Help Create Some Neil deGrasse Tysonisms: Tautologically Meaningless Solutions To All The World's Problems

from the good-luck dept

A few months ago, we wrote about some fairly ridiculous statements from rockstar astrophysicist Neil deGrasse Tyson, which showed that he was rather ignorant about how innovation worked. As we said at the time, it's great that we even have what's considered a "rockstar astrophysicist" today, and I really appreciate the work that he's done to get people interested in science, but when it comes to fields like innovation, it appears that Tyson does not use the same rigor in making sure he actually understands what he's talking about (and, apparently the same is true in other areas as well). For a guy who famously went crazy until James Cameron put the correct star patterns in the background sky in Titanic, you'd think he'd be a little more careful about making nutty statements. But then he launched this one on Saturday morning:
If you can't read it, the tweet says:
Obama authorized North Korea sanctions over cyber hacking. Solution there, it seems to me, is to create unhackable systems.
We've already discussed the pointless sanctions, but the real whopper is the second sentence in that tweet. This is the kind of thing that people totally ignorant of the subject would say. It's not hard to demonstrate why by applying the same logic to other fields -- like, say, astrophysics:
Getting to other galaxies is hard. Solution there, it seems to me, is to build faster-than-light spaceships.
Or, how about death:
Dying sucks. Solution there, it seems to me, is to create immortality.
Violence?
There is too much violence in the world. Solution there, it seems to me, is to create people who are only nice.
Education?
Too many people are uneducated. Solution there, it seems to me, is to create people who learn better.
Go ahead and create your own...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: it seems to me, neil degrasse tyson, solution, sony hack, unhackable


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 5 Jan 2015 @ 5:12am

    Hacked? Solution there, it seems to me, is to disconnect system from the Internet. Booom! You are unhackable. Actually this should be applied to any critical system.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Jan 2015 @ 6:08am

      Re:

      Not totally unhackable, as the system can still be compromised by an inside job, but certainly a significant improvement in security.

      link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 5 Jan 2015 @ 10:47am

        Re: Re:

        the system can still be compromised by an inside job

        Or a system designed to get around "air-gaps". See Stuxnet, for example.

        link to this | view in chronology ]

    • icon
      MadAsASnake (profile), 5 Jan 2015 @ 6:11am

      Re:

      The disconnect in the Sony case is not so much the network, but the network management team who appear to think its cheaper to insure against the loss than prevent the loss. The lax network structure and security is the product of uncritical doublethink in the boardroom. Unlikely that they'll revisit that once they have put out all the fires...

      link to this | view in chronology ]

      • icon
        Ninja (profile), 5 Jan 2015 @ 6:56am

        Re: Re:

        See? That's why they should disconnect from the Internet. Added bonus: they won't be missed.

        link to this | view in chronology ]

      • icon
        ltlw0lf (profile), 5 Jan 2015 @ 10:47am

        Re: Re:

        The disconnect in the Sony case is not so much the network, but the network management team who appear to think its cheaper to insure against the loss than prevent the loss.

        Only because their management fired the previous network management team because they were too expensive and went with the lowest bidders to replace them. The blame for this really is on the managers of the network management team.

        The lax network structure and security is the product of uncritical doublethink in the boardroom.

        Bingo. It is also a lack of planning and a dangerous lack of enforced security policy. People were putting vital information in unencrypted text files and running trojan horses sent to them via email, and nobody saw this as a problem despite years of best practices and public education into the dangers of the internet. I suspect there were a lot of people higher up in the organization who thought security policy is that thing that makes it difficult to get your job done, so Sony shouldn't have one, too.

        Unlikely that they'll revisit that once they have put out all the fires...

        At some point it will become too expensive for them to continue doing this. Sadly, instead of disappearing, I suspect they will just go to their friends in government and have them change the world to make it safer for Sony to live (because that has worked so wonderfully in the past.)

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Jan 2015 @ 9:44am

      Re:

      Hacked? Solution there, it seems to me, is to disconnect system from the Internet. Booom! You are unhackable.
      Not remotely. Just call up the office at night and have the security guard give you access (cf. Hackers). Or if it's on some internal network, get on that network (especially if it's something like a power grid that necessarily crosses lots of land).

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 6:07am

    A little miffed about someone else getting attention? Solution there, it seems to me, is to engage in reductio ad absurdum.

    The truth is, he's not wrong. Isn't that EXACTLY how innovation works? We build a rocket that doesn't go all the way into space, then we build a better rocket. Computer systems aren't as robust as they need to be? Build better computer systems. Try, fail, learn, try again. That's EXACTLY how innovation works.

    link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 5 Jan 2015 @ 6:14am

      Re:

      Try, fail, learn, try again. That's EXACTLY how innovation works.

      If that's what he was advocating, that would be right.

      But it's not. He's advocating a tautology. Tautology is not innovation it's stating the same thing twice. He's not talking about improving systems, he's just saying "hey, don't do this." "Want to live? Don't die." That doesn't help an innovator in any way. It's useless.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Jan 2015 @ 6:20am

        Re: Re:

        You ASSUME that's what he's advocating. The truth is, unless you were inside his head when he was typing, from 140 characters, you really don't know exactly what he was advocating.

        link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 5 Jan 2015 @ 6:21am

          Re: Re: Re:

          You ASSUME that's what he's advocating. The truth is, unless you were inside his head when he was typing, from 140 characters, you really don't know exactly what he was advocating.

          I'm sorry, are you arguing that there's some other world in which his words don't mean what they say? He stated a tautology.

          link to this | view in chronology ]

          • identicon
            Michael, 5 Jan 2015 @ 6:33am

            Re: Re: Re: Re:

            I'm sure there is some multi-dimensional theory in which his words mean something completely different.

            He's pretty smart with that kind of thing.

            link to this | view in chronology ]

            • icon
              Richard (profile), 5 Jan 2015 @ 6:58am

              Re: Re: Re: Re: Re:



              He's pretty smart with that kind of thing.


              or maybe not -after all if he applies the same careless logic to his day job he'll make a lot of mistakes there too.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 5 Jan 2015 @ 3:39pm

                Re: Re: Re: Re: Re: Re:

                He's pretty smart with that kind of thing.

                or maybe not -after all if he applies the same careless logic to his day job he'll make a lot of mistakes there too.


                Depends -- this sort of talent is highly sought after by the US government these days... maybe he's looking for a government contract?

                link to this | view in chronology ]

            • identicon
              JEDIDIAH, 5 Jan 2015 @ 7:41am

              Another gas giant.

              He doesn't even get the basic philosophy of science right. This gets easily missed because the population at large is largely ignorant. He's like a journalist spouting off. The vast majority really has no way to fact check him. This would be especially true for what is degree is actually in rather than the random tangents he typically spews about.

              link to this | view in chronology ]

              • icon
                Liam (profile), 5 Jan 2015 @ 7:47am

                Re: Another gas giant.

                What do you mean he doesn't even get the basic philosophy of science right?

                Most people have no way to fact check any scientific claim, what's that got to do with Neil?

                link to this | view in chronology ]

          • identicon
            Anonymous Coward, 7 Jan 2015 @ 12:05am

            Re: Re: Re: Re:

            Stated a problem as a tautology? Solution there, it seems to me, is to state problem as a tautology.

            link to this | view in chronology ]

        • icon
          John Fenderson (profile), 5 Jan 2015 @ 8:10am

          Re: Re: Re:

          That IS what he's advocating. Whether that's what he intended to advocate is a different question. As an effective science writer, however, I tend to assume that he is good at saying precisely what he means. Also, he has a pretty long history of making specious or uninformed comments regarding fields he's not an expert in.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 5 Jan 2015 @ 8:51am

            Re: Re: Re: Re:

            Also, he has a pretty long history of making specious or uninformed comments regarding fields he's not an expert in.


            Him and every other physicist in the world. And a lot of the engineers. And tons of actors. And many politicians. There was a SMBC comic that dealt with this. It turns out that experts tend to be INSANELY GOOD at one or two things. Otherwise they're just as stupid as anyone else, and in many cases dumber because they put so much time and effort into their particular field that they're worthless in many other ways.

            Why does anyone care what a rock star physicist has to say about hacking? Or what an electrical engineer has to say about how to fix the economy? Or what an actor thinks about the current political climate? Anyone who really thinks this is a good idea should be beaten with the stick of knowledge. Listen to experts about their field. Disregard everything else they say.

            link to this | view in chronology ]

            • icon
              John Fenderson (profile), 5 Jan 2015 @ 9:06am

              Re: Re: Re: Re: Re:

              "Him and every other physicist in the world. And a lot of the engineers. And tons of actors. And many politicians."

              Indeed. And they get equally ridiculed when they spout nonsense.

              "Why does anyone care what a rock star physicist has to say about hacking?"

              Because he's not just a scientist, but a scientist who has made it his business to explain science topics to the public and whom the public has great trust in. He is rightfully held to a higher standard on these sorts of things than actors, etc.

              Look at the shoes he's trying to fill: Carl Sagan. Carl Sagan almost never made public assertions of fact without being able to support them. Tyson would do well to follow in that path -- it would enhance his own stature and would go much further in terms of actually educating people.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 5 Jan 2015 @ 9:32am

                Re: Re: Re: Re: Re: Re:

                I respect what you're saying. However, I think people put too much credence in what others say about topics that aren't in that person's chosen field.

                link to this | view in chronology ]

              • icon
                limbodog (profile), 5 Jan 2015 @ 1:43pm

                Re: Re: Re: Re: Re: Re:

                >Look at the shoes he's trying to fill: Carl Sagan. Carl Sagan almost never made public assertions of fact without being able to support them.

                He's right, guys. I checked Twitter and saw almost no unsupported comments from Sagan.

                link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Jan 2015 @ 6:41am

        Re: Re:

        I disagree.

        I think his point is that, since it is impossible for Sony to create an unhackable system (especially since they're not even trying), it therefore becomes impossible for NK to avoid frivolous and unfounded sanctions by the US.

        In sarcasm, a tautology can be your friend...

        link to this | view in chronology ]

      • icon
        Ninja (profile), 5 Jan 2015 @ 7:02am

        Re: Re:

        "Want to live? Don't die."

        Solution there, it seems to me, is to use health potions wisely. Or not touching enemies when not powered up by weed or mushrooms. Or not touching enemies with zero rings. Hah, this can be entertaining!

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Jan 2015 @ 10:07am

          Re: Re: Re:

          Mario Bros, Resident Evil and Sonic has more to teach us than this Tyson guy in fields other than astrophysics.

          link to this | view in chronology ]

    • icon
      aglynn (profile), 5 Jan 2015 @ 8:57am

      Re: promoting the fallacy

      "Technology isn't focused on the real problems in the world. Solution there, it seems to me, is to innovate more usefully."

      Thing is, you're both wrong. Innovation in technology doesn't arise from need per se and in general. That fallacy comes from not looking at innovation as it is, in the particular and actual manner that it occurs.

      Innovation is based on the manner in which technology itself appears. Technological things have an ontological oddity in that they can "stand-in" for technology itself. Other things cannot. The result is that any given technology produces the potential that innovation innovates to replace it with. What produces the features in the next iPhone, or produced the iPhone, iPad and various other things from the Apple Newton? That they dfemonstrate their own inadequacy in an immediate and tangible way and thus in a sense create the need to innovate.

      Need in general has never been the prod to innovation, specific needs that first become thinkable only on the basis of an inadequacy of any given technology in realizing the essence of technology are always the prod of actual, particular innovations.

      link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 5 Jan 2015 @ 11:02am

      Re:

      The problem is, in this area, we don't learn.

      There are two very simple fixes that would eliminate the vast majority of hacks and security vulnerabilities on the entire Internet. Everyone knows it, and has known it for decades, and yet we haven't implemented either one.

      The two largest sources of devastating security hacks over a network involve compromising the application server via buffer attacks (a venerable technique dating back to the 1980s and the Morris Worm) and compromising the database via SQL injection.

      SQL injection is very simple. Without getting too technical, you can stop it in its tracks by using something called Parametrized Queries. If you properly set up parameters on every bit of SQL you write, it's 100% impossible for your site to get hacked by SQL injection. The problem is, parametrization is not an obvious process, and a lot of people create SQL injection vulnerabilities out of pure ignorance: they just don't know that the obvious way is wrong, or how to do it the right way.

      This could be fixed by having a mode in the database server--which is on by default and can only be turned off by someone who knows what they're doing--that will reject any query that's not properly parametrized with an error message stating that you need to use parameters. Goodbye SQL injection! But we've never done it.

      Buffer overflows, likewise, have a very simple solution, because they stem from a very well-defined problem, and that problem is people creating poorly-managed buffers in C and closely related languages. In most languages outside the closest relatives of C, buffer overflows are either flat-out impossible or take some real effort to create because of improved memory management baked in at the language level. But in C, it's so easy to get wrong that not only can an ignorant developer who doesn't know what he's doing easily screw it up, but people with years of experience who honestly do know better can and do make the same mistakes, consistently!

      This is where a good number of those security patches you get every month comes from. The devastating Heartbleed vulnerability was a buffer overrun bug. They've been making the Internet insecure for a quarter-century now, and all along the solution has been obvious: stop using C for network-facing software!

      But we haven't.

      Fixing those two simple things would instantly clear up the majority of all hacks. It wouldn't magically "create unhackable systems" like Tyson seems to think is possible, but it would get us pretty darn close, and it would be easy! But we haven't done it.

      Try, fail, learn, try again. That's how innovation works, but in computer security, we seem to keep falling flat on our faces at the "learn" step.

      link to this | view in chronology ]

      • icon
        nasch (profile), 6 Jan 2015 @ 11:55am

        Re: Re:

        The two largest sources of devastating security hacks over a network involve compromising the application server via buffer attacks (a venerable technique dating back to the 1980s and the Morris Worm) and compromising the database via SQL injection.

        Don't forget social engineering. More difficult to solve.

        link to this | view in chronology ]

    • icon
      Inwoods (profile), 5 Jan 2015 @ 11:54am

      Re:

      Reminds me of the almost-immortal Cave Johnson:

      http://www.portal2sounds.com/135#q=science&w=cave%20johnson

      link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 5 Jan 2015 @ 6:11am

    V/I Ratio

    If every village is to have its village idiot it seems to me that the obvious solution is to build a LOT more villages..

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 6:11am

    His wording was poor, but I think the point deGrasse Tyson was trying to make is the same been made here before: if Sony doesn't want to be repeatedly hacked, they should actually invest in some real cybersecurity. Storing passwords in plaintext files in a folder named 'Passwords' isn't going to cut it.

    link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 5 Jan 2015 @ 6:20am

      Re:

      if Sony doesn't want to be repeatedly hacked, they should actually invest in some real cybersecurity. Storing passwords in plaintext files in a folder named 'Passwords' isn't going to cut it.

      Eh, I don't think so. There's a big difference between *better security* and "unhackable." And the difference is important. It gets back to Schneier's discussions on airport security. People keep trying to set up airport security with the ridiculous claim that no bad guys can get through, but that's impossible and stupid. The way you do that is you don't let anyone fly.

      The point is, if you want the benefits of air travel, you have to admit that there's some risk and then try to minimize it, while balancing the inconvenience/problems that creates. You don't try for perfect. You balance the tradeoffs.

      Same with computer security. But the point NDT is making here ignores those tradeoffs completely.

      link to this | view in chronology ]

      • icon
        Kal Zekdor (profile), 5 Jan 2015 @ 6:40am

        Re: Re:

        It seems to me that his point was a bit muddled by his attempt to be pithy. Investing in better security is obviously a better use of resources than pointlessly sanctioning NK. (Are there any sanctions we aren't already using?)

        This is just nitpicking about a poor choice of phrase.

        link to this | view in chronology ]

        • identicon
          JEDIDIAH, 5 Jan 2015 @ 7:46am

          A fundemental misunderstaning of the subject.

          You can't make Sony absolutely secure. They are too juicy of a target. Someone will ALWAYS want a piece of them. The best they can do is make things more difficult. This goes for ANY sort of security and isn't just limited to computer tech.

          As a public figure with a target on his back, Tyson should understand this better.

          The little people can get away with a couple of locks. Celebrities and the 1% can't.

          link to this | view in chronology ]

          • icon
            Kal Zekdor (profile), 5 Jan 2015 @ 8:24am

            Re: A fundemental misunderstaning of the subject.

            There is no such thing as absolute security. Period, full stop. It doesn't matter how big or how small the target is.

            That said, why should NDT know better? He's not a security expert, he isn't even in the IT field. He's a frakking astrophysicist. Because he's a celebrity, suddenly that means he has to be absolutely accurate 100% of the time, without leaving any room in his statements for misinterpretation? Just as the only unhackable system is one that doesn't exist, the only person who hasn't made a mistake in his statements is one that has never spoken. Why are people surprised that he's human? Why attack him just because he isn't infallible, when he never claimed to be?

            The basic premise of NDT's statement is sound, even if he screwed up in the delivery.

            link to this | view in chronology ]

            • icon
              Dirk Ruffly (profile), 5 Jan 2015 @ 9:06am

              Re: Re: A fundemental misunderstaning of the subject.

              Can you provide some references? Although I'm perfectly comfortable with the idea that the task is very hard, and we don't know how to build unhackable systems yet, I have yet to see a proof or even a particularly good argument that it is actually IMPOSSIBLE to build a perfectly secure system.

              Note that I'm really talking about absolute mathematical or physical impossibility, as in faster-than-light travel, as opposed to really, really hard or even the strong suspicion that it's impossible. Remember the famous words of Lord Kelvin: "Heavier-than-air flying machines are impossible." ... it appears that this learned and experienced man was slightly in error.

              Perhaps the issue is that we need a good operational definition of an unhackable system against which to test.

              link to this | view in chronology ]

              • icon
                John Fenderson (profile), 5 Jan 2015 @ 9:16am

                Re: Re: Re: A fundemental misunderstaning of the subject.

                "I have yet to see a proof or even a particularly good argument that it is actually IMPOSSIBLE to build a perfectly secure system."

                There are such mathematical arguments, but I'll address the "good argument" part. Here's why it's impossible to build a perfectly secure system that remains usable:

                In a usable system (I'm talking about all security systems here, not just computer security), there must be a way that authorized access can take place. This point of access is precisely what makes perfect security impossible.

                There must be some means for a system to differentiate between legitimate and illegitimate access. With your front door, this way is likely a physical key. That differentiation is impossible to do perfectly in a usable system. All usable authentication methods can be spoofed, and the nature of things ensures this will always be true. If you come up with a system that is actually unspoofable, you've also come up with a system that isn't usable because the rate of false positives that lock out legitimate users will be too high. All methods of authentication must include room for error. Keys get worn, biometric markers change, etc.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 5 Jan 2015 @ 9:38am

                  Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                  "All methods of authentication must include room for error"

                  Not all. Nuke codes are single-use. Zero room for error, and they are usable. Single use security (i.e. one time pad or something like that) is one option.

                  Mind you, the system isn't friendly by any stretch. But if you want "unhackable" security, then a one-time pad with dual-person physical access via simultaneous hardware activation by armed personnel is pretty damn hard to get past.

                  Of course that would be overkill for a company to use for simple business data that doesn't have the capability of killing millions of people.

                  link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 5 Jan 2015 @ 10:01am

                    Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                    Nuke codes are single-use. Zero room for error, and they are usable.
                    Not really: the codes were all 00000000 for 20 years, because the Air Force was "worried that in times of need the codes would not be available".

                    link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 5 Jan 2015 @ 10:15am

                      Re: Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                      Scary

                      link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 5 Jan 2015 @ 10:17am

                      Re: Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                      heh. Why does that not surprise me?

                      link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 5 Jan 2015 @ 10:20am

                    Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                    Not all. Nuke codes are single-use.

                    So, knowing the code does guarantee the person giving the code has the authority to start a nuclear war.

                    link to this | view in chronology ]

                  • icon
                    John Fenderson (profile), 5 Jan 2015 @ 10:23am

                    Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                    "Not all. Nuke codes are single-use. Zero room for error, and they are usable."

                    How does that make for zero room for error? Being single-use (or even tying the specific code to a specific nuke) doesn't eliminate the possibility that the codes get leaked or stolen.

                    Single use security (i.e. one time pad or something like that) is one option.

                    Properly done OTPs are mathematically unbreakable, but they have a enormous weakness nonetheless: the distribution of the key. A OTP cipher (like any other cypher) is only as secure as the key distribution method. In the case of OTPs, the key distribution method is such a huge problem that an entire branch of cryptography was invented just to mitigate the problem: public key encryption.

                    "But if you want "unhackable" security, then a one-time pad with dual-person physical access via simultaneous hardware activation by armed personnel is pretty damn hard to get past."

                    Indeed -- but even that is a far cry from actually being unhackable. Unhackable is, as far as we know, an impossibility. That's why security is about economics: you are trying to make it so expensive to get around the security that doing so isn't worth it. That's a different thing than being unhackable, though.

                    link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 5 Jan 2015 @ 11:11am

                      Re: Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                      "security is about economics: you are trying to make it so expensive to get around the security that doing so isn't worth it"

                      Agreed, but what if the expense of breaking something is so enormous, that the entire planet's supply of natural/economic resources could not approach 10% of the cost of breaking it, then isn't it effectively unhackable?

                      link to this | view in chronology ]

                      • icon
                        John Fenderson (profile), 5 Jan 2015 @ 1:33pm

                        Re: Re: Re: Re: Re: Re: Re: A fundemental misunderstaning of the subject.

                        Temporarily, yes, although practically speaking, I can't think of any security system that manages to achieve anything even remotely close to that level. But don't forget the old saw about scientific impossibilities: if a scientist says something is impossible, there is no hope. If a scientist says something is too expensive, then there is hope. Economics constantly change, and sometimes do so suddenly and greatly.

                        Thus, there is a risk in considering anything "unhackable" when it's just uneconomical. If you really think something is unhackable, then you are guaranteeing that you will be caught completely unaware and defenseless when the hack eventually happens.

                        This is all related to a fundamental paradox of security: the minute that you believe you are secure is the minute that your actual security is in great danger.

                        link to this | view in chronology ]

      • icon
        Tony (profile), 5 Jan 2015 @ 6:43am

        Re: Re:

        From some of the comments, it seems some people are saying that you aren't understanding what Tyson intended to say. Even if that is the case, I maintain that he has failed to be clear and precise in his communication. If what he intended to communicate was not what he said, the failure is in his phrasing.

        If you want people correctly understand what you say, create statements that cannot be misunderstood...

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Jan 2015 @ 7:25am

          Re: Re: Re:

          I agree NDT could have used better phrasing, though he only has 140 characters to use. IMO, Mike is just nitpicking. Instead of using it as a chance to talk about improved security options that could be employed to make a system far more difficult than it is worth for hackers to hack.

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 5 Jan 2015 @ 8:17am

            Re: Re: Re: Re:

            The problem, of course, is that (whatever he meant), Tyson is calling for the impossible: unhackable systems. That is not a starting point for a meaningful conversation about security (except perhaps amongst security geeks). It's just going to get everyone correctly pointing out that he's asking for something that cannot exist.

            link to this | view in chronology ]

            • icon
              Mason Wheeler (profile), 5 Jan 2015 @ 11:58am

              Re: Re: Re: Re: Re:

              "Unhackable system" is semantically a slightly weaker version of "bug-free system," which I'll agree is impossible to achieve 100%. However, it doesn't mean we should simply throw up our hands in despair. Two simple changes could eliminate the bugs responsible for the vast majority of hacks: making SQL database engines reject non-parametrized queries by default, and abandoning the use of C and its unsafe kin in network-facing software. (See my comment above.)

              It wouldn't magically make everything perfect, but it would be a vast improvement. Low-hanging fruit, as developers like to say.

              link to this | view in chronology ]

          • identicon
            Anonymous Coward, 5 Jan 2015 @ 10:17am

            Re: Re: Re: Re:

            I agree NDT could have used better phrasing, though he only has 140 characters to use.
            If NDT wants to make a coherent, non-ambiguous statement about computer security, he should simply use more than 140 characters in his tweet.

            link to this | view in chronology ]

          • icon
            harbingerofdoom (profile), 5 Jan 2015 @ 10:42am

            Re: Re: Re: Re:

            the guy holds a M.Phil & Ph.D- he should have known better phrasing was needed


            by the way- my above point? 78chtrs. it can be done.

            link to this | view in chronology ]

            • icon
              Keroberos (profile), 5 Jan 2015 @ 1:44pm

              Re: Re: Re: Re: Re:

              As an astrophysicist, he shouldn't be commenting about fields he knows little or nothing about. With 30 years experience in computers and networking, I'm barely qualified to even enter into high-level technical discussions on network security. I would not comment professionally about any astrophysical discussions, and he shouldn't comment about network security.

              link to this | view in chronology ]

              • icon
                John Fenderson (profile), 6 Jan 2015 @ 9:12am

                Re: Re: Re: Re: Re: Re:

                I don't entirely agree here. He, along with everyone else, should be able to comment on anything that he wants. What he should do is avoid stating things as fact when they're just speculation or opinion. I sympathize with him -- I make this error all the time and it's a very hard habit to break. However, I am not a famous science spokesperson so I can afford to be a bit more reckless.

                Your point about specialty knowledge is right on the money. Everyone understands the problem with specialists when it comes to medicine: specialist doctors tend to be less informed about medical things that don't fall into their specialty than generalist doctors, and so their opinions outside their specialty are not held to a high standard. What everyone needs to understand is that this is how it works with specialists in all fields, not just medicine.

                link to this | view in chronology ]

                • icon
                  tqk (profile), 6 Jan 2015 @ 9:55am

                  Re: Re: Re: Re: Re: Re: Re:

                  ... specialist doctors tend to be less informed about medical things that don't fall into their specialty than generalist doctors, and so their opinions outside their specialty are not held to a high standard. What everyone needs to understand is that this is how it works with specialists in all fields, not just medicine.

                  Very true, and it can be a bit of a shock when you finally discover this principle. Specialists can be even more ignorant than average people because they've chronic tunnel vision. They manage to excel in their chosen field by actively ignoring anything they consider extraneous.

                  Try being the IT guy herding scientists, doctors, or lawyers. It can be quite comical watching these "masters of the Universe" in their chosen field fall flat on their faces every time they step outside it, and I do mean every time. They think Benny Hill is great comedy. They think Karl Marx got a bad rap. They're often racist, misogynist, can't for the life of them remember their mother's birthday, etc., ad infinitum.

                  "The Absent Minded Professor" was a somewhat funny idea for a movie, but I hated it for glorifying this practice. Nobody should get a pass to ignore all the stuff everybody else has to deal with just because they've learned how to specialize better than their competition. Give me a polymath instead anyday.

                  link to this | view in chronology ]

  • icon
    MadAsASnake (profile), 5 Jan 2015 @ 6:14am

    To make it unhackable, you'd need to prevent access (physical and virtual) to all sorts of folks, you know, customers, the internet, workers, and most especially, management.

    You'll achieve total security. You won't meet any other business objectives.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 5 Jan 2015 @ 6:16am

      Re:

      Even just management-proofing a system would get rid of 90% of the threat.

      link to this | view in chronology ]

    • icon
      PaulT (profile), 5 Jan 2015 @ 7:17am

      Re:

      Indeed. Security is the enemy both of convenience and usability, which is why consumer-aimed products have traditionally been so poor at it. A system that's usable is one that's vulnerable.

      It's long been a truism that the only way to make a system truly unhackable via the internet is to disconnect it from the internet. If it's accessible in any way, there are risks. You can minimise those risks in many ways, but nothing is "unhackable". Doubly so if there's human interaction with the system at any point, since they're the usual vector for attack if a direct attack is too difficult.

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 5 Jan 2015 @ 8:20am

        Re: Re:

        "It's long been a truism that the only way to make a system truly unhackable via the internet is to disconnect it from the internet."

        That's only the first part of the truism. The rest of it is: then encase your computer in a block of concrete and drop it to the bottom of the Marianas trench.

        link to this | view in chronology ]

        • icon
          ltlw0lf (profile), 5 Jan 2015 @ 11:04am

          Re: Re: Re:

          "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." - Gene Spafford, "Computer Recreations: Of Worms, Viruses and Core War" by A. K. Dewdney in Scientific American, March 1989, pp 110. (From Gene Spafford's personal quote list.)

          link to this | view in chronology ]

      • identicon
        Ned Ludd, 5 Jan 2015 @ 10:28am

        Re: Re:

        > Security is the enemy both of convenience and usability,

        No. That is a false dichotomy. Bad security makes everything else inconvenient, like the way mandating complex passwords with frequent changes encourages people to write them down on post-it notes because it is so difficult to comply with. Good security makes it easier for users to act in a secure way. For example, 2-factor key fobs. Done well they are so much easier to use than complex passwords.

        The trade-off is that good security requires more effort from the security engineer. Generally that's a good trade-off because it puts the burden on an expert who should be working with a well-funded budget rather than on amateurs (the regular users) who have no autonomy.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 5 Jan 2015 @ 1:42pm

          Re: Re: Re:

          It is not a false dichotomy at all. Security (even good security) and convenience are always at odds with each other. Bad security is even more inconvenient than good, but that doesn't mean that good security isn't inconvenient.

          "For example, 2-factor key fobs. Done well they are so much easier to use than complex passwords."

          I disagree completely with your example. First, 2 factor security is inherently more inconvenient than 1 factor (for obvious reasons). Second, a key fob is only more convenient in a certain use case. If you lose or destroy that fob, you will discover that just having a password memorized is much more convenient in other use cases.

          As a security engineer, I would love to be proven wrong on this point. Can you demonstrate a generalized case where increasing security does not decrease convenience (either in the electronic or physical world)?

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 5 Jan 2015 @ 1:43pm

            Re: Re: Re: Re:

            I forgot another point about key fobs: they present a new security threat in that they are easier to steal.

            link to this | view in chronology ]

  • identicon
    totallyponked, 5 Jan 2015 @ 6:17am

    man

    He isnt that far off you know. Yes you cant make unhackable systems buy you can do better a whole lot better. Stop letting the NSA get away with weakening the systems we use, and stop them from inserting backdoors and we all need to stop using windows crap. Its windows that is the problem here. Microshill is still selling out to the NSA, so stop using their crap software.

    link to this | view in chronology ]

    • icon
      tqk (profile), 5 Jan 2015 @ 8:18am

      Re: man

      Microshill is still selling out to the NSA, so stop using their crap software.

      Microsoft (!) is still complying with US gov't demands via National Security Letters to sell out its customers in the interests of national security, so stop using their crap software.

      I don't like MS either, but I don't blame this on them any more than I blame Google, Apple, AT&T, ...

      link to this | view in chronology ]

  • identicon
    Michael, 5 Jan 2015 @ 6:23am

    A scientist keeps saying absurdly stupid things. Solution there, it seems to me, is to tell the scientist to STFU and go back to science-y things.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 6:23am

    we're already pretty safe from North Korea. The sanctions are bs. I read the tweet as 'make it too hard to hack to make it worthwhile', which should be achievable. Just stop paying the agencies for weakening systems and start paying them (after sending appropriate people to prison, and disbanding the others) to add some real security.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 5 Jan 2015 @ 8:22am

      Re:

      Yes, the NK sanctions are complete bullshit for a number of reasons. Topping that list is that there is substantial reason to doubt that NK was even behind the hack. Second on that list was that the hack was not even remotely a national security issue.

      link to this | view in chronology ]

  • icon
    Gumnos (profile), 5 Jan 2015 @ 6:24am

    Evolution

    Evolution isn't working fast enough. We should pre-determine the weaker species (and members of each remaining species), then simply eliminate them proactively.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 6:26am

    Look out, we got a dumbass over here!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 6:29am

    "He stated a tautology?" Solution there, it seems to me, is to use proper grammar.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 6:35am

    Some problems are insoluble. Solution there, it seems to me, is to solve them.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 7:05am

    Is your sarcasm meter broken today, Mike?

    link to this | view in chronology ]

  • icon
    themonkeyking145 (profile), 5 Jan 2015 @ 7:08am

    The First Rule of Tautology Club Is....

    Lacking knowledge on a subject? Solution there, it seems to me, is either learn more or hire someone who knows.

    link to this | view in chronology ]

  • icon
    aethercowboy (profile), 5 Jan 2015 @ 7:23am

    It seems that too many people are pirating films. The simplest solution, I would imagine, is to make movies worth paying for.

    link to this | view in chronology ]

  • identicon
    Arcan, 5 Jan 2015 @ 7:25am

    Someone else found out how to make money, instead we should make them not able to make money.

    link to this | view in chronology ]

  • identicon
    Steve, 5 Jan 2015 @ 7:45am

    Tautologies

    People make life more difficult. Solution there, it seems to me, is just to not create people. All purpose.

    link to this | view in chronology ]

  • icon
    Liam (profile), 5 Jan 2015 @ 7:45am

    unfair

    Seems a little unfair to say he went crazy until the stars were fixed in Titanic. That's a hyperbolic retelling of his own amusing story.

    As for his tweet, I'd be more worried about it if it was someone who was supposed to know about computer security, I also don't hold people to their 140 character brain farts.

    link to this | view in chronology ]

  • icon
    Dirk Ruffly (profile), 5 Jan 2015 @ 7:56am

    Tautology yes, but not quite the same as your examples ...

    While certainly a less than useful comment, "... create unhackable systems" is not in the same class as "... build faster-than-light spaceships" or "... create immortality." Faster-than-light travel and immortality (at least in the literal sense) are known to be physically impossible (that's not just an opinion, as it's supported by a great deal of real evidence, but as with all scientific knowledge it's subject to revision.) Creating unhackable systems is not, however, known to be impossible; we just don't know how to do it yet.

    link to this | view in chronology ]

    • icon
      Gwiz (profile), 5 Jan 2015 @ 8:19am

      Re: Tautology yes, but not quite the same as your examples ...

      Creating unhackable systems is not, however, known to be impossible; we just don't know how to do it yet.


      I believe it's impossible to create a totally unhackable system, personally.

      It's related to the old programming axiom: "As soon as you make a program idiot-proof, someone makes a better idiot."

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 5 Jan 2015 @ 8:24am

      Re: Tautology yes, but not quite the same as your examples ...

      "Creating unhackable systems is not, however, known to be impossible; we just don't know how to do it yet."

      Creating perfectly secure systems has been known to be impossible for as long as people have been looking at the issue.

      link to this | view in chronology ]

      • icon
        Dirk Ruffly (profile), 5 Jan 2015 @ 9:25am

        Re: Re: Tautology yes, but not quite the same as your examples ...

        Hopefully, the definition for "unhackable" is not the same as for "idiot proof", since my original reply to your post was mistakenly placed here.

        Perhaps I'm proving Gwiz's point. :)

        link to this | view in chronology ]

        • icon
          Ninja (profile), 5 Jan 2015 @ 9:55am

          Re: Re: Re: Tautology yes, but not quite the same as your examples ...

          Even if people aren't generally idiots they will slip every once in a while. And when there's a new "unhackable" system there will be shitloads of people trying to hack it. Eventually it will be done and the cycle begins anew. Or the technology has evolved to create the next level of unhackable systems. The fact is any system will be hacked at some point either by vulnerabilities, hardware improvements (brute force) or because someone put an infected pen drive in.

          link to this | view in chronology ]

  • icon
    MM_Dandy (profile), 5 Jan 2015 @ 8:05am

    We don't know if P = NP

    But the solution would be to prove that is or isn't.

    link to this | view in chronology ]

  • identicon
    John J. J. Schmidt, 5 Jan 2015 @ 8:10am

    One does not simply create unhackable systems

    Gandalf authorizes quest over ring.
    Solution there, it seems to me, is to walk into Mordor.

    http://memegenerator.net/instance/57758883

    link to this | view in chronology ]

  • identicon
    Spacewriter, 5 Jan 2015 @ 8:11am

    Tech writer judges a person's thinking based on 140 character tweet. GIF at 11.

    Do I detect a tech writer's nose out of joint over an astrophysicist's tweet? Don't like it ? You are supposedly a journamalist--go interview him and ask him what he meant. And then write a story without all the hipster angst. That would be better than going insanely crazy over a tweet. Also, more professional and more service to your readers.

    link to this | view in chronology ]

    • icon
      JMT (profile), 5 Jan 2015 @ 3:08pm

      Re: Tech writer judges a person's thinking based on 140 character tweet. GIF at 11.

      Awesome new word of the day -- journamalist

      Assuming you meant to suggest Mike is a journalist, Mike has repeatedly corrected this false assumption. This is and always has been an opinion blog. Don't like it? Go read a newspaper.

      link to this | view in chronology ]

      • icon
        Gwiz (profile), 6 Jan 2015 @ 1:41pm

        Re: Re: Tech writer judges a person's thinking based on 140 character tweet. GIF at 11.

        Awesome new word of the day -- journamalist


        journamalist - noun
        1. someone who does journalism while expending the least amount of energy possible;

        Because they simply parrot press releases and talking points without researching facts, most mainstream media reporters are journamalists.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 8:12am

    You're too harsh to him, Mike. I get that there CAN'T be "unhackable" systems. But I think what he meant is that US should focus on increasing cyber DEFENSES...not doing stuff like increasing it cyber OFFENSES or applying sanctions...

    link to this | view in chronology ]

  • icon
    limbodog (profile), 5 Jan 2015 @ 8:15am

    You disappoint me, Mike.

    link to this | view in chronology ]

  • icon
    Drawoc Suomynona (profile), 5 Jan 2015 @ 8:20am

    Open to interpretation

    My first thought was that it was a dig on all the back doors the NSA slips/forces/coerces into software and systems that can also allow the bad guys in.
    Regardless, this seems like a sentence that is open to a number of interpretations, and to spend the time calling it out and dissecting it strikes me as a bit silly.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 8:25am

    I think all he was saying is that sanctioning NC will prove as fruitful as endeavoring to create an "unhackable" system.

    link to this | view in chronology ]

  • identicon
    Haggie, 5 Jan 2015 @ 8:26am

    I think you are missing the gist of post. Both are meaningless and useless attempts that have zero chance of accomplishing their goal.

    But if you are doing something that has no chance of accomplishing it's goal, trying to build an unhackable system might actually spin off some usable elements. Further sanctions against NK will not.

    Don't criticize what you don't understand.

    link to this | view in chronology ]

  • identicon
    Jake, 5 Jan 2015 @ 8:27am

    Have you considered the possibility that he was taking the piss?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 8:32am

    I don't always understand sarcasm. Solution, no one should use sarcasm when I might not understand it.

    link to this | view in chronology ]

  • icon
    wereisjessicahyde (profile), 5 Jan 2015 @ 8:50am

    Frequently using repetition in sentences? Solution there, stop repeating yourself.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 9:44am

    I understood the tweet as meaning 'the gov helping improve computer security would make much more sense then sanctioning NK'.
    Hard to argue with that...

    Seams to me that 'hacking' has become too generic of a term. I think NDT meant 'create computers that can't be remotely exploited'. -and he probably didn't understand that it wasn't an exploit that lead the sony breach. exploit != (does not equal) remote exploit != unauthorised access != social engineering, and yet these are often all lumped into the same category of 'hacking', which makes the word rather amorphous and hard to generalise about.

    The biggest (only?) threat to eventually having non-remote exploitable computers is gov/industry backdoors. Openbsd, might even get you there now- or it might be back doored, lol- but it's known for having had almost no known exploits over the years. So anyway, 'unhackable' -if you mean it in this limited context, doesn't seam so far-fetched a goal.

    link to this | view in chronology ]

  • identicon
    Guardian, 5 Jan 2015 @ 9:47am

    hehe

    too many people have car accidents, solution there is to have people walk.....

    link to this | view in chronology ]

  • identicon
    Anonymous Hero, 5 Jan 2015 @ 9:57am

    Obama's lack of transparency hurts the democratic process. Solution there, it seems to me, is [redacted].

    link to this | view in chronology ]

  • identicon
    SC, 5 Jan 2015 @ 10:54am

    "Astrophysicist has his foot in his mouth? Create astrophysicists with smaller mouths and bigger feet!"

    ---
    NDT does need to hold himself to the same standards he holds others.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 12:40pm

    Tyson is great in his area, but he's no all spanning genius. And I don't know why most people haven't caught on. Whenever I hear him talk about his field of work I'm like "wow, that's super interesting and well said!"

    Just about ANYTHING else I sit there and go "Uhhhhh... if I didn't know who he was I'd wonder why anyone bother recording this crazy person."

    He's rather a normal person with his inane thoughts in anything outside of astrophysics.

    link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 5 Jan 2015 @ 12:57pm

    The pioneer paves the way for others to follow

    Not enough blacks get degrees in STEM. Solution there it seems to me is every black child should be me, Neil deGrasse Tyson.

    link to this | view in chronology ]

  • icon
    T.S. Phillips (profile), 5 Jan 2015 @ 1:15pm

    What's next

    Typical double standard!

    link to this | view in chronology ]

  • identicon
    Jethro, 5 Jan 2015 @ 1:58pm

    Rock stars

    Mah science teecher sez there ain't no rock star fizzicists, 'cause stars ain't made outa rocks. They's made outa hot gas. Maybe this Neil guy is made outa hot gas, 'cause he shore keeps spoutin' that stuff.

    (Judgin' by thet name, tho, he's prob'ly made outa chicken.)

    link to this | view in chronology ]

  • identicon
    AC 2, 5 Jan 2015 @ 2:35pm

    different AC here...
    "Can you demonstrate a generalized case where increasing security does not decrease convenience (either in the electronic or physical world)?"

    A bee keepers suit. a welding mask. a flood dyke. -more generally- ANY security where the consequences, from lack there of, results in a net reduction of convenience or lack of utility. A valid question is, on what time frame does one measure convenience? One might argue, that dealing with the fallout of a breach/hack would be far more inconvenient then implementing the security necessary to avoid such.

    link to this | view in chronology ]

  • icon
    connermac725 (profile), 5 Jan 2015 @ 2:53pm

    SEEMS TO ME THAT SONY

    Sony's solution to security issues seems to me is not lay off the IT staff warning them

    link to this | view in chronology ]

  • icon
    Tracyanne (profile), 5 Jan 2015 @ 3:19pm

    Mike had sense of humour fail

    Solution: slap him until he wakes up to himself

    link to this | view in chronology ]

  • identicon
    Matt Pirkowski, 5 Jan 2015 @ 4:05pm

    Are we sure...

    he's not just making a tongue-in-cheek statement? He'd probably never do that, right?

    link to this | view in chronology ]

    • identicon
      Pseudonym, 5 Jan 2015 @ 5:35pm

      Re: Are we sure...

      Neil deGrasse Tyson famously has no sense of humour whatsoever, so it seems unlikely that he was joking.

      link to this | view in chronology ]

  • identicon
    AC2, 5 Jan 2015 @ 7:18pm

    security != safety?

    "You're confusing security with safety."

    Am I? where is that line drawn exactly? I think maybe you miss the point/weight of the analogies. sony has been hacked over 50 times in the last decade...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jan 2015 @ 9:25pm

    Politics is full of corruption. Solution there, it seems to me, is to vote for honest politicians.

    Am I doing it right?

    link to this | view in chronology ]

  • identicon
    Ped Ec-sing, 5 Jan 2015 @ 10:42pm

    Seems to me...

    that SOMEBODY should be sending some of these examples to Tysons' twitter feed.

    link to this | view in chronology ]

  • identicon
    Arianit, 6 Jan 2015 @ 3:17am

    He does have a point in that it would be more helpful to work on defensive security instead of cracking back in revenge.

    link to this | view in chronology ]

  • icon
    aglynn (profile), 6 Jan 2015 @ 5:03am

    People are too single focused.`

    "People are only experts in one or at most two areas for the most part, leading to idiocy when they speak on other topiccs. Solution there, it seems to me, is to only trust polymaths."

    link to this | view in chronology ]

  • identicon
    Roger Barr, 6 Jan 2015 @ 10:15pm

    A few malcontent terrorists are blowing sh*t up...

    the solution is to have a war to end all terrorism.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.