30:55 HarveyNewstrom What for?
19:30:57 hkhenson over what?
19:31:09 hkhenson brin endorced the badge camera you might note
19:31:16 outlawpoet MikeL, just now?
19:31:22 MikeL Yeah, I introduced myself and said that I really enjoyed his work, but had some difficulties with The Transparent Society
19:31:34 MikeL He apologized yesterday...
19:31:43 HarveyNewstrom He yelled at you because you disagreed with him?
19:31:44 BJK via email?
19:31:45 hkhenson that was a long time ago.
19:31:45 Eliezer I was on a panel with David Brin once. Seemed like a reasonably normal SF author. He's got ambitions of grandeur, though, thinks he can match Greg Egan.
19:32:09 MikeL He jabbed me in the chest with his finger, backed me up against the wall (thats an accomplishment, given my size)
19:32:22 hkhenson hmm.
19:32:34 HarveyNewstrom I have learned not to take things personally. I might get stubborn or make future decisions based on someone's actions, but I don't get irrational or emotional. Especially not over opinons. (I do get frustrate a lot, however).
19:32:34 MikeL and yelled "YOU GODDAM LIBERTARIANS, YOU KNOW WHAT YOUR PROBLEM IS?
19:32:35 hkhenson well, people in his place do get hyper.
19:32:49 hkhenson it is the druglike effects of a lot of attention
19:32:56 MikeL YOU DON"T TRUST ANYBODY OR ANYTHING FOR ANY REASON. GET OVER IT" and he walked out the door..
19:33:03 hkhenson LOL!!!
19:33:15 hkhenson heh heh
19:33:20 HarveyNewstrom I assume that this should be on film somewhere given his belief in the transparent society.
19:33:24 hkhenson I am a lower case libertarian myself
19:33:32 BJK politics.. wow.. ideological wrangling is so devisive
19:33:39 HarveyNewstrom I am a parenthetical (l)ibertarian
19:33:59 BJK i'm a human who wants to be a posthuman immortal...
19:34:02 HarveyNewstrom I agree on paper to all the ideas, but often don't like the implementations or people very much.
19:34:08 hkhenson but man have I caused massive upsets amoung libertarians
19:34:11 MikeL The funny thing was I had just published my essay "Its about the trust", which detailed the reason we have statist incrementalism is that people have stopped trusting each other...
19:34:15 hkhenson and I didn't even intend it.
19:34:28 HarveyNewstrom I forgot about that paper, Mike
19:34:42 hkhenson more than ten years later they were still freaked out about the article I wrote for Reason magazine on memetics
19:34:50 HarveyNewstrom In security analysis, I have come to realize that "trust" means you can't secure it and have to have blind-faith in the other person.
19:34:52 hkhenson Memes, MetaMemes and Politics
19:35:07 Eliezer hear hear (Harvey)
19:35:20 BJK MikeL, would you perhaps entertain the idea of joining us as a chat guest in the future?
19:35:21 HarveyNewstrom If you count your change, you don't have to trust the other person.
19:35:21 MikeL So, I was rather happy to be able to forgive David...
19:35:27 MikeL Sure...
19:35:31 BJK wonderful..
19:35:34 HarveyNewstrom Yes, MikeL would be a good speaker.
19:35:42 BJK i'll email you with details
19:35:48 hkhenson mikeL, I think I know why.
19:35:50 HarveyNewstrom Thanks, Eliezer.
19:36:10 HarveyNewstrom And thank you for your link about the bogosity of Moore's Law. That is one of my pet peeves!
19:36:21 BJK can you share your email address... or send me a quick email to bjk@[death to spam].imminst.org
19:36:30 Eliezer My politics? I'm a pessimist. Everything that libertarians say about the massive dysfunction of government is backed up by history and true; and everything liberals say about the human cost to the poor is backed up by history and true.
19:37:03 hkhenson harvey, if your mirc has a window, I can give you the password into the rest of badge camera
19:37:15 hkhenson if you want it, or email me for it hkhenson@[death to spam].rogers.com
19:37:16 MikeL mlorrey@[death to spam].yahoo.com
19:37:20 BJK thanks mike..
19:37:31 BJK you can pm Harvey
19:37:37 hkhenson mike, human evolution occured in tribes.
19:37:40 HarveyNewstrom I'm a securityist (for a political position). If something can go wrong, it will go wrong. We need to brainstorm all the ways in which things can go wrong to prepare for them. Being an optimist ignores half the glass. (So does being a pessimist.)
19:38:07 BJK a new tap will show above when you have a Personal Message via chat
19:38:11 BJK tab*
19:38:18 BJK tab = red with new message
19:38:49 MikeL Dunno If i'd say it began in tribes
19:38:59 hkhenson and in tribes you were typically related to the people around you.
19:39:03 Eliezer Harvey, one of my favorite expressions is "Trust but verify." We have to realize that it isn't an insult to someone to verify what they say.
19:39:16 HarveyNewstrom Yes, trust but verify is a good saying!
19:39:37 BJK Harvey, would you expect and orgaization like ImmInst to receive attacks ?
19:39:39 HarveyNewstrom Yes, I have had people suggest that my laptop chain lock is offensive to customers, because it implies I think they might steal my stuff.
19:39:45 MikeL that is a good point, but I'd say it was more important as a survival tool to trust your tribe members
19:39:55 hkhenson exploiting people around you tended to hurt your genes
19:39:57 HarveyNewstrom Yes, all internet websites get attacked.
19:40:10 HarveyNewstrom hackers go through IPs sequentially, so they will hit yours eventually.
19:40:13 MikeL you need to trust members of your hunting party for you all to take down that mammoth or cave bear
19:40:22 HarveyNewstrom They also scan for known vulnerabilities and might find yours.
19:40:24 hkhenson right.
19:40:26 BJK looking forward.. perhaps ImmInst may be attacked via law suites?
19:40:32 MikeL a mother needed to trust others with the care of her kids...
19:40:45 HarveyNewstrom Also, they may not even care about you or your site. They may just need disk space, bandwidth, or an innocent party to pass through.
19:40:47 BJK or are non-profits more protected
19:41:02 HarveyNewstrom The idea that nobody would attack a particular site is faulty, because any site can be useful to a hacker as raw resources.
19:41:13 MikeL Of course, tool use began with homo erectus and homo habilis, and we have no idea about their social structure.
19:41:31 hkhenson actually we know much about them.
19:41:39 hkhenson we know they were social.
19:41:42 BJK ImmInst has been attacked by hackers in the past
19:41:49 HarveyNewstrom I used to analyze legal contracts for security vulnerabilties. They might require audits, or liability. (I have a business degree in addition to computers).
19:41:56 BJK homepage replaced...
19:42:17 BJK backup was on file
19:42:22 MikeL I have a hack question for Harvey: Yes, I know that MS XP is vulnerable...
19:42:26 HarveyNewstrom yes.
19:42:44 MikeL but I'm running Mcafee firewall and virus scan, and Pop-up stopper
19:42:53 HarveyNewstrom Very good.
19:42:54 hkhenson a lot less vulnerable than the beta was . . .
19:43:05 MikeL but some pop ups have come through in the past few days
19:43:09 HarveyNewstrom XP has a lot better security, but you have to set some of it.
19:43:16 MikeL that resulted in my IE home page being changed...
19:43:18 Eliezer Yes, padlock your laptop! Even if you trust your customers, do you trust everyone your customers trust? Trust is venereal, verification is condoms. Break as many links as possible in the network of compromise.
19:43:55 MikeL what is causing this?
19:44:08 HarveyNewstrom Yes, microsoft keeps putting backdoors in their software. They use them to integrate and automate stuff between PCs and packages, but hackers always find them and utilize them. Until they encrypt communications and digitally authenticate them, MS will always be vulnerable.
19:44:35 BJK why don't they encrypt?
19:44:49 HarveyNewstrom Turn the zone level in your Outlook Express higher. Turn off Active-X, Javascript, Java, etc. if you can stand it.
19:44:52 hkhenson at one time it was not really legal
19:44:54 Eliezer MS will always be vulnerable simply because so many people are attacking it. I express doubt that their problem is solvable, although they certainly could be doing much better.
19:45:22 hkhenson what does the time zone do for security?
19:45:23 HarveyNewstrom Most popups are from ads. They website you TRUST lets them in in the background. You said trust the one site, so the ad they allow is exempt from your security rules!
19:45:36 HarveyNewstrom Encryption would slow things down
19:45:45 HarveyNewstrom Most people don't realize how slow encryption is.
19:45:59 serenade MikeL, consider trying Mozilla web browser. It has built in popup blocking. I've never seen one get through
19:46:08 BJK slow because of more process power needed.. eh
19:46:13 HarveyNewstrom PGP, for example, only uses two-way encryption on the password, a single word. It uses bogus password one-was encryption for the whole message.
19:46:38 MikeL Well, I just picked up 6 PCs that I'm gonna turn into linux boxes for the FSP headquarters here in NH
19:46:50 serenade MikeL, have you scanned your computer for spyware
19:46:58 BJK FSP.. free speech.. ?
19:47:03 MikeL Yeah, I run spybot search and destroy
19:47:04 HarveyNewstrom Opera browser also has a setting to stop pop-ups. Popups are only possible because MS allows them. If the software blocked them or asked or had a setting, you would never have a problem.
19:47:07 serenade k
19:47:08 MikeL Free State Project
19:47:20 BJK ah k
19:47:29 BJK damn libertarians
19:47:56 MikeL You guys wouldn't believe the synergy that is going on with the FSP these days
19:48:02 hkhenson harvey, if you could, would you go interstellar?
19:48:13 MikeL We've got a whole town in Vermont that wants to secede to NH
19:48:14 BJK perhaps this could be a topic for the chat MikeL?
19:48:17 hkhenson like leave the solar system?
19:48:24 HarveyNewstrom Use spybot plus AdAware, because they catch different things.
19:48:26 MikeL Sure..
19:48:38 BJK * BJK likes Adaware
19:48:39 HarveyNewstrom I definitely want to go interstellar.
19:48:53 hkhenson ah. are you up on the far edge party?
19:48:57 HarveyNewstrom Or at least to the Transneptunian objects (like Plutinos)
19:49:37 hkhenson given nanotech, interstellar seems to be within reach.
19:49:41 Eliezer I find that my own instinctive approach toward security - I'm not even saying it's a conscious decision - tends to lean toward making errors noncatastrophic, rather than trying to prevent errors.
19:49:47 hkhenson using stars to power the ships
19:50:07 MikeL That only works as far as the heliopause, doesn't it?
19:50:22 hkhenson no, monster lasers.
19:50:34 HarveyNewstrom These interst me because they are bigger than asteroids, have 1/10th gravety, (frozen) atmospheres, organics, water, O2 and hydrogen, plust the best part 10% have split into double asteroids, and the tidal pull warms the ice to liquid temperatures! If you think Europa's internal ocean is interesting, imagine thousands of such oceans in the Kuiper belt, all much older than the planets!
19:51:07 MikeL Ah, I just want to crash a few into Mars as a jump start...
19:51:21 HarveyNewstrom Having a backup plan is a good key to security. If you can try something in a safe environment, without much consequence if it fails, and you can revert back to your previous state, you're golden.
19:51:51 BJK speeking of golden.. i'm to get a golden retriever feb 20
19:51:59 HarveyNewstrom Cool pup!
19:52:05 BJK yep female..
19:52:15 BJK name 'Luna'
19:52:19 Eliezer Other people are, "Let's prevent the hacker from getting root." I'm, "Let's say the hacker has root."
19:52:27 MikeL Good for you. Good breed. I've got a chocolate lab/german shorthair.
19:53:06 John_Ventureville the official dog of Ventureville is the Great Dane!
19:53:08 John_Ventureville : )
19:53:09 HarveyNewstrom Right, Eliezer. Although the whole concept of root is one of "trust". It says all security controls and limits are ignored once they reach this spot. What if there were no root, and every user had specific tasks avaialble only?
19:53:27 MikeL Are you going to hunt that retriever?
19:53:32 hkhenson harvey, I wonder if the best way to keep people out is to rent your extra disk space?
19:53:38 BJK just companionship... but i want to train her..
19:53:53 Eliezer Then the current crowd of script kiddies would be at a loss, but smart people walk through capabilities-based security.
19:54:01 BJK thinking of underground wire/elec fence for 3/4 acre yard
19:54:02 HarveyNewstrom That is the hardest way. Keeping them out is easy. Letting them in to part of your disk but not another part is much harder.
19:54:26 HarveyNewstrom This is the security difficulty with web servers. Keeping people out is easy. Letting them in to some functions but not other functions is harder.
19:54:40 BJK is having a dog a good security feature for an immortalist?
19:54:40 MikeL The fence is okay, but a pain in the ass to install. An electric collar I've found is far more effective for training.
19:54:51 BJK a thanks
19:54:54 Eliezer I've seen capabilities-based security implemented on MOO. It was much more fun and interesting to break than just looking for buffer overruns. More like looking for killer combos in Magic the Gathering decks.
19:55:07 MikeL Pets extend life, for sure, good for blood pressure.
19:55:08 HarveyNewstrom And the firewall doesn't help, because it lets everybody get to the webserver. If you draw a map of your security perimeter, your webserver is supposed to be the firewall for all those visitors. how many webmasters know that?
19:55:31 outlawpoet whoa, Eliezer knows about combo exploits in Magic?
19:55:37 outlawpoet a new image formes in my head.
19:55:49 outlawpoet of where Friendly AI had it's genesis....
19:56:04 BJK welcome xeiox
19:56:07 HarveyNewstrom Don't get me started on buffer overruns. They are so easy to avoid if programmers knew how. But they aren't taught and don't care. it is amazing that we still have basic bounds-checking problems decades later.
19:56:21 hkhenson shade of the Bavarian fire drill outlaw.
19:56:37 HarveyNewstrom What;s that?
19:56:46 BJK * BJK bbl
19:56:47 Eliezer The people advocating capabilities-based security don't quite seem to realize that this is a failure mode - tiny compromises stacking to form big compromises - instead of current security where you get one big compromise all at once.
19:57:04 MikeL Pets as security feature is only good for warning. Training a dog as a guard dog basically ruins it for most everything else.
19:57:20 hkhenson Something RAW and the people around him used to do.
19:57:31 HarveyNewstrom Yes, capabilities-based is just a different method. It is not automatically successful or not. Many people want a magic bullet.
19:57:48 hkhenson firewalls are a good place to start
19:58:11 HarveyNewstrom They don't realize that the firewall or capabilities or rules-base or whatever, only do what you tell it. So you have to be able to detect all threats and teach it how. If you miss something, so will your mechanical follower.
19:58:12 hkhenson the inexpensive way is a linksys router.
19:58:49 hkhenson best is some older software that had stateful packet inspection.
19:58:50 HarveyNewstrom Linksys is good. But turn off the ability to reconfigure it from the outside with a web browser that is on by default!
19:59:38 HarveyNewstrom Stateful packet inspection is the best.
Unfortunately, Microsoft and Oracle and others are breaking these with protocols with no state, or that switch ports dynamically.
19:59:44 hkhenson you do have to be on the LAN to do that don't you?
20:00:03 Eliezer People write nets to catch possible effects or signs of security breaches, but not all security breaches follow the signs, so the net has holes. I've taken to calling this a "negative verification paradigm", where you look for unusual signs of failure, contrasted to a positive verification paradigm where you require unusual signs of success.
20:00:10 hkhenson so as long as your physical security is good . . . .
20:00:23 HarveyNewstrom Nope, access to reconfigure the linksys from the WAN side is on by default. You have to turn this off. There is a password, but the check is in javascript in the webcode so a hacker can get in.
20:00:40 HarveyNewstrom Physical security is the worst problem I have seen in corporate computer labs!
20:00:43 hkhenson oh my.
20:01:23 HarveyNewstrom They have tiled ceiling where the walls don't go all the way up, or raised floors with the floors open under the walls, or glass windows with no alarm or cameras, etc.
20:01:47 thefirstimmortal Thank You Harvey for joining Imm chat. May you all Live Long and Well, William Constitution O'Rights
20:01:56 HarveyNewstrom I very often see fancy glass doors which always have a gap between them so the glass doesn't hit and break. It is easy to stick a wire through there and open them.
20:01:59 Eliezer Or secret passageways behind the bookcases - have you ever found anything like that?
20:02:20 HarveyNewstrom Also, fire laws require doors to open outward, which means the hinges are on the outside, which means a screwdriver can open any door.
20:02:35 MikeL oh shit...
20:02:51 John_Ventureville is it true the Chinese through a foreign holding company created and sold software with an "easy to spy & steal" backdoor to various sensitive U.S. agencies which resulted in an intelligence coup for them?
20:02:54 Eliezer well, hey, a fire axe opens most doors
20:03:06 MikeL At Datamann, we used to put bars across the doors on the inside... thought it was secure..
20:03:08 outlawpoet Harvey, what about those Lbracket hinges, that open outward?
20:03:11 HarveyNewstrom I have found secret passage ways. Cubicle walls that unsnap and people would sneak through
20:03:27 HarveyNewstrom The Lbracket hingest are better than regular ones.
20:04:16 HarveyNewstrom Yes, a fireax works. People will have an electronic lock with 3 tons holding power on a glass door and think it is impassable.
20:04:50 MikeL But it LOOKS so CEWEL....
20:04:54 hkhenson harvey, re linksys, what key word?
20:05:21 hkhenson to turn off the external config
20:05:30 Eliezer arg, I really have to leave and get work done. sorry.
20:05:30 HarveyNewstrom I have not heard of the Chinese doing this, but IBM sold encryption software to other countries that bypassed the (then) export laws by giving copies of the encryption keys to the CIA before export. Other governments then used software which our government could crack.
20:06:03 HarveyNewstrom Arg, bye Eliezer. Nice chatting as always...
20:06:05 hkhenson DES
20:06:16 HarveyNewstrom I'll look at my linksys a sec.
20:06:38 hkhenson though eventually John Gilmore built a cracking engine.
20:06:46 MikeL Okay, Harvey, what is the best encryption to use for email that is easy to use?
20:07:09 hkhenson mike, you have to have everyone else using it as well.
20:07:22 MikeL Yeah, I know bout that...
20:07:23 HarveyNewstrom In the Linksys, under Advanced, the tab is "Filters" and the button is "Remote Management"
20:07:24 hkhenson so that in reality leaves you with hushmale
20:07:26 hkhenson mail
20:07:30 hkhenson and pgp
20:07:39 outlawpoet stupid hushmail
20:07:41 MikeL Hushmail got exploited
20:07:50 hkhenson really?
20:07:55 HarveyNewstrom Hushmail is the easiest, but not very secure. You have to trust them and their security.
20:07:56 hkhenson have not used it in years
20:08:10 MikeL Yeah, when they were getting their servers overloaded, they succumbed to some man in the middle attacks...
20:08:28 hkhenson that's interesting.
20:08:33 HarveyNewstrom Most web-based e-mails have encryption keys between each person and the server. The server has to decrypt and re-encrypt each message. A single point of access.
20:08:39 MikeL I got sick of them cause I couldn't even access my account any more, it was so slow...
20:08:42 hkhenson I don't understand that . . . .
20:08:56 hkhenson I thought it was end to end
20:09:02 HarveyNewstrom Microsoft mail in XP now has proper security, but it is obscure and hard to use.
20:09:07 hkhenson with the encryption in the local java
20:09:59 HarveyNewstrom Probably easiest is to set secure-mime as required on your pop mail and keep your clients and servers physically secure. The only internet communications is encrypted.
20:11:08 MikeL Keith, that was back, just after I helped investigate the cult for you...
20:11:12 serenade im waiting for sp2
20:11:23 HarveyNewstrom What cult?
20:11:35 MikeL CoS
20:11:50 outlawpoet Church of Scientology?
20:11:54 MikeL yeah
20:12:12 HarveyNewstrom Oh
20:12:24 outlawpoet what a bunch of gullible bastards.
20:12:40 outlawpoet although i have to say, targeting celebrities was a very good strategy for them.
20:12:50 HarveyNewstrom Hushmail specifically stores your *private* key on their server. Any break in at the server level gets access to everybody's keys.
20:13:02 MikeL Y'all remember when a troll on the extropians list was making attacks on Max and Keith???
20:13:03 serenade 1024 bit
20:13:17 HarveyNewstrom Also, hushmail uses passphrases and users typically pick weak passphrases that can be guessed or brute forced.
20:13:21 HarveyNewstrom Yes, I remember that.
20:13:23 MikeL Hush claimed that the keys were all encrypted on their server...
20:13:24 hkhenson ah yes
20:14:01 MikeL On passphrases.....
20:14:07 HarveyNewstrom Also, the messages sent through Hushmail can be decrypted by the *recipient's* passphrase. So even if you pick a good one, the recipient may have a poor one.
20:14:08 hkhenson that turned out to have originated from the same place as some other attacks did
20:14:17 MikeL which is better: long or diverse characters?
20:14:30 serenade distributed.net is an interesting project
20:14:44 HarveyNewstrom Diverse characters is stronger.
20:14:55 hkhenson I would venture to say that my pass phrases are really hard.
20:15:06 HarveyNewstrom A common sentence or string or words is more easily guessible than the same number of random characters
20:15:20 HarveyNewstrom A good technique is using initials from a sentence.
20:15:27 hkhenson you would have to know extremely obscure information about my history to even have a chance
20:15:28 MikeL Yeah, but with a number of random characters, you've got
20:15:50 HarveyNewstrom So the words to twinkle twinkle little star would yields ttlshiwwya...
20:16:34 MikeL but those are all alphabetical. Don't you want characters in numbers and punctuation and so forth as well?
20:16:59 HarveyNewstrom yes punctuation would be better, but harder to remember.
20:17:07 outlawpoet yeah, so you hash
20:17:19 HarveyNewstrom having people write down their passphrases is a common problem because they get too difficult to remember.
20:17:31 outlawpoet i do one to one mixes of letter number series.
20:17:36 MikeL What do you think about the USB thumb drives for storing keys?
20:18:42 HarveyNewstrom They are cool. They become a physical key, so if someone steals it they have your key. I would want a memorized passphrase combined with the USB thumb. Then your password is no good without the physical key, and the physical key is no good without your memorized password.
20:19:20 MikeL What about a USB gizmo that reads your biometric? Would that be the best of both?
20:19:26 outlawpoet there are a few products like that.
20:19:37 outlawpoet thumbscans and such
20:19:40 HarveyNewstrom Biometrics don't work well enough yet
20:19:41 outlawpoet pretty expensive.
20:19:47 outlawpoet not very workable though.
20:19:58 HarveyNewstrom They sound good, but are poor in practice, like the face-scanning at the bowl games
20:20:11 MikeL How about a tatoo?
20:20:27 outlawpoet I'm sure the face scanning would find Mike Tyson quickly
20:20:35 HarveyNewstrom A bar code tatoo
20:21:11 outlawpoet it wouldn't be very popular
20:21:28 outlawpoet and someone who got a hi res picture of you at the right angle could spoof it.
20:21:34 MikeL Yeah, but if its a condition of employment, and the employer pays to have it removed when you cease employment...
20:21:42 HarveyNewstrom Ouch!
20:21:50 MikeL Ah, well, that depends on where you get your tatoo...
20:21:51 outlawpoet lasers, fun
20:21:55 hkhenson the wording on the linksys is really ambigious
20:22:13 MikeL A new appliance for the office chair....
20:22:16 HarveyNewstrom Yes, a lot of the Linksys labels are obscure. You can't tell what they do without research.
20:22:17 outlawpoet somehow i can't see someone hiking up their pants before plugging their usb dongle.
20:22:46 hkhenson it says "block WAN request" enable disable
20:22:48 HarveyNewstrom Great. Now I can see it... And I can't get that image out of my head....
20:22:59 outlawpoet heh.
20:23:06 MikeL mwahahahaha...
20:23:08 hkhenson so do you enable the block WAN or disable it?
20:23:16 HarveyNewstrom You want to enable block WAN to prevent access from the WAN
20:23:36 outlawpoet god, we need better technical writers
20:23:40 HarveyNewstrom A lot of security software has this problem. They say "X security" and you don't know whether you want it or not.
20:23:43 outlawpoet 'enable block WAN'
20:23:57 hkhenson well, that's what it came with.
20:24:08 hkhenson enabled.
20:24:11 hkhenson blocked.
20:24:16 HarveyNewstrom Microsoft has some privacy problems in their browser where you have to "disable" security features to make it not give out your information. Very poorly worded.
20:24:41 outlawpoet 'you just need to check disable the feature enabling SSL access through javascript..."
20:24:51 Vooch Linksys has remote management OFF by default
20:25:11 hkhenson that's the way it came on my unit.
20:25:25 Vooch yep
20:25:31 outlawpoet ugh, i gotta go work too
20:25:39 outlawpoet definite fun chat though, fellas
20:25:48 outlawpoet thanks for being the featured speaker, Harv.
20:25:53 HarveyNewstrom I think they changed this, because they definitely had it on by default in previous versions. I saw this myself and saw bug reports about it. It was a FAQ about linksys security for a long time.
20:26:12 HarveyNewstrom See you later, outlawpoet, I enjoyed chatting as always!
20:26:25 outlawpoet oh, I sent out that organization thing tonight, let me know what you think when you get around to reading it.
20:26:35 outlawpoet ciao peeps
20:26:37 HarveyNewstrom Thanks! Will do!
20:26:42 hkhenson nite outlaw
20:26:48 HarveyNewstrom I need to get going as well.
20:26:50 MikeL bye all..
20:26:59 HarveyNewstrom Any other final questions or comments before I poof?
20:27:01 John_Ventureville bye!
20:27:02 hkhenson of course, just talking about what I have
20:27:03 HarveyNewstrom Bye, Mike!
20:27:13 hkhenson is a security problem
20:27:18 John_Ventureville MikeL, give Joe Dees hell!!!
20:27:24 John_Ventureville ; )
20:27:34 hkhenson where is joe hanging out now?
20:27:46 HarveyNewstrom Yes, hkh, but security by obscurity is not very good. If you lose much talking about it, it may not be that secure to begin with.
20:27:46 hkhenson can't think of any harvey,
20:27:59 hkhenson thanks very much for the pointers re my linksys.
20:28:08 HarveyNewstrom Security is not hiding money where nobody knows. Security is a safe where everybody knows and they still can't get it.
20:28:18 HarveyNewstrom Thanks, all!
20:28:26 hkhenson the cult claims to be spending 350k a year on me
20:28:32 serenade come back anytime
20:28:35 HarveyNewstrom If there are no more ?'s or !'s, I'm out of here.
20:28:37 hkhenson indeed
20:28:42 HarveyNewstrom I'll be back!
20:28:45 John_Ventureville bye, Harvey!
